Documentation Center

Configuring Directory Services

You can set the directory services configuration settings, to enable the Content Manager to correctly identify any number of LDAP servers and perform the required queries, in the Directory Services section of SDL Tridion Content Manager configuration.

Procedure

  1. Start the MMC Snap-in by selecting Programs > SDL Tridion > SDL Tridion Content Manager configuration in the Microsoft Windows Start menu.
  2. Navigate to the Directory Services section.
  3. Select Directory Services and choose New Directory Service from the context menu.
    The Add Directory Service dialog opens.
  4. Fill in the following fields:
    Directory Service Name
    The name that Content Manager uses to identify a set of configuration values that represent an LDAP server and its contents. This name identifies the location of the users and forms part of the necessary information to configure a mapping between an LDAP group and a Content Manager User Group.
    Directory Server Name
    The DNS (host) name or IP address of the LDAP server. If you wish to use LDAP over SSL, this must be a fully qualified name.
    Port
    The port number (typically 389 for LDAP, 636 for LDAPS).
    Use SSL
    Select this option if you want a secure connection to the LDAP server. Note that this requires a fully qualified name of the LDAP server.
    Search account DN
    The DN for the LDAP administration user.
    Search account Password
    The LDAP administration user password.
    Username attribute
    The attribute of a user's entry in the LDAP server that identifies the identity provided by the user when logging in (for example, on an iPlanet server, this would be uid).
    User description attribute
    The attribute on the LDAP server that you want to use as a description on the Content Manager server. This is only relevant if you use group sync, however, a value must appear in this field.
    Users base DN
    The base of the subtree search that should be performed.
    Group base DN
    The base of the subtree search that should be performed.
    Group Unique Member attribute
    The multivalued attribute of the group entry in LDAP which contains the distinguished names of the users who are members of that group. For example, on iPlanet this attribute has the value uniqueMember.
    Domain separator
    The character used by this directory service as domain separator (':' is a typical value). This character cannot be any uppercase or lowercase letter, any digit, or a tab (\t), carriage return (\r) or newline (\n) character.
    User filter
    Use this optional property to filter out non-physical 'users' such as printers or computers by settings it to a value such as (sAMAccountType=805306368)
    Additional attributes
    Use this optional property to specify additional claim set properties of a user. This setting is for future use, possibly by add-on products. Content Manager ignores this setting for now.
  5. Click OK.
  6. Select GroupSync Enabled to enable group synchronization.
  7. Restart IIS and COM+ to ensure updated settings are used—for performance reasons, the processes that use the MMC Snap-in settings cache them in memory.