Directory Synchronisation

Content Directory Synchronisation provides an integration with LDAP-based directory services (Lightweight Directory Access Protocol). LDAP server entries are arranged in a hierarchical structure that could reflect political, geographic, organizational, or domain boundaries. Corporate personnel structures, in the form of user and group entries, can be automatically synchronised to Content Manager, in the form of group locations and their members.

Directory Synchronisation can be performed periodically by a dedicated event process, or it may be run interactively within Content Manager. When run interactively, Directory Synchronisation can be performed in live or dry-run modes, and can be used as a once-off import tool to populate newly created datasets.

When configuring Directory Synchronisation, it is recommended that the user utilize a dedicated LDAP browser, in order to examine the LDAP directory, its structure and any attributes that are of particular interest.

Content Manager locations have several properties that describe their directory synchronisation status:

  • LDAP Synch Distinguished Name – Distinguished Name (DN) of the LDAP entry the location is synchronised from.
  • LDAP Synch Enabled – whether synchronisation is enabled for the location.
  • LDAP Synch Date Last Updated – when the locations were last synchronised.

A synchronised location is a Content Manager location with a valid LDAP Synch Distinguished Name property, and for which LDAP Synch Enabled is set to True.

Directory Synchronisation algorithm

When running a synchronisation, the Directory Synchronisation tool proceeds in 5 stages:

  1. Run user-specified LDAP group searches, and create or update the corresponding locations in Content Manager.
  2. Run user-specified LDAP user searches, and create or update the corresponding locations in Content Manager.
  3. For all synchronised Content Manager locations not encountered in stages 1 or 2, synchronise the location with the relevant LDAP entry.
  4. For all LDAP relationships within the set of synchronised LDAP entries, add corresponding associations in Content Manager.
  5. Remove any Content Manager associations within the set of synchronised locations, that are not present as relationships in the LDAP directory.

Directory Synchronisation logging

The Directory Synchronisation tool produces a log file with details of all synchronisation activity. The log file is stored in the Content Manager server logs directory, e.g. C:\Micro Focus Content Manager\ServerLocalData\Log\LDAPSync_2016_12_19.log.

When Directory Synchronisation is run interactively, the user interface will specify the location of the current log file, and log messages will also be displayed in the user interface.

Synchronisation of a Content Manager location with a LDAP entry

The Directory Synchronisation tool allows the Content Manager administrator to configure a set of rules that are applied to each LDAP entry taking part in the synchronisation. Rules are used to set properties on the Content Manager location. Rules can apply unconditionally, or can be configured to apply conditionally, based on pattern matching against LDAP attributes. Rules can also be configured to synchronise LDAP entries to pre-existing unsynchronised Content Manager locations.

For more information on configuring rules, see LDAP Mappings tabs.

Deactivation of Content Manager locations

Synchronised Content Manager locations are deactivated if any of the following conditions hold true:

  1. The LDAP entry the location is synchronised from, is no longer present.
  2. For Active Directory-based directories - if the LDAP entry is marked as disabled or expired in Active Directory.

When deactivating a Content Manager location, the "Enable Network Login" property is set to False, and the Active To date is set to the current date.

You can access the Directory Synchronisation tool in  Content Manager on the Administration - Setup ribbon. The LDAP Server Configurations dialogue box is displayed.

When running Directory Synchronisation functionality interactively, the Synchronisation Progress dialogue will be displayed.

Sample Configuration

The Content Manager installation provides a sample Directory Synchronisation configuration file, for an Active Directory based directory. This file is named ‘AD Directory Sync Example.xml’, and by default is installed to the ‘C:\Micro Focus Content Manager\Standard Data\DirSync’ location.