Hi,
I would like some clarifications about the "guest" and "visitor" model on connections 7, I known that you can deploy a second ldap for visitor/guest, but not sure about how all the process work.
If I am not wrong, there was an asset on the past so user can request to be added as guest/visitor. It was basically and app that created the user on the ldap, so visitors can get access.. Is that asset still avaiable, is something (the visitor model) that comes out of the box with connections 7, or shoud I built my own application to deal with that ?
On SmartCloud, with guest model was very "transparent" for the end-user. If I am not wrong (not sure if I remenber correctly), when you want to share a file with an external visitor, you only had to add that user to the list of the allowed users... if the user did not exist before as guest, it was automatically invited by the system as a guest user.. something similar was happening with communities. Is that behaviour also possible on Connections 7 ?
Thks !!
Hi Andres,
I'm not sure what asset you're referring to, but there are two options available for guest users. These options are documented here:
https://help.hcltechsw.com/connections/v7/admin/admin/t_install_config_self-registration_for_external_users.html
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_external_user_script.html
If you have any questions about either of these configurations, please let us know.
Tony Dezanet
HCL Connections Support
Hi Andres,
A colleague pointed out to me that the self-registration feature documented in the first link that I posted had previously been an asset. It's now included with the core Connections installation starting in Connections 6.5.
Tony
Hi Andres,
take care when using the "Invite" Asset, as in the current version, it seems that it doesn't work with Active Directory.
As of the behavior for external Users, you have to "invite" or "create" the external User first, after that, the user can login, change his Profile and settings as well as upload some personal files. Only after the user is added/invited to a community, this user can access the community files and collaborate in the same community.
Only communities which are created with the flag "Allow External Access" can be used for inviting external users. As of now, there is no way to change this (via GUI), for communities which have been already created.
HTH
Milan
Milan,
I recently setup a new enviroment with Connections 7, and when I used the invite module, a mail is sent to that external user asking him to join connections. However, no further action is done. I mean, although the mail is sent, the user is not added to the LDAP automatically, neither it receives any mail with any link or action to be done to get added.
So, can you explain me wich one is the process to get users reciving the mail message added as guest users ? Should i do my own application to get ride of it and customize the mail to include that link to my own asset / application ? Is not that also included with connections ?
Hi Andres,
We detail how to customize the invitation notification here:
https://help.hcltechsw.com/connections/v7/admin/admin/c_admin_customize_self-registration_notifications.html
The invited user has to click a link in the mail to self register (it will take the user to a form to fill out), and upon submission, Connections writes to the LDAP directory based on the selfregistration-config.xml settings.
Thank you,
Michael Montani
HCL Support
Yes, I saw how to customize the message, but my question was more related to the process. Does the invitation module on connections ONLY send the message or it also has an app defined to help the user to get registered ?
I meant, withouth customization, the email is sent to the guest user, but it has no reference to any link to follow to progress on the registration and accept the invitation. I have the impression that there is not an app built out of the box on connections to accept self-register process. I just want to confirm.
Could you please confirm if you must create your own app to do the register of users, and customize the mail sent so includes a link to the customized app you have to develop on your own ?
Michael,
I discover which was the problem, and the root cause of my confussion. The problem is that the "Button" with the "Let´s Connect" and in fact, the registration link did not appear on the standar email sent. It is a problem related to Notes Client, if your customer has Notes as email client, the link does not appear.
If you use gmail instead, the link is there.
As we use mainly Notes for the testing, we though that the invitation process was not complete (due the lack of the registration link on the standar mail sent). That was the root cause of my understanding... Sorry about that.
Hi all,
The functionality included with Connections supports interaction with Active Directory and we have tested this setup in the support lab. We've noticed that after an account gets created, the AD admin will need to enable the account, but after that the account works as expected. Please let us know if there are any other questions or comments about this functionality.
Thank you,
Michael Montani
HCL Support
Hello,
try resetting a password via "Invite", this was also not working in our environment, the encryption Algorithm needed for Active Directory is no longer working.
Best regards,
Milan
Hi Milan,
I've successfully updated a user's password via the Reset Guest Password functionality on a lab system running 6.5 CR1 with Active Directory set as the external user repository. Since we would likely need to review your configuration files, we'd be happy to take a closer look at your setup via a support case if you'd like to pursue.
Thank you,
Michael Montani
HCL Support
Hello Michael,
are you using AD LDS or the full AD Domain Controller?
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/adam/what-is-active-directory-lightweight-directory-services
Which AD field are you using to set User Passwords?
Of course, we will be extremely thankful for any help.
The Case Number we have opened for this issue is "CS0183421".
Thank you in advance.
Best regards,
Milan
Hi Milan,
Thanks for the response. I will reply directly via the case.
Thank you,
Michael Montani
HCL Support
Michael,
May I have the internal users pointing to my AD as LDAP directory, while having the external users pointing to a different LDAP (IDS) ?
If so, is there any specific issues I should be aware for the config ? What happens with TDI sync ?
THks!
Hi Anders,
You can have multiple directories set up as federated repositories in WAS:
https://help.hcltechsw.com/connections/v7/admin/install/t_inst_federated_repositories.html
The documentation:
- Alludes to allowing separate LDAP directories ("If the LDAP directory that is used for external users is the same one that is used for internal users,..."):
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_external_user_script.html
- Doesn't specifically cover the separate LDAP directory uses case, but covers using a separate LDAP branch for external users. The process for setting up synchronization if instead using multiple LDAP directories would be the same. You will basically have separate TDI Solutions directories configured to handle synchronization with a specific target (one for internal and one for external) as outlined here:
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_ldap_branch.html
- Covers some specific caveats that are generally applicable (specifically with group handling in the second link and TDI Solutions directory settings in the third link).
If you are looking for official documentation, please note that I am going to submit an internal documentation update request to add clarification on the support for using separate LDAP directories in the same way we support separate LDAP branches. This should theoretically work (and is how I've set this up in the internal support lab with the secondary AD server hosting external users). I can post the outcome of that request here once it is available.
We always recommend testing implementation and synchronization prior to deploying to production.
Please let us know if there are any questions.
Thank you,
Michael Montani
HCL Support
Thks, I already have AD as my primary LDAP Directory, I will setup this week-end a IDS as secondary one for guest...
What I was confused if about if doing federation of directories was necesary on WAS or not, from your answer I already see that yes, I should add it there too (since the actual documentation talks only about a branch of the same ldap, it did not reference to additional steps regarding for federation).
Also, I already ran the populationWizard.sh to do the initial sync the main LDAP directory with the db (i did not follow the manual steps, I did it with the automatic wizard). Since populationWizard.sh only allows to choose one single LDAP server, I guess I should extract the wizards on other place also, and run another populationWizard.sh from there, on a similar way to the procedure you mention above when doing manual mapping.
Hi Anders - You can take the resulting settings from the population wizard and use that as a basis for a new tdisol directory. Then you can update the settings to point to the new directory and have applicable LDAP values and TDI settings, and sync the new contents based on that. You need to be careful about the settings as outlined here:
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_ldap_branch.html
If you establish the second tdisol directory, you can then just run a sync_all_dns to populate the users without having to go through the wizard again, but this assumes that you make all the necessary updates to settings (server name, base DN, bind DN, etc). I also recommend at least initially using sync_updates_show_summary_only to see the impact of your settings without actually making any updates in the database:
https://help.hcltechsw.com/connections/v7/admin/admin/t_admin_profiles_sync_ldap.html
Thanks,
Michael Montani
HCL Support