Importing users with the Salesforce Platform license from an LDAP server

The following topics provide information about importing users with the Salesforce Platform license from an LDAP server into your Salesforce organization:

You can import users into your Salesforce organization by using the Pentaho Data Integration tool. The Pentaho package for importing users with the Salesforce Platform license from an LDAP server is available on the BMC Communities website. For information about how users are imported into your Salesforce organization, see Overview of how users are imported from LDAP servers.

KJB and KTR files for importing users from an LDAP server

In Pentaho, metadata is stored in XML format in the file system as KTR (transformations) or KJB files (jobs). The Pentaho package includes the TransferLDAPInfo.kjb file (job file) for importing users from an LDAP server. The job (KJB) file contains a series of transformations that run in a sequence. Each transformation maps to a KTR file that is available, along with the KJB file, in the Pentaho package. The following table provides information about the KTR files and the corresponding transformations that the KJB file contains:

The following table provides information about the steps that are included in the TransferLDAPInfo.ktr file (Update client user import table with LDAP user information transformation). The Pentaho package runs these steps to import users from the LDAP server into your Salesforce organization. You can view these steps only when you open the KTR file in the Pentaho Data Integration tool. The KTR file also contains mapping of the fields in the LDAP server to the fields in the Client User Import table. For more information about mapping, see Overview of how users are imported from LDAP servers.

Before you begin

Before you can import users from an LDAP server, you must perform the following tasks:

• Install Java Runtime Environment (JRE).
• Download the Pentaho Data Integration tool.

• Register at the BMC Communities website.
• Download the Pentaho package from the BMC Communities website (https://communities.bmc.com/docs/DOC-17004).
  BMC recommends that you download the job files in the folder in which you have unzipped the Pentaho Data Integration tool.

To import users with Salesforce Platform License from an LDAP server

1. To launch the Pentaho Data Integration tool, in the \<PentahoInstallerFolder>\data-integration folder, double-click the Spoon.bat file.
2. In Pentaho Spoon, select File > Open, navigate to the folder where you downloaded the Pentaho packages, and open the TransferLDAPInfo.kjb file.
3. To open the Lookup Excel Export (transformation) file, right-click the Transfer LookUpExcelExport step, and select Open referenced object > Transformation.
4. To provide your Salesforce organization access details, perform the following actions:
   1. On the Transfer LookUpExcelExport tab, double-click the Salesforce Input [For Profile] step.
   2. In the Salesforce Input window, enter your Salesforce organization user name and password.
   3. (Optional) To verify the connection, click Test connection.
   4.  Click OK.
   5. Repeat step a to step d for Salesforce Input [From Account], Salesforce Input [From UserRole], and Salesforce Input [From User Account Link] steps.
5. To provide LDAP server access details, perform the following actions:
   1. Navigate to the TransferLDAPInfo.kjb file.
   2. Right-click the Update client user import table with LDAP user information step, and select Open referenced object > Transformation.
   3. Double-click the LDAP input step.
   4. In the LDAP Input window, enter the host, user name, and password of the LDAP server from which you are importing users.
   5. (Optional) To verify the connection, click Test connection.
   6. Click OK.
   7. (Optional) To fetch more fields from the LDAP server, in the Fields tab, click Get Fields.
   8. (Optional) Double-click the Dynamic account and profile assignment step, and perform any of the following actions:
      • Modify or assign the default value for account, profile, role, and custom values for specific conditions in the script.
      • Modify the default value for the Locale, Language, TimeZone, and EmailEncoding fields.
      In the Script Values / Mod window, refer to the commented examples that are provided.

   9. Double-click the Salesforce Upsert [For User] step and enter your Salesforce organization user name and password.

      Note

      Starting from January 1, 2016, Salesforce is retiring www.salesforce.com as an API endpoint. To avoid connectivity issues (HTTP Status 404 error), update your Pentaho transformations that connect to https://www.salesforce.com/services/Soap/u/<API version> to https://login.salesforce.com/services/Soap/u/35.0 before the retirement date.
      If you are running the Pentaho package in a Sandbox environment, modify the Salesforce Webservice URL from https://test.salesforce.com/services/Soap/u/<API version> to https://test.salesforce.com/services/Soap/u/35.0 in the updated Pentaho transformation. For more information, see Salesforce API Endpoint Retirement.

       

   10. (Optional) To update the predefined mapping between the LDAP fields and the Salesforce User object, click Edit Mapping.
       For more information about mapping, see Overview of how users are imported from LDAP servers.

   11. (Optional) To verify the connection, click Test connection.

   12. Click OK.
       

6. To provide your Salesforce organization access details in the Update client user import table with LDAP user information step (TransferLDAPInfo.ktr file), perform the following actions:

   1. Double-click the Salesforce Insert [For User Account Link] step.
   2. Enter the user name and password details in the respective fields.
   3. (Optional) To verify the connection, click Test connection.
   4. Click OK.
   5. Double-click the Salesforce Update step.
   6. Enter the user name and password details in the respective fields.
   7. (Optional) To verify the connection, click Test connection.
   8. Click OK.
7. (Optional) If you have enabled the setting to access your Salesforce organization from limited IP addresses, to enable communication between Salesforce and the Pentaho Data Integration tool, perform the following actions:

   1. In Salesforce, navigate to Setup > Reset My Security Token.

      Note

      If you have enabled the improved Setup user interface in your Salesforce organization, navigate to My Settings > Personal > Reset My Security Token. For more information, see http://help.salesforce.com/apex/HTViewHelpDoc?id=admin_setup_improved.htm&language=en_US.

   2. Click Reset Security Token.
      An email message is sent to your email address stored in Salesforce.
   3. In the Password field of the Salesforce Upsert [For User] step, append the security token to the password.
      For example, if your password is mypassword and your security token is XXXXXXXXX, then you must enter mypasswordXXXXXXXXX in the Password field.
      
      You must also append the security token to the password in all steps in which you have entered the user name and password of your Salesforce organization.
8. To save the KTR and KJB files, click 
9. In the TransferLDAPInfo.kjb file, click .

10. Perform one of the following actions based on the Pentaho version that you are using:

    Pentaho version	Action
    6.1	In the Run Options window, click Run.
    5.4	In the Execute a job window, click Launch.

    Transformation status is depicted by using the following icons:

    •  — Complete
    •  — Running
    •  — Unsuccessful
11. (Optional) To view logs, in the Execution results section, click the Logging tab.
    All errors are displayed in red.

Related topics

Overview of how users are imported from LDAP servers

Scheduling jobs to import data

Troubleshooting common issues with importing data