Options for Updating from LDAP

Use the Update from LDAP option to update mapped LDAP attributes for all SBM users and contacts at once. You can also limit the number of users you update by product-access type, account status, or by using a search filter to select a set of users, a set of contacts, or a set of users and contacts to update.

The update process only updates changed LDAP values in SBM user attribute and Contact table fields.

You must first apply LDAP server and search options. This means if you performed an initial user import and you want to map new attributes, you must map those attributes on the Import Users from LDAP page, save the LDAP Option Set, and then perform or schedule a new update operation. For details, refer to LDAP Import - Server Options.

User Update Options

The following options are enabled when you select the Update Users check box:
  • Update existing SBM users whose access level is:

    Select product-access levels applicable to the user accounts you want to update.

  • And whose status is

    Select active users, deleted users, or both.

  • Search Filter

    By default, the search filter specified in the LDAP Search Settings section is used.

  • Override search filter for user update

    Click to modify the specified search filter or provide a different filter for the update.

  • Remove users if no matching LDAP entry is found

    Select to remove users from SBM who cannot be found in your LDAP store. These users will be marked as deleted upon the next update.

    This setting affects even those users who were not automatically added from LDAP. Any user who cannot be found in LDAP will be marked as deleted. If you do not want to impact these users, you can try to limit who is deleted by selecting only users with a certain product access or status in the check boxes above.

  • Remove users matching this LDAP filter

    Select to identify LDAP users that should be marked as deleted in SBM. For example, the following filter removes any user that has the LDAP attribute "deleted" set to "true."

    (&(&(objectClass=user)(sAMAccountName={0}))(deleted=true))
    Any attribute can be used to flag users that should be deleted. In this example, if Joe is selected for update and has a "deleted" attribute value of "true" in LDAP, then on the next update Joe will be marked as deleted in SBM. However, he will not be removed from any of the groups to which he currently belongs.
    Note: The various product-access levels and the active or deleted status check boxes can be used to further filter users that should be removed. The filter you provide in the Remove users matching LDAP filter field acts an additional filter beyond the main search filter.
  • Alias

    On-demand only – Use the Alias field to enter an e-mail address domain that will be appended to the Login ID for updated users. For example, if you enter @acme.com in the Alias field, Bill's Login ID is updated to: bill@acme.com. Note that if you have already appended an alias when you imported users, any value that you enter here is appended to the end of the current Login ID; therefore, ensure that you want to append another alias before entering a value here.

Contact Update Options

Use the following options to limit the contact records to update.

The following considerations apply to Search Filters for updating Contact records:
  • The search filter must contain the same number of {0} format specifiers as Equality Keys.

  • The {0} format specifiers must also be in a specific order. If you edit the search filter, do no change the order of filter components.

  • If an Equality Key field does not have a value in SBM, the search filter is modified to contain an absence filter component before the search begins. For example, if you have selected first name, middle name, and last name fields as Equality Keys, and the contact you are updating does not have a value in the middle name field (Sally Smith, for example), the final search filter is formatted as: (&(objectClass=inetOrgPerson)(givenName=Sally)(!(initials=*))(sn=Smith))

Select the Update Contacts check box to enable the settings.
Note: To update Contact records associated with a user account, you must update the user record. For details, refer to Options for Importing Users from LDAP.