User Synch Connector Help

ContentConnector Library

This page provides detailed information on how to use the User Synch connector. Visit the Managing Connectors for more information on how to manage ContentConnectors.


Description

This connector provides an easy mechanism to import/synchronize users, groups and group membership into DocuNECT from a Microsoft Active Directory via LDAP. There are three different methods for import:
1) Direct LDAP Synchronization - This method points to a Microsoft Active Directory domain where group and users can be identified. DocuNECT can be configured to either include or exclude groups. The connector can then be scheduled to run on a daily basis to make sure that the DocuNECT system is updated when new users, group or group memberships are updated.
2) Import from a Text File - The connector will also import the user information from a text file if your organization is not utilizing Active Directory.
3) Import from an LDAP Text File - This method is a combination of the first two methods, exporting the Active Directory information to a text file where it can be edited before being imported into DocuNECT.


License Type

This connector is included with the core purchase of DocuNECT and no additional license is required.


Download Latest Version

The User Synch connector is a system connector and is built into the DocuNECT product.


Version History

The following table details the connector version history. Note, from v4.7 each connector has its own version no. as well as the build no.

Version No Build No Release Date Change History
v1.0 v5.0.N.N N/A Updated for all versions of DocuNECT v5.0.
v1.0 v4.8.1.2 9/29/2014 Updated connector to be compatible with the v4.8.1.2 release.
v1.0 v4.7.1.1 11/04/2013 Updated connector to be compatible with the v4.7.1.1 release.
v1.0 v4.6.19.2 2/18/2013 Updated connector to be compatible with the v4.6.19.2 release.
v1.0 v4.6.13.2 11/5/2012 Updated connector to be compatible with the v4.6.13.2 release. Also fixed a bug with the size of the group name. An enhancement was made to map AD groups to DocuNECT roles. This functionality is implemented in the include parameter.
v1.0 v4.6.8.1 5/29/2012 Updated connector to be compatible with the v4.6 release.
N/A v1.7 8/3/11
  • Added support for a character wildcard on the Include Groups and Exclude Groups parameters.
N/A v1.5 6/24/2011
  • Added support for a "starts with" on the Include Groups and Exclude Groups parameters.
  • Fixed issue with only returning the number of items on the server LDAP setting (typically 1000).
N/A v1.0 5/1/2011 Initial version for DocuNECT v4.4.

Connector Parameters

The following table details the connector parameters:

Parameter Description Example
Import Target

This defines the target for the import and can reference an LDAP URL (LDAP://<DOMAIN NAME>), or a path to a text file (C:\UserList.txt). The import file should have the following format:

Status,User Type,Full Name,Login Name,Email,Groups
Add,Windows,Fred Blogs,fblogs,moc.ynapmoc|sgolbf#moc.ynapmoc|sgolbf,Finance|Legal|Purchasing

Where:
Status: Either be Ignore or Add.
User Type: Either be Windows for Active Directory authentication or DocuNECT for internal DocuNECT authentication.
Full Name: Full name of the user.
Login Name: The login name of the user.
Email: The SMTP email address of the user.
Groups: A pipe (|) delimited list of groups that the user is a member of.

Note, if the group does not exist in DocuNECT it will be created.

LDAP:PORTFORD
LDAP Filter This is used for LDAP imports only and allows an standard LDAP filter to be applied. The recommended filter is to target //Person objects and then user the Include Group or Exclude Groups parameters to further refine the query. (&(objectcategory=user))
Include Groups

A comma separated list of groups to include in the import. The connector will only import users that are members of the listed groups. You can also add a "*" character wildcard. For example, if you had the following groups.

Group Name: Corporate_001_Group
Group Name: Corporate_002_Group
Group Name: Corporate_003_Group
Group Name: Corporate_004_Group
Group Name: Corporate_005_Group

To include the group you would mask out the number with '*", example: Corporate_***_Group.

In 4.6.13.2 mapping functionality was added to allow AD groups to be mapped with DocuNECT groups. If you do not specify a mapping then the AD group name is used as the DocuNECT role name. However, if you place an = after the name and add a DocuNECT role then the connector will map to this role. Example:

No Mapping:
Corporate_001_Group,Corporate_002_Group

Mapping to DocuNECT Roles:

Corporate_001_Group=Corporate DocuNECT Role 1,Corporate_002_Group=Corporate Role 2

Accounting,Legal,Operations
Exclude Groups

A comma separated list of groups to exclude in the import. The connector will exclude these groups from the import. If the user is only a member of the group excluded then the user will not be imported, however, if the user is in another group that is not excluded then the user will still be imported. You can also add a "*" character wildcard. For example, if you had the following groups.

Group Name: Corporate_001_Group
Group Name: Corporate_002_Group
Group Name: Corporate_003_Group
Group Name: Corporate_004_Group
Group Name: Corporate_005_Group

To exlcude the group you would mask out the number with '*", example: Corporate_***_Group.

Accounting,Legal,Operations
Query Test This allows the results of the LDAP filter, include groups and exclude groups to be exported to a text file without actually importing the information into DocuNECT. This is a useful feature to test the filtering to make sure that the right users have been identified. Note, once you have are happy with the process this parameter needs to be removed for the information to be imported into DocuNECT. C:\Test.txt
Email Notifications A comma separated list of email addresses to receive the email notifications. If running in test mode, the output file will be attached to the email. moc.ynapmoc|sgolb.derf#moc.ynapmoc|sgolb.derf

Additional Notes

To use method 3 as described above you need to run the connector in test mode to output the LDAP information to a text file. Edit the text file to refine the information before re-running the connector with the path of the text file in the Import Target parameter, removing the Query Test parameter.