Setting Up LDAP Group Sync
Configuring the LDAP Group Membership Sync allows you to maintain Socialcast group memberships directly from the company Active Directory. This feature synchronizes group members in the Active Directory with group members in designated Socialcast groups, and updates Socialcast group information with any changes made to the Active Directory. Eligible groups are restricted to those defined by IT and/or the community administrator, and must be created in Socialcast prior to the synchronization.
Note: LDAP Group Sync is not available for Socialcast Free accounts; it is only available for paid communities. This feature currently only works with static distribution lists.
Designate a Socialcast Group as Managed by an External System
In order to create a new Socialcast group that will be managed by an external system, you must be a Community Admin. The group must be a Public group. If your community is set to allow Community Admins to administer private groups, the group may be Public, Private, or Externally Facing. To date, the only external system that we support for group membership provisioning is LDAP.
- Begin by creating a new Socialcast public or private group. Name the group and add members.
- Check the Manage membership using an external system checkbox.
- Enter the Unique Identifier for the LDAP group you want to sync this Socialcast group with. This could be the Distinguished Name or another attribute of the LDAP group (as designated by the LDAP manager). Click the Create Group button.
Configuring Group Sync for an LDAP Connection: SaaS Deployment Models
- Ensure you have the latest version of the Socialcast command line tool installed. You can do this by running gem install socialcast from the command line.
- Open the ldap.yml file used for LDAP sync in a text editor.
- Under the connection that you want to map, add the following under permission_mappings:
- attribute_name: Enter the name of the attribute in the master database that contains the list of Distinguished Names of groups the user is a member of. In some LDAP implementations this is “memberof”.
- group_memberships: unique_identifier: Enter the name of the attribute that contains the unique identifier for mapping the LDAP group to the Socialcast Group.
- group_memberships: filter: Enter an LDAP filter that will select the LDAP groups to be mapped to Socialcast Groups.
Configure Group Sync for an LDAP Connection: On-Premise Deployment Model
- In the Socialcast Cluster Management Console (SCMC), navigate to the LDAP Connection configuration page for the connection you want to configure and add your Group Membership Mappings.
- LDAP Group Membership Field Name: Enter the name of the attribute in the master database that contains the list of Distinguished Names of groups the user is a member of. In some LDAP implementations this is “memberOf”.
- Unique Identifier Field Name: Enter the name of the attribute that contains the Unique Identifier for mapping the LDAP group to the Socialcast Group. In some LDAP implementations this is “name”.
- Group Search Filter:Enter an LDAP filter that will select the LDAP groups to be mapped to Socialcast Groups. In some LDAP implementations this is “(objectClass=group)”
- Click the Save Connection button.