OpsLDAPLayout

Introduction

To run ops you need a ldap backed configured as described below. If you don't already have a working ldap with the ops schema you will have to get one first, see LDAPInstallationManual.

It is also assumed you have installed the WebDAV component that serves the timesheets and calendars, because these are are references in the LDAP Timesheet and Calendar entries. If you haven't, first install WebDAV, see WebDavInstallation.

LDAP management tools

A number of tools exist for managing LDAP. The tools we use and have used are mentioned here.

• Apache Directory Studio is your best option, it is also available in Eclipse
• phpLDAPAdmin is a standalone webbased LDAP management tool.
• Another option is to use JXPlorer to work with LDAP. check out the installation guide and user manual.

Configuration

Ldap base layout

Under the base dn you will need to add 6 organizationalUnits:

• Companies
• Timesheets
  • Add an extra objectclass; opsTimesheetOU
  • Add an attribute; lastArchiveRun with a date in the format of yyyMMdd (enter the date from which you want the first archive run to start)
• Calendars
• Projects
• Users
• Groups

This will be the base structure of your ldap installation.

Entry structures

Each organizationalUnit can hold the entries mentioned below with their objectclasses and attributes:

Companies

Here you can list your clients and yourselve with refenrences to their employees among others.(not yet used by OPS)

• Objectclass:
  • opsOrganization
• Required attributes:
  • o : The name (and reference) of the company

Timesheets

Timesheet entries hold the owner of the timesheet and a reference to the location of the actual timesheet file where the time spent on project tasks is logged. For each user you will need a timesheet of type 'current'. ('Archive' timesheets are added later, by periodically archiving the current timesheet). The names don't really matter, but it is probately wise to use a convention like 'username_timesheettype'. See also Fill Ldap

• Objectclass:
  • timesheet
• Attributes used by ops:
  • name
  • ics: the location were the timesheet can be reached by the opsServer eg http://yourdomain.tld/opswebdav/timesheets/current/user_name.ics
  • ownerRef: the uid of the owner
  • reader: uid's of people authorised to read the timesheet(used by webdav)
  • writer: uid's of people authorised to write to the timesheet(used by webdav)
  • type: either 'current' or 'archive'

Calendars

Calendars are a lot like thte timesheet entries, with the difference that you only need one current entry, the rest will be generated by the OpsProject archiveCalendars method. See also Fill Ldap

• Objectclass:
  • calendar
• Attributes used by ops:
  • name
  • ics: the location were the calendar can be reached by the opsServer eg http://yourdomain.tld/opswebdav/calendars/user_name.ics
  • ownerRef: the uid of the owner
  • reader: uid's of people authorised to read the calendar(used by webdav)
  • writer: uid's of people authorised to write to the calendar(used by webdav)
  • type: either 'current' or 'archive'

Projects

This is the base of OpsProject.

• Objectclass:
  • project
• Attributes used by ops:
  • name
  • projectGuid: a globally unique identifier for the project
  • endDate
  • memberUid: uid's of projectmembers
  • mailFolder: references the mailforder on IMAP
  • opsDocumentPath: path to shared project documents on WebDAV (not in use yet)
  • projectManager
  • projectStatus
  • startDate

Users

You can store ops users anywhere on your ldap, as long as the entries have the following properties:

• Objectclasses:
  • inetOrgPerson
  • posixAccount
  • CourierMailAccount
  • opsPerson
• Attributes used by ops:
  • userPassword: needed for authentication
  • uid: needed for authentication
  • mailbox: where e-mail will be stored on the mailserver
  • mail: e-mail address

You will have to add a user entry in your ldap for every potential project member and ops administrator, see also Fill Ldap. Users are referenced by uid.

Groups

In the Organisational Unit Groups you will have to create 3 entries (you are free to choose the names for these groups):

• • cn=*your users* - contains all the memberUids of your employees, project members are taken from this set
  • cn=*former users* - former employees, people who's timelogs are still available
  • cn=*ops administrators* - contains memberUids of ops administrators

Each of these entries must have the following properties:

• Objectclass:
  • posixgroup
• Attributes used by ops:
  • cn: the name of the group
  • memberUid

You will then have to add appropriate memberUids to the 3 groups, see Fill Ldap

Fill Ldap

If you were already using ldap, you probably already had all your people data: users contacts, email adresses and what not, stored in ldap. If you just installed ldap, you will probably start using ldap to manage personal information. Either way, you will need a wellformed user entry (see Users) for each user that you want to be either a potential project member or an ops administrator.

For each administartor:

• in cn=*ops administrators* (see Groups) add the memberUid

Then for each ops user (= potential project member):

• in cn=*your users* (see Groups) add the memberUid
• in ou=Timesheets, add a timesheet for every user see (Timesheets)
• in ou=Calendars, add a calendar for every user (Calendars)
• on the webdav server, create the files you just pointed to in the ics attribute:
  • create a timesheet file
  • create a calendar file

Employee changes

While you can use OPS Admin to manage your projects, employee changes still have to be handled by manually. When your company gets a new employee, for that person to use OPS the system admin will have to:

• Add the new person to LDAP
• Add the new person to the appropriate group in LDAP (user or admin)
• create the initial timesheet file for the new person
• create the initial calendar file for the new person
• create the file references in the Calendars and Timesheets groups in LDAP

And when an employee leaves the company, they will have to be moved from the LDAP group of current employees to the group of previous employees.

-- IvanaCace - 19 Jan 2009