Article How do I control which Active Directory (AD) fields are synchronized and editable on member profiles?

This guide assumes that Active Directory / Windows Authentication and LDAP integration is already properly enabled and configured for your Verint Community site.

The LDAP.config file contains all of the attributes that will be shared by Verint Community Server and your LDAP source. Using LDAP.config, you can control how the LDAP fields are grouped and viewed/edited on a user's profile page. In this article we will take a look at the various items found in LDAP.config.

You can find LDAP.config at <install drive>:\program files\telligent\telligent evolution\web (by default). Let's take a look at each section in the out of the box LDAP.config:

CoreAttributes

Here is the out-of-the-box sample for the CoreAttributes section of the LDAP.config file:

<CoreAttributes UserObjectClass="user"
GroupObjectClass="group"
GroupNameIdentifier="cn"
UserEmail="mail"
UserDomainName="samaccountname"
UserCommonName="cn"
/>

Below you will find a description for each of the elements found in the CoreAttributes object:

Attribute Name Attribute Description
UserObjectClass Corresponds to the class in LDAP under which your users are stored. This should only be changed if you do not query your LDAP source as objectClass=user when searching for users.
GroupObjectClass Corresponds to the class in LDAP under which your groups are stored. This should only be changed if you do not query your LDAP source as objectClass=group when searching for groups.
GroupNameIdentifier Tells Community Server which LDAP field to use when looking up the identifying name for a group.

UserEmail

Tells Community Server which LDAP field to use when looking up a user's email address.

UserDomainName

Tells Community Server which LDAP field to use when referencing the domain username for a given user. Our example uses "samaccountname", which translates into a domain username such as 'jdoe'.

UserCommonName

Tells Community Server which LDAP field to use when looking up the user's common name. An example common name might be 'John Doe'.

Contacts

Here is the out-of-the-box sample for the Contacts section of the LDAP.config file:

<Contacts EnableSyncContacts="true" ObjectClass="contact" CommonName="cn"
BaseDN="OU=Contacts,OU=DomainUsers,DC=internal,DC=company,DC=com">
  <Attribute Name="cn" Value="Evolution$ID" />
  <Attribute Name="name" Value="Evolution$ID" />
  <Attribute Name="displayName" Value="$NAME" />
  <Attribute Name="mail" Value="$EMAIL" />
  <Attribute Name="proxyAddresses" Value="SMTP:$EMAIL" />
  <Attribute Name="targetAddress" Value="smtp:$EMAIL" />
  <Attribute Name="mailNickname" Value="$NAME" />
  <Attribute Name="legacyExchangeDN"
Value="/o=Verint/ou=Exchange Administrative Group/cn=Recipients/cn=$NAME" />
  <Attribute Name="showInAddressBook"
Value="CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=Verint,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=internal,DC=company,DC=com" />
  <Attribute Name="showInAddressBook"
Value="CN=All Contacts,CN=All Address Lists,CN=Address Lists Container,CN=Verint,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=internal,DC=company,DC=com" />
  <Attribute Name="internetEncoding" Value="1310720" />
  <Attribute Name="msExchRecipientDisplayType" Value="6" />
 </Contacts>

Below you will find the attribute name and descriptions for the Contacts object:

Attribute Name Attribute Description
EnableSyncContacts Possible values are true/false. Determines whether contact information should be synchronized between Community and the LDAP source.
ObjectClass Corresponds to the class in the Verint codebase that contains the contact information. This should not be modified unless you've changed the corresponding code using the SDK.
CommonName This value should correspond to the LDAP field where the common name is stored.

BaseDN

This value should correspond to the base distinguished name for the contacts object within your LDAP source.

Below you will find the attribute name and descriptions for the Attribute object: 

Attribute Name Attribute Description
Name The name of the contacts LDAP attribute to be set by the attribute tag.
Value The value of the attribute.

AttributeGroup

There are two AttributeGroup sections in the out-of-the-box LDAP.config document that you may desire to modify. The Attribute objects in these sections control which LDAP/Active Directory fields are available to users inside of Community Server.

Here is markup from the out-of-the-box LDAP.config file that shows what an AttributeGroup looks like:

 <AttributeGroup Name="Personal Information" Order="1">
  <Attribute Name="name" DisplayAs="Name" AccessLevel="ReadWrite" />
  <Attribute Name="mailNickname" DisplayAs="Email Alias" AccessLevel="ReadOnly" />
  <Attribute Name="streetAddress" DisplayAs="Address" AccessLevel="ReadWrite" />
  <Attribute Name="l" DisplayAs="City" AccessLevel="ReadWrite" />
  <Attribute Name="st" DisplayAs="State" AccessLevel="ReadWrite" />
  <Attribute Name="postalCode" DisplayAs="Zip Code" AccessLevel="ReadWrite" />
  <Attribute Name="c" DisplayAs="Country/Region" AccessLevel="ReadWrite" />
  <Attribute Name="telephoneNumber" DisplayAs="Telephone Number" AccessLevel="ReadWrite" />
  <Attribute Name="mobile" DisplayAs="Mobile Number" AccessLevel="ReadWrite" />
 </AttributeGroup>

The AttributeGroup object has the following attributes:

Attribute Name Attribute Description
Name The name of the attribute will be used as the tab name in the user profile.
Order The order value controls the order in which the tabs will be displayed in the user profile. This must be a unique value across all AttributeGroups.

The Attribute object has the following attributes:

Attribute Name Attribute Description
Name The name of the LDAP field being used.
DisplayAs The text that will be shown to users in Community Server.
AccessLevel The value controls whether the user can read or edit the value in the user profile. Default = ReadOnly

Read/write functionality requires an LDAP service account with read/write permissions.

You can customize the LDAP fields that Community Server displays in the user profile, and you can add or remove items or whole groups of items if you desire. For example, perhaps your organization relies heavily on instant messaging (IM) and your employees change their IM addresses on occasion. You might consider creating an "IM" profile group in the user profile so users can update their IM addresses and view the IM addresses of others in your organization:

First, you would need to create an AttributeGroup that looks something like this:

 <AttributeGroup Name="IM" Order="3">
 </AttributeGroup>

The markup above will create a tab in the user profile with the label "IM". Since there are two AttributeGroups defined in the out-of-the-box LDAP.config file, we would set the Order to "3" so it will be the third tab in the user profile.

Next, we need to add the IM address fields for each of the IM services that the employees use regularly. The markup might look like this:

  <Attribute Name="msn" DisplayAs="MSN" AccessLevel="ReadOnly" />
  <Attribute Name="AOL" DisplayAs="America Online" AccessLevel="ReadWrite" />
  <Attribute Name="icq" DisplayAs="ICQ" AccessLevel="ReadWrite" />
  <Attribute Name="Yahoo" DisplayAs="Yahoo!" AccessLevel="ReadWrite" />

The first object has an AccessLevel of "ReadOnly". This means that users will not be able to update this value in the user profile; they will be able to view the value.