The following options are available when you select the
Import groups from LDAP option. You must enter
LDAP server and search options before you can import groups. For details, refer
to
Common LDAP Import and Update Options.
After you have entered LDAP server and search options, click the
Apply button. This contacts the LDAP server and
populates sample data in the
User Attributes Map and
Groups Attributes Map sections if the connection
and search parameters are valid.
User Attributes Map
In the
User Attributes Map section, map user account attributes defined
in the LDAP schema to
SBM user attributes. The mapping assignments apply to importing
and updating user records.
There are three types of
SBM user attributes you can map to:
- User
User account attributes (including
Login ID,
Name,
Telephone, and
E-mail)
- Contact
All non-system, fixed-length
Text fields in the
Contacts table and the
Company system field from the
Contacts
table.
- Resource
Resource attributes, including Job Functions and Skills.
Note the following:
- SBM user accounts must have a login ID and name. If an imported
user account does not contain a name value, the LDAP login ID value is added as
the user's name.
- You can map attributes from multiple LDAP accounts, if necessary.
To do this, map the attributes from the first LDAP account that is returned
after you click
Apply. If this account does not contain all
the attributes you need, click
Apply again to return another LDAP account and
a new set of attributes. Map attributes as needed from this account, and
continue to click
Apply until you have mapped all necessary attributes.
- If you have multiple LDAP attributes with the same name, and you
map one of the attributes to either resource Teams or resource Skills,
SBM uses the
values from each attribute to create multiple teams and skills. For example, if
you have three
objectClass attributes in LDAP (each with different
values) and you map
objectClass to Skills, then three different skills
are added to the associated resource record.
Group Attributes Map
In the
Group Attributes Map section, map LDAP group
attributes to the following
SBM group attributes:
- Name
Map an LDAP attribute to the
Name field. For example, you might map the
LDAP group's common name (cn) to the group name attribute in
SBM.
- Memo
Map an LDAP attribute to the
SBM group memo field. For example, you might map the LDAP group's
description to the memo attribute in
SBM.
- Membership
Map an LDAP attribute to the
Membership field. For example, you might map
an LDAP group attribute like
uniquemember (or some attribute that identifies
each distinct member of the group) to the
Membership field.
This acts as a search base that retrieves a single user DN. The
Search Filter that you specify in the
LDAP Search Settings is then used against
this value to ensure that a genuine user account has been found (and not a
sub-group or some other non-user object).
Group Import Options
Provide the following:
- Create groups with the same access as
Select this option when you add groups. This copies the
access-level from an existing group to the new groups that you are importing.
This does not copy any of the other group settings like privileges or
preferences—only the product access is copied.
- Group options
Select one of the following:
- Update only – Updates group attributes
that have been imported from LDAP.
- Add and update – Adds new groups and
updates group attributes on existing groups that have been imported from LDAP.
- Import Users as copy of
For LDAP group imports, this option is only required if you are
adding users as part of the group import.
Click
Find and select an
SBM user account to serve as a template account for imported
users. Imported accounts contain the values of mapped attributes, along with
the product-access type, role assignments, group membership,
privileges, preferences, application settings, notifications subscriptions, and
password settings of the template account. This process is similar to copying
an
SBM user account.
Note: If the template user has a private report
specified as a
Home Page report or a Quick Link, users whose accounts are
imported will receive an error when they run that report. For best results,
select a template user whose application settings specify built-in or
non-private level reports.
- Create Associated Contacts
Select this check box to automatically create
Contact records that are associated with imported users.
Contact records imported with a user account contain values for the mapped
Contact table fields and the values for
Contact table fields that are not listed on the
User Map tab (First Name, Middle Name, Last Name, E-mail,
and Phone Number).
CAUTION:
If you import an LDAP user as a contact and
later want to import that LDAP user as an
SBM user, a duplicate
Contact record is created if the
Create Associated Contacts check box is selected. If you
do not select the
Create Associated Contacts check box when later
re-importing the contact as an
SBM user, that user account will not have a
Contact record associated it, even though the original
Contact record remains in the system. In other words,
newly imported users are not automatically associated with existing
Contact records. If you import users with the
Create Associated Contacts check box selected, new
Contact records associated with imported users are
created. This applies to users that are automatically added to
SBM as well. An alternative to importing contacts as users is to
utilize the "Grant Login" feature in
Contacts records.
- User update options
Select one of the following:
- Membership only – Updates group
membership only.
- Update users – Updates group membership
and updates existing users that are found in LDAP.
- Add and update users – Updates group
membership, updates existing users from LDAP, and adds new users.
Optionally, select the following as needed:
- Set User Access From Membership
This option only applies to users that are affected by the current
import or update (anyone removed or added by the current operation). This
option identifies the highest product-access level from all the groups a user
belongs to—after the import or update is finished—and sets it on the affected
users. If a user is added or updated as part of this operation, the highest
access-level that is granted via their new membership is set.
If this option is cleared, the product access is not changed for
imported or updated users.
- Only Remove Membership Established by LDAP
Select this option to remove users from the groups that were
granted membership as part of an LDAP import. This only applies to the current,
existing groups that are selected for update from LDAP.
This option does not affect users who were manually added to
groups in
Application Administrator
by an administrator.
Copyright © 2007–2018 Serena Software, Inc., a Micro Focus company. All rights reserved.