LDAP Integration

Go to solution
SanketKumaS
Tera Contributor

3 weeks ago

How to source the groups and group members from the LDAP server aligning to the users already present on the ServiceNow platform?User records have come into the sys_user from another source by LDAP Integration only. We need to make sure that duplicate members should not be created in the sys_user table.We want that new data should come to sys_user_group for the groups and to sys_user_grmember for the members.

0 Helpfuls
  • 1,230 Views
2 ACCEPTED SOLUTIONS

Go to solution
Tanushree Maiti
Tera Patron

3 weeks ago

Hi @SanketKumaS 

 

Use the standard LDAP Integration but with a specific onBefore transform script ,make sure Coalesce  has been properly set . This method ensures that group memberships are created only for users who already exist in your sys_user table, effectively preventing the creation of duplicate or unwanted user records.

 

Sample onBefore transform script:

 

var userGr = new GlideRecord('sys_user');
userGr.addQuery('user_name', source.u_sAMAccountName); // Replace by your Ldap fielduserGr.query();if (userGr.next()) {
    var userId = userGr.sys_id;    var groupGr = new GlideRecord('sys_user_group');
    groupGr.addQuery('name', source.u_department); // Replace your LDAP group field here    groupGr.query();
    if (groupGr.next()) {
        var groupId = groupGr.sys_id;
        // Check if the membership already exists to prevent duplicate sys_user_grmember entries
        var memberGr = new GlideRecord('sys_user_grmember');
        memberGr.addQuery('user', userId);
        memberGr.addQuery('group', groupId);
        memberGr.query();        if (!memberGr.hasNext()) {
            memberGr.initialize();
            memberGr.user = userId;
            memberGr.group = groupId;
            memberGr.insert();
        }
    }
}
Refer Servicenow documentation: LDAP transform maps 

LDAP integration creating Duplicate Accounts in User Table 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

View solution in original post

Go to solution
Tanushree Maiti
Tera Patron
In response to SanketKumaS

3 weeks ago

Hi @SanketKumaS 

 

Will check and get back

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

View solution in original post

10 REPLIES 10

Go to solution
Ankur Bawiskar
Tera Patron

3 weeks ago

@SanketKumaS 

group and group membership not coming from same LDAP?

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 10x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
SanketKumaS
Tera Contributor
In response to Ankur Bawiskar

3 weeks ago

No the users have come from a different data source only by using transform maps.But the groups and group members are to come from LDAP source.Need to make sure there are no duplicate users created for the already existing users.

0 Helpfuls

Go to solution
Tanushree Maiti
Tera Patron

3 weeks ago

Hi @SanketKumaS 

 

Use the standard LDAP Integration but with a specific onBefore transform script ,make sure Coalesce  has been properly set . This method ensures that group memberships are created only for users who already exist in your sys_user table, effectively preventing the creation of duplicate or unwanted user records.

 

Sample onBefore transform script:

 

var userGr = new GlideRecord('sys_user');
userGr.addQuery('user_name', source.u_sAMAccountName); // Replace by your Ldap fielduserGr.query();if (userGr.next()) {
    var userId = userGr.sys_id;    var groupGr = new GlideRecord('sys_user_group');
    groupGr.addQuery('name', source.u_department); // Replace your LDAP group field here    groupGr.query();
    if (groupGr.next()) {
        var groupId = groupGr.sys_id;
        // Check if the membership already exists to prevent duplicate sys_user_grmember entries
        var memberGr = new GlideRecord('sys_user_grmember');
        memberGr.addQuery('user', userId);
        memberGr.addQuery('group', groupId);
        memberGr.query();        if (!memberGr.hasNext()) {
            memberGr.initialize();
            memberGr.user = userId;
            memberGr.group = groupId;
            memberGr.insert();
        }
    }
}
Refer Servicenow documentation: LDAP transform maps 

LDAP integration creating Duplicate Accounts in User Table 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

Go to solution
SanketKumaS
Tera Contributor
In response to Tanushree Maiti

3 weeks ago

Actually I need to modify the Transform Scripts written for the Users OU Definition so that the group members are mapped to the group without creating duplicate users in the sys_user table based on a particular filter.Currently,OnStart and OnComplete transform scripts are used.I need to modify them to fulfil my requirement.

0 Helpfuls