Importing Salesforce Platform license users with assigned permission sets from an LDAP server
You can import users into your Salesforce organization by using the Pentaho Data Integration tool. The Pentaho package for importing Salesforce Platform license users with assigned permission sets from an LDAP server is available on the BMC Communities website.
By using the LDAP Pentaho package, you can import users who are assigned the Salesforce Platform license and ServiceDesk Client permission set by default. The BMC Remedyforce package license is also assigned to the new imported users. For information about how users are imported into your Salesforce organization, see Overview of how users are imported from LDAP servers.
The following topics provide information about importing Salesforce Platform license users with assigned permission sets from an LDAP server into your Salesforce organization:
Note
For information about the LDAP versions that BMC Remedyforce supports, see Supported browsers, mobile devices, and integrations.
Before you begin
Before you can import users from an LDAP server, you must perform the following tasks:
- Install Java Runtime Environment (JRE).
- Download the Pentaho Data Integration tool.
If the Require TLS 1.1 or higher for HTTPS connections Salesforce critical update is enabled in your organization, you must use version 6.1 or later of the Pentaho Data Integration tool.
- Register at the BMC Communities website.
- If you have enabled the setting to access your Salesforce organization from limited IP addresses, ensure that you have the security token to log on to your Salesforce organization.
For more information about the security token, see Salesforce Help. Download the Pentaho package from the BMC Communities website (https://communities.bmc.com/docs/DOC-32288).
For information about the KJB (job) and KTR (transformation) files that are included in the Pentaho package, see KJB and KTR files for importing users from an LDAP server.
To import Salesforce Platform license users with assigned permission sets from an LDAP server
You cannot assign a permission set to an existing user by using this Pentaho package. Instead, you can use the KTR file provided in the InsertPermissions folder. For more information, see To assign permission sets to existing users by using a KTR file.
Important
Consider the following points when providing the access details for your Salesforce organization:
- If you have enabled the setting to access your Salesforce organization from limited IP addresses, you must append the security token to your Salesforce organization password.
For example, if the password for your Salesforce organization is mypassword and your security token is XXXXXXXXX, specify mypasswordXXXXXXXXX in the Password fields. - BMC recommends that you do not change the default API version in the Salesforce Webservice URL.
- To launch the Pentaho Data Integration tool, perform the following actions:
Navigate to the location where you downloaded and unzipped the Pentaho Data Integration tool.
Navigate to the data-integration folder and double-click the Spoon.bat.
- In Pentaho Spoon, select File > Open, navigate to the folder where you downloaded the Pentaho packages, and open the TransferLDAPInfo.kjb file.
On the TransferLDAPInfo tab, in the Transfer Lookup Excel Export step (transformation), provide your Salesforce organization access details.
- On the TransferLDAPInfo tab, right-click the Assign Account to users step, and select Open referenced object > Transformation.
- On the TransferAccountsToUsers tab, double-click the Salesforce Insert [For User Account Link] step.
- Enter your Salesforce organization user name and password.
- (Optional) To verify the connection, click Test connection and then click OK.
- To save your changes and close the window, click OK.
- Double-click the Salesforce Update step and repeat step 4b to step 4d.
- To save the KTR file, click Save.
- On the TransferLDAPInfo tab, right-click the Assign Permission sets to the new users step, and select Open referenced object > Transformation.
- On the AssignPermissionSets tab, double-click the Salesforce Insert step.
- Enter your Salesforce user name and password.
- (Optional) To verify the connection, click Test connection and then click OK.
- To save your changes and close the window, click OK.
- To save the KTR file, click Save.
- On the TransferLDAPInfo tab, right-click the Assign Remedyforce License to the new user step, and select Open referenced object > Transformation.
- On the AssignRemedyforceLicense tab, double-click the Salesforce Update step.
- Enter your Salesforce user name and password.
- (Optional) To verify the connection, click Test connection and then click OK.
- To save your changes and close the window, click OK.
- To save the KTR file, click Save.
On the TransferLDAPInfo tab, in the Update Salesforce with LDAP user information step (transformation), provide your LDAP server and Salesforce organization access details and, if required, customize the Pentaho package.
On the TransferLDAPInfo tab, in the Update manager information step, provide your Salesforce organization and LDAP server access details:
- To save the KJB file, click Save.
- In the KJB file, click Run this job.
Perform one of the following actions based on the Pentaho version that you are using:
Pentaho version Action 6.1 In the Run Options window, click Run. 5.4 In the Execute a job window, click Launch. Transformation status is depicted by using the following icons:
- — Complete
- — Running
- — Unsuccessful
- (Optional) To view logs, in the Execution results section, click the Logging tab.
All errors are displayed in red.
To assign permission sets to existing users by using a KTR file
To assign permission sets to existing users by using the KTR file provided in the InsertPermissions folder, you need the AssigneeId of users and the IDs of the permission sets that you want to assign to the users. You can change the permission set that you want to assign to the imported users.
- From the InsertPermissions folder, double-click the PermissionSetAssignment.csv file, and enter the user IDs (AssigneeIds) and the permission set IDs.
- To launch the Pentaho Data Integration tool, perform the following actions:
Navigate to the location where you downloaded and unzipped the Pentaho Data Integration tool.
Navigate to the data-integration folder and double-click the Spoon.bat.
- In Pentaho Spoon, select File > Open and navigate to the folder where you downloaded the Pentaho packages.
- To assign permission sets to existing users, from the InsertPermissions folder, open the InsertPermissionSets.ktr file.
- In the InsertPermissionSets.ktr file, double-click the Salesforce Insert step, and enter your Salesforce organization user name and password.
- To save your changes and close the window, click OK.
- To save the KTR file, click Save.
- To run the KTR file, click Run this job.
To schedule jobs to import data
On the BMC Communities website, the Pentaho packages for importing data from external data sources into BMC Remedyforce page contain a Scheduling Files folder. This folder contains a sample batch file that you can use as a base to create your batch files for scheduling data import. For more information about scheduling a job, see http://wiki.Pentaho.com/display/EAI/Kitchen+User+Documentation.
- Navigate to the folder where you have extracted the Pentaho package for which you want to schedule import jobs.
- Open the Scheduling Files folder and create a copy of the sample batch file, such as SchedulingComputerSystem.bat.
- Open the batch file that you created in step 2, perform the following actions, and save the file:
- Update the path of the Kitchen.bat file based on your version of the Pentaho Data Integration tool:
KETTLE_HOME="<path>\<PentahoFolder>\data-integration"
- Update the path of the Kitchen.bat file and the KJB file:
<path>\
<PentahoFolder>
\data-integration\kitchen.bat /file:"<JobFile>\<JobFileName>.kjb"/level:Detailed
- <path> is the location where you have extracted the Pentaho installer ZIP file.
- <PentahoFolder> is the extracted root folder for your version of the Pentaho Data Integration tool.
For example, for version 6.1 of the Pentaho Data Integration Tool, the extracted root folder ispdi-ce-6.1.0.1-196.
- <JobFile> is the location where you have extracted the job files.
- <JobFileName> is the KJB file that you want to run at the scheduled interval.
- The level option specifies the level of logging for the job. The values that you can specify for the level option are Minimal, Basic, Detailed, Debugging, and Row Level. The log files are saved in the same folder where KJB files are saved.
- Update the path of the Kitchen.bat file based on your version of the Pentaho Data Integration tool:
- Go to Start > Control Panel > Administrative Tools > TaskScheduler.
- In the Task Scheduler window, in the Actions area, click Create Basic Task.
- In the Create Basic Task Wizard, type the name and description of the task, and click Next.
- Select the appropriate option for starting the task, and click Next.
For example, you can select Daily or When the computer starts as the option for starting the task. - Configure the additional options for starting the task, and click Next.
The additional options are displayed based on the option that you selected in step 7. For example, if you select the Daily option for starting the task, you must configure the start date and frequency at which you want to run the batch file. - Select the Start a program radio button, and click Next.
- Click Browse to locate the batch file that you have created to schedule the job, and click Next.
- Select the Open the Properties dialog for this task when I click Finish check box, and click Finish.
KJB and KTR files for importing users from an LDAP server
In Pentaho, metadata is stored in XML format in the file system as KTR (transformations) or KJB files (jobs). The Pentaho package includes the TransferLDAPInfo.kjb file (job file) for importing users from an LDAP server. The job (KJB) file contains a series of transformations that run in a sequence. Each transformation maps to a KTR file that is available, along with the KJB file, in the Pentaho package.
The following table provides information about the KTR files and the corresponding transformations that the KJB file contains:
KTR file | Step or transformation in the KJB file | Description |
---|---|---|
LookUpExcelExport.ktr | Transfer LookUp Excel Export | Exports profiles, accounts, user roles, permission sets, users, and user-account links from the Salesforce organization into separate CSV files. |
None | Check if delta timestamp file exists | Checks if any time stamp file exists. The Pentaho package utilizes a time stamp file to determine which records were added or modified since the last time the job was run. This step is used for incremental import. If a time stamp file does not exist, the Create the initial timestamp file step is run; otherwise, the Update Salesforce with LDAP user information step. |
CreateInitialTimeStampedFileForLDAP.ktr | Create the initial time stamp file | Creates the time stamp file to record the time of import. This step is run only if you are importing for the first time or you have deleted the existing time stamp file. |
TransferLDAPInfo.ktr | Update Salesforce with LDAP user information | Transfers data from LDAP server to the Salesforce organization. The Salesforce Upsert [For User] step of the TransferLDAPInfo transformation displays the out-of-the-box fields which are mapped from the LDAP Active Directory Users. This includes fields, such as LastName, Username, Phone, MobilePhone, Fax, and so on. |
TransferAccountsToUsers.ktr | Assign Account to users | Transfers relationships between users and accounts from the LDAP server to the Salesforce organization. |
AssignPermissionSets.ktr | Assign permission set to the new users | Assigns permission sets to the imported users. |
AssignRemedyforceLicense.ktr | Assign Remedyforce License to new users | Assigns the BMC Remedyforce license to the imported users. |
UpdateManagerInfo.ktr | Update manager information | Transfers the Manager field information of the LDAP User from Active Directory. |
StoreLDAPTimestamp.ktr | Store the current timestamp | If the data import is successful for one or more records, the time of import is saved. |
The following table provides information about the steps that are included in the TransferLDAPInfo.ktr file (Update Salesforce with LDAP user information transformation). The Pentaho package runs these steps to import users from the LDAP server into your Salesforce organization. You can view these steps only when you open the KTR file in the Pentaho Data Integration tool.
The KTR file also contains mapping of the fields in the LDAP server to the fields in the User table. For more information about mapping, see Overview of how users are imported from LDAP servers.
Step | Description |
---|---|
Delta timestamp | Reads the saved time stamp. |
Create time based LDAP filter string | Creates a time-based LDAP filter string that is used to fetch the new records added since you last ran the job successfully. |
LDAP input | Uses the LDAP filter string to fetch the defined attributes of the records from the LDAP server. |
Dynamic account, profile and permission set assignment | Enables assigning account, profile, and permission set information to the records that are imported based on any of the LDAP attribute. |
Sort | Sorts the users that are imported from the LDAP server. |
Unique Rows | Checks that the imported users are unique so that duplicate records are not created in the Salesforce organization. |
Excel Output | Creates a CSV file that contains unique imported users. |
Stream lookup [For Profile] | Retrieves profiles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
Stream lookup [For UserRole] | Retrieves user roles that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
Stream lookup [For Account] | Retrieves accounts that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
Stream lookup [For PermissionSet] | Retrieves permission sets that were exported from the Salesforce organization to a CSV file in the Transfer LookUp Excel Export transformation (LookUpExcelExport.ktr file). |
Salesforce Upsert [For User] | Transfers imported users to the Salesforce organization. |
Success rows | Stores the rows that are imported successfully. |
Failure rows | Stores the rows that are not imported with error code, error description, and error fields. |
Upserted Users | Creates a Microsoft Excel worksheet on your local machine which contains the users who are successfully imported to the Salesforce organization. |
Add UserId | Creates an internal file which is required to update the manager information. |
Troubleshooting
The following table describes the troubleshooting tips that you can use to resolve common issues that you might face when importing data.
Error or issue | Applies to the Pentaho package for | Description or procedure |
---|---|---|
Viewing logs of the import jobs | All | Log files are created in the folder where you have saved the KJB files. Success and failure rows files are also created in the same folder. If a failure occurs, the error code and its description are provided in the failure row file. You can also use the failure row file to import data to Salesforce. |
Not all records are imported | All | Delete the delta time stamp file of the job that you ran, and run the job again. |
Import fails | All | If you have upgraded to BMC Remedyforce Winter 17 (20.17.01), either you use the latest Pentaho packages updated on the BMC Communities or map a value to the Source field of the Base Element object. Also, ensure that you have Edit permission on the Source field of the Base Element object. |
An "out of memory" error occurs | All | While importing a large number of records, if you get the
|
A "too many script statements" error occurs | All | When you run an import, if you receive "Too many script statements" as an onscreen Apex error message or in an email, reduce the batch size by 10 in the Batch Size field in the Settings section on the Salesforce Upsert window. |
Records are not being to your CMDB. | All | Raise a case with Salesforce to create a custom index on the Assembly ID field of the Base Element object. |
Importing users by using the failure rows file for LDAP | LDAP server | A failure row file is a text file that is saved in the folder where you have saved your KJB files. Perform the necessary steps to remove the error provided for the failure rows in the failure rows file, and then import the data by using the following steps. The following Pentaho packages provide a transformation file in the FailureRowsInput folder. You can use this transformation file for importing users from the failure rows file to the Salesforce organization.
To import data from the failure rows file
|
Failed in writeToSalesForce: java.lang.IllegalArgumentException: The char '0x0' after 'Print' is not a valid XML character | All | Some unicode characters that cannot be parsed by the XML parser are present in any of the mapped fields. Either delete these characters in data or delete the mapping of such fields. |
Unable to query Salesforce | All | Check your Salesforce organization credentials in the Salesforce Upsert and Salesforce Input(CMDB_Classes) steps. |
The job does not appear in Atrium Integrator. | BMC Atrium CMDB | Ensure that you have saved your KTR and KJB files in a folder in Atrium Integrator. |
Error setting value #2 [ARDelta_1 Integer] on prepared statement (Integer) | BMC Atrium CMDB | This error is generated if multiple records are created in the BMC Remedy AR System NGIE:Delta form for the running transformation. Delete the additional ARDelta entries that are created for the error transformation file by deleting the records. To find the duplicate records for a transformation file, open the NGIE:Delta form in BMC Remedy AR System. In the TransName field, enter the transformation file name, and click Search. |
Did not find Remedy Application Service password for server<server name> in UDM:RAppPassword Form on server <server name> | BMC Atrium CMDB | Check your Atrium Server Connection credentials in the ARInput step. |
'Oracle Database Server 10g Release 2' is not valid for the type xsd: <data type > | BMC Atrium CMDB | Check the data type of the mapped fields in the Salesforce Upsert step. |
Duplicate LAN Endpoint entries are created in BMC Remedyforce CMDB. | BMC Client Management | In BMC Remedyforce Summer 15 Patch 1 and earlier versions, when you imported LAN Endpoint data from BMC Client Management, duplicate LAN endpoint entries might have been created in BMC Remedyforce CMDB. This duplicate data was created because of the following factors:
In BMC Remedyforce Summer 15 Patch 1 and later versions, instead of the Network Interface IP address, the MAC address is used as the unique source identifier for the LAN endpoints imported from BMC Client Management, and new duplicate LAN endpoint entries are not created in BMC Remedyforce CMDB. To resolve this issue, you must install the latest Pentaho package for BMC Client Management released with BMC Remedyforce Summer 15 Patch 1 or later. Also, you must manually delete any existing duplicate LAN endpoint entry on the Remedyforce CMDB. For more information, see Deleting configuration items. |
The HTTP Status 404 error is displayed when trying to connect to Salesforce. | All | Ensure that your Pentaho transformations connect to https://login.salesforce.com/services/Soap/u/<API version> instead of https://www.salesforce.com/services/Soap/u/<API version>. Starting from January 1, 2016, Salesforce retired www.salesforce.com as an API endpoint. For more information, see the announcement on BMC Communities website. To view a video demonstration of how to update your Pentaho transformations, see Salesforce API Endpoint Retirement. BMC Remedyforce has updated the API endpoint in the Pentaho packages that are currently available on the BMC Communities website. |
Error connecting to your Salesforce organization when using version 5.4 of the Pentaho Data Integration Tool. | All | Check whether the Require TLS 1.1 or higher for HTTPS connections Salesforce critical update is enabled in your organization. Pentaho Data Integration Tool 5.4 does not support TLS 1.1 and cannot connect to your Salesforce organization if this Salesforce critical update is enabled in the organization. To resolve this issue, perform one of the following actions:
|
Error running the Pentaho packages. In some cases, you might also not be able to open the Enter Mapping window by clicking Edit Mapping in the Salesforce Upsert window. | All | In the Pentaho packages provided by BMC Remedyforce, ensure that the API version in the Salesforce Webservice URL field in steps, such as Salesforce Upsert, is supported.
|
In the Salesforce Upsert window, when you click Edit Mapping, the following error message is displayed:
| All | Perform the following steps to resolve this issue: |
Related topics
Overview of how users are imported from LDAP servers
Scheduling jobs to import data
Comments
Log in or register to comment.