LDAP Integration

SanketKumaS · 3 weeks ago

How to source the groups and group members from the LDAP server aligning to the users already present on the ServiceNow platform?User records have come into the sys_user from another source by LDAP Integration only. We need to make sure that duplicate members should not be created in the sys_user table.We want that new data should come to sys_user_group for the groups and to sys_user_grmember for the members.

Tanushree Maiti · 3 weeks ago

Hi @SanketKumaS

Use the standard LDAP Integration but with a specific onBefore transform script ,make sure Coalesce has been properly set . This method ensures that group memberships are created only for users who already exist in your sys_user table, effectively preventing the creation of duplicate or unwanted user records.

Sample onBefore transform script:

var userGr = new GlideRecord('sys_user');
userGr.addQuery('user_name', source.u_sAMAccountName); // Replace by your Ldap fielduserGr.query();if (userGr.next()) {
    var userId = userGr.sys_id;    var groupGr = new GlideRecord('sys_user_group');
    groupGr.addQuery('name', source.u_department); // Replace your LDAP group field here    groupGr.query();
    if (groupGr.next()) {
        var groupId = groupGr.sys_id;
        // Check if the membership already exists to prevent duplicate sys_user_grmember entries
        var memberGr = new GlideRecord('sys_user_grmember');
        memberGr.addQuery('user', userId);
        memberGr.addQuery('group', groupId);
        memberGr.query();        if (!memberGr.hasNext()) {
            memberGr.initialize();
            memberGr.user = userId;
            memberGr.group = groupId;
            memberGr.insert();
        }
    }
}

Refer Servicenow documentation: LDAP transform maps

LDAP integration creating Duplicate Accounts in User Table

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

View solution in original post

Tanushree Maiti · 3 weeks ago

Hi @SanketKumaS

Will check and get back

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

View solution in original post

Ankur Bawiskar · 3 weeks ago

@SanketKumaS

if your question is unanswered then I will request to keep thread open so that members can guide you

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

SanketKumaS · 3 weeks ago

Yes please keep the thread open

Tanushree Maiti · 3 weeks ago

Hi @SanketKumaS

Check in existing script if above field has been mapped. if not

Just add a new one - onBefore Transform script.

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

SanketKumaS · 3 weeks ago

My goal is that to map the LDAP group members with the existing user record without creating duplicates in the sys_user table.

SanketKumaS · 3 weeks ago

There is a slight change in the requirement.I need to use a specific filter to source only the ServiceNow relevant groups from LDAP.I need to map the group members with the already existing users making sure no duplicate users are created.Currently the LDAP Server has only one OnStart and OnComplete transform script.The OnStart script is just calling the LDAPUtils script include and using the setLog(log) for setting the logs.While in the OnComplete transform script,it is calling the processManagers() function of the LDAP.Please help me.