Authenticated users usually have access to User DN attributes in the LDAP database. If user information retrieval is enabled and User DN attributes are accessible to the authenticated user, Teamwork Server retrieves their values and sets them for the corresponding external users.
If the Simple User+Password authentication type is enabled (either by using a static User DN template or by querying the LDAP server(s) for User DN), the User DN is retrieved in the same way. This connection is further reused for retrieving user information when the user logs in to the LDAP server.
Teamwork Server creates an external user with the login name specified by the user upon authentication if the user information retrieval is disabled or User DN attributes are not accessible to the authenticated user.
Teamwork Administrator’s Console, LDAP Integration tab. User Data Retrieval Settings
User Data Retrieval Settings are described in the following table:
| Setting Name | Description |
|---|---|
| User DN Attribute-to-Full Name Mapping | After a specific User DN is found, the name of a local user created on the authentication is generated using the Full Name Mapping template for this User DN. The Full Name Mapping template supports placeholders in the form of $(attribute), where attribute is an attribute of DN. An example: $(cn) $(sn) This will form the Name of the created user out of two LDAP attributes - cn and sn. |
| Settings that are active when the Use User DN template is selected. | |
| User DN | User DN specifies a template used to search for a specific DN by the supplied login name. An example: cn=$(login), dc=example, dc=com |
| Settings that are active when the Retrieve User DN by using an LDAP query is selected. | |
| Query | An LDAP query for retrieving User DN, for example: sAMAccountName=$(login) $(login) is a username a user types when connect to a server from the modeling tool. aSAMAccount is used for authorization to Windows OS and Active Directory as a directory service is set by default. You need to contact your system administrator if other OS or parameters are used. |
| Search Base | DN where the searching should begin, for example: dc=example,dc=com |
| Search Scope | Specifies whether the search must be restricted to the directly owned DNs only or performed in the whole subtree. Choose one of the following options:
|