Options and Schedule Element
Author: Collin VanDyck
<options>
<user-requirements> is an optional sub-element that directs what constitutes a valid user from the LDAP installation. Based on the policies (below) described, the migration tool will pull out individual users from the LDAP installation. Each user will have the ability to have 1) username, 2) email address, and 3) full name pulled from the LDAP installation. The user-requirements element allows the integrator to specify that the email and full name fields are not required to be drawn. The defaults for these items are true.
<is-enabled>yes</is-enabled>
this element specifies whether the LDAP system should function in its present state as defined by the configuration file. If it is desired to turn off the LDAP functionality, one may leave the configuration file present and simply set is-enabled to 'no', or 'false'.
<automatic-synchronization>no</automatic-synchronization>
this element specifies whether or not the LDAP tool should start automatically on a schedule, specified below.
<orphaned-ldap-users>remove</orphaned-ldap-users>
for any users in the content management system that are not part of the LDAP install, the system may take one of the following actions:
- ignore - does nothing
- remove - deletes user from the system
- deactivate - leaves user intact, but that user cannot log in.
The <server> element specifies connection-related information of the machine that is hosting the LDAP installation. It contains several subelements:
- ldap-version - This may be either 2 or 3. Will usually be 3.
- hostname - The TCP/IP hostname of the server on which the LDAP installation is running.
- port - The TCP/IP port of the server on which the LDAP installation is running. Will typically be 389.
- security - Contains username and password elements that are necessary to bind to the server so that the migration tool is able to query the directory.
Note that the username element must be a fully qualified Distinguished Name (DN). - auth-type - For users that are specified in a policy (below) to actively authenticate against an LDAP installation, the auth-type element specified what kind of authentication should be performed.
This should either be ‘simple’ or ‘Digest-MD5’.
The <report> element allows the integrator to have an email summarizing each migration sent to an email account.
<schedule>
The <repeat-every> element specifies, if automatic-synchronization is enabled, the number of time units that will pass in between automatic synchronizations.
The <repeat-time-unit> specifies the length of each time repeat-every time unit. This may be minutes or hours or days.
For versions 4.1 and above, the following <binding> element may be added under the <server> element:
This is the default binding that Cascade Server uses and performs normal LDAP binding without encryption for purposes of authentication and user migration. Cascade Server also provides an SSL binding functionality.