Adding group manager via LDAP

othomas1
Kilo Guru

‎09-18-2020 04:04 PM

Good evening all,

I have users and groups coming in via LDAP. The user records have managers associated with them. However, the groups I’m importing are not bringing the manager over. 

I have a “managed_by” field on the group import set table, as well as in my attributes but the manager filed remains empty on group records. My transform script is set and the field length of the managed_by field is 1000 characters long. Does anyone have experience setting the manager field on groups imported via LDAP? I would greatly appreciate anyone willing to share an experience or two.

0 Helpfuls
  • 1,215 Views
16 REPLIES 16

othomas1
Kilo Guru
In response to Matthew Glenn

‎09-18-2020 05:57 PM

//
// The manager coming in from LDAP is the DN value for the manager.
// The line of code below will locate the manager that matches the
// DN value and set it into the target record. If you are not
// interested in getting the manager from LDAP then remove or
// comment out the lines below
ldapUtils.setManagerField('u_managedby');
ldapUtils.setManager(source, target);

// Set the source LDAP server into the target record
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;

 

Ive tried switching the highlighted variable to u_manager as well.

 

 

Here is the preview from the test load:

find_real_file.png

Preview file
9 KB
0 Helpfuls

Matthew Glenn
Kilo Sage
In response to othomas1

‎09-18-2020 06:15 PM

What is the max length on those fields? Are they at the default 40 characters? If so, try setting them much higher.
0 Helpfuls

othomas1
Kilo Guru
In response to Matthew Glenn

‎09-18-2020 06:48 PM

Both fields max lengths are 1000.
0 Helpfuls

Matthew Glenn
Kilo Sage
In response to othomas1

‎09-18-2020 07:16 PM

Ok. So if the manager column on your import set table is empty, there's only a handful of things I can think of that would be the issue:

  • The groups you're importing don't have managers
  • The service account you're using to read LDAP doesn't have access to read that managedBy attribute
  • You're not pulling in the managedBy attribute in your LDAP Server definition
  • The column on the import set table isn't long enough to hold the incoming value (you said you already checked this, so let's ignore it)

 

If you browse the LDAP OU Definition on your LDAP Server, can you see the manager attribute on your groups?

0 Helpfuls

othomas1
Kilo Guru
In response to Matthew Glenn

‎09-18-2020 07:35 PM

find_real_file.png

 

Above is all i see, i cant expand any of the folders with the + signs.

Preview file
153 KB
0 Helpfuls