Managing Users, Roles, and Groups → About User Import → LDAP Import Settings → Common LDAP Import and Update Options
The options described in this topic are applicable to multiple LDAP import and update types.
Enter a name for your option set so that you can reuse it for scheduled imports and for updating user account and contact data.
Specify the server name, IP address, or fully qualified domain name of the LDAP server. If your directory is replicated on more than one server, list each server's name separated by a space. If a replicated server uses a different port than is specified in the Port box on this dialog box, type :portnumber after the server name.
Specify the port number of the directory server. The default setting for LDAP using clear text is 389; the default LDAP port for Secure Sockets Layer (SSL) is 636. You can specify a different port if necessary for your installation.
Type the Directory root at which searching for user information will begin. All nodes at and beneath the base are searched for records of users being authenticated. The search timeout period is 30 seconds.
The search filter is used differently depending on if you are working with LDAP users or LDAP groups.
(&(objectClass=user)(sAMAccountName={0}))In this case, when user "Joe Smith" attempts to log in, the {0} specifier is replaced by his SBM login ID jsmith and he is authenticated against LDAP. The authentication will succeed if the SBM login ID matches his LDAP sAMAccountName value and he provides the proper password.
Enter a search string that will act as a filter against the group membership attribute. For example:
(&(objectClass=user)
This is used to ensure that the group membership search result is an actual user account and not a sub-group or other non-user LDAP object.
When you are importing or updating groups from LDAP, enter a filter in the Group Query field that will help you find the groups you want to import. For example:
(&(objectClass=groupOfUniqueNames))
The group should have an attribute for each member that contains the DN of each user account.
Type the distinguished name of an LDAP user account that has permission to search and read other user accounts that are to be authenticated in or imported into SBM. If your LDAP provider allows anonymous searches, this box can be empty. If a DN is provided, however, it must be an active and valid LDAP account located in the same root level directory specified in the Search Base and not in a subordinate container. The DN must be able to search all subordinate containers, so it must be placed in a root level directory that encapsulates the rest of the containers that hold your user accounts.
In the Password box, type the password for the user account specified in the Search DN box. The password is encrypted before it is stored in the SBM database.
This section contains sample data to assist you in mapping LDAP attributes to SBM attributes. Initially, the section does not contain any information. Click Apply to populate the section with LDAP attributes and sample data from your LDAP store. Click Apply again to see sample data from other users or groups in your LDAP directory.
User accounts are listed based on the order they are stored in the LDAP directory.
Use this section to query LDAP for a list of potential candidates to import into SBM. You can then select candidates to import.
Click to initiate the search for LDAP users matching the criteria specified in the search filter. When the search is complete, the LDAP entries that match the search criteria are listed.
To find users, you may want to include objectClass=SBMUser (or a similar value, depending on your LDAP configuration) in your search filter to return all LDAP users classified as SBM users.
If groups exist in your LDAP system that are similar to groups in SBM, include the group name in your search filter criteria. Other attributes such as organizational unit, department, and title might also be useful.
Consider common traits of users as you construct search filters. For example, (telephoneNumber=555*) returns accounts in which users have phone numbers beginning with 555.
Select candidates you want to import.
A disabled check box indicates that a record matching the LDAP attributes already exists in SBM.
Listed for user imports. Indicates the value that will be used for the SBM login ID.
Listed for user and group imports. Indicates the value that will be used for the name in SBM.
Listed for contact imports. Indicates the value that will be used for the contact's first name.
Listed for contact imports. Indicates the value that will be used for the contact's last name.
Use these options to send a copy of the import log file by e-mail when the import process completes and to send e-mail messages to newly imported users.
The Notification Server must be configured and running to send import logs and new user confirmations. On-premise customers use SBM Configurator to manage the Notification Server. The Notification Server is enabled in on-demand systems.
Change these options as needed:
This check box is selected by default. Clear it to stop the import log from being sent by e-mail.
By default, the user logged into SBM Application Administrator when the import process is started is sent the log message. Change the e-mail address as needed. To send the log to multiple addresses, separate each address with a semicolon.
Select to disable logging.
Select to log minimal information about LDAP imports and updates, such as the number of users imported and updated.
Select to log detailed information about LDAP imports and exports, including field mapping assignments.
Select to log detailed trace information about LDAP imports and exports, such as the login IDs of the accounts imported or updated. If you are experiencing trouble with this feature, set the logging to Verbose to assist you or Support staff in diagnosing problems.
Copyright © 2007–2019 Micro Focus or one of its affiliates. All rights reserved.