Added vCard integration information.

git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@2988 b35dd754-fafc-0310-a699-88a17e54d16e

Added vCard integration information.
git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@2988 b35dd754-fafc-0310-a699-88a17e54d16e
1d3a95c0 · Matt Tucker · matt · 988c2f3a · 1d3a95c0
Commit 1d3a95c0 authored Oct 23, 2005 by Matt Tucker Committed by matt Oct 23, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 296 additions and 181 deletions

ldap-guide.html documentation/docs/ldap-guide.html +296 -181

No files found.
--- a/documentation/docs/ldap-guide.html
+++ b/documentation/docs/ldap-guide.html
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
-	<title>Jive Messenger LDAP Guide</title>
+    <title>Jive Messenger LDAP Guide</title>
-  <link href="style.css" rel="stylesheet" type="text/css">
+    <link href="style.css" rel="stylesheet" type="text/css">
 </head>
 <body>
 <a name="top"></a>
@@ -12,116 +13,159 @@
 <h2>Introduction</h2>
 <p>
-This document details how to configure your Jive Messenger installation to use 
+    This document details how to configure your Jive Messenger installation to use
-an external LDAP store when authenticating users and loading user profile information.
+    an external LDAP store when authenticating users and loading user profile information.
 </p>
 <h2>Background</h2>
 <p>
-LDAP (Lightweight Directory Access Protocol) has emerged as a dominant standard 
+    LDAP (Lightweight Directory Access Protocol) has emerged as a dominant standard
-for user authentication and for storage of user profile data. It serves as a 
+    for user authentication and for storage of user profile data. It serves as a
-powerful tool for large organizations (or those organizations integrating many 
+    powerful tool for large organizations (or those organizations integrating many
-applications) to simplify user management issues.
+    applications) to simplify user management issues.
 </p>
 <p>
-By default, Jive Messenger stores all user data in a database and performs 
+    By default, Jive Messenger stores all user data in a database and performs
-authentication using database lookups. The LDAP module replaces that 
+    authentication using database lookups. The LDAP module replaces that
-functionality and allows Jive Messenger to:
+    functionality and allows Jive Messenger to:
-<ul>
+    <ul>
-    <li>Use a LDAP server to authenticate a user's identity.</li>
+        <li>Use a LDAP server to authenticate a user's identity.</li>
-    <li>Load user profile information from a LDAP directory.</li>
+        <li>Load user profile information from a LDAP directory.</li>
-    <li>Load group information from an LDAP directory.</li>
+        <li>Load group information from an LDAP directory.</li>
-</ul>
+    </ul>
-<b>Note:</b> Jive Messenger treats the LDAP directory as read-only.
+    <b>Note:</b> Jive Messenger treats the LDAP directory as read-only.
 </p>
 <p>
-This document will guide you through configuring LDAP support in Jive Messenger. These
+    This document will guide you through configuring LDAP support in Jive Messenger. These
-instructions assume that you're a competent LDAP user, and that you're familiar 
+    instructions assume that you're a competent LDAP user, and that you're familiar
-with Jive Messenger setup issues.
+    with Jive Messenger setup issues.
 </p>
 <h2>Configuration</h2>
 <p>
-In order to configure your server to use LDAP:
+    In order to configure your server to use LDAP:
-<ol>
+    <ol>
-<li>
+        <li>
-Stop Jive Messenger.
+            Stop Jive Messenger.
-</li>
+        </li>
-<li>Edit <tt>conf/jive-messenger.xml</tt> in your Jive Messenger installation folder as described below.
+        <li>Edit <tt>conf/jive-messenger.xml</tt> in your Jive Messenger installation folder as
-</li>
+            described below.
-<li>
+        </li>
-Restart Jive Messenger.
+        <li>
-</li>
+            Restart Jive Messenger.
-</ol>
+        </li>
+    </ol>
 </p>
 <h3>Editing the Config File</h3>
 <p>
-Open the configuration file <tt>conf/jive-messenger.xml</tt> from your Jive Messenger installation in your favorite
+    Open the configuration file <tt>conf/jive-messenger.xml</tt> from your Jive Messenger
-editor and add or change the following settings. Properties flagged with (<font color="red"><b>*</b></font>) 
+    installation in your favorite
-must be set.  Properties flagged with (<font color="red"><b>**</b></font>) must be set in order to enable LDAP group 
+    editor and add or change the following settings. Properties flagged with (<font color="red">
-support, all other properties are optional:
+    <b>*</b></font>)
+    must be set. Properties flagged with (<font color="red"><b>**</b></font>) must be set in order
+    to enable LDAP group
+    support, all other properties are optional:
 </p>
 <ul>
-<li>provider.user.className <font color="red"><b>*</b></font> -- set the value to "org.jivesoftware.messenger.ldap.LdapUserProvider".</li>
+    <li>provider.user.className <font color="red"><b>*</b></font> -- set the value to
-<li>provider.auth.className <font color="red"><b>*</b></font>  -- set the value to "org.jivesoftware.messenger.ldap.LdapAuthProvider".</li>
+        "org.jivesoftware.messenger.ldap.LdapUserProvider".</li>
-<li>provider.group.className <font color="red"><b>**</b></font> -- set the value to "org.jivesoftware.messenger.ldap.LdapGroupProvider".</li>
+    <li>provider.auth.className <font color="red"><b>*</b></font> -- set the value to
-<li>ldap.host <font color="red"><b>*</b></font> -- LDAP server host; e.g. localhost or machine.example.com, etc.</li>
+        "org.jivesoftware.messenger.ldap.LdapAuthProvider".</li>
-<li>ldap.port -- LDAP server port number. If this property is not set, the default value is 389.</li>
+    <li>provider.group.className <font color="red"><b>**</b></font> -- set the value to
-<li>ldap.baseDN <font color="red"><b>*</b></font> -- the starting DN that searches for users will performed with. 
+        "org.jivesoftware.messenger.ldap.LdapGroupProvider".</li>
-The entire subtree under the base DN will be searched for user accounts.
+    <li>ldap.host <font color="red"><b>*</b></font> -- LDAP server host; e.g. localhost or
-</li>
+        machine.example.com, etc.</li>
-<li>ldap.alternateBaseDN -- a second DN in the directory can optionally be set. If set, the alternate base DN 
+    <li>ldap.port -- LDAP server port number. If this property is not set, the default value is
-will be used for authentication and loading single users, but will not be used to display a list of users 
+        389.</li>
-(due to technical limitations).
+    <li>ldap.baseDN <font color="red"><b>*</b></font> -- the starting DN that searches for users
-<li>ldap.adminDN -- a directory administrator's DN. All directory operations will be performed
+        will performed with.
-    with this account. The admin must be able to perform searches and load user records. The user does
+        The entire subtree under the base DN will be searched for user accounts.
-    not need to be able to make changes to the directory, as Jive Messenger treats the directory as read-only.
+    </li>
-    If this property is not set, an anonymous login to the server will be attempted.
+    <li>ldap.alternateBaseDN -- a second DN in the directory can optionally be set. If set, the
-</li>
+        alternate base DN
-<li>ldap.adminPassword -- the password for the directory administrator.</li>
+        will be used for authentication and loading single users, but will not be used to display a
-<li>ldap.usernameField -- the field name that the username lookups will be performed on. If this property is not set,
+        list of users
-    the default value is <tt>uid</tt></li>
+        (due to technical limitations).
-<li>ldap.nameField -- the field name that holds the user's name. If this property is not set, the default value is
+        <li>ldap.adminDN -- a directory administrator's DN. All directory operations will be
-    <tt>cn</tt></li>
+            performed
-<li>ldap.emailField -- the field name that holds the user's email address. If this property is not set,
+            with this account. The admin must be able to perform searches and load user records. The
-    the default value is <tt>mail</tt>.</li>
+            user does
-<li>ldap.searchFilter -- the search filter that should be used when loading users. If this property
+            not need to be able to make changes to the directory, as Jive Messenger treats the
-    is not set, the default search will be for users that have the attribute specified by
+            directory as read-only.
-		ldap.usernameField.
+            If this property is not set, an anonymous login to the server will be attempted.
-<li>ldap.debugEnabled -- a value of "true" if debugging should be turned on. When on, trace
+        </li>
-    information about buffers sent and received by the LDAP provider is written to System.out</li>
+        <li>ldap.adminPassword -- the password for the directory administrator.</li>
-<li>ldap.sslEnabled -- a value of "true" to enable SSL connections to your LDAP server. If you
+        <li>ldap.usernameField -- the field name that the username lookups will be performed on. If
-    enable SSL connections, the LDAP server port number most likely should be changed to 636.</li>
+            this property is not set,
-<li>ldap.initialContextFactory --  the name of the class that should be used as an initial context
+            the default value is <tt>uid</tt></li>
- 		factory. if this value is not specified, "com.sun.jndi.ldap.LdapCtxFactory" will be used instead.
+        <li>ldap.nameField -- the field name that holds the user's name. If this property is not
-		Most users will not need to set this value.
+            set, the default value is
-<li>ldap.autoFollowReferrals -- a value of "true" indicates that LDAP referrals should be automatically
+            <tt>cn</tt></li>
-		followed. If this property is not set or is set to "false", the referral policy used is left up to
+        <li>ldap.emailField -- the field name that holds the user's email address. If this property
-		to the provider. A referral is an entity that is used to redirect a client's request to another server. 
+            is not set,
-		A referral  contains the names and locations of other objects. It is sent by the server to indicate 
+            the default value is <tt>mail</tt>.</li>
-		that the information that the client has requested can be found at another location (or locations), 
+    <li>ldap.searchFilter -- the search filter that should be used when loading users. If this
-		possibly at another server or several servers. 
+        property
-<li>ldap.connectionPoolEnabled -- a value of "false" disables LDAP connection pooling. If this
+        is not set, the default search will be for users that have the attribute specified by
-		property is not set, the default value is "true".
+        ldap.usernameField.
-<li>ldap.groupNameField -- the field name that the groupname lookups will be performed on. If this property is not set,
+        <li>ldap.debugEnabled -- a value of "true" if debugging should be turned on. When on, trace
-    the default value is <tt>cn</tt></li>
+            information about buffers sent and received by the LDAP provider is written to
-<li>ldap.groupMemberField -- the field name that holds the members in a group. If this property is not set,
+            System.out</li>
-    the default value is <tt>member</tt></li>
+        <li>ldap.sslEnabled -- a value of "true" to enable SSL connections to your LDAP server. If
-<li>ldap.groupDescriptionField -- the field name that holds the description a group. If this property is not set,
+            you
-    the default value is <tt>description</tt></li>
+            enable SSL connections, the LDAP server port number most likely should be changed to
-<li>ldap.posixMode -- a value of "true" means that users are stored within the group by their user name alone.
+            636.</li>
-    A value of "false" means that users are stored by their entire DN within the group. If this property is not set,
+    <li>ldap.initialContextFactory -- the name of the class that should be used as an initial
-    the default value is <tt>false</tt></li>
+        context
-<li>ldap.groupSearchFilter -- the search filter that should be used when loading groups. If this property is not set,
+        factory. if this value is not specified, "com.sun.jndi.ldap.LdapCtxFactory" will be used
-    the default value is <tt>("ldap.groupNameField"={0})</tt></li>
+        instead.
+        Most users will not need to set this value.
+    <li>ldap.autoFollowReferrals -- a value of "true" indicates that LDAP referrals should be
+        automatically
+        followed. If this property is not set or is set to "false", the referral policy used is left
+        up to
+        to the provider. A referral is an entity that is used to redirect a client's request to
+        another server.
+        A referral contains the names and locations of other objects. It is sent by the server to
+        indicate
+        that the information that the client has requested can be found at another location (or
+        locations),
+        possibly at another server or several servers.
+    <li>ldap.connectionPoolEnabled -- a value of "false" disables LDAP connection pooling. If this
+        property is not set, the default value is "true".
+    <li>ldap.groupNameField -- the field name that the groupname lookups will be performed on. If
+        this property is not set,
+        the default value is <tt>cn</tt></li>
+    <li>ldap.groupMemberField -- the field name that holds the members in a group. If this property
+        is not set,
+        the default value is <tt>member</tt></li>
+    <li>ldap.groupDescriptionField -- the field name that holds the description a group. If this
+        property is not set,
+        the default value is <tt>description</tt></li>
+    <li>ldap.posixMode -- a value of "true" means that users are stored within the group by their
+        user name alone.
+        A value of "false" means that users are stored by their entire DN within the group. If this
+        property is not set,
+        the default value is <tt>false</tt></li>
+    <li>ldap.groupSearchFilter -- the search filter that should be used when loading groups. If this
+        property is not set,
+        the default value is <tt>("ldap.groupNameField"={0})</tt></li>
 </ul>
 <p>
-Below is a sample config file section:
+    Below is a sample config file section:
 </p>
 <pre><code>
-&lt;jive&gt;
+    &lt;jive&gt;
-...
+      ...
-    &lt;ldap&gt;
+      &lt;ldap&gt;
        &lt;host&gt;&lt;/host&gt;
        &lt;port>389&lt;/port&gt;
        &lt;usernameField&gt;uid&lt;/usernameField&gt;
@@ -130,136 +174,207 @@ Below is a sample config file section:
        &lt;baseDN&gt;ou=People;dc=example;dc=com&lt;/baseDN&gt;
        &lt;adminDN&gt;cn=Directory Administrator&lt;/adminDN&gt;
        &lt;adminPassword&gt;&lt;/adminPassword&gt;
-    &lt;/ldap&gt;
+      &lt;/ldap&gt;
-    &lt;provider&gt;
+      &lt;provider&gt;
        &lt;user&gt;
-            &lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserProvider&lt;/className&gt;
+          &lt;className&gt;org.jivesoftware.messenger.ldap.LdapUserProvider&lt;/className&gt;
        &lt;/user&gt;
        &lt;auth&gt;
-            &lt;className&gt;org.jivesoftware.messenger.ldap.LdapAuthProvider&lt;/className&gt;
+          &lt;className&gt;org.jivesoftware.messenger.ldap.LdapAuthProvider&lt;/className&gt;
        &lt;/auth&gt;
        &lt;group&gt;
-            &lt;className&gt;org.jivesoftware.messenger.ldap.LdapGroupProvider&lt;/className&gt;
+          &lt;className&gt;org.jivesoftware.messenger.ldap.LdapGroupProvider&lt;/className&gt;
        &lt;/group&gt;
-    &lt;/provider&gt;
+      &lt;/provider&gt;
-...
+      ...
-&lt;/jive&gt;
+    &lt;/jive&gt;
 </code></pre>
 <p>You'll most likely want to change which usernames are authorized to login to the
-admin console. By default, only the user with username "admin" is allowed to login. However,
+    admin console. By default, only the user with username "admin" is allowed to login. However,
-you may have different users in your LDAP directory that you'd like to be administrators. The
+    you may have different users in your LDAP directory that you'd like to be administrators. The
-list of authorized usernames is controlled via the <tt>adminConsole.authorizedUsernames</tt>
+    list of authorized usernames is controlled via the <tt>adminConsole.authorizedUsernames</tt>
-property. For example, to let the usersnames "joe" and "jane" login to the admin console:</p>
+    property. For example, to let the usersnames "joe" and "jane" login to the admin console:</p>
 <pre><code>
-&lt;jive&gt;
+    &lt;jive&gt;
-...
+      ...
-    &lt;adminConsole&gt;
+      &lt;adminConsole&gt;
-    ...
+        ...
        &lt;authorizedUsernames&gt;joe, jane&lt;/authorizedUsernames&gt;
-    &lt;/adminConsole&gt;
+      &lt;/adminConsole&gt;
-...
+      ...
-&lt;/jive&gt;
+    &lt;/jive&gt;
 </code></pre>
 <p><a name=""><h2>Custom Search Filter</h2></a></p>
 <p>By default, Jive Messenger will load all objects under the baseDN that
-have the attribute specified by <tt>ldap.usernameField</tt>. In the
+    have the attribute specified by <tt>ldap.usernameField</tt>. In the
-case that the username field is set to "uid", the search for all users
+    case that the username field is set to "uid", the search for all users
-would be "(uid=*)". However, there are cases when this logic does
+    would be "(uid=*)". However, there are cases when this logic does
-not work -- for example, when a directory contains other objects besides
+    not work -- for example, when a directory contains other objects besides
-users but all objects share "uid" as a unique identifier field. In that
+    users but all objects share "uid" as a unique identifier field. In that
-case, you may need to specify a custom search filter using 
+    case, you may need to specify a custom search filter using
-<tt>ldap.searchFilter</tt>. As an example, a search filter for all users 
+    <tt>ldap.searchFilter</tt>. As an example, a search filter for all users
-with a "uid" and a "cn" value of "joe" would
+    with a "uid" and a "cn" value of "joe" would
-be:</p>
+    be:</p>
 <pre>(&(uid={0})(cn=joe))</pre>
 <p>The "{0}" value in the filter above is a token that should be present in
-all custom search filters. It will be dynamically replaced with "*" when
+    all custom search filters. It will be dynamically replaced with "*" when
-loading the list of all users or a username when loading a single user.</p>
+    loading the list of all users or a username when loading a single user.</p>
 <p>Some custom search filters may include reserved XML entities such as
-"&". In that case, you must enter the search filter into the jive-messenger.xml
+    "&". In that case, you must enter the search filter into the jive-messenger.xml
-file using CDATA:
+    file using CDATA:
-<pre>&lt;searchFilter&gt;&lt;![CDATA[(&(sAMAccountName={0})(|(givenName=GEORGE)(givenName=admin)))]]&gt;&lt;/searchFilter&gt;</pre> 
+    <pre>&lt;searchFilter&gt;&lt;![CDATA[(&(sAMAccountName={0})(|(givenName=GEORGE)(givenName=admin)))]]&gt;&lt;/searchFilter&gt;</pre>
-<p><a name="ctxFactory"><h2>Custom Inital Context Factory</h2></a></p>
-<p>
+    <p><a name="ctxFactory"><h2>Custom Inital Context Factory</h2></a></p>
-Some LDAP servers or application servers may require that a different LDAP
-initial context factory be used rather than the default (com.sun.jndi.ldap.LdapCtxFactory).
-You can set a custom initial context factory by adding the following to jive_config.xml:
-<pre>&lt;ldap&gt;
+    <p>
-    ... other ldap settings here 
+        Some LDAP servers or application servers may require that a different LDAP
+        initial context factory be used rather than the default (com.sun.jndi.ldap.LdapCtxFactory).
+        You can set a custom initial context factory by adding the following to jive_config.xml:
+<pre>
+  &lt;ldap&gt;
+    ... other ldap settings here
    &lt;initialContextFactory&gt;com.foo.factoryClass&lt;/initialContextFactory&gt;
-&lt;/ldap&gt;</pre>   
+  &lt;/ldap&gt;</pre>
-</p>
+    </p>
-<p><a name="connectionPool"><h2>Connection Pooling</h2></a></p>
+    <p><a name="connectionPool"><h2>Connection Pooling</h2></a></p>
-The default LDAP provider (Sun's) support pooling of connections to the LDAP
+    The default LDAP provider (Sun's) support pooling of connections to the LDAP
-server. Connection pooling can greatly improve performance, especially on
+    server. Connection pooling can greatly improve performance, especially on
-systems with high load. Connection pooling is enabled by default, but can
+    systems with high load. Connection pooling is enabled by default, but can
-be disabled by setting the Jive property <tt>ldap.connectionPoolEnabled</tt> 
+    be disabled by setting the Jive property <tt>ldap.connectionPoolEnabled</tt>
-to <tt>false</tt>:
+    to <tt>false</tt>:
-<pre>&lt;ldap&gt;
+    <pre>&lt;ldap&gt;
-    ... other ldap settings here 
+        ... other ldap settings here
-    &lt;connectionPoolEnabled&gt;false&lt;/connectionPoolEnabled&gt;
+        &lt;connectionPoolEnabled&gt;false&lt;/connectionPoolEnabled&gt;
-&lt;/ldap&gt;</pre></p>
+        &lt;/ldap&gt;</pre></p>
 <p>
-You should set several Java system properties to change default pool settings.
+    You should set several Java system properties to change default pool settings.
-For more information, see the following pages:
+    For more information, see the following pages:
-<ul>
+    <ul>
-<li> <a href="http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html">
+        <li><a href="http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html">
-http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html</a>
+            http://java.sun.com/products/jndi/tutorial/ldap/connect/pool.html</a>
-<li> <a href="http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html">
+        <li><a href="http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html">
-http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html</a>
+            http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html</a>
-</ul>
+    </ul>
 </p>
 <p>Note that if you turn on LDAP debugging, connection pooling will not be enabled.
-If SSL LDAP mode is enabled, you must set a system property to enable pooling of
+    If SSL LDAP mode is enabled, you must set a system property to enable pooling of
-SSL LDAP connections.</p>    
+    SSL LDAP connections.</p>
+<p><a name="vcard"><h2>LDAP vCard Integration</h2></a></p>
+<p>The LDAP vCard provider will expose LDAP profile information as vCard data for XMPP
+clients that support the XMPP vCard extension. First, enable the provider:</p>
+<pre>
+    &lt;provider&gt;
+      ...
+      &lt;vcard&gt;
+        &lt;className&gt;org.jivesoftware.messenger.ldap.LdapVCardProvider&lt;/className&gt;
+      &lt;/vcard&gt;
+      ...
+    &lt;/provider&gt;
+</pre>
+<p>Next, you must add mappings between LDAP fields and vCard fields in the jive-messenger.xml file.
+    The vcard attributes are configured by adding an attrs="attr1,attr2" attribute to the vcard
+    elements. Arbitrary text can be used for the element values as well as MessageFormat style
+    placeholders for the ldap attributes. For example, if you wanted to map the LDAP attribute
+    displayName to the vcard element FN, the XML snippet would be:
+    &lt;FN attrs="displayName"&gt;{0}&lt;/FN&gt;</p>
+<p>The vCard XML must be escaped in CDATA and must also be well formed. It is the exact
+    XML this provider will send to a client after after stripping attr attributes and populating
+    the placeholders with the data retrieved from LDAP. This system should be flexible enough to
+    handle any client's vCard format. An example mapping follows.</p>
+<pre>
+    &lt;ldap&gt;
+      &lt;vcard-mapping&gt;
+        &lt;![CDATA[
+          &lt;vCard xmlns='vcard-temp'&gt;
+            &lt;FN attrs=&quot;displayName&quot;&gt;{0}&lt;/FN&gt;
+            &lt;NICKNAME attrs=&quot;uid&quot;&gt;{0}&lt;/NICKNAME&gt;
+            &lt;BDAY attrs=&quot;dob&quot;&gt;{0}&lt;/BDAY&gt;
+            &lt;ADR&gt;
+              &lt;HOME/&gt;
+              &lt;EXTADR&gt;Ste 500&lt;/EXTADR&gt;
+              &lt;STREET&gt;317 SW Alder St&lt;/STREET&gt;
+              &lt;LOCALITY&gt;Portland&lt;/LOCALITY&gt;
+              &lt;REGION&gt;Oregon&lt;/REGION&gt;
+              &lt;PCODE&gt;97204&lt;/PCODE&gt;
+              &lt;CTRY&gt;USA&lt;/CTRY&gt;
+            &lt;/ADR&gt;
+            &lt;TEL&gt;
+              &lt;HOME/&gt;
+              &lt;VOICE/&gt;
+              &lt;NUMBER attrs=&quot;telephoneNumber&quot;&gt;{0}&lt;/NUMBER&gt;
+            &lt;/TEL&gt;
+            &lt;EMAIL&gt;
+            &lt;INTERNET/&gt;
+            &lt;USERID attrs=&quot;mail&quot;&gt;{0}&lt;/USERID&gt;
+            &lt;/EMAIL&gt;
+            &lt;TITLE attrs=&quot;title&quot;&gt;{0}&lt;/TITLE&gt;
+            &lt;ROLE attrs=&quot;&quot;&gt;{0}&lt;/ROLE&gt;
+            &lt;ORG&gt;
+              &lt;ORGNAME attrs=&quot;o&quot;&gt;{0}&lt;/ORGNAME&gt;
+              &lt;ORGUNIT attrs=&quot;&quot;&gt;{0}&lt;/ORGUNIT&gt;
+            &lt;/ORG&gt;
+            &lt;URL attrs=&quot;labeledURI&quot;&gt;{0}&lt;/URL&gt;
+            &lt;DESC attrs=&quot;uidNumber,homeDirectory,loginShell&quot;&gt;
+            uid: {0} home: {1} shell: {2}
+            &lt;/DESC&gt;
+          &lt;/vCard&gt;
+        ]]&gt;
+      &lt;/vcard-mapping&gt;
+    &lt;/ldap&gt;
+</pre>
 <h2>LDAP FAQ</h2>
 <p>
-<b>Can I create new users through Jive Messenger when using LDAP?</b>
+    <b>Can I create new users through Jive Messenger when using LDAP?</b>
-<ul>No, Jive Messenger treats LDAP directories as read-only. Therefore, it's
+    <ul>No, Jive Messenger treats LDAP directories as read-only. Therefore, it's
-not possible to create or edit users through the application.</ul>
+        not possible to create or edit users through the application.</ul>
-<b>Why is the list of usernames not sorted in the admin console when using LDAP?</b>
+    <b>Why is the list of usernames not sorted in the admin console when using LDAP?</b>
-<ul>Several popular LDAP servers such as OpenLDAP do not support server-side
+    <ul>Several popular LDAP servers such as OpenLDAP do not support server-side
-sorting of search results. On those servers, users will appear out of order.
+        sorting of search results. On those servers, users will appear out of order.
-However, you can enable client-side sorting of search results by setting 
+        However, you can enable client-side sorting of search results by setting
-<tt>ldap.clientSideSorting</tt> to true in the XML configuration file.</ul>
+        <tt>ldap.clientSideSorting</tt> to true in the XML configuration file.</ul>
-<b>I switched to LDAP and now cannot login to the admin console. What happened?</b>
+    <b>I switched to LDAP and now cannot login to the admin console. What happened?</b>
-<ul>If you can no longer login to the admin console after switching, one of two
+    <ul>If you can no longer login to the admin console after switching, one of two
-things most likely happened:<ol>
+        things most likely happened:<ol>
-			 <li>By default, only the username "admin" is allowed to login to the
+        <li>By default, only the username "admin" is allowed to login to the
-			 admin console. Your directory may not contain a user with a username
+            admin console. Your directory may not contain a user with a username
-			 of "admin". In that case, you should modify the list of usernames authorized 
+            of "admin". In that case, you should modify the list of usernames authorized
-			 to login to the admin console (see above).
+            to login to the admin console (see above).
-			 <li>You may have set the baseDN to an incorrect value. The LDAP module
+        <li>You may have set the baseDN to an incorrect value. The LDAP module
-			 recursively searches for users under the node in the directory specified 
+            recursively searches for users under the node in the directory specified
-			 by the baseDN. When the baseDN is incorrect, no users will be found.
+            by the baseDN. When the baseDN is incorrect, no users will be found.
-</ol>
+    </ol>
-You can also enable debugging to get more information from the LDAP module. To
+        You can also enable debugging to get more information from the LDAP module. To
-do this, add &lt;log&gt;&lt;debug&gt;&lt;enabled&gt;true&lt;/enabled&gt;&lt;/debug&gt;&lt;/log&gt; 
+        do this, add &lt;log&gt;&lt;debug&gt;&lt;enabled&gt;true&lt;/enabled&gt;&lt;/debug&gt;&lt;/log&gt;
-to your <tt>conf/jive_messenger.xml</tt> file. Log statements will be written 
+        to your <tt>conf/jive_messenger.xml</tt> file. Log statements will be written
-to the <tt>logs/debug.log</tt> file.
+        to the <tt>logs/debug.log</tt> file.
-</ul>
+    </ul>
 </body>