The following options are available when you select the
Import users from LDAP option on the
Import Users page. You must first apply LDAP server
and search options before you can import users. For details, refer to
LDAP Import - Server Options.
User Attributes Map
User Attributes Map section enables you to map user account
attributes defined in the LDAP schema to
SBM user, resource, and contact attributes. The mapping
assignments apply to importing and updating user records.
You must first provide LDAP server connection and search specification
settings and successfully connect to the LDAP server before mapping user
SBM User Attributes
This column lists the following
user account attributes:
- Four user account attributes (login ID, name, telephone, and
- All non-system, fixed-length
Text fields in the
Companies system field from the
- Resource attributes, including Job Functions and Skills.
SBM user accounts must have a login ID and name. If an imported
user account does not contain a name value, the LDAP login ID value is added as
the user's name.
Mapped LDAP User Attributes
Select an LDAP attribute to map to the
Tip: You can map attributes from multiple LDAP
accounts, if necessary. To do this, map the attributes from the first LDAP
account returned after you click
Refresh in the
LDAP Attributes Sample Data section. If this account does
not contain all the attributes you need, click
Refresh again to return another LDAP
account. Map attributes as needed from this account, and continue to click
Refresh until you have mapped all necessary attributes.
Tip: If you have multiple LDAP attributes with the same
name, and you map one of the attributes to either resource Teams or resource
SBM uses the
values from each attribute to create multiple teams and skills. For example, if
you have three
objectClass attributes in LDAP (each with
different values) and you map
objectClass to Skills, then three different
skills are added to the associated resource record.
- Group Attributes
Type one or more LDAP user attributes in a comma-separated list,
similarly to the group query parameters, that should be examined by
SBM to create new groups when users are imported.
For example, if you select
memberOf as the attribute,
SBM will only
use the containers in the
memberOf LDAP attribute as possible groups for the
new user. Each
memberOf attribute on the user's LDAP account will
be examined. You can select more than one attribute. Group Attributes must
contain distinguished names, and the elements within those distinguished names
are used as group names (subject to filtering by the Group Query Parameters, if
any are specified).
For example, if you want to create groups based off the parameters
in both the
productTeam attributes, you would select:
In LDAP, user "Joe" might have the following values for
memberOf: CN=Domain Admins,DN=Users,DC=Acme,DC=com
potentially be able to use any CN, DN, or OU parameter in any attribute to
create corresponding groups. You can limit the groups that will be created by
specifying specific parameters instead using
Group Query Parameters
Note: If the
Group Attribute field is left empty,
the entire Full Directory Name (also known as
distinguishedName) as the attribute to examine
CN=LDAPTest,OU=QAGroup,DC=acme,DC=com). In this
case, the first parameter is ignored by
SBM to avoid
creating a group call "LDAPTest", which is typically a user account
and not a group. Whenever the
distinguishedName attribute is specified, the
first parameter will be ignored.
- Group Query Parameters
Enter the particular parameters you want
SBM to process
when attempting to create new groups. In effect, this field acts as an
additional filter on the
Group Attributes you specify. For example, you might only
want the CNs and OUs of each attribute examined. In that case, you would enter:
Using the example stated for group attributes, these parameters
would only create new groups based off the CNs and OUs in each attribute, which
would result in the creation of the following groups:
User Import Options
Use the following options to select a template user account, handle
existing users, and, optionally, create associated contact records that are
associated with the imported accounts.
- Import Users as a copy of
to search for or select an
user account that serves as a template account for imported
users. Once selected, the name, login ID, and product-access type of the
selected user template account is shown in the
Import Users as a copy of
accounts contain the values of mapped attributes, along with the product-access
type, role assignments, group membership, privileges, preferences, application
settings, notifications subscriptions, and password settings of the template
account. This process is similar to copying an
Note: If the template user has a private report
specified as a
Home Page report or a Quick Link, users whose accounts are
imported will receive an error when they run that report. For best results,
select a template user whose application settings specify built-in or
non-private level reports.
- Create Associated Contacts
Select to automatically create
records that are associated with imported users.
Contact records imported with a user account contain values for the mapped
table fields and the values for
table fields that are not listed on the
tab (First Name, Middle Name, Last Name, E-mail,
and Phone Number).
If you import an LDAP user as a contact and
later want to import that LDAP user as an
SBM user, a duplicate
Contact record is created if the
Create Associated Contacts check box is selected. If you
do not select the
Create Associated Contacts check box when later
re-importing the contact as an
SBM user, that user account will not have a
Contact record associated it, even though the original
Contact record remains in the system. In other words,
newly imported users are not automatically associated with existing
Contact records. If you import users with the
Create Associated Contacts check box selected, new
Contact records associated with imported users are
created. This applies to users that are automatically added to
SBM as well. An alternative to importing contacts as users is to
utilize the "Grant Login" feature in
- If user already exists
Select one of the following options for handling LDAP user
accounts that have the same login ID as
accounts. The comparison of login IDs between LDAP and
is not case-sensitive.
Do not modify
Select this option to ignore LDAP user accounts that already
Tip: If the user already exists, but does not have an
associated resource record, a new resource record is created for that user if
you map any resource attributes.
Replace mapped attributes
Select this option to update any mapped attributes that have
changed in LDAP. This option is useful for updating information in existing
SBM accounts while you import new accounts from LDAP.
Select this option to replace existing
SBM user accounts with the mapped and template user attributes.
This option is useful for quickly modifying multiple user account attributes in
SBM. For example, if a user is promoted to a managerial position,
you can import that user based on a template from an existing manager's
account. The unique database ID for the replaced user does not change so that
ownership of primary items is not affected; however, all account attributes,
such as product-access type, privileges, preferences, etc., are replaced.
Because this option enables you to completely overwrite an existing user's
account, use this feature cautiously.
On-demand only – Use the
Alias field to enter an e-mail address
domain that will be appended to the
Login ID for imported users. For example, if you map Bill's
sAMAccountName (Bill) to
Login ID and enter
@acme.com in the
Alias field, Bill is imported with a
Login ID like
Find Candidates Options
Use this section to query LDAP for a list of potential users or
contacts who can be imported into
SBM. You can then select candidates to import.
Click to initiate the search for LDAP users matching the
criteria specified in the search filter. When the search is complete, the LDAP
users who match the search criteria are listed. You can sort the list by
clicking on the column headings.
Tip: If the desired user is not found, click
Refresh in the LDAP Attributes
Sample Data section, and then try again.
Note: The amount of time needed for the search depends
on the speed of the connection to the LDAP server and the number of users
qualified by the search.
- Select All
Click to select all candidates in the list.
- Clear All
Click to clear your selections.
Select a search filter or type a new search filter. The search
filter you provide depends on how user accounts are organized in LDAP and the
type of user accounts you want to import. For example:
You may want to include
objectClass=SBMUser (or a similar value, depending on
your LDAP configuration) in your search filter to return all LDAP users
If groups exist in your LDAP system that are similar to
SBM, include the group name in your search filter criteria. Other
attributes such as organizational unit, department, and title might also be
Consider common traits of users as you construct search
filters. For example, (telephoneNumber=555*) returns accounts in which users
have phone numbers beginning with 555.
Select candidates you want to import.
- Exists in
A disabled checkmark indicates that a user or contact matching
the LDAP attributes already exists in
- Login ID
Listed for user imports. Indicates the
SBM login ID.
Listed for user imports. Indicates the
SBM user name.
- First Name
Listed for contact imports.
- Last Name
Listed for contact imports.
Copyright © 2007–2016 Serena Software, Inc. All rights reserved.