External users are “normal” users from a LDAP repository, but marked as an external.
There are some restrictions in what external users can do and see
- They can Search, but not on public data
- They can only see Communities and Files where they are added to.
- They can see limited information in the Community and Business card.
1 Create a separated TDI folder
I use i my example a dedicated LDAP repository for the external users TDI sync.
For the internal users i use the following TDI folder /opt/IBM/tdisol_internal
I copied that folder into a new one called /opt/IBM/tdisol_external
2 Edit map_dbrepos_from_source.properties in the external folder
mode={func_mode_visitor_branch}
3 Edit profiles_tdi.properties
source_ldap_url_visitor_confirm=ldap://<ldap_server>:389
source_ldap_search_base_visitor_confirm=ou=external,o=organization ( please fill in your information )
source_ldap_search_filter_visitor_confirm=(&(objectclass=inetOrgPerson))
source_ldap_search_base=ou=external,o=organization ( please fill in your information )
source_ldap_search_filter=(&(objectclass=inetOrgPerson))
source_ldap_urlldap://<ldap_server>:389
!!!!!! The lines beneath must be altered in both TDISOL folders ( internal & external ) otherwise users will become inactive using sync_all_dns.sh
sync_source_url_enforce=true
sync_source_url_override=false
4 Edit map_dbrepos_from_source.properties
displayName={func_decorate_displayName_if_visitor}
displayNameLdapAttr=cn
decorateVisitorDisplayName= – ExternaL User
5 Run collect_dns.sh
Check if the users are added to the collect.dns file
6 Run populate_from_dn_file.sh the first time
When collect.dns contains the correct users, you can populate the users.
7 Run sync_all_dns.sh for syncing
Use this script for syncing the users; adding, inactivation, changes
Views: 318