Updating Users and Contacts Via LDAP

The Update tab enables you to update mapped LDAP attributes for all SBM users and contacts at once. You can also limit the number of users you update by product-access type, account status, or by using a search filter to select a set of users, a set of contacts, or a set of users and contacts to update. The update process only updates changed LDAP values in SBM user attribute and Contact table fields.

Updating User Accounts

To update user accounts:

  1. From the Options menu, select LDAP Setup & Tools. The LDAP Setup & Tools dialog box opens to the General tab; select the User Map tab.
  2. Verify that LDAP attributes are mapped to SBM user attributes and Contact table fields. For details, refer to Mapping LDAP and SBM User Information and Mapping LDAP Users and SBM Contacts.
  3. Select the Update tab.
  4. To update user accounts and their associated Contact records, if applicable, select the Update Users check box, and then select the product-access level that is assigned to the user accounts you want to update. Attributes mapped on the User Map tab are updated from LDAP for all SBM users with the selected product-access type who meet the criteria of the search filter.
  5. Select the Active check box to update only active user accounts; select the Deleted check box to update deleted user accounts. Select both check boxes to update LDAP data in active and deleted accounts.
  6. By default, the Filter list contains the User Authentication Search Filter specified on the General tab. Click Override to modify this filter or provide a different filter for the update. Click Auto to restore the default filter.
    Note: The search filter must contain at least one {0} format specifier that is replaced at runtime with the user's login ID to form the final search string.
  7. Selecting the Remove users with LDAP filter checkbox provides a filter that allows SBM to identify LDAP users that should be marked as deleted. Any SBM user that matches this filter is marked as deleted upon the next update. For example, the following filter removes any user that has the LDAP attribute "deleted" set to "true."
    (&(&(objectClass=user)(sAMAccountName={0}))(deleted=true))
    Any attribute can be used to flag users that should be deleted. In this example, if Joe is selected for update and has a "deleted" attribute value of "true" in LDAP, then on the next update Joe will be marked as deleted in SBM. However, he will not be removed from any of the groups to which he currently belongs.
    Note: The various access levels and the active or deleted status check boxes can be used to further filter users that should be removed. The filter you provide in the Remove users with LDAP filter field acts an additional filter beyond any filter already provided next to the Override button.
  8. Select the Remove users if LDAP entry doesn't exist check box to remove any users from SBM who cannot be found in your LDAP store. These users will be marked as deleted upon the next update.
    Important: This setting affects even those users who were not automatically added from LDAP. Any user who cannot be found in LDAP will be marked as deleted. If you do not want to affect these users, you can try to limit who is deleted by selecting only users with a certain product access or status in the check boxes above. Thus, you can use the various access levels and the active or deleted status check boxes to filter users that should be removed when they are not found in LDAP.
    For example, user Susan was manually added by an administrator. If a user update is initiated and this option is selected, Susan will be marked as deleted afterwards even though she was added manually and does not exist in LDAP. However, she will not be removed from any of the groups to which she currently belongs.
    Note: Even though Susan will be marked as deleted, any changes that are found in her mapped attributes will be updated immediately before she is marked as a deleted user.
    Jim is an external user that was manually added by an administrator. Since external users are typically not stored in LDAP, Jim would be a candidate for deletion. To avoid marking him as a deleted user, remove the check box next to External User in the Update existing SBM users whose access level is section. You can view all removal activities in the ttldap.log file. See Setting LDAP Options for more information the LDAP log file.
  9. Click Update Now to update the user accounts.
  10. Click OK to save your settings and exit the dialog box. Click Apply to save your settings and continue working in the LDAP Setup & Tools dialog box.

Updating Contact Records

To update contact records:

  1. From the Options menu, select LDAP Setup & Tools. The LDAP Setup & Tools dialog box opens to the General tab; select the Contact Map tab.
  2. Verify that LDAP attributes are mapped to SBM Contact table fields, and that at least one field mapping assignment is designated as the Equality Key. For details, refer to Mapping LDAP Users and SBM Contacts.
  3. Select the Update tab.
  4. Select the Update Contacts check box.
    Note: To update Contact records associated with a user account, you must update the user record. For details, refer to Importing User Accounts From LDAP.
  5. By default, the Filter list contains a provided filter that is based on the Equality Keys specified on the Contact Map tab. Click Override to modify this filter or provide a different filter for the update. Click Auto to restore the default filter. The following considerations apply to Search Filters for updating Contact records:
    • The search filter must contain the same number of {0} format specifiers as Equality Keys.

    • The {0} format specifiers must also be in a specific order. If you edit the search filter, do no change the order of filter components.

    • If an Equality Key field does not have a value in SBM, the search filter is modified to contain an absence filter component before the search begins. For example, if you have selected first name, middle name, and last name fields as Equality Keys, and the contact you are updating does not have a value in the middle name field (Sally Smith, for example), the final search filter is formatted as: (&(objectClass=inetOrgPerson)(givenName=Sally)(!(initials=*))(sn=Smith))

  6. Click Update Now to update the Contact records.
  7. Click OK to save your settings and exit the dialog box. Click Apply to save your settings and continue working in the LDAP Setup & Tools dialog box.