Configuring Data Management for LDAP or LDAPS import
You configure Data Management with Lightweight Directory Access Protocol (LDAP) so that users can use the same user name and password to log on to any application that supports the LDAP protocol. The user must be set up in your LDAP directory to enable authentication. Configuring Data Management with LDAP over Secure Sockets Layer (LDAPS) enables you to make LDAP traffic secure through the use of Secure Sockets Layer (SSL) technology.
BMC provides an out-of-the-box LDAP (or LDAPS) import job template that includes the Load, Validate, and Promote steps. The import job imports people data from an LDAP or LDAPS server to the CTM:LoadPeople form. After the data is imported to the CTM:LoadPeople form, it is validated and promoted the data to People forms.
To configure the load step
You can configure the following values used by the Atrium Integrator adapter for the transformation process in the Load step:
- From the Load Parameters panel in the Step (New) window, select the LDAP_People Atrium Integrator job.
For each of the following variables that are displayed in the Variables table, you must enter the required values in the field that follows the table:
Variable
Value
LDAP_Host
Host name of the valid active directory LDAP or LDAPS server
LDAP_Port
Port number for the LDAP or LDAPS server connection. The default is 389.
Bind_UserName
The user name that is used to connect to the LDAP or LDAPS server. Ensure that the specified user has the required permissions to search the Active Directory classes and attributes required for this connection.
Example: DomainName\UserNameBind_Password
Password for the specified Active Directory user
Search_base
Starting point for the LDAP or LDAPS search in the directory structure
Search_FilterStr
Unicode string that defines the search criteria
Important: This value is only required if the value of the Custom_Filter variable is set to Y.Custom_Filter
Enter either Y or N. The default value is N, which means that the New_Accts_Only and Delta_Import variables are used for the automatic filter string creation. If you select Y, these variables are not used for the automatic filter string creation and the value of the Search_FilterStr is used for the LDAP or LDAPS import.
The LDAP_People Atrium Integrator job uses the inetOrgPerson class for filter string generation, which is used for querying the LDAP or LDAPS server. To use another LDAP class or create your own custom LDAP filter string, set the Custom_Filter variable to Yes and provide the custom LDAP filter string value in the Search_FilterStr variable.New_Accts_Only
Enter either Y or N. The default value is N, which means that new and modified accounts are imported from the LDAP or LDAPS server. If you select Y, only new accounts are imported from the LDAP or LDAPS server.
Delta_Import
Enter either Y or N. The default value is Y, which means that only accounts created or modified since the last import are imported. If you select N, all accounts are imported from LDAP or LDAPS.
Mapping LDAP attributes to People form fields
For BMC Remedy ITSM version 9.1.02 and earlier, the LDAP attributes were mapped to the staging form CTM:LoadPeople form fields in the AROutput step of an LDAP_People Atrium Integrator job. The AROutput step allowed the data to be inserted into a BMC Remedy AR System form. For information about the working of the AROutput step, see AROutput-step.
Now, from BMC Remedy ITSM version 9.1.03 and later, the LDAP attributes are mapped to the staging form CTM:LoadPeople fields in the AR Upsert step of an LDAP_People Atrium Integrator job. This step uses a Checksum mechanism to determine if the source record needs to be imported or not. By comparing the Checksum value of the source record and an existing CTM: People record, the step determines if the records are different. Only new and updated records are imported. For information about the working of the AR Upsert step, see AR-Upsert-step.
The AR Upsert step saves time by importing only the updated records when the job is run.
While mapping the LDAP attributes to the People form fields in the AR Upsert step, you must set the Exclude in Checksum field value to N only for those form fields that need to be checked for an update. However, if you set the value to Y for certain form fields, these fields are not checked for an update.
The following screenshot illustrates the use of the Checksum value in Field Mapping.
BMC supplies the following default mapping of LDAP attributes to People form fields:
Mapping of LDAP attributes to People form fields
LDAP attribute | People form field |
|---|---|
company | Company |
ManagerLogin | ManagerLoginID |
mobile | Local Mobile |
objectGUID | Alternate ID |
Parent_Job_GUID | Parent_Job_GUID |
sAMAccountName | Remedy Login ID |
sn | Last Name |
givenName | First Name |
Corporate E-mail | |
fascimileTelephoneNumber | Local Business Fax |
telephoneNumber | Local Business |
Parent_JobID | ParentJobID |
Asignee Groups | Assignee Groups |
physicalDeliveryOfficeName | Site |
If you want to map your own LDAP attributes, you must modify your Atrium Integrator job using the Atrium Integrator Spoon client. For information about modifying Atrium Integrator jobs using the Atrium Spoon client, see Atrium-Integrator-Spoon-client.