When ExtraView is configured to work directly to an LDAP server, the following functions are enabled, all without any need for custom programming within ExtraView:
In the configuration file of the application server (Configuration.properties), there is a parameter named LDAP_FIELDS. These are the meta-names of the mappings to be used with LDAP. These must be comma separated, listed on one line.
The following fields are mandatory and must be provided as the fields for the upsert operation:
| LDAP_FIELDS = | LDAP_PRIMARYKEY, |
| LDAP_SURNAME, | |
| LDAP_GIVENNAME, | |
| LDAP_COMMONNAME, | |
| LDAP_EMAIL, | |
| LDAP_STREET, | |
| LDAP_CITY, | |
| LDAP_STATE, | |
| LDAP_POSTALCODE, | |
| LDAP_COUNTRY, | |
| LDAP_PHONE |
Other fields may be added. They should follow the same naming convention. These represent the fields for which information will be retrieved. For example, you might add more fields such as:
| LDAP_MOBILE, | |
| LDAP_PAGER, | |
| LDAP_COMPANYNAME, | |
| LDAP_DEPARTMENT, | |
| LDAP_TITLE | |
| LDAP_ADDITIONAL_EMAIL | |
| LDAP_ADDRESS_LINE2 | |
| LDAP_PHONE | |
| LDAP_HOME_PHONE | |
| LDAP_COMPANYNAME | |
| LDAP_FAX | |
| LDAP_USER_DEFINED_1 | |
| LDAP_USER_DEFINED_2 | |
| LDAP_USER_DEFINED_3 | |
| LDAP_USER_DEFINED_4 | |
| LDAP_USER_DEFINED_5 | |
| LDAP_USER_DEFINED_6 | |
| LDAP_USER_DEFINED_7 | |
| LDAP_USER_DEFINED_8 | |
| LDAP_USER_DEFINED_9 | |
| LDAP_USER_DEFINED_10 |
These fields are mapped with a 1:1 relationship, similar to the following example:
| LDAP_PRIMARYKEY | = | employeenumber |
| LDAP_SURNAME | = | sn |
| LDAP_GIVENNAME | = | givenname |
| LDAP_COMMONNAME | = | cn |
| LDAP_EMAIL | = | |
| LDAP_STREET | = | street |
| LDAP_CITY | = | l |
| LDAP_STATE | = | st |
| LDAP_POSTALCODE | = | postalcode |
| LDAP_COUNTRY | = | postaladdress |
| LDAP_PHONE | = | telephonenumber |
| LDAP_MOBILE | = | mobile |
| LDAP_PAGER | = | pager |
| LDAP_COMPANYNAME | = | displayname |
| LDAP_DEPARTMENT | = | department |
| LDAP_TITLE | = | title |
There can be more than one ExtraView field mapped to an LDAP_FIELD. You must prefix the name of the LDAP field meta-name with the characters EV_. For example, LDAP_PRIMARYKEY becomes EV_LDAP_PRIMARYKEY. You should separate multiple values with a comma.
| EV_LDAP_PRIMARYKEY | = | USR_ID |
| EV_LDAP_SURNAME | = | USR_LNAME |
| EV_LDAP_GIVENNAME | = | USR_FNAME |
| EV_LDAP_COMMONNAME | = | USR_NAME |
| EV_LDAP_EMAIL | = | USR_EMAIL |
| EV_LDAP_STREET | = | |
| EV_LDAP_CITY | = | USR_CITY |
| EV_LDAP_STATE | = | USR_STATE |
| EV_LDAP_POSTALCODE | = | |
| EV_LDAP_COUNTRY | = | |
| EV_LDAP_PHONE | = | USR_PHONE,USR_PHONE2 |
| EV_LDAP_MOBILE | = | USR_MOBILE |
| EV_LDAP_PAGER | = | |
| EV_LDAP_COMPANYNAME | = | |
| EV_LDAP_DEPARTMENT | = | USR_DEPT |
| EV_LDAP_TITLE | = |
Ensure each of these is placed on ONE line:
This is a comma-separated list of ExtraView field names that are to be filled in on add screens, from values in the LDAP, and based on a search for a user. Example:
ADD_SCREEN_LDAP_FIELDS = USR_NAME, USR_TITLE, USR_DEPT, USR_EMAIL, USR_PHONE, USR_PHONE2, USR_MOBILE, USR_FAX, USR_CITY, USR_STATE, USR_BUILDING
This is a comma-separated list of ExtraView field names that are to be filled in on edit screens, from values in the LDAP, and based on a search for a user. Example:
EDIT_SCREEN_LDAP_FIELDS = USR_NAME, USR_TITLE, USR_DEPT,USR_EMAIL, USR_PHONE,USR_PHONE2
This is a comma-separated list of ExtraView field names whose values are to be used as the search key for filling the field values on the add or edit screens. Example:
LDAP_USER_FIELD_NAMES = USR_NAME, USR_TITLE
If you specify YES, then when each user signs in to ExtraView, the code will upsert that user’s information to the ExtraView user table, directly from the LDAP directory.
LDAP_UPSERT = YES
If LDAP_UPSERT is NO, a user will not be able to sign on to ExtraView if they have not already been added to the system. The default value for this behavior is YES, so new users will be upserted and will be signed on.
When you have configured your LDAP connection to ExtraView, and you click on the search icon by a user field, a popup allows you to search the LDAP directory for users and to return one or more user’s details into the form on the screen. It is sometimes useful to configure the fields used for the query.
This is accomplished with the LDAP_SEARCH_FIELDS property within the Configuration.properties file. This is a comma-separated list of LDAP field names. The LDAP search may be filtered by these additional attributes.
For example, entering the following on a single line within the Configuration.properties file:
LDAP_SEARCH_FIELDS = SURNAME,
GIVENNAME,
PRIMARYKEY,
PHONE,
COMPANYNAME
Extends the search for users on user pop-ups to use the PHONE and the COMPANYNAME fields in addition to the standard fields.
There is an optional field within the Configuration.properties files named LDAP_EDIT_FIELDS_CHANGE_ON_REFRESH. When there is a parent user field mapped to an LDAP field and this is placed on an edit screen and this field is set to a value of NO, the child fields that are mapped are not altered when the parent field is changed. This allows the values of a record on the LDAP server to be placed on an edit screen and not be altered once they have been read from the LDAP server. The default value for this property is YES, allowing the child fields to be refreshed when the parent is altered.
Some LDAP installations are configured to support User ID's that contain space characters. ExtraView does not support space characters within a User ID. It is considered bad practice to use User ID's that contain space characters. User ID's that contain space characters on the LDAP server cannot be mapped to User ID's in ExtraView.
If the Configuration.properties file contains the entry LDAP_UPSERT = YES, then you may specify which fields within ExtraView are updated with the upsert operation. The entry LDAP_UPSERT should be followed with an entry named UPSERT_LDAP_FIELDS. This will include all or a subset of the fields in the following list:
UPSERT_LDAP_FIELDS = LDAP_COMMONNAME, LDAP_GIVENNAME, LDAP_SURNAME, LDAP_EMAIL, LDAP_ADDITIONAL_EMAIL, LDAP_STREET, LDAP_ADDRESS_LINE2, LDAP_PHONE, LDAP_HOME_PHONE, LDAP_MOBILE, LDAP_PAGER, LDAP_COMPANYNAME, LDAP_POSTALCODE, LDAP_STATE, LDAP_CITY, LDAP_COUNTRY, LDAP_FAX, LDAP_USER_DEFINED_1, LDAP_USER_DEFINED_2, LDAP_USER_DEFINED_3, LDAP_USER_DEFINED_4, LDAP_USER_DEFINED_5, LDAP_TITLE
If the UPSERT_LDAP_FIELDS statement is not included then all the fields are assumed to be updated upon the upsert operation.
It is important that the connection from ExtraView to the LDAP server is extremely fast. A poor LDAP connection will introduce unacceptable performance problems into the environment. To guard against LDAP connections that do not return information in a timely manner, there are two timeouts:
TCP connection timeout. If there is general network slowness, there is a two-minute timeout period.
LDAP read timeout. This is set to one minute, and guards against a response not being received from the LDAP server. Note that Java 1.6 (or greater) is required for this timeout to work.
