LDAP cross references map LDAP directory groups to WCM groups and passports — set up your WCM categories, groups, and an LDAP-enabled passport first, then create the mappings to automatically assign them at first sign-in.
💡Quick answers
- What is an LDAP cross reference? A mapping that connects an LDAP directory group to a WCM group and passport, applied automatically when the user first signs in.
- What do I need before creating cross references? Create WCM categories, groups with those categories, and a passport with the "Allow user to sign in using LDAP" extended privilege enabled.
- When is the passport assignment applied? Only once — when the LDAP-authenticated user signs in to WCM for the very first time.
- Can I apply a blanket mapping to all LDAP users? Yes — create a cross reference that assigns a passport to all LDAP-authenticated users regardless of their directory group.
Create a category
Use categories to create sets of groups. They are used to filter when selecting a group and are typically named by school buildings. For example, Happy Valley Elementary School, Happy Valley High School, and so on.
- From Site Manager select USERS & GROUPS.
- Select Groups.
- Select Categories.
- Select New Category.
- Type the Category Name.
* Use consistent naming conventions for your categories. For example, categories for schools in the Happy Valley School District might be named HVHS (Happy Valley High School), HVMS (Happy Valley Middle School), and HVES (Happy Valley Elementary School).
- Select Save.
Create a group with the category
Create groups to associate with the groups in your LDAP directory.
- From Site Manager select USERS & GROUPS.
- Select Groups.
- Select New Group.
- Type a Group Name.
- Optionally, type a Group Code.
- Select the group category from the Category menu.
- Select Save.
Create a passport with LDAP privileges
You must give users in your LDAP directory permission to sign in to your Web Community Manager website. All LDAP authenticated users are assigned this passport when their account is created in Web Community Manager.
- From Site Manager, expand USERS & GROUPS.
- Select Users.
- Select Passport.
- Select New Passport.
- Type the name and description for the new passport.
* Include LDAP in the name to make it easy to identify.
- Select Save.
- Find the passport and select the name to assign administrative privileges to it.
- Select Extended Privileges.
- Find the Allow user to sign in using LDAP privilege and select Inactive to activate it.
* This is what allows your Web Community Manager website to authenticate an existing user account user name and password against your LDAP Directory.
- Select Save.
Map cross references
Most users are organized into groups in your directory server. You should have similar groups on your website. When you map these groups together, you reduce the effort to maintain accurate memberships. A user who is part of the group in your LDAP server is assigned that mapped group in your website. A user removed from that group in your LDAP server is removed from that group in your website.
- From Site Manager, expand USERS & GROUPS.
- Select Settings.
- Select LDAP.
- Select the fully qualified domain name.
* If you don't see a domain name, add a domain.
- Select Group Cross Reference.
- Select New Cross Reference.
- Select the group you created in Site Manager from the Group menu.
- Select the LDAP directory group from the Group Distinguished Name menu.
* Members from this LDAP directory group are assigned to the group you created in Site Manager.
- Select the LDAP passport you created in Site Manager from the Passport menu.
* When LDAP Authentication creates a new user account in your Web Community Manager website, the passport specified here is assigned to the new user account. This assignment occurs once, on the initial creation of the account—that is, when a LDAP enabled user signs in to Web Community Manager for the very first time.
- Select Save.