5.6 Configuring the People Search Module

You can configure Self Service Password Reset to allow users to search for their colleagues’ information and also configure the attributes the People Search module displays in the search result.

If you enable the People Search module and configure it, anyone can use the People Search option to search for people and view the details of the people. You can see details such as user name, email address, photo (if specified), and an organizational chart. The organizational chart displays the details of other users who report to the selected user (in a hierarchy) and also with the details of the user’s manager. The arrow displays the user’s level in the hierarchy.

Self Service Password Reset requires that the users who use People Search have read permission to view all the attributes that the People Search module displays. Self Service Password Reset uses wildcards or Ajax search (searching and displaying results while typing).

To configure the People Search module:

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click Modules > Authenticated > People Search.

  5. Configure the following settings:

    Enable People Search

    Enable this option to enable the People Search module.

    Permitted Users

    Specify an LDAP search filter or an LDAP group and an existing LDAP profile to control the users who access People Search. The user must match this query to use this feature.

    You can add multiple LDAP search filters and add multiple groups or LDAP profiles for the query. However, Self Service Password Reset ORs the items in the search. So a user must match the LDAP search filter or the LDAP group.

    Search Attributes

    Add the list of LDAP attributes that Self Service Password Reset must search when the system generates an automatic search for the setting People Search LDAP Filter. The system also uses the search attributes to determine which fields in the user detail form displays the Like search option.

    Search Result Attributes

    Specify the LDAP attributes that Self Service Password Reset displays in the search result for a user during searches.

    Search Detail Attributes

    Specify the LDAP attributes that Self Service Password Reset displays during the detail view of an individual person’s record.

    Search Result Limit

    Specify the maximum number of records that the People Search module displays in the search results.

    Use Proxy Account

    Enable this option to use the LDAP proxy account to perform searches. For proper security in most environments, do not enable this setting.

    UserDN Name Display

    Specify the configuration value that People Search module displays for the user’s name. Specify the value for this setting in the @LDAP:name@ format. For example, if you want the People Search module to display the user’s first and last names then you can provide the following configuration value: @LDAP:givenName@ @LDAP:sn@.

    Person Detail Display Labels

    Specify the details that the People Search module must display in the details on the organizational chart for each user.

    LDAP Photo Attribute

    Specify the name of the LDAP attribute that includes the photo of the LDAP users. When you specify the LDAP attribute name, Self Service Password Reset uploads the photos from the LDAP directory.

    This is an optional field. If you do not specify an LDAP attribute, the People Search module does not display a photo of the user during the user search.

    Photo URL Override

    Specify a URL of an external system to show the photos if you do not store the user photos in the LDAP directory. If you specified this setting, the People Search module does not load the photo from the LDAP directory.

    For example: http://photos.example.com/employee/@LDAP:workforceID@.jpg

    Search Maximum Cache Seconds

    Specify the interval, in seconds, to store the search information in cache.

    Photo Display Permission

    Specify the query for the users that the People Search module allows to view the photo of other users in the organizational chart.

    People Search LDAP Filter

    Specify the LDAP search filter to query the directory with Substitute %USERNAME% for the user-supplied user name. If blank, the system auto-generates the search filter based on the values in the setting Search Attributes.

    For example:

    (&(objectClass=Person)(|(givenName=*%USERNAME%*)(sn=*%USERNAME%*)(mail=*%USERNAME%*)(telephoneNumber=*%USERNAME%*)))
    LDAP Search base

    Specify the LDAP search base. If you leave this field blank, the system uses the default LDAP search bases.

    Enable People Search Public (Non-Authenticated) Access

    Enable this option to allows access to the People Search module for unauthenticated users. The URL the unauthenticated users access to view the People Search module is: ipaddress/sspr/public.

    Idle Timeout Seconds

    Specify the number of seconds after which an authenticated session expires. There is no timeout for users using the People Search module without authenticating.

    Organizational Chart Parent Attribute

    Specify the LDAP attribute that contains the LDAP DN of the manager. If this setting is blank, then the People Search module does not display the organizational chart view.

    Organizational Chart Child Attribute

    Specify the LDAP attribute that contains the LDAP DN of the users who directly report to the user.

  6. In the toolbar, click Save changes.