Integrating with Active Directory (LDAP) to load ITSM people data
The BMC SaaS Operations Team has an LDAP service for loading non-support staff people data by directly connecting to your Active Directory server. This service is an LDAP people and Atrium Integrator job integration, where jobs and transformations are available to configure with the Atrium Integrator Spoon client. You can request this service via a support ticket.
Before you begin
Before proceeding with LDAP integration, make sure that you have installed the Atrium Integrator client on the on-premises Tools Server. Also, use the BMC Helix Client Gateway, a non-VPN solution, to securely connect to your BMC Helix services when using this integration method.
To download Atrium Integrator Spoon Client
An LDAP People Atrium Integrator job is available via the Data Management Console. You need to make a copy of the job and transformation and configure it to work with your Active Directory Server. For any access issues, work with BMC SaaS Support.
Use the following process to download the Atrium Integrator Spoon client while installing the AR System Client from the EPD:
- Login to BMC EPD site with your support ID.
- Search for BMC Helix Innovation Suite OnPrem to see the product list associated as shown in the following image:
- Click the latest version available and you will see list of products available in BMC Helix Innovation Suite.
- Download the AR System Clients Installer and the Atrium Integrator Client Installer.
- Run the AR System clients Installer and select only the client component.
- Install the Atrium Integrator Client on top of the AR Client.
Work with SaaS team for the self-service steps on how to configure LDAP People Atrium Integrator job input steps, Active Directory server connection configurations, and field mappings. Reference of configurations and field mappings are shown in the following paragraphs.
The following parameters must be configured in the LDAP people Atrium Integrator job input step to have a successful connection with your AD server.
Environment (DEV/QA/PROD) | DEV | QA | PROD |
Host Name | |||
IP Address* | |||
Port Number (SSL, non-SSL)* | |||
Bind user* | |||
Bind Password* | |||
Domain | |||
SSL Certificate (Yes/No)* | |||
User Base/ Base DN* | |||
Primary Key for LDAP or User Search filter (e.g. sAMAccountName)* |
Following are the key required fields to map with Active Directory attributes. Populate the Active Directory attributes in the spreadsheet properly with Required field name for corresponding BMC Helix field names:
For non-SSL: Customer Active Directory and BMC Helix Mapping - ldaps://<LDAP IP Address:Port>/<Base-DN>??sub?(sAMAccountName=)*
For SSL: Customer Active Directory and BMC Helix Mapping - ldap://<LDAP IP Address:Port>/<Base-DN>??sub?(sAMAccountName=)*
Field Name | LDAP Attributes | Comments (Also specify default value if any) |
First Name* | givenName | Default will be "FN" |
Middle Name | initials | |
Last Name+* | sn | Default will be "LN" |
ClientType | employee type | Default will be "Office-Based Employee" |
Corporate ID | employee number | |
Remedy Login ID | sAMAccountName | It should be Primary key in Active Directory |
Profile Status | For all new accounts it will be "Enabled". But for few accounts those were disabled in Active Directory then an attribute (e.g. employeetype or userAccountControl) is used to set this field to "Offline". | |
Contact Type | Default will be NULL | |
Client Sensitivity | Default will be "Standard" | |
VIP | Default will be "No" | |
Support Staff | Default will be "No" | |
Company+* | Use "Customer Name" | |
Business*+ | telephoneNumber | |
Email Address | ||
Region | GEO | |
Site* | l | |
Site Address - Street | streetAddress | |
Site Address - City | City | |
Site Address - State | State | |
Site Address - Zip Code | postalCode | |
Site Address - Country | Country | |
Desk Location | physicalDeliveryOfficeName | |
Mail Stop | BuildingName | |
Mobile Phone+ | mobile | |
Fax Number+ | facsimileTelephoneNumber | |
ACD | DirectDial | |
Accounting Code | If required can be used to show any attribute values like: employee number | |
Manager's Name+ | Use manager attribute to determine the value of this field | |
Manager's Loging ID | manager | |
Primary Cost Center Code+ | CostCenter |
Implementation:
Download latest Atrium Integrator Spoon client and install on the on-premises VM/on BMC Client Gateway server at the customer's side.. Then Connect to AR source development environment. Open out-of-the-box LDAP people job transformation and make sure you create two copies of the original job and transformation.
Create a job and transformation for people data creation
There are OOTB LDAP templates in Atrium Integrator Spoon, which you can open in Spoon Client and use these templates for LDAP people job and LDAP people transformation. Create a copy of these templates and use it as per your requirements. For ABC company, make a copy of LDAP job and transformation with the following steps.
To create a job for people data creation
- From the Spoon client tool menu, select Tools > Repository > Explore.
A list of all available jobs and transformations are displayed. - Select LDAP People and type as JOB.
- The job is displayed as shown in the following screenshot:
- Double click LDAP_People and provide proper path for the file location.
- Save the job for people data creation as <Company>_LDAP_People_create (replace Company with your company name). In this example, BMC is used as company name so the job name used for this purpose BMC_LDAP_People_Create.
- Fill all the required fields and click OK.
To create transformation for people data
- From the Spoon client tool menu, select Tools > Repository > Explore.
- All available transformations are displayed.
- Select LDAP People and type as TRANSFORMATION.
- You will see following job loaded as shown in the following screenshot:
- Double click DMT_LDAP_INPUT.
- Provide the necessary information such as Host, Port and authentication information.
Double click AR Upsert. The following dialog box is displayed.
We strongly recommend using the default values or settings.Click Field Mapping tab.
- Review the Stream Field field names and ensure it matches the fields in your Active Directory Server.
- These fourteen fields are supported for this integration, and any custom field addition and mappings.
- This integration only supports and recommends to create/update people data from Active Directory/LDAP for non-support staff.
- Save the transformation for people data creation as <Company>_LDAP_People_Create (replace Company with your company name, e.g., BMC_LDAP_People_Create)
- Click OK to save the transformation.
Create a job and transformation for people data update
Follow steps 1-4 described in the To create a job for people data creation section, and save the job as as <Company>_LDAP_People_update
To create a transformation for people data update
Follow steps 1-9 described in the To create transformation for people data except step 8 (update field mappings step). Also, ensure that you remove mapping for LoginID, First Name and Last Name. Save the transformation as <Company>_LDAP_People_update.
At this stage you will have two .kjb and two .ktr files to export your job and transformation for your custom LDAP create and update jobs.
Work with SaaS Operations team via the same ticket to ensure these files are copied to the target Helix SaaS Development environment.
Register the custom Atrium Integrator job with the Data Management Job Console
- From Mid Tier, log on as a user with DMT Admin permissions.
- Select Applications > Data Management > Job Console > Other Function > Atrium Integrator Jobs.
- Click Create.
- Complete the form with the following data. Do not use spaces in the Job name, use underscores instead.
- Atrium Integrator Job: BMC_LDAP_PEOPLE_CREATE
- Type: job
- Directory: /
- Log Level: Minimal
- Select Attachment Required
- Data Tag: customer
- Click Save.
Create a custom Data Management job template
- From Mid Tier, log in with UDM Admin permissions.
- Select Applications > Data Management > Job Console > Other Function > Search template.
- Search for LDAP_People.
- Select LDAP People template.
- Provide the following values in the fields displayed in the form:
- Template Name: BMC_LDAP_PEOPLE_CREATE
- Template Description: BMC_LDAP_PEOPLE_CREATE
- Category: Foundation
- Template Type: Custom Template
- Click Save.
- View the job template that you just created:
- Click New Search for the job template for the BMC_LDAP_People_Create job.
- Open the template in Modify mode.
- Expand the Load step.
- Select the BMC_LDAP_PEOPLE_CREATE step.
- Click View.
- Change Atrium Integrator Name to BMC_LDAP_PEOPLE_CREATE and click Save.
- Add another step VALIDATE_BMC_LDAP_PEOPLE_CREATE to validate as shown in the following screenshot:
- Set the Create Only flag to True and click Save.
- You will see that the Promote step is created as shown in the following screenshot:
Your template is ready to be used now to use in Jobs.
Create a custom Data Management job template for update job
- From Mid Tier, log in with UDM Admin permissions.
- Select Applications > Data Management > Job Console > Other Function > Search template.
- Search for LDAP_People.
- Select LDAP People template.
- Provide the following values in the fields displayed in the form:
- Template Name: BMC_LDAP_PEOPLE_UPDATE
- Template Description: BMC_LDAP_PEOPLE_UPDATE
- Category: Foundation
- Template Type: Custom Template
- Click Save.
- View the job template that you just created:
- Click New Search for the job template for the BMC_LDAP_People_Update job.
- Open the template in Modify mode.
- Expand the Load step.
- Select the BMC_LDAP_PEOPLE_UPDATE step.
- Click View.
- Change Atrium Integrator Name to BMC_LDAP_PEOPLE_UPDATE and click Save.
- Add another step VALIDATE_BMC_LDAP_PEOPLE_UPDATE to validate:
- Set the Create Only flag to True and click Save.
- The Promote step is created
Your template is ready to be used now to use in Jobs.
Run the newly created BMC_LDAP_PEOPLE_CREATE job
- Log in as a user with DMT Admin permission with unrestricted access.
- Select Application > Data Management > Job Console > Job Function > Create Job.
- Specify the job name and select a company, then click Save.
- Select Step > Create > Custom template and select the BMC_LDAP_PEOPLE_CREATE template.
- In the Load step, do the following:
- Change job status from Draft to Built.
The Schedule job option is available If you want to schedule the job periodically. For information about scheduling job, see Scheduling data load jobs.
- Run the job to load the data.
- If you scheduled this job say to run once a week to create newly created people records from Active Directory, then this job will run on that schedule every month till the instance of the job runs into an error, and if that happens then you schedule will be stopped, and you have to crate a new job with your template and schedule it again and that job will run uninterrupted till one of the instance of that job fails, and then you have to create a new job again and schedule it.
- Run the job to load the data.