Using LDAPCONF
To use LDAPCONF:
| • | the iProcess Engine must be running if there is a requirement to synchronize the user data. Otherwise, the iProcess Engine does not need to be running. |
You can either use LDAPCONF interactively from a menu, or issue LDAPCONF commands directly from a command line.
LDAPCONF Menu
To start LDAPCONF for interactive use, run the following:
| • | if you are using Windows, run SWDIR\util\ldapconf.exe |
| • | if you are using UNIX, run SWDIR\util\ldapconf |
The LDAPCONF menu is displayed, as shown .
=====================================================================
TIBCO iProcess LDAP Connection Administration Utility
Copyright (c) 2001-2020 TIBCO Software Inc.
=====================================================================
[1] Set Connection Information
[2] Set Search Parameters
[3] Set Attribute Mappings
[4] Group Membership in MEMBER LIST format
[5] View Connection Information
[6] Test Connection
[7] Return to LDAP DIT
[8] Save
[9] Synchronise
[10] Enable Attribute Value Translation from UTF-8
[11] Quit
Please enter your selection:
Type in the number of the option you want to select and press ENTER:
| • | Depending on the option you choose, information or prompts for further input are displayed. |
| • | If a prompt has a default option available, it is shown in brackets at the end of the prompt. For example: |
Enter the LDAP attribute for the iProcess Username (cn):
To accept the default option for a prompt, simply press ENTER.
The following table summarizes the available options:
|
Option |
Description |
|
|
1. |
Set Connection |
Set up the connection between the LDAP server and the iProcess Engine. See Setting up the Connection. |
|
2. |
Set Search Parameters |
Define where to start searching the LDAP directory for iProcess users, and any filter criteria to use in the search. See Defining Search Criteria. |
|
3. |
Set Attribute Mappings |
Define which LDAP directory attributes will be mapped to which iProcess properties. See Mapping LDAP Directory Attributes to iProcess Properties. |
|
4. |
Group Membership in MEMBER LIST / LDAP DN format |
Define whether LDAPCONF should read the value of an LDAP <GROUPUSERS> directory attribute as a list of iProcess user names, or as a list of LDAP Distinguished Names (DN). See Defining Group Membership. |
|
5. |
View Connection |
View the current connection information, search parameters and attribute mappings. See Viewing Configuration Settings. |
|
6. |
Test Connection |
Test the connection to the LDAP server, the search parameters and attribute mappings. See Testing the Interface |
|
7. |
Return to LDAP DIT |
Configure the iProcess Engine to obtain its user data either from its own database or from the LDAP directory. See Synchronizing iProcess User Data with the LDAP directory. |
|
8. |
Save the current connection information, search parameters, attribute mappings and LDAP_DIT flag setting to the iProcess database. If the encrypted file SWDIR\util\swldap (used by previous versions of the LDAPCONF utility) exists, it is deleted. You must run this command when upgrading your iProcess Engine from a version prior to version 11.0. See Upgrading iProcess. Note: This option is not available from the command line. |
|
|
9. |
Synchronize |
Synchronize the iProcess Engine’s user data with the contents of the LDAP directory. See Configuring iProcess to Obtain User Data from the LDAP Directory. Note: Make sure that the iProcess Engine is configured to obtain user data from the LDAP directory before using this option. It has no effect otherwise. |
|
10. |
Defines whether attribute values are translated from UTF-8 format to the iProcess Engine’s locale when they are downloaded from the LDAP server. See Setting up the Connection. Note: This option is intended for use with LDAP servers that store directory information internally in UTF-8 format. |
|
|
11. |
Quit |
Quit from LDAPCONF and return to the command prompt. |
LDAPCONF Commands
LDAPCONF Commands describes the commands which you can issue directly to LDAPCONF from the command line.