The following options are available when you select the
Import groups from LDAP option on the
Import Users page. You must first apply LDAP server
and search options before you can import groups. For details, refer to
LDAP Import - Server Options.
User Attributes Map
The
User Attributes Map section enables you to map user account
attributes defined in the LDAP schema to
SBM user, resource, and contact attributes. The mapping
assignments apply to importing and updating user records during the group
import from LDAP.
You must first provide LDAP server connection and search specification
settings and successfully connect to the LDAP server before mapping user
attributes.
-
SBM User Attributes
This column lists the following
SBM user account attributes:
- Four user account attributes (login ID, name, telephone, and
e-mail)
- All non-system, fixed-length
Text fields in the
Contacts table
- The
Companies system field from the
Contacts
table
- Resource attributes, including Job Functions and Skills.
Note:
SBM user accounts must have a login ID and name. If an imported
user account does not contain a name value, the LDAP login ID value is added as
the user's name.
-
Mapped LDAP User Attributes
Select an LDAP attribute to map to the
SBM user attribute.
Tip: You can map attributes from multiple LDAP
accounts, if necessary. To do this, map the attributes from the first LDAP
account returned after you click
Refresh in the
LDAP Attributes Sample Data section. If this account does
not contain all the attributes you need, click
Refresh again to return another LDAP
account. Map attributes as needed from this account, and continue to click
Refresh until you have mapped all necessary attributes.
Tip: If you have multiple LDAP attributes with the same
name, and you map one of the attributes to either resource Teams or resource
Skills,
SBM uses the
values from each attribute to create multiple teams and skills. For example, if
you have three
objectClass attributes in LDAP (each with
different values) and you map
objectClass to Skills, then three different
skills are added to the associated resource record.
Group Attributes Map
In the
Group Attributes Map section, map LDAP group
attributes to the following
SBM group attributes:
- Name
Map an LDAP attribute to the
Name field. For example, you might map the
LDAP group's common name (cn) to the group name attribute in
SBM.
- Memo
Map an LDAP attribute to the
SBM group memo field. For example, you might map the LDAP group's
description to the memo attribute in
SBM.
- Membership
Map an LDAP attribute to the
Membership field. For example, you might map
an LDAP group attribute like
uniquemember (or some attribute that identifies
each distinct member of the group) to the
Membership field.
This acts as a search base that retrieves a single user DN. The
Search Filter that you specify in the
LDAP Search Settings is then used against
this value to ensure that a genuine user account has been found (and not a
sub-group or some other non-user object).
Group Import Options
Provide the following:
- Create groups with the same access as
Select this option when you add groups. This copies the
access-level from an existing group to the new groups that you are importing.
This does not copy any of the other group settings like privileges or
preferences—only the product access is copied.
- Group options
Select one of the following:
- Update only – Updates group attributes
that have been imported from LDAP.
- Add and update – Adds new groups and
updates group attributes on existing groups that have been imported from LDAP.
- Import Users as copy of
For LDAP group imports, this option is only required if you are
adding users as part of the group import.
Click
Find to search for or select an
SBM user account to serve as a template account for imported
users. Imported accounts contain the values of mapped attributes, along with
the product-access type, role assignments, group membership,
privileges, preferences, application settings, notifications subscriptions, and
password settings of the template account. This process is similar to copying
an
SBM user account.
Note: If the template user has a private report
specified as a
Home Page report or a Quick Link, users whose accounts are
imported will receive an error when they run that report. For best results,
select a template user whose application settings specify built-in or
non-private level reports.
- Create Associated Contacts
Select this check box to automatically create
Contact records that are associated with imported users.
Contact records imported with a user account contain values for the mapped
Contact table fields and the values for
Contact table fields that are not listed on the
User Map tab (First Name, Middle Name, Last Name, E-mail,
and Phone Number).
CAUTION:
If you import an LDAP user as a contact and
later want to import that LDAP user as an
SBM user, a duplicate
Contact record is created if the
Create Associated Contacts check box is selected. If you
do not select the
Create Associated Contacts check box when later
re-importing the contact as an
SBM user, that user account will not have a
Contact record associated it, even though the original
Contact record remains in the system. In other words,
newly imported users are not automatically associated with existing
Contact records. If you import users with the
Create Associated Contacts check box selected, new
Contact records associated with imported users are
created. This applies to users that are automatically added to
SBM as well. An alternative to importing contacts as users is to
utilize the "Grant Login" feature in
Contacts records.
- User update options
Select one of the following:
- Membership only – Updates group
membership only.
- Update users – Updates group membership
and updates existing users that are found in LDAP.
- Add and update users – Updates group
membership, updates existing users from LDAP, and adds new users.
Optionally, select the following as needed:
- Set User Access From Membership
This option only applies to users that are affected by the current
import or update (anyone removed or added by the current operation). This
option identifies the highest product-access level from all the groups a user
belongs to—after the import or update is finished—and sets it on the affected
users. If a user is added or updated as part of this operation, the highest
access-level that is granted via their new membership is set.
If this option is cleared, the product access is not changed for
imported or updated users.
- Only Remove Membership Established by LDAP
Select this option to remove users from the groups that were
granted membership as part of an LDAP import. This only applies to the current,
existing groups that are selected for update from LDAP.
This option does not affect users who were manually added to
groups in
Application Administrator
by an administrator.
Find Candidates Options
Use this section to query LDAP for a list of groups that can be
imported into
SBM.
- Refresh
Click to initiate the search matching the criteria specified in
the search filter. When the search is complete, LDAP groups that match the
search criteria are listed. You can sort the list by clicking on the column
headings.
Tip: If the desired group is not found, click
Refresh in the LDAP Attributes
Sample Data section, and then try again.
- Select All
Click to select all groups in the list.
- Clear All
Click to clear your selections.
- Import
Select groups you want to import.
- Exists in
SBM
A disabled checkmark indicates that a group matching the LDAP
attributes already exists in
SBM.
- Name
Indicates the group name in LDAP.
Copyright © 2007–2016 Serena Software, Inc. All rights reserved.