Integrating with Active Directory (LDAP) to load ITSM people data

The BMC SaaS Operations Team has an LDAP service for loading non-support staff people data by directly connecting to your Active Directory server. This service is an LDAP people and Atrium Integrator job integration, where jobs and transformations are available to configure with the Atrium Integrator Spoon client. You can request this service via a support ticket.

Before you begin

Before proceeding with LDAP integration, make sure that you have installed the Atrium Integrator client on the on-premises Tools Server. Also, use the BMC Helix Client Gateway, a non-VPN solution, to securely connect to your BMC Helix services when using this integration method. 

To download Atrium Integrator Spoon Client

An LDAP People Atrium Integrator job is available via the Data Management Console. You need to make a copy of the job and transformation and configure it to work with your Active Directory Server. For any access issues, work with BMC SaaS Support. 

Use the following process to download the Atrium Integrator Spoon client while installing the AR System Client from the EPD:

Important

Any other client tools like Developer Studio or AR Import tools always need to be installed on the on-premises Tools Server, and you need to use the BMC Helix Client Gateway to connect to the Helix environment.


  1. Login to BMC EPD site with your support ID.
  2. Search for BMC Helix Innovation Suite OnPrem to see the product list associated as shown in the following image:
    EPD On Prem.png
  3. Click the latest version available and you will see list of products available in BMC Helix Innovation Suite. 
    EPD OnPrem2.png
  4. Download the AR System Clients Installer and the Atrium Integrator Client Installer.
  5. Run the AR System clients Installer and select only the client component.
  6. Install the Atrium Integrator Client on top of the AR Client.

Work with SaaS team for the self-service steps on how to configure LDAP People Atrium Integrator job input steps, Active Directory server connection configurations, and field mappings. Reference of configurations and field mappings are shown in the following paragraphs.

The following parameters must be configured in the LDAP people Atrium Integrator job input step to have a successful connection with your AD server.

Environment (DEV/QA/PROD)

DEV

QA

PROD

Host Name




IP Address*




Port Number (SSL, non-SSL)*




Bind user*




Bind Password*




Domain




SSL Certificate (Yes/No)*




User Base/ Base DN*




Primary Key for LDAP or User Search filter (e.g. sAMAccountName)*




Following are the key required fields to map with Active Directory attributes. Populate the Active Directory attributes in the spreadsheet properly with Required field name for corresponding BMC Helix field names:

For non-SSL: Customer Active Directory and BMC Helix Mapping - ldaps://<LDAP IP Address:Port>/<Base-DN>??sub?(sAMAccountName=)*

For SSL: Customer Active Directory and BMC Helix Mapping - ldap://<LDAP IP Address:Port>/<Base-DN>??sub?(sAMAccountName=)*

Field Name

LDAP Attributes

Comments (Also specify default value if any)

First Name*

givenName

Default will be "FN"

Middle Name

initials


Last Name+*

sn

Default will be "LN"

ClientType

employee type

Default will be "Office-Based Employee"

Corporate ID

employee number


Remedy Login ID

sAMAccountName

It should be Primary key in Active Directory

Profile Status


For all new accounts it will be "Enabled". But for few accounts those were disabled in Active Directory then an attribute (e.g. employeetype or userAccountControl) is used to set this field to "Offline".

Contact Type


Default will be NULL

Client Sensitivity


Default will be "Standard"

VIP


Default will be "No"

Support Staff


Default will be "No"

Company+*


Use "Customer Name"

Business*+

telephoneNumber


Email Address

mail


Region

GEO


Site*

l


Site Address - Street

streetAddress


Site Address - City

City


Site Address - State

State


Site Address - Zip Code

postalCode


Site Address - Country

Country


Desk Location

physicalDeliveryOfficeName


Mail Stop

BuildingName


Mobile Phone+

mobile


Fax Number+

facsimileTelephoneNumber


ACD

DirectDial


Accounting Code


If required can be used to show any attribute values like: employee number

Manager's Name+


Use manager attribute to determine the value of this field

Manager's Loging ID

manager


Primary Cost Center Code+

CostCenter


Implementation:
Download latest Atrium Integrator Spoon client and install on the on-premises VM/on BMC Client Gateway server at the customer's side.. Then Connect to AR source development environment. Open out-of-the-box LDAP people job transformation and make sure you create two copies of the original job and transformation. 

Create a job and transformation for people data creation

There are OOTB LDAP templates in Atrium Integrator Spoon, which you can open in Spoon Client and use these templates for LDAP people job and LDAP people transformation. Create a copy of these templates and use it as per your requirements. For ABC company, make a copy of LDAP job and transformation with the following steps.

To create a job for people data creation

  1. From the Spoon client tool menu, select Tools > Repository > Explore.
    worddavf895ec5b8677e817a6b1d1e17cdbc2a8.png
    A list of all available jobs and transformations are displayed.
  2. Select LDAP People and type as JOB.
    worddavee3e4fbf4f288dd8df917a8b230503d2.png
  3. The job is displayed as shown in the following screenshot:
    worddav2650ab609c0ad4ecd7cbb78e083d9921.png
  1. Double click LDAP_People and provide proper path for the file location.
  2. Save the job for people data creation as <Company>_LDAP_People_create (replace Company with your company name). In this example, BMC is used as company name so the job name used for this purpose BMC_LDAP_People_Create.
    worddav17c43d555cf04601b4fc51b8bbecee1d.png
  3. Fill all the required fields and click OK.

To create transformation for people data

  1. From the Spoon client tool menu, select Tools > Repository > Explore.
    worddavf895ec5b8677e817a6b1d1e17cdbc2a8.png
  2. All available transformations are displayed.
  3. Select LDAP People and type as TRANSFORMATION.
    worddav9b533a62e074fa6ddd8068d9bb7a6e15.png
  4. You will see following job loaded as shown in the following screenshot:
    worddavc770db69abd7aa27b847deb10b755ca6.png
  5. Double click DMT_LDAP_INPUT.
    worddav0777afcc4e76526cdf30cabd3867e466.png
  6. Provide the necessary information such as Host, Port and authentication information.

  7. Double click AR Upsert. The following dialog box is displayed.
    worddav69b62a858594ebb4424c2a3fb5b0d3a5.png

    Edit Connection.png
    We strongly recommend using the default values or settings.

    Important

    For testing, point to local environment. Once the validation is done, change it to point to actual target.

  8. Click Field Mapping tab.
    worddav4e9cba3f4a54956bbfcd8ccc963f552f.png

    Tip

    We recommend using parameterized name instead of hard coding server name e.g. $SERVER$.

  9. Review the Stream Field field names and ensure it matches the fields in your Active Directory Server.
    1. These fourteen fields are supported for this integration, and any custom field addition and mappings.
    2. This integration only supports and recommends to create/update people data from Active Directory/LDAP for non-support staff.
    3. Save the transformation for people data creation as <Company>_LDAP_People_Create (replace Company with your company name, e.g., BMC_LDAP_People_Create)
      worddav26fa0dc29648e50a7bf43d54507fa745.png
  10. Click OK to save the transformation.

Create a job and transformation for people data update

Follow steps 1-4  described in the To create a job for people data creation section, and save the job as as <Company>_LDAP_People_update

To create a transformation for people data update

Follow steps 1-9 described in the To create transformation for people data except step 8 (update field mappings step). Also, ensure that you remove mapping for LoginID, First Name and Last Name. Save the transformation as <Company>_LDAP_People_update.

Important

Login ID, First Name, and Last Name updates are permanent changes. These updates propagate and affect transactional data across all applications. A large number of records need to be updated for such updates. Use the Data Wizard to perform login ID, First Name, Last Name updates. This permanent change updates data across all Foundation and transactional forms.

A separate admin activity is required to run Data Wizard to perform this update. This activity must be performed  in non-peak business hours and the users whose login id/name are to be updated must be  logged off.

At this stage you will have two .kjb and two .ktr files to export your job and transformation for your custom LDAP create and update jobs.

Work with SaaS Operations team via the same ticket to ensure these files are copied to the target Helix SaaS Development environment.

Register the custom Atrium Integrator job with the Data Management Job Console

  1. From Mid Tier, log on as a user with DMT Admin permissions.
  2. Select Applications > Data Management > Job Console > Other Function > Atrium Integrator Jobs.
  3. Click Create.
  4. Complete the form with the following data. Do not use spaces in the Job name, use underscores instead.
    • Atrium Integrator Job: BMC_LDAP_PEOPLE_CREATE
    • Type: job
    • Directory: /
    • Log Level: Minimal
    • Select Attachment Required
    • Data Tag: customer
      Create AI Job.png
  5. Click Save.

Create a custom Data Management job template

  1. From Mid Tier, log in with UDM Admin permissions.
  2. Select Applications > Data Management > Job Console > Other Function > Search template.
  3. Search for LDAP_People.
  4. Select LDAP People template
  5. Provide the following values in the fields displayed in the form: 
    • Template Name: BMC_LDAP_PEOPLE_CREATE
    • Template Description:  BMC_LDAP_PEOPLE_CREATE
    • Category: Foundation
    • Template Type: Custom Template
      worddavaeb1c04fac2c90d88d784d0828e9a0ee.png
  6. Click Save.
  7. View the job template that you just created:
    1. Click New Search for the job template for the BMC_LDAP_People_Create job.
    2. Open the template in Modify mode.
    3. Expand the Load step.
    4. Select the BMC_LDAP_PEOPLE_CREATE step.
    5. Click View.  
      worddav7ef175d25e54bc130f687b2208632a46.png

    1. Change Atrium Integrator Name to BMC_LDAP_PEOPLE_CREATE and click Save.
    2. Add another step VALIDATE_BMC_LDAP_PEOPLE_CREATE to validate as shown in the following screenshot:
      worddav83a8dd77cd5c6c75794a4d6ed0d9626f.png

    1. Set the Create Only flag to True and click Save.
    2. You will see that the Promote step is created as shown in the following screenshot:
      worddav0d024ee996ed94f6e144dfec738f6367.png

Your template is ready to be used now to use in Jobs.

 Create a custom Data Management job template for update job

  1. From Mid Tier, log in with UDM Admin permissions.
  2. Select Applications > Data Management > Job Console > Other Function > Search template.
  3. Search for LDAP_People.
  4. Select LDAP People template
  5. Provide the following values in the fields displayed in the form:
    • Template Name: BMC_LDAP_PEOPLE_UPDATE
    • Template Description:  BMC_LDAP_PEOPLE_UPDATE
    • Category: Foundation
    • Template Type: Custom Template
  1. Click Save.
  2. View the job template that you just created:
    1. Click New Search for the job template for the BMC_LDAP_People_Update job.
    2. Open the template in Modify mode.
    3. Expand the Load step.
    4. Select the BMC_LDAP_PEOPLE_UPDATE step.
    5. Click View.  
    6. Change Atrium Integrator Name to BMC_LDAP_PEOPLE_UPDATE and click Save.
    7. Add another step VALIDATE_BMC_LDAP_PEOPLE_UPDATE to validate:

    1. Set the Create Only flag to True and click Save.
    2. The Promote step is created

Your template is ready to be used now to use in Jobs.

Run the newly created BMC_LDAP_PEOPLE_CREATE job

  1. Log in as a user with DMT Admin permission with unrestricted access.
  2. Select Application > Data Management > Job Console > Job Function > Create Job.
  3. Specify the job name and select a company, then click Save.
  4. Select Step > Create > Custom template and select the BMC_LDAP_PEOPLE_CREATE template.  
    worddavb64c74efdf6e27ad2710a535c5670874.png
  1. In the Load step, do the following:
    1. Change job status from Draft to Built.

    2. The Schedule job option is available If you want to schedule the job periodically. For information about scheduling job, see Scheduling data load jobs.

    3. Run the job to load the data.
    4. If you scheduled this job say to run once a week to create newly created people records from Active Directory, then this job will run on that schedule every month till the instance of the job runs into an error, and if that happens then you schedule will be stopped, and you have to crate a new job with your template and schedule it again and that job will run uninterrupted till one of the instance of that job fails, and then you have to create a new job again and schedule it.
      worddavd3d53563911f83d44a7cc10931415a64.png

      worddav889f2047f2c5e48cc447828a62bf5193.png

      worddav0d024ee996ed94f6e144dfec738f6367.png
  2. Run the job to load the data.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*