Importing Users and Groups From LDAP

SBM enables you to import and update users, groups, resources, and Contacts record information from a directory using LDAP.

LDAP requires external setup, which varies based on the LDAP provider you are using. In general, these instructions assume that your LDAP system is configured and that you have access to it and understand basic LDAP concepts. If you will use a secure connection to LDAP, refer to Preparing LDAP for SBM for information about preparing CA certificates for use with SBM.

Note: On-premise only – For information about using LDAP to authenticate users and the LDAP "auto add" feature, refer to the SBM System Administrator Guide.

Import users from LDAP
Use search filters to specify the users you want to import, and then import those users as "copies" of an existing SBM user. You can choose to create Contact records for imported users as well. For details, refer to Importing Users from LDAP.
Import contacts from LDAP
You can import LDAP users as contacts by mapping LDAP user attributes to Contacts table fields, and then importing selected LDAP users. For details, refer to Importing Contacts From LDAP.
Update users from LDAP
You can update mapped LDAP attributes for all SBM users and contacts at once. You can limit the number of users you update by product-access type, account status, or by using a search filter to select a set of users and/or contacts to update. For details, refer to Updating Users and Contacts from LDAP.
Import groups from LDAP
Use a group query to find groups that you want to import, and then import those groups and users. Use this option to import groups, update group membership, and add users that are found in LDAP groups. For details, refer to Importing LDAP Groups.

LDAP Import and Update Considerations

Consider the following information before you import or update user accounts and contact information from LDAP:

You can use the SBM Application Administrator to import users and contacts from LDAP. You can also update resource attributes by mapping data from LDAP.
Managed administrators must be granted the Global Administration privilege to use this feature in SBM Application Administrator.
If LDAP fields contain sensitive data that administrators should not see, privileges can be specified in the LDAP tool to limit administrators' access to these fields.
Care must be taken when you modify and delete mapped fields in LDAP and SBM. For example, if the name of an attribute is changed in LDAP, it is no longer mapped to the SBM field. Also, fields that are deleted in either tool are no longer mapped.
Contact imports only apply to the SBM system Contacts table. You cannot import from LDAP into custom auxiliary tables that store contact data.
When you update User and Contact records, SBM fields that contain data are not modified if the mapped field in LDAP is empty. For example, if a Contact record contains a phone number and the LDAP record does not, the phone number for the Contact record is retained after updating. To update SBM with an LDAP attribute that has no active replacement, you must set the LDAP attribute to some non-empty value such as "none."