Importing LDAP Groups

Use the Import groups from LDAP to import and update specific groups from LDAP.

While you can also import groups via the Import users from LDAP operation, that operation is limited to the groups that are identified by the combination of group attributes and group query parameters that are applied to the user object in LDAP. In addition, only the group name is imported with the Import users from LDAP option and users are added to the group in SBM after the group is imported. You cannot easily update group membership from LDAP thereafter using the Import users from LDAP option.

The Import groups from LDAP option enables you to target specific LDAP groups, import and update their attributes, and manage group membership directly at the group-level. This is a much easier way to manage group membership because it starts at the group-level in LDAP (as opposed to managing membership by updating individual users). However, it is important to note that groups in LDAP must have knowledge of the users that belong to each group; the group import is only useful if group membership is known to each group in LDAP.

To import groups from LDAP:

  1. From the Administrator Portal, click Import Users.
  2. Select the Import groups from LDAP option.
  3. Specify LDAP search and server settings as described in LDAP Search Settings.
  4. Click Refresh in the LDAP Attributes Sample Data section until you find an LDAP user or group with attributes that match the users you want to import into SBM.
  5. Map SBM user attributes to LDAP attributes, following the steps in User Attributes Map.
  6. In the User Import Options section, click Find to select a template SBM user and replacement options as described in User Import Options.
  7. Optionally, select the Create Associated Contacts check box to create SBM contact records for imported users. For details, refer to User Import Options.
  8. In the Group Attributes Map, map group attributes in LDAP to group attributes in SBM. For details, refer to Group Attributes Map .
  9. In the Group Import Options, determine the access level for new groups and configure how groups and users are updated and managed as part of the import. For details, refer to Group Import Options .
  10. Specify an additional filter, and then click the Refresh button in the Find Group Candidates section to return a list of potential LDAP groups to import.
    Tip: If no results are returned with the specified filter, click Refresh in the LDAP Attributes Sample Data section, and then click Refresh again in the Find Group Candidates section.
  11. Select the users you want to import.
  12. Set logging parameters as described in LDAP Logging and E-mail Options.
  13. Decide if temporary passwords should be generated for active users that are imported or updated. This option is useful in the event that the e-mail that contains the user's initial temporary password is sent to the wrong e-mail address or if it is no longer available. Note the following:
    • If your system will not use LDAP authentication after the import is finished, this option helps ensure that users are not created with empty passwords.
    • When this option is selected, an e-mail is automatically sent to each user with the newly-generated temporary password.
    • If new users have not changed their temporary passwords yet, and you are updating users, this option regenerates the temporary passwords for those users as well. The users will still be required to change the password upon initial log in.
    • This option is selected by default.
  14. Scroll up, and then click the Save icon next to Import Option Set. Save your settings so that they are available to you for future imports. For details, refer to Saving Import Options.
  15. Click Import now.
  16. Select the Import Log tab to monitor the progress of your import.