Installation and configuration

If you are installing FCDS on the same machine as your server, the installer puts a script in your server's Batch folder. As for any other script in that folder, this script is run when you next start your server, or click Batch Folder on the Server Control form.

If you are installing FCDS on a separate machine, put a copy of this script (located in the FirstClassDS folder in FCServer) in the Batch folder on your server machine.

Running this script places a Directory Services script in FC Control.

4 Run the Directory Services script.

Top

FCDS objects created by the installation

FCDS installation creates these objects:

• a DS Deleted group

• a DS Admin group

• a Directory Services folder on the administrator's Desktop

This folder contains the Directory Setup form and Directory Monitor, plus a link to the SSL Certificates folder.

• a FirstClassDS folder located in FCServer.

This folder contains the executable, settings file, ReadMe, lang.rez, fcds.pdb, Directory Services clustering script files, and .fcp files. It also contains the installation batch file, if you installed FCDS on a machine that is separate from your server machine.

Top

Basic configuration

After installing FCDS, you need to provide it with the information it needs to operate. To do this:

1 Open the Directory gateway form in the Gateways and Services folder.

2 Click Directory and restrict the portions of the FirstClass Directory to be used for the LDAP tree view, if desired.

3 Return to the Directory gateway form.

4 Add all organizational units (OUs) that you want in the LDAP tree view at "Allow these groups to use this service" on the Directory tab.

When FCDS is started, it will build an LDAP tree view only from users who belong to these OUs. All OUs to which a user belongs must be in this list, before the user will be included in the tree view.

Restrictions

OUs included in the LDAP tree view must be manually created when you filter them in this way. They can't be created automatically.

Users in the root DN of the LDAP directory (not belonging to any OUs) can't be authenticated remotely, because the FirstClass server will never send their authentication request to FCDS.

Notes

Don't touch anything else on the Directory gateway form, and don't update the gateway permissions.

If you only list one OU, FCDS will assume this is a cluster, rather than an attempt to restrict the users to be handled.

5 Update the Directory Setup form in the Directory Services folder.

You can change values on this form in future and force FCDS to use your changes immediately.

Top

Additional configuration for Sun Microsystems iPlanet Directory Server

To replicate to FCDS, set up a Replication Agreement on the Configuration tab of the Directory Server administrator console. Specify the following:

Field	Value to use
replica type	Master replica
schedule	Always keep in sync

You can also improve replication performance by defining the replicated attributes and setting them to the FCDS-supported set of attributes.

Top

Additional configuration for OpenLDAP (SLAPD) Directory Server

To replicate to FCDS, use the OpenLDAP SLURPD daemon. In the slapd.conf file, specify these parameters:

replogfile	Activates replication log file creation.
replica parameter block	uir/host	Point to FCDS.
	binddn	The FCDS administrator's DN.
	bindmethod	Simple.
	credentials	The FCDS administrator's password.

Generate an LDIF file of the OpenLDAP directory. You will need this file later to get FCDS and OpenLDAP into sync for the first time.

On FCDS' Directory Setup form, choose Generic for the external LDAP server type.

Top

Updating the FCDS settings file

FCDS ships with a settings file (fcds.fc) that FCDS uses to connect to the FirstClass server. This settings file is located in the FirstClassDS folder.

Update this settings file just as you would any other settings file, then test it to make sure you can use it to log into your FirstClass server.

In addition to the other connection information in the settings file, save both the user ID and password, using these values:

user ID	400000000 This is already specified in the shipped settings file.
password	You can change the default password if desired.

Top

Registering FCDS as a Windows server/service

Only applies to Windows.

You must register FCDS as a Windows server. This happens automatically the first time you run FCDS.

Optionally, you can run FCDS as a Windows service using the Directory Services tab of the FirstClass Services Options form. Running as a Windows service is described in our server administration help.

Top

Optional configuration

Creating remote users

If you want some of the users on the external LDAP server to be created as remote users (not remote names) on the FirstClass server, specify an attribute shared by these users on the Replication - Advanced tab of the Directory Setup form located in the Directory Services folder.

This attribute can be any text attribute. It doesn't have to map to a FirstClass-supported attribute.

Example

If the remote user attribute is Description and the remote user attribute value is Remote User, all users on the external LDAP server with a field of "Description" set to Remote User will be created on the FirstClass server as remote users.

Using FCDS with clustered OUs

You can set up multiple instances of FCDS for your server, each one servicing different sets of users as defined by a cluster-defining OU. FCDS clusters are defined and controlled by the cluster-defining OUs.

A cluster-defining OU is the first and highest OU in the DN after the cluster's root DN.

Creating an FCDS cluster

1 Open the Clustered Services folder.

2 Click New DS Cluster.

A Directory Services folder is created in Clustered Services.

The original Directory Services folder is automatically considered cluster zero (your first FCDS cluster). As you add more clusters, this number will increment for each new Directory Services folder.

In addition, a Directory 1 gateway form is created in the Gateways & Services folder.

3 Open the Directory gateway form.

4 Enter the cluster-defining OU associated with your first FCDS cluster at "Allow these groups to use this service" on the Directory tab.

5 Open the Directory 1 gateway form.

6 Enter the cluster-defining OU associated with your second cluster at "Allow these groups to use this service" on the Directory tab.

Caution

Don't enter more than one OU in each of the gateway forms. If you enter multiple OUs in the list, FCDS will not assume that this is a cluster, but rather that you are trying to restrict the users to be handled by FCDS.

Each FCDS cluster will now handle only the branch of users and OUs that is under the cluster-defining OU.

Example

Root DN	o=Husky Planes,c=CA
First cluster	ou=Sales
Second cluster	ou=Marketing

In this example, "Sales" is entered in the Directory gateway form and "Marketing" is entered in the Directory 1 gateway form.

Customizing the correlator attribute

The correlator attribute and type is used to uniquely identify an entry on the external LDAP server, and detect if its DN has changed. It is needed so that scanning replicators (such as Microsoft Active Directory (Active Directory) and FCDS' Generic LDAP Replicator) can find entries on the external LDAP server without using the DN. This allows replicators to:

• get the actual cn attribute value at startup (FCDS doesn't hold cn values)

• detect when an entry has moved, and generate a MODIFY DN command.

You can accept the default correlator attribute by leaving the "Custom correlator attribute" field on the Replication - Advanced tab of the Directory Setup form blank. Or you can provide a custom correlator at this field.

Depending on your choice, FCDS uses these values:

Correlator attribute	Object class	Attribute
userid The userid object classes/attributes are also the default values.	contacts users mail lists	mail userid commonName
mail	contacts users mail lists	mail mail commonName
any other value	contacts users mail lists	FCDS will use the attribute you specify for each of these object classes.

Populating the "Custom ID" field on the User Info form

If you put a custom data attribute value in the "Custom ID" field on the User Info form, the custom data attribute field will be available in the FCDS LDAP tree, and its value will be searchable using LDAP queries.

You can do this in the following ways:

• replicate the value from the external LDAP server

• use the value directly from the Directory Setup form

• fill in the "Custom ID" field manually.

To replicate the value from the external LDAP server, fill in the "UIF custom data attribute" section on the Users tab of the Directory Setup form. Don't select "This attribute is local to FC and is not replicated from the external LDAP server".

To use the value directly from the Directory Setup form, fill in the "UIF custom data attribute" section, selecting "This attribute is local to FC and is not replicated from the external LDAP server".

If you will be filling in the "Custom ID" field manually, don't fill in this section.

Filtering replication with condition filters

You can apply filters that control whether entries on the external LDAP server will be replicated based on certain conditions. To do this, update the "Filtering with filter conditions" section of the Replication - Filtering tab on the Directory Setup form.

Filtering replication with bounding OUs

Bounding OUs are the OUs that you listed at "Allow these groups to use this service" on the Directory gateway form.

You tell FCDS how you want these OUs to be treated for the purpose of filtering replication by updating the "Filtering with bounding OUs" section of the Replication - Filtering tab on the Directory Setup form.

Selecting "Cluster or filtered cluster" causes the first thing in the list to be considered the cluster OU. Replicated DNs must contain a cluster OU followed by OUs only from this list. Only selected OUs are replicated.

Selecting "Cluster with branch filter" causes the first thing in the list to be considered the cluster OU. Replicated DNs must contain a cluster OU followed by at least one OU from this list. FCDS replicates everything in the cluster OU plus selected OUs and the OUs under them.

Selecting "Simple branch filter" causes the first thing in the list to be considered the root DN. Replicated DNs must contain at least one OU from this list. FCDS replicates users in the root DN plus selected OUs.

Note

You can't use remote authentication with simple branch filtering, because users in the root DN can't be authenticated remotely.

Replicating containers

Normally, FCDS only replicates nodes with objectClass "organizationalUnit" when replicating an LDAP tree.

If you also want to replicate nodes with objectClass "container", select "Replicate containers" on the Replication - Setup tab of the Directory Setup form.

Replicating users to a Social Workplace server

If you want to replicate external users to a server running Open Text Social Workplace (OTSW), select "Replicate users to a Social Workplace server" on the Replication - Advanced tab of the Directory Setup form.

By default, OTSW users' email redirection addresses are retrieved from their preferences at startup. You can improve startup performance by selecting "Use alias from UIF if present" on the Directory Setup form. If you select this field, users' preferences aren't opened to retrieve these addresses.

Running FCDS in another language

If you want FCDS to run in a language other than English:

1 Use FirstClass Designer to open the lang.rez file located in the FirstClassDS folder.

2 Replace the object names in FOLDER_NAMES with the translated object names.

Top