enables you to import and update users, groups, resources, and
Contacts record information from a directory using LDAP.
LDAP requires external setup, which varies based on the LDAP provider
you are using. In general, these instructions assume that your LDAP system is
configured and that you have access to it and understand basic LDAP concepts.
If you will use a secure connection to LDAP, refer to
Preparing LDAP for
information about preparing CA certificates for use with
Note: On-premise only – For information about using LDAP to
authenticate users and the LDAP "auto add" feature, refer to the
SBM System Administrator
LDAP User Import
Use search filters to specify the users you want to import, and then
import those users as "copies" of an existing
SBM user. You
can choose to create
Contact records for imported users as well. For details, refer
Importing LDAP Users.
Import LDAP Users as
Contacts – You can import LDAP users as contacts by mapping LDAP user
Contacts table fields, and then importing selected LDAP users.
For details, refer to
Importing Contacts From LDAP.
Account Information – You can update mapped LDAP attributes for all
SBM users and
contacts at once. You can limit the number of users you update by
product-access type, account status, or by using a search filter to select a
set of users and/or contacts to update. For details, refer to
Updating Users and Contacts from LDAP.
- LDAP Group Import
Use a group query to find groups that you want to import, and then
import those groups and users. Use this option to import groups, update group
membership, and add users that are found in LDAP groups. For details, refer to
Importing LDAP Groups.
LDAP Import Considerations
Consider the following information before you import or update user
accounts and contact information from LDAP:
- You can use the
SBM Application Administrator
to import users and contacts from LDAP. You can also update resource attributes
by mapping data from LDAP.
- Managed administrators must be granted the
Global Administration privilege to use this feature in
SBM Application Administrator.
- If LDAP fields contain sensitive data that
administrators should not see, privileges can be specified in the LDAP tool to
limit administrators' access to these fields.
- Care must be taken when you modify and delete
mapped fields in LDAP and
example, if the name of an attribute is changed in LDAP, it is no longer mapped
Also, fields that are deleted in either tool are no longer mapped.
- Contact imports only apply to the
Contacts table. You cannot import from LDAP into custom
auxiliary tables that store contact data.
- When you update User and
that contain data are not modified if the mapped field in LDAP is empty. For
example, if a
Contact record contains a phone number and the LDAP record
does not, the phone number for the
Contact record is retained after updating. To update
SBM with an
LDAP attribute that has no active replacement, you must set the LDAP attribute
to some non-empty value such as "none."
Copyright © 2007–2016 Serena Software, Inc. All rights reserved.