Advertising banner:
 
 
 L5000
 
81203_43840_19.png


About FCDS
If your organization uses an LDAP server to maintain users, you can take advantage of FirstClass Directory Services (FCDS) to share Directory maintenance with FirstClass. FCDS is an optional component of FirstClass that allows you to:
•       administer the FirstClass Directory from an external LDAP V.3 server (LDAP server)
•       use an LDAP V.3-enabled client (LDAP client) to see a structured, hierarchical (tree) view of the FirstClass Directory
•       use an LDAP server to authenticate users when they try to log into FirstClass.
81203_42521_14.png        Notes
FCDS only runs on Windows machines. The FirstClass server can be running on any operating system.
We assume that you are familiar with LDAP concepts such as hierarchies and naming conventions. If you aren't, your organization's LDAP server administrator can help you. You will need to work closely with this administrator anyway, to ensure that the FirstClass environment is set up to work properly with the LDAP server.
FCDS sits between the FirstClass server and the LDAP server. It can be installed on the same machine as the FirstClass server or a separate machine. FCDS can replicate information between the two servers, as in this diagram:
11172003_51541_0.png

If the machine on which FCDS is running stops, FCDS will simply pick up where it left off, after you restart the machine.
81203_42521_14.png        Note
If this happens, we recommend that you do a full directory synchronization. Some external LDAP servers only replicate changes as they happen, so any updates to the FirstClass Directory attempted during the outage will be lost.

What FCDS supports
FCDS can work with:
•       these LDAP V.3 servers:
•       Sun Microsystems iPlanet Directory Server
•       Microsoft Active Directory
•       OpenLDAP (SLAPD) Directory Server
•       LDAP V.3-enabled clients
•       the following FirstClass Directory content:
•       regular users
•       remote users
•       remote names
•       public mail lists
•       organizational units
•       LDAP Data Interchange Format (LDIF) files.
The following objects are replicated:
LDAP                                                    FirstClass Directory
object class                                    entry type
organizationalPerson                    regular/remote user
person                                                  remote name
organizationalUnit                      organizational unit
groupOfNames                            public mail list
groupOfUniqueNames              public mail list
The following information is replicated:
LDAP                                                    FirstClass Directory
attribute                                               entry information
surname                                         last name
commonName                              first initials last
givenName                                       first name
initials                                                        initials
telephoneNumber                 telephone
facsimileTelephoneNumber        fax
postalAddress                           address
userPassword                                    password
organizationalUnitName          group (org. unit) name
mail                                                    alias
userid                                                  user ID
member                                          mail list entry
uniqueIdentifier                                client ID
uniqueMember                            mail list entry
associatedDomain                        group (org. unit)
                                                                   domain name
The following LDAP V.3 commands are supported:
•       ADD
•       DELETE
•       MODIFY
•       SEARCH.
The following restrictions apply to the SEARCH filter:
•       only the following LDAP attributes are searchable:
•       commonName
•       givenName
•       mail
•       surname
•       uniqueIdentifier
•       userid
•       all FCDS-supported object classes are searchable
•       requested return attributes can be any FCDS-supported attributes
•       the APPROXIMATE and EXTENSIBLE filters aren't supported
•       the GTE and LTE filters for numeric values aren't supported.
The command CHANGE RDN isn't supported. This can create a problem in slave mode if the external LDAP server changes an entry's RDN. FCDS won't detect this change to an existing entry, and the two directories won't be in sync. To solve this problem, you can do one of the following:
•       force a full directory synchronization
•       avoid changing RDNs on the external LDAP server.
Instead, delete the entry, then create a new one with the updated RDN.


Restrictions on duplicate names
There are no restrictions for duplicate user names. If these names appear in different organizational units, they will appear in different parts of the tree view, making them more distinguishable than in the traditional FirstClass Directory view. Because FCDS maintains the tree view by user ID as well as by name, there can also be duplicate user names in the same organizational unit.
We don't recommend duplicate public mail list names. FCDS treats public mail lists differently from users, because public mail lists aren't located in the Directory, but rather in the Mail Lists folder. Duplicate public mail list names will only work in certain circumstances in FCDS' standalone mode.


hirosue Shino Web Site