#1 2013-07-11 09:59:35

anhyzer

LDAP question

We don’t want to sync our Connect server with our entire corporate LDAP user directory. We only want to sync user info for users who already have a Connect account. But we also want to allow anyone in the entire LDAP directory to auto-create a Connect account on successful LDAP authentication. Our problem… in order to sync LDAP user information nightly, we need to set a filter to point to an LDAP group that contains all of our Connect users (rather than the LDAP root of all users). But when we add this filter to the User Profile mapping, user’s outside this specific LDAP group cannot auto-create an account on successful login. So our question is, can there be a different scope for the users who are synced nightly via LDAP and the users who are able to auto-generate an account on successful login?

Again, we want any LDAP user to be able to create a Connect account on successful authentication, but we don’t want to auto-create accounts for everyone in the entire LDAP directory during the nightly sync. To allow the former, we need to point the User Profile mapping at the root of the LDAP user directory. To allow the latter, we need to point the User Profile mapping at a specific user group (that contains all of our Connect users) in the LDAP directory. 

Thanks.
--Chris