The following options are available when you select the
Import users from LDAP option. You must first
apply LDAP server and search options before you can import users. For details,
refer to
Common LDAP Import and Update Options.
After you have entered LDAP server and search options, click the
Apply button. This contacts the LDAP server and
populates sample data in the
User Attributes Map section if the connection and
search parameters are valid.
User Attributes Map
The
User Attributes Map section enables you to map user account
attributes defined in the LDAP schema to
SBM user, resource, and contact attributes. The mapping
assignments apply to importing and updating user records.
- Mapping LDAP Attributes to User Attributes
There are three types of
SBM user attributes you can map to:
- User
User account attributes (including
Login ID,
Name,
Telephone, and
E-mail)
- Contact
All non-system, fixed-length
Text fields in the
Contacts table and the
Company system field from the
Contacts
table.
- Resource
Resource attributes, including Job Functions and Skills.
Note the following:
- SBM user accounts must have a login ID and name. If an imported
user account does not contain a name value, the LDAP login ID value is added as
the user's name.
- You can map attributes from multiple LDAP accounts, if
necessary. To do this, map the attributes from the first LDAP account that is
returned after you click
Apply. If this account does not contain
all the attributes you need, click
Apply again to return another LDAP account
and a new set of attributes. Map attributes as needed from this account, and
continue to click
Apply until you have mapped all necessary attributes.
- If you have multiple LDAP attributes with the same name, and
you map one of the attributes to either resource Teams or resource Skills,
SBM uses the
values from each attribute to create multiple teams and skills. For example, if
you have three
objectClass attributes in LDAP (each with
different values) and you map
objectClass to Skills, then three different
skills are added to the associated resource record.
- Group Attributes
In the
Group Attributes field, type one or more
LDAP user attributes in a comma-separated list, similarly to the group query
parameters, that should be examined by
SBM to create new groups when users are imported.
For example, if you select
memberOf as the attribute,
SBM will only
use the containers in the
memberOf LDAP attribute as possible groups for the
new user. Each
memberOf attribute on the user's LDAP account will
be examined. You can select more than one attribute. Group Attributes must
contain distinguished names, and the elements within those distinguished names
are used as group names (subject to filtering by the Group Query Parameters, if
any are specified).
For example, if you want to create groups based off the parameters
in both the
memberOf and
productTeam attributes, you would select:
memberOf
productTeam
In LDAP, user "Joe" might have the following values for
these attributes:
memberOf: CN=Domain Admins,DN=Users,DC=Acme,DC=com
memberOf: CN=Managers,DN=Users,DC=Acme,DC=com
productTeam: OU=DevTeam,DC=Acme,DC=com
SBM would then
potentially be able to use any CN, DN, or OU parameter in any attribute to
create corresponding groups. You can limit the groups that will be created by
specifying specific parameters instead using
Group Query Parameters.
Note: If the
Group Attribute field is left empty,
SBM considers
the entire Full Directory Name (also known as
distinguishedName) as the attribute to examine
(for example,
CN=LDAPTest,OU=QAGroup,DC=acme,DC=com). In this
case, the first parameter is ignored by
SBM to avoid
creating a group call "LDAPTest", which is typically a user account
and not a group. Whenever the
distinguishedName attribute is specified, the
first parameter will be ignored.
- Group Query Parameters
In the
Group Query Parameters field, enter the
particular parameters you want
SBM to process
when attempting to create new groups. In effect, this field acts as an
additional filter on the
Group Attributes you specify. For example, you might only
want the CNs and OUs of each attribute examined. In that case, you would enter:
CN,OU
Using the example stated for group attributes, these parameters
would only create new groups based off the CNs and OUs in each attribute, which
would result in the creation of the following groups:
Domain Admins
Managers
DevTeam
User Import Options
Provide the following:
- Import Users as a copy of
Click
Find to search for or select an
SBM user account that serves as a template account for imported
users. Once selected, login ID, name, login ID, and product-access type of the selected user template account is shown in the
Import Users as a copy of box. Imported
accounts contain the values of mapped attributes, along with the product-access
type, role assignments, group membership, privileges,
preferences, application settings, notifications subscriptions, and password
settings of the template account. This process is similar to copying an
SBM user account.
Note: If the template user has a private report
specified as a
Home Page report or a Quick Link, users whose accounts are
imported will receive an error when they run that report. For best results,
select a template user whose application settings specify built-in or
non-private level reports.
- Create Associated Contacts
Select to automatically create
Contact records that are associated with imported users.
Contact records imported with a user account contain values for the mapped
Contact table fields and the values for
Contact table fields that are not listed on the
User Map tab (First Name, Middle Name, Last Name, E-mail,
and Phone Number).
CAUTION:
If you import an LDAP user as a contact and
later want to import that LDAP user as an
SBM user, a duplicate
Contact record is created if the
Create Associated Contacts check box is selected. If you
do not select the
Create Associated Contacts check box when later
re-importing the contact as an
SBM user, that user account will not have a
Contact record associated it, even though the original
Contact record remains in the system. In other words,
newly imported users are not automatically associated with existing
Contact records. If you import users with the
Create Associated Contacts check box selected, new
Contact records associated with imported users are
created. This applies to users that are automatically added to
SBM as well. An alternative to importing contacts as users is to
utilize the "Grant Login" feature in
Contacts records.
- If user already exists
Select one of the following options for handling LDAP user
accounts that have the same login ID as
SBM accounts. The comparison of login IDs between LDAP and
SBM is not case-sensitive.
-
Do not modify
Select this option to ignore LDAP user accounts that already
exist in
SBM.
Tip: If the user already exists, but does not have an
associated resource record, a new resource record is created for that user if
you map any resource attributes.
-
Replace mapped attributes
Select this option to update any mapped attributes that have
changed in LDAP. This option is useful for updating information in existing
SBM accounts while you import new accounts from LDAP.
-
Replace user
Select this option to replace existing
SBM user accounts with the mapped and template user attributes.
This option is useful for quickly modifying multiple user account attributes in
SBM. For example, if a user is promoted to a managerial position,
you can import that user based on a template from an existing manager's
account. The unique database ID for the replaced user does not change so that
ownership of primary items is not affected; however, all account attributes,
such as product-access type, privileges, preferences,
etc., are replaced. Because this option enables you to completely overwrite an
existing user's account, use this feature cautiously.
- Alias
On-demand only – Use the
Alias field to enter an e-mail address
domain that will be appended to the
Login ID for imported users. For example, if you map Bill's
sAMAccountName (Bill) to
Login ID and enter
@acme.com in the
Alias field, Bill is imported with a
Login ID like
bill@acme.com.
Copyright © 2007–2018 Serena Software, Inc., a Micro Focus company. All rights reserved.