This documentation supports the 9.0 version of Remedy IT Service Management Suite.

To view the latest version, select the version from the Product version menu.

Configuring the LDAP import method

You can import support and non-support People information directly from your company's active directory using the LDAP import method. 

Note

If you import Support people information, you will need to open the records after you import them to add permissions.  

Before you can use the LDAP method, however, you must configure your system to support it. 

Notes

To perform the procedures described in this topic, you need DMT Admin permissions (for working in the Data Management console) and AR System Administrator permissions (for working in the BMC Atrium Spoon client).

In these procedures, you must identify an LDAP attribute that is unique to each record (for example, objectGUID) to help identify records that have errors during the import process. Consider this requirement before you start these procedures.

This topic contains the following information:

LDAP configuration overview

To configure your system to support the LDAP import method, you must perform the procedures shown in the following diagram.

Tip

Click the procedure name to see information about how to perform the procedure.

The LDAP import method configuration

Creating the transformation

In this procedure, you use a template to create a new transformation in the the Atrium Integrator Spoon client. This transformation provides mappings between the LDAP user attributes and the fields on the  CTM:LoadPeople  form.

To create the transformation
  1. On the computer where the Atrium Integrator Spoon client is installed, select  Start > Programs > BMC Software > AR System > BMC Atrium Integrator Spoon .
  2. In the Atrium Integrator Spoon window, select  Tools > Repository > Explore.
  3. Locate and open the onboarding transformation template for the connection protocol you will use:
    • BMC_Onboarding_Template_LDAP_People
    • BMC_Onboarding_Template_LDAP_People_Secure   (for LDAP SSL)
  4. Make a copy of the template by renaming it:
    1. Click File > Save as.
      The Transformation Properties dialog box opens.
    2. In the Transformation Name field, type the new name.

  5. In the transformation diagram, double-click the DMT_LDAP_INPUT step; then make the following entries in the LDAP Input dialog box:
    1. Change the default values in the General and the Search tabs to match those of your LDAP environment.
      Later, in substep e, you will restore these default values. The table that you can open in sub-step e provides a list of the default values, so you don't need to make a note of them now.

      Notes

      The fields are case sensitive.
      Ensure the
      Trust Store Path that you specify in this step is accessible by the Atrium Integrator Spoon client.

    2. (Optional) On the General tab,  click Test Connection to confirm that you can connect to the LDAP server with the information that you provided in the General.

    3. Open the Fields tab and click Get fields to retrieve the LDAP user attributes from the LDAP server.
    4. When the transfer of LDAP user attributes is complete, review the attributes to confirm that they are correct and that they are String type.
      For example, make sure that the Type value for each attribute is valid, based on the information that is contained within the attribute.
    5. Restore the default values and selections used for each setting in the General  and the Search  tabs.
      The following tables and illustrations show you the default values. You can cut and paste the text in the table back into the fields.

      Click here to expand the table with the default values and to reveal the related screen captures.
       

       Default values and selections for General and Search tabs

      General tab

      Notes

      Although you cannot see the value of the Password field because of the mask, ensure that you specify the default password: ${Bind_Password}.

      You need to restore the default values to the Certificate fields (the red box in the illustration that follows) only if you are using the BMC_Onboarding_Template_LDAP_People_Secure template.



      For your convenience, you can copy the default values from the table and paste them into the corresponding field.

      Field or check boxDefault value or selection
      Host
      ${LDAP_Host}
      Port
      ${LDAP_Port}
      Protocol
      Note:
      The default value depends on the template
      that you are using. 

      LDAP (BMC_Onboarding_Template_LDAP_People)

      or

      LDAP SSL (BMC_Onboarding_Template_LDAP_People_Secure)

      Use authenticationSelected
      User name
      ${Bind_UserName} 
      Password
      ${Bind_Password} 
      Use certificate (if using the the secure template)Selected
      Trust store path (if using the the secure template)
      ${Trust_Store_Path}
      Trust store password (if using the the secure template)
      ${Trust_Store_Password}
      Trust all certificates (if using the the secure template)Unselected


      Search tab

      Field or check boxDefault value or selection
      Dynamic search baseNot selected
      Search base fieldnameNot available
      Search base
      ${Search_base} 
      Dynamic filter stringNot selected
      Filter string fieldnameNot available
      Filter string
      ${Search_FilterStr} 
    6. Click OK to close the dialog box.

  6. In the transformation diagram, double-click the  Define LDAP Unique Identifier  step.

    Note

    In this step, you identify an LDAP attribute that is unique to each record, for example, objectGUID. The actual unique identifier that you use depends on the specifics of your environment.

    The LDAP Unique Identifier that you specify here is used to identify problematic records in the import error log. If an error occurs during the LDAP import, the system provides you with a link to an error log that you can use to identify which record had a problem and what the problem was. After you identify the problematic record, you can choose to edit it in the active directory or to filter it out of the LDAP import using a custom search filter.    


    1. In the Formula column of the Formula dialog box, click LDAPUniqueAttributeName and in the edit box that appears, type  the name of the LDAP unique attribute to use as the identifier. Make sure that you enclose the value in double quotes; for example, type "objectGUID".

    2. To close the edit box and save the update, click  OK.

    3. In the Formula column of the Formula dialog box, click LDAPUniqueIdentifier and in the edit box that appears, type the name of the LDAP unique identifier. Make sure that you enclose the value in square brackets; for example, type [objectGUID]

      Note

      The name that you provide for the LDAPUniqueAttribueName and the LDAPUniqueIdentifier must be the same, as shown in the examples provided in sub-steps a. and c. Only the enclosing characters, that is, the double-quotes and the square brackets are different.
    4. To close the edit box and save the update, click  OK.

    5. Click File > Save.

  7. In the transformation diagram, double-click the AROutput step.

    Note

    If you have an existing connection to the AR System server, you can use that connection in this step. If you have an existing connection, you can skip sub-step a.

    1. Click New  to c reate a new connection for the AR System server. 
      The Database Connection dialog box opens. If you chose to perform this step, you will be able to use the new connection in future transformations.
    2. Click Test to test the connection with the AR System server.
    3. If the connection is working, click OK twice, to dismiss the system message and then the dialog box.
    4. Open the Field Mapping tab, then click Edit Mapping.
      The Enter Mapping dialog box opens. 
    5. Create the mappings between the LDAP user attributes and the fields on the CTM:LoadPeople form.
      1. In the Enter Mapping dialog box, make a selection from the Stream fields column (where the LDAP user attributes are listed) 
      2. Make a corresponding selection from the Form Fields column (where the CTM:LoadPeople form fields are listed), 
      3. Click Add.  
    6. Map the following CTM:LoadPeople fields as shown below:
      • Parent_Job_GUID --> Parent_Job_GUID

      • Parent_JobID --> ParentJobID

      • Assignee Groups --> Assignee Groups

      • JobCompany --> Company

      • LicenseType --> License Type2

      • LDAPUniqueIdentifier --> Alternate ID

      • UDMSource --> UDM_Source

    7. Map the following required CTM:LoadPeople  form fields to the corresponding Stream fields (the names of the Stream fields can vary, depending on your LDAP environment): 
      • Last Name
      • First Name
      • Site
    8. To save the mappings, click OK.
  8. Open the General tab and from the Connection drop-down menu, select AR Server

    Tip

    To verify that you chose the correct connection, click Edit and check the AR System server connection variables in the Database Connection dialog box. If these variables are not present or are incorrect, check that you selected the correct connection. If you selected the correct connection, then you need to re-enter the variables.

  9. Click OK to save and close the AROutput step.
  10. In the Atrium Integrator Spoon window, click the Save icon to save the transformation.

    Notes

    If you are continuing now with the next procedure, leave the Atrium Integrator Spoon client open; you will perform the next procedure in the Spoon client.

Creating the Atrium Integrator job in the Atrium Integrator Spoon client

In this procedure, you use a template to create a new job in the Atrium Integrator Spoon client. In the next procedure, you will point to this job from the Atrium Integrator Jobs console of the BMC Remedy ITSM Data Management component. 

To create the Atrium Integrator job
  1. From the repository, open BMC_Onboarding_Template_LDAP_People  job template for the connection protocol you will use:
    • BMC_Onboarding_Template_LDAP_People
    • BMC_Onboarding_Template_LDAP_People_Secure   (for LDAP SSL)
  2. Make a copy of the template by renaming it:
    1. Click File > Save as
      The Job Properties dialog box opens.
    2. In the Job Name field, type the new name.

  3. In the job diagram, double-click the BMC_Onboarding_Template_LDAP_People step; then make the following entries in the Job entry details for this transformation dialog box:

    1. In the  Name of job entry  field, type the name that you created in Step 4 of the procedure to create the transformation. 
    2. On the Transformation s pecification tab, change the content of the Specify by name and directory to match the name and directory that you entered in Step 4 of the procedure to create the transformation. 
    3. Click OK to close the dialog box.
  4. In the Atrium Integrator Spoon window, click the Save icon to save the transformation.

Configuring the Onboarding wizard to connect with the LDAP server

In this procedure, you set up the connection information from the Onboarding wizard of the BMC Remedy ITSM Data Management component to the LDAP server and to the Atrium Integrator job.

To create a connection from the Onboarding wizard to the LDAP server
  1. From the Application menu on the IT Home page, select: Data Management > Onboarding Wizard.
  2.  Click Step 6 People
  3. Open  the Create Data Manually drop-down menu and select Load data into the system using Lightweight Directory Access Protocol (LDAP).
    The screen refreshes to display the fields you need for setting up the LDAP connection. 
  4. Click Manage Settings (the gear icon – you can see this icon only when you are logged in with DMT Admin permissions).
  5. In the Manage LDAP Settings  dialog box, click Add and provide the parameters that the Onboarding wizard uses to connect with your LDAP environment.
    Click

     Click here to see a list of the parameters with explanations
    ParameterAdditional information
    Setting NameA meaningful, unique name for this set of connection parameters. If, over time, you configure multiple LDAP connections in the Onboarding wizard, you use the Setting Name to identify and select this connection from the drop-down menu that is associated with the Setting Name field.
    Company  

    The company for which the connection is being defined.

    Host

    The host name of the LDAP server to which you are connecting.

    Port  

    The port number of the LDAP server.

    Username 

    The user name that you use to connect to the LDAP server; this username must have permissions to access the people data information you will import.

    Password  

    The password for the username.

    Search BaseThe name of the directory on the LDAP server (or LDAP "distinguished" name ) from which the Onboarding wizard begins the search for the people records
    Atrium Integrator Job Name Be sure to specify the name of the job that you created inStep 2 of the Creating the Atrium Integrator job in the Data Management console procedure.
    (optional) Use secure connection

    Select this if you used the BMC_Onboarding_Template_LDAP_People_Secure transformation templates when you created the transformation.
    If you select this option, you also must supply the following information: 

    • Trust Store path – the path to the Trust Store. The Trust Store is where you store the SSL certificates.The AR System server must be able to access this location.
    • Trust Store password – the password for the Trust Store.
    (optional)  Use custom filter   

    If you select this option, you must supply a search filter. The search filter is an argument that the Onboarding Wizard uses to identify on the LDAP server the people records that you need to import. For example, you might indicate: objectClass=Person. In this example, the Onboarding Wizard will import all of the records in the indicated search base on the LDAP server that have an object class of Person.

  6. Click Save.
    The system adds an entry for this set of connection parameters to the table in the Manage LDAP Settings dialog box and to the drop-down menu associated with the Setting Name field.

    Notes

    If you later must disable a connection entry from the drop-down menu, highlight the connection in the Manage LDAP Settings  dialog box and click either: Delete, to remove it entirely; or click Offline to disable it temporarily.

    To update a connection, highlight it in the Manage LDAP Settings  dialog box and click View. The connection record opens in edit mode and you can make your changes.

  7. (Optional) Designate a default connection in the Manage Settings dialog box table. Highlight the connection and click Set as Default. If you have a multitenant environment, you can create a default connection for each company.

Note

If you have multiple LDAP environments that reference the same Atrium Integrator job, you can:

Repeat the Configuring the Onboarding wizard to connect with the LDAP server procedures, provide different connection information. Be sure to specify the same Atrium Integrator job.

Configuring the maximum number of allowed errors

When you run an import using the LDAP method, the import process samples the imported records periodically (be default, every 1000 records) to determine the number of errors encountered in the sampled records. By default, if 20% of sampled records have errors, the import process halts the import. You can configure both of these setting from the AROutput step of the transformation used by the import, as described in the following procedure.

To configure the maximum number of allowed errors
  1. On the computer where the Atrium Integrator Spoon client is installed, select  Start > Programs > BMC Software > AR System > BMC Atrium Integrator Spoon.
  2. Open the Repository. 
  3. In the Atrium Integrator Spoon window, select  Tools > Repository > Explore.
  4. Locate and open the transformation you need to update.
  5. Double-click the AROutput step.
  6. From the Step Error handling settings dialog box, change the following settings according to your needs:
    • Max % of errors allowed–The default setting is 20%. If 20% of the records sampled have errors, the error handling feature halts the import process. If you need to disable the error handling feature, clear the field so that it is blank. If the field is blank, the error handling algorithm allows 100% errors, effectively disabling the feature.
    • Min nr of rows to read–The default setting is 1,000. This value controls how often the error handling feature samples the import process for errors. For example, if you leave this setting at its default value and the Max % of errors allowed value at its default setting (20%), then after every thousand records are imported, the error handling feature checks the percentage of records with errors. If the percentage is equal to or greater than 20%, the error handling feature halts the import.
  7. Click OK.


Was this page helpful? Yes No Submitting... Thank you

Comments