Small company logo:
   History
 
Advertising banner:
 
 38
Home • Help • Form • 38
 
Form tabs
Replication
Use this form to configure FirstClass Directory Services (FCDS).



General tab
Use this tab to specify information concerning:
•       general setup
•       the FirstClass administrator.


General setup
Operation mode
The operating mode for FCDS.
Directory root DN
The DN that you want FCDS to use as the root (highest level) of the FirstClass Directory's tree view.
Example:
ou=Administration,o=Husky Planes,c=CA
This is normally the same as the external LDAP server's root DN. If you only want to replicate a subtree of the external LDAP server's directory, type the DN that represents the root of that subtree.
LDAP port
The LDAP port number on the machine that is running FCDS.
FPP port
The FirstClass Provisioning Protocol port number on the FirstClass server.
FirstClass subadministrator
User ID
Your FirstClass subadministrator user ID.
Password
Your FirstClass subadministrator password.
FirstClass server platform
Machine platform
2102006_35208_0.png Only required for pre-9.1 versions of FCDS.
The operating system of the machine on which the FirstClass server is installed.




Users tab
Use this tab to specify information concerning:
•       the use and creation of user aliases
•       the creation of LDAP user distinguished names (DNs).


FirstClass SMTP user aliases
By default, FCDS creates an SMTP user alias for any user who doesn't already have an alias. This alias takes the form you specify here.
81203_42521_14.png        Exception
FCDS won't create SMTP user aliases for remote names.
Use alias from UIF if present
Uses the first valid SMTP address encountered in the "Mail aliases" field on the User Information form (UIF).
If there is none, and you also select "Generate SMTP user aliases", this field also tells FCDS to use the first name encountered at "Mail aliases" when generating the alias.
Generate SMTP user aliases
Generates aliases if no valid SMTP user aliases exist on the UIF, or you didn't select "Use alias from UIF if present".
If there is no "Mail aliases" information on the UIF at all, FCDS uses the elements you specify below to create the aliases.
If you select neither "Use alias from UIF if present" nor "Generate SMTP user aliases", FCDS won't have any SMTP user alias information.
Generate name from
First and last name
Generates the name portion of the alias from the user's first name, then the user's last name.
Resulting alias: first separator last@domain
Last and first name
Generates the name portion of the alias from the user's last name, then the user's first name.
Resulting alias: last separator first@domain
User ID
Generates the name portion of the alias from the user's user ID.
Resulting alias: user_id@domain
Separator character
Specifies the character to use between name elements (first, last, and initials).
Use initials
Adds the user's initials to the end of the name portion of the alias. The initials aren't edited, so will include any periods that were entered.
Resulting alias: first separator last separator initials@domain
or
last separator first separator initials@domain
Domain
The domain name to use for the creation of user aliases. This domain name is used if the highest organizational unit for that user doesn't have a domain name.
External SMTP user aliases
Don't replicate external SMTP user aliases
The default state (cleared) replicates external SMTP user aliases to the "Mail aliases" field on the UIF. The information in this field can determine the alias that FCDS will use, as described above.
LDAP user DNs
DN naming attribute
The naming attribute to be used for the creation of LDAP user DNs.
In slave mode, this must be the same as that used by the external LDAP server.
In authentication only mode, if you choose CommonName (cn), be aware that the cn will be the FirstClass user ID, because that is the only information passed to FCDS from the FirstClass server. You can choose this when the user ID and cn are the same (for example, in some Active Directory installations where cn is the required naming attribute for LDAP BIND, and matches the FirstClass user ID).



Replication - Setup tab
Use this tab to specify basic replication options.


General replication setup
Replication mechanism
How replication will be performed in slave or master-slave mode:
External LDAP Server's Standard
Uses the external LDAP server's replication method.
Generic LDAP Replicator
Uses FCDS' Generic LDAP Replicator.
This uses time stamp-based LDAP search queries to detect changes in the external LDAP directory, then updates the FirstClass Directory to match.
Enable delete
Truly deletes from the FirstClass Directory any "deleted" entries.
By default, FCDS unlists these entries, moves them to the DS Deleted group, and renames them using their client IDs, to free up their old user IDs.
Postal address is single LDAP attribute (postalAddress)
Select this if the postal address on your LDAP server is always the single attribute postalAddress.
This will speed up replication, because FCDS won't try to build the postal address from LDAP composite address attributes.
If this is cleared, the postal address will be built from the LDAP attributes: street, localityName, stateOrProvinceName, postalCode, countryName, and/or countryFriendlyName.
CommonName (cn) attribute is always in sync with name components
Select this if the cn attribute on your LDAP server is always made up of the name components: first, last, and initials.
This will speed up replication, because FCDS will skip resyncing the cn attribute during a full directory synchronization.
Show/replicate
For standalone mode, select the information you want the FirstClass Directory LDAP tree view to show.
For slave or master-slave mode, select the information you want FCDS to replicate.
"User details" consist of: phone, fax, and postal address.
Correlator setup
The correlator attribute and type is used to uniquely identify an entry on the external LDAP server, and detect if its DN has changed. It is needed so that scanning replicators (such as Microsoft Active Directory (Active Directory) and FCDS' Generic LDAP Replicator) can find entries on the external LDAP server without using the DN. This allows replicators to:
•       get the actual cn attribute value at startup (FCDS doesn't hold cn values)
•       detect when an entry has moved, and generate a MODIFY DN command.
Correlator attribute
Generally "userid" or "uid". For Active Directory, we recommend "objectGUID".
Correlator attribute matching rule
Specifies the correlator type for this attribute.




Replication - Scheduling tab
Use this tab to schedule the Generic LDAP Replicator. Only fill in these fields if you chose Generic LDAP Replicator at "Replication mechanism".


Scan external directory for changes every
The number of minutes the Generic LDAP Replicator will wait before rechecking the external LDAP server's directory for changes.
Check for deleted entries
When to check for entries that have been deleted from the external LDAP server's directory. FCDS can check either once a day or at intervals.
For large directories, this operation may lock up FCDS for a long time, because every entry in the FirstClass Directory has to be checked against the external directory. For this reason, we recommend that you balance your installation's size and needs against the frequency with which you make FCDS scan for deleted entries.
Enable and start replication at system startup
2102006_35208_0.png Mainly applies if you are running FCDS as a Windows service.
Makes FCDS automatically start syncing after the FCDS machine is restarted/reset.



Replication - Advanced tab
Use this tab to specify advanced replication options. These may not be necessary in your environment.


Remote users
Remote user attribute
An attribute on the external LDAP server that can be used to identify who should be created as remote users on the FirstClass server.
Remote user attribute value
The value of this attribute that is shared by all users to be created as remote users on the FirstClass server.
Remote names
Remote name gateway
The name of the Internet gateway you want FCDS to use when creating a remote name.
This is the gateway through which all remote names are routed.
Remote name object class
The LDAP object class which identifies remote names on the external LDAP server.
Use this field if you want to specify a different object class for contact entries than the default value of top objectClass=person.
For Active Directory, use "contact".
Connection type
Use secure connections (SSL) for replication
Uses SSL connections when replicating.




Replication - Last Update tab
This tab displays information that is updated by FCDS after every replication.
Hi-water-mark is the USN (Universal Serial Number) or CSN (Change Sequence Number) that is incremented each time an entry on the external LDAP server is updated.
FCDS stores the highest USN/CSN found when it replicates these data categories:
•       organizational units
•       users
•       contacts
•       mail lists
•       deleted items.
FCDS uses this information for the next time it replicates, to determine what needs updating on the FirstClass server. For each of the categories above, the external LDAP server is asked to send all entries with a USN/CSN that is higher than the stored value.
81203_42935_18.png        Tip
If you need a normal sync and a full directory sync to be the same, you can manually change these values to zero. In this case, all entries are retrieved and updated.



Authentication tab
Use this tab to specify information concerning:
•       types of logins to allow
•       FirstClass login authentication
•       external LDAP server authentication (remote authentication).


FCDS authentication and security
Allow anonymous login
Allows anonymous logins to FCDS by external connections.
Use secure connections (SSL)
Uses external SSL connections to FCDS.
If you select this field, supply your SSL port number and certificate file name.
SSL port
The SSL port number on the machine that is running FCDS.
Certificate file name
The name of the certificate file that you want FCDS to use for secure connections.
FirstClass login authentication
Authentication method
What will authenticate logins to the FirstClass server:
FirstClass Secure
The FirstClass server will authenticate logins.
Remote
The external LDAP server will authenticate logins for all users in slave mode and all remote users in master-slave mode.
The FirstClass server will negotiate with the client to get the encrypted login credentials.
You must use this method in authentication only mode.
External LDAP server authentication
Authentication mechanism
How users will be authenticated when authentication is remote:
LDAP BIND
The standard LDAP BIND command will be issued.
FCDS will use the user ID and password to find the user in the LDAP tree, and obtain the DN needed for the BIND command.
LDAP BIND to Authentication Root DN
2102006_35208_0.png Only applies if the external LDAP server's root DN is different from the FirstClass Directory root DN you specified on the General tab.
If you choose this, supply the external LDAP server's root DN at "Authentication root DN". FCDS will use this root DN to construct users' DNs for authentication on the external LDAP server.
Microsoft Active Directory Login
If your external LDAP server is Active Directory, you can choose this instead of LDAP BIND.
In this case, the user ID and password will be used directly as Active Directory login credentials.
Authentication root DN
2102006_35208_0.png Only applies if you chose LDAP BIND to Authentication Root DN at "Authentication mechanism".
The external LDAP server's root DN.
Authentication filter
2102006_35208_0.png Only applies if you chose either of the LDAP BIND options at "Authentication mechanism".
The LDAP search filter to use for remote authentication.
The filter must be an RFC 2254-compliant text filter. A example filter is
(!(studentStatus=suspended))
which means the student status is not suspended.
If the search result is true (in the example above, the user trying to log in is not suspended), the user is authenticated.
Use secure connections (SSL) for external authentication
Uses SSL connections with remote authentication.



LDAP Server tab
Use this tab to specify information concerning:
•       the external LDAP server
•       any LDIF file that you want to import to the FirstClass Directory.


Server identification
Server address
The IP address or domain name of the external LDAP server.
LDAP port
The LDAP port number on the external LDAP server.
LDAP SSL port
2102006_35208_0.png Only applies if you will use SSL connections to replicate or authenticate remotely.
The SSL port number on the external LDAP server.
Login DN
The login DN on the external LDAP server.
Login password
The login password on the external LDAP server.
Type
The type of external LDAP server.
For OpenLDAP, choose Generic.
For other server types not documented here, try Generic. Certain other server types may work with this setting.
LDIF import
2102006_35208_0.png Only fill in this section if you want to import entries to the FirstClass Directory using an LDIF file.
LDIF file
The full path and name of the LDIF file that you will be importing to the FirstClass Directory.
For more information