Socialcast Learn About Socialcast

Editing the Configuration File

The Socialcast gem creates a default configuration file (ldap.yml) at the end of the gem setup process. You must edit the settings in this file to work with your particular LDAP installation. Use any text or code editor to modify the file. You can change the name of the file as long as you specify the path and file name when you execute the script.

For detailed information about the settings in each section of the configuration file, follow these links:

You can view the entire default configuration file here.

LDAP Connections

The LDAP Connections section specifies the location and credentials for one or more LDAP databases. You can also define a search filter for each database to restrict the users that are included in the import XML file.

Attribute Type Description
username string The common name (cn) used to search through the LDAP server.
password string The password associated with the username.
host string The domain name of the LDAP server.
port integer The port where the LDAP server listens.
basedn string The LDAP directory tree where the user information is located. This domain is different from the domain where the LDAP server resides and it uses a unique syntax. For example: ou=largepeople,ou=qa,dc=yourdomain,dc=com.
filter string A search string that specifies which LDAP accounts will provide data to Socialcast. For example, you may want to exclude LDAP accounts attached to contractors or email lists. You must use LDAP v3-compatible filter syntax. Here is a commonly used filter: (mail=*).
encryption string The encryption type to use when connecting to the LDAP server. If there is no encryption type associated with a connection, any data passed between the script and the LDAP server will be unencrypted. The only acceptable value is simple_tls.

Field Mapping

The Field Mapping section maps the LDAP field names to the corresponding Socialcast fields. Common defaults are shown for each LDAP field, but you’ll need to verify the names with your LDAP team. At minimum, you must populate the first and last name fields along with a unique identifier (either email or employee_number). For a better user experience, you might also want to populate the optional fields (see the table for a complete list of options).

Attribute Type Description
first_name string The user’s first name. Common default: givenName. Required.
preferred_first_name string The user’s preferred first name or nickname. Common default: displayName
last_name string The user’s last name, Common default: sn. Required.
email string The user’s email address. Common default: mail. Required unless you provide an employee number.
unique_identifier string A unique identifier for the user similar to an email address or employee number. Common defaults: uid and samAccount. Use this field only if you need a unique identifier that’s different from the email address or employee number. This field maps to the Company Login field in the Socialcast user profile.
employee_number string A unique identifier for the user similar to an email address. Common default: emp_id. Required only if you do not use the email address.
title string The user’s job title. Common default: title.
location string The user’s work location. Common default: l.
cell_phone string The user’s mobile phone number. Common default: mobile.
office_phone string The user’s office phone number. Common default: telephoneNumber.
manager_email string The email address for the user’s manager. There is no common default.
started_on string The user’s start date. There is no common default.
custom attributes string Custom profile fields the Socialcast community administrator can create. You create these fields through the Admin > Customize > Profile page in the Profile Questions section. For example, you might create the question: What is your favorite book? Assuming your LDAP database contained a field called favorite_book, you could populate the Socialcast database by adding this line to the configuration file: “What is your favorite book?”: "favorite_book"

Permission Mapping

The Permission Mapping section allows you to map each LDAP group to one or more Socialcast roles. Using this information the script can assign Socialcast roles to a new user based on their LDAP group. For example, you might assign the Socialcast analyst role to anyone in the LDAP data analyst group.

Attribute Type Description
attribute_name string The name of the attribute in your LDAP installation that finds users who belong to a particular group. Common defaults: memberof, isMemberOf.
account_types string Socialcast supports two account types: external and member. The script uses the external attribute to determine which LDAP group users should receive external contributor accounts in Socialcast.
roles string

Socialcast users can have multiple roles which control their access to community functions. You can assign roles to new users based on their LDAP groups. The options are:

tenant_admin (generic community administrator)
sbi_admin
reach_admin
town_hall_admin
external_contributor_admin
thanks_admin

To assign multiple groups to the same role, use this syntax:

sbi_admin: ["cn=Admins,dc=example,dc=com", "cn=Analysts,dc=example,dc=com"]

Read Managing User Roles for more information about the different role types.

General Options

In the General Options section you can enable script functions such as test mode.

Attribute Type Description
delete_users_file boolean

Deletes the users.xml.gz file from your system after the script uploads it to the Socialcast server. If you want to keep a record of the changes made over time or if you are testing your configuration file, you should set this value to false.

skip_emails boolean

Instructs Socialcast not to send a welcome email to new users after creating an account for them. The welcome email contains a link that users can follow to reach an account set-up screen that prompts them to log into the community for the first time and create a Socialcast password.

If your system uses Single Sign On (SSO) and skip_emails is false, users will receive a welcome email and a link to the activation flow. Although they cannot change their password, they can verify their username and, potentially, edit their title. If skip_emails is true, your internal communications group can send users a link to the new Socialcast community. The first time a user accesses the community, Socialcast will pass them to SSO which will in turn prompt them to log in and then direct them to the Socialcast activation flow.

If you do not use SSO, you must set skip_emails to false. If skip_emails is true, users will not receive a welcome email and will have no way to access the community.

test boolean

Enables the test mode for the LDAP script. In this mode, the script reads the LDAP database, creates a compressed XML file, and uploads the file to the Socialcast server. However, Socialcast does not create, delete, or modify any user data. Make sure to set the attribute to false when you want Socialcast to modify user data.

When testing, you should also set delete_users_file to false so you can examine the XML file. In test mode, the script will automatically set skip_emails to true.

HTTP Options

The HTTP Options section controls the HTTP connection to the Socialcast server.

Attribute Type Description
timeout integer The number of seconds the script will wait before cancelling an attempt to upload the compressed XML file to the Socialcast server.