Hide users from UWC corporate addressbook
From MsgServerDocWiki
How do I hide users from Corporate Address-book searches?
UPDATE, 9/17/2010: This information has been moved to: http://wikis.sun.com/pages/viewpage.action?pageId=216499684. Refer to that page from now on.
Note: The following was tested with and applies to Communication-Suite-5 releases of UWC/CE and Delegated Administrator.
Due to privacy restrictions etc. it may be desirable to hide certain user's from the Corporate Addressbook in UWC/Communications Express.
The Delegated Administrator web-client has a check-box in the user properties screen to "Add to Global Address Book" which is ticked by default for new users. This tick-box sets the psIncludeInGAB user attribute. If this option is un-ticked it will set psIncludeInGAB to "false". The following steps will customise UWC/CE to no-longer return contact information for users who have psIncludeInGAB set to "false" when a search of the Corporate Address-book is performed.
Contents |
[edit] Modify UWC/Communications Express
Edit /var/opt/SUNWuwc/WEB-INF/domain/personalstore.properties file.
Add: !! LDAP plugin - corporate directory (hide psIncludeInGAB=false users) db.idir1.class = com.iplanet.iabs.ldapplug.iLDAP db.idir1.urlmatch = ldap://corpdirectory/??sub?(!(psincludeingab=false)) db.idir1.configpath = ../config/corp-dir db.idir1.wildcardsearch = 0 db.idir1.randompaging = false db.idir1.corporatedir = true
NOTE: the urlmatch string *must* be all lower-case to prevent duplicate corporate address-books being created at each login.
Edit /var/opt/SUNWuwc/WEB-INF/domain/defaultps/defaultps.xml
Replace: <book booktype="abook" bookremoteurl="ldap://corpdirectory/"> With: <book booktype="abook" bookremoteurl="ldap://corpdirectory/??sub?(!(psincludeingab=false))">
NOTE: the urlmatch string *must* be all lower-case to prevent duplicate corporate address-books being created at each login.
[edit] Modify user's piServerDb settings
Changing the UWC/CE settings above will influence the results for new accounts. Existing accounts need to have their LDAP address-book settings modified to take advantage of the change.
ldapsearch -h <PAB directory server> -b "o=PiServerDB" -D "cn=directory manager" \ -w <directory manager password> piRemotePiURL=ldap://corpdirectory
This should return results like:
dn: piEntryID=e11556134d4c6,piPStoreOwner=testuser,o=sun.com,o=PiServerDb objectClass: PITYPEBOOK objectClass: piRemoteBook objectClass: top piBookType: abook piRemotePiURL: ldap://corpdirectory displayName: Corporate Directory multiLineDescription: This is your Corporate Directory piEntryID: e11556134d4c6
You can delete these entries as they will be re-created next time the user logs in with the correct piRemotePiURL attribute definition.
[edit] Indexing psIncludeInGAB attribute
The UWC/CE customisation may adversely impact performance due to the use of the "!" (not) operator in the search filter. There is no point in creating a directory index for psIncludeInGAB: attribute as you cannot index for "!" lookups.
[edit] Extension: Hiding Groups as well as Users
The Delegated Administrator interface also has an option to hide groups under the "Group Access" section. Selecting this option will set the mgmanHidden group attribute. By default the corporate address-book search in UWC/CE doesn't consider this attribute when returning results.
If you also want to hide groups based on "hide groups" select box (mgmanHidden attribute), use the following URL string in place of the earlier suggested URL string replacement:
ldap://corpdirectory/??sub?(!(|(psincludeingab=false)(mgmanHidden=true)(mgmanHidden=yes)))
