Importing LDAP Groups

Use the Import groups from LDAP to import and update specific groups from LDAP.

While you can also import groups via the Import users from LDAP operation, that operation is limited to the groups that are identified by the combination of group attributes and group query parameters that are applied to the user object in LDAP. In addition, only the group name is imported with the Import users from LDAP option and users are added to the group in SBM after the group is imported. You cannot easily update group membership from LDAP thereafter using the Import users from LDAP option.

The Import groups from LDAP option enables you to target specific LDAP groups, import and update their attributes, and manage group membership directly at the group-level. This is a much easier way to manage group membership because it starts at the group-level in LDAP (as opposed to managing membership by updating individual users). However, it is important to note that groups in LDAP must have knowledge of the users that belong to each group; the group import is only useful if group membership is known to each group in LDAP.

To import groups from LDAP:

Select the Import groups from LDAP option.
Specify LDAP search and server settings as described in LDAP Search Settings.
Click Apply at the top of the page until you find an LDAP user or group with attributes that match the users you want to import into SBM.
Map SBM user attributes to LDAP attributes, following the steps in User Attributes Map.
In the User Attributes Map, map user attributes in LDAP to user attributes in SBM. For details, refer to User Attributes Map.
In the Group Attributes Map, map group attributes in LDAP to group attributes in SBM. For details, refer to Group Attributes Map.
In the Group Import Options section:
- Determine the access level for new groups.
- Click Find and select a template SBM user in the Import users as copy of field.
- Optionally, select the Create Associated Contacts check box to create SBM contact records for imported users.
- Configure how groups and users are updated and managed as part of the import.
For details, refer to Group Import Options.
Specify an additional filter, and then click the Find button in the Find Group Candidates section to return a list of potential LDAP groups to import.
Tip: If no results are returned with the specified filter, click Apply at the top of the page, and then click Find again in the Find Group Candidates section.
Select the groups you want to import.
Set logging parameters as described in LDAP Logging and E-mail Options.
Decide if temporary passwords should be generated for active users that are imported or updated. This option is useful in the event that the e-mail that contains the user's initial temporary password is sent to the wrong e-mail address or if it is no longer available. Note the following:
- If your system will not use Windows or LDAP authentication after the import is finished, this option helps ensure that users are not created with empty passwords.
- This option is disabled if your system uses Windows or LDAP-only authentication in which passwords are not stored in SBM.
- When this option is selected, an e-mail is automatically sent to each user with the newly-generated temporary password.
- If new users have not changed their temporary passwords yet, and you are updating users, this option regenerates the temporary passwords for those users as well. The users will still be required to change the password upon initial log in.
- This option is selected by default.
- This option is disabled if the Password user attribute is mapped to a column in your spreadsheet.
Do one of the following:
- Click Save to save your changes.
- Click Import now to begin the import or update process immediately. Open the Import Log tab to monitor the progress.
If you saved the option set and want to schedule an import or update for a later date, click Schedule Import and define a new Scheduler job.