User Profiles (+ people search) with LDAP
Table of contents
- 1. Introduction
- 2. Purpose
- 3. Target Audience
- 4. Status
- 5. Functional Use Cases
- 6. Functional Specification
- 6.1. Phase 1 Goal
- 6.1.1.1. New query capabilities of the enterprise LDAP module
- 6.1.1.2. LDAP profile service
- 6.1.1.3. UI User Summary Contextual Popup
- 6.1.1.4. UI User Profile view
- 6.1.1.5. UI User search
- 6.2. Open Questions
- 6.1. Phase 1 Goal
- 7. Resources
Introduction
Collaboration inside MindTouch does not currently provide much context for users within the system. User profiles (via LDAP) is a feature that will piggyback off of the wealth of data inside an enterprise's LDAP system to display information about users inside MindTouch. Further iterations will see this data be pulled closer to MindTouch (with a possibility of storing/querying this data in MindTouch while synchronizing data with LDAP) in later versions.
Purpose
LDAP has been a very common mechanism for storing directory information about users inside enterprises. A company's directory is a repository of information on people, departments, devices, places, configuration, statistics, etc of company assets. Many mid-larger sized companies spend a considerable amount of effort ensuring the directory has up to date information on the above assets through manual processes such as input by HR, IT, and automated scripts. Having access to this data allows reports to be generated and queries to be performed making MindTouch a central component of an intranet.
This feature will allow contributors to a system to discover and connect with other LDAP users inside MindTouch.
Target Audience
- Intranet MindTouch users benefit by having home pages populated via template from established information. Having access to an employee directory within MindTouch will allow them to find information about their coworkers without leaving MindTouch. Combining content and people search will provide for a simple and consistent way to find commonly needed information in a company intranet. Connecting the users with MindTouch contributions will provide more context of changes inside MindTouch pages.
Status
Under specifications development. This spec has been superceded by two new specs: User Dashboards and ELM.
Functional Use Cases
Note: All functional use cases are dependent upon the specific implementation of LDAP within each organization. Some of these use cases make the assumption that a standard Active Directory schema is used
Employee wants to discover information about a user who has contributed to a page
An employee has stumbled upon a rather useful page about content on a page. Currently, besides the username, it is hard to make a determination of who contributed to the page. With data from LDAP, the employee finds additional information, including their department, their physical address, their email address, and other contact information. Using this information, the employee is able to further inquire and collaborate on content and coworker contributions.
While this view provides a brief overview of a user who has changed the page, it does not provide a fuller context of the user's position inside the MindTouch ecosystem. The expanded profile view provides more information (and serves as a dashboard for MindTouch-specific activity):
This page can also start mashing up data from the applications written on top of MindTouch, providing a single activity stream.
Employee wants to find a phone number for a coworker
The employee knows their coworkers last name and types it into the search box. As the search results come up, a message and link are displaying asking if the user wants to search the company intranet instead. User is redirected to search results matching people and allows further customization of the search.
Finding a coworker with expertise
The advanced search in the people directory will allow finding employees with knowledge of a certain project or technology. This information is often times maintained in directories for larger corporations via groups which can be searched and filtered by an employee looking for someone with specific knowledge.
Functional Specification
Phase 1 Goal
- The brief user contextual popup
- The expanded user profile view
New query capabilities of the enterprise LDAP module
Queries can be performed using this feature through a variety of means.
- A standard HTTP GET feature is exposed to allow queries to be submitted with XML results returned. This can be used directly through a web browser or within JS powered mashups.
- Simple DekiScript features exposed similar to those provided by the MySql allowing tables, lists, and single value results to queries. These results can be combined with templates to present clean and consistent output. This may not be necessary for phase1
LDAP profile service
Returns combined MindTouch and LDAP user details in a consistent format for search queries
- Based on a MindTouch username, return MindTouch user details available from GET: users/{id} as well as a predetermined set of LDAP fields
- Based on a search query, return the same details as above for MindTouch users and users in LDAP matching the query.
- Matching MindTouch users that are local or not linked to an LDAP authentication provider will not return LDAP details
- Matching LDAP users that have not yet logged in to MindTouch to create an account will return LDAP details.
- The LDAP search will query based on a configurable parameterized search string with the query terms substituted
- All queries also exposed as DekiScript functions to aide in template building
UI User Summary Contextual Popup
- Hovering over a username will bring up a popup displaying information in the attached screenshot. Specific fields are not yet final.
- A template is used to render the popup view
- The template retrieves user details via a DekiScript call to the LDAP Profile Service
UI User Profile view
- New user pages are by default rendered via a template displaying information in the attached screenshot. Specific fields are not yet final.
- The template retrieves user details via a DekiScript call to the LDAP Profile Service
UI User search
- User search is done explicitly by clicking the "People" tab from the current search results view.
- Search results contain similar info as the user summary contextual popup and will be rendered by PHP(?)
- Search results are paged
Open Questions
- Should a defined set of attributes be copied from LDAP to user properties?
- Disadvantages
- Profile data will not be as real time. Updates can happen every login. Though this data is rarely modified anyway in LDAP.
- Advantages
- Performance improved since there's no need to hit LDAP to populate the user info popup or the user profile page. Reducing load on the LDAP server may be a consideration for larger organizations. This may be alleviated by caching data at the profile service.
- Paves a way to a more generalized and user customizable profile where the profile data is user editable by modifying properties
- Disadvantages
- Implement user context popup in php rather than as a dekiscript powered page thats invoked through php
- Advantages
- There's currently no way to upgrade page contents or templates between releases. This may be simplified with a php script replaced in the filesystem.
- Disadvantages
- The context popup can be customized by the admin and tailored to the company without leaving the site just like other pages.
- Advantages
Resources
- Employee directory
- LDAP dashboard (click admin)
- Employee search (sharepoint)
- LDAP browser
- User profile
- Tag page
- What links here
Files 4
| File | Version | Size | Modified | |
|---|---|---|---|---|
| ||||
| ||||
| ||||
| ||||
| Images 3 | ||
|---|---|---|
 Shows a hover effect which encapsulates some context about the user. The inner data layer would be a DekiScript page, allowing for more complex custom user mashups.ldap_query.gif |  |  |
Copyright © 2011 MindTouch, Inc. Powered by
We're in the interesting situation where authentication is via AD, but we also have other directory systems that are accessible via LDAP so this would be a killer feature for us when/if it's implemented.