Do manually added users in a group gets removed after LDAP runs

kumarkamlesh
Mega Contributor

‎12-05-2017 03:42 AM

Hi,

I have a scenario where user data is imported in servicenow from two different source. One from LDAP and other from different application. But Group data is stored from LDAP only. Now when I add the user whose data came from different source into the group, the very next day when LDAP runs it removes the user from that group.

So is it that when LDAP group import runs it removes all the users that are added manually. If yes then how to restrict LDAP from doing so.

Regards,

Kamlesh

0 Helpfuls
  • 1,572 Views
8 REPLIES 8

DrewW
Mega Sage
Mega Sage
In response to kumarkamlesh

‎12-13-2017 05:41 AM

I have seen instances in the system that when the system runs ServiceNow's code/java Objects that it totally bypasses business logic and does what ever it likes.   So as Dave is suggesting I would create a BR that runs no matter what on delete and all it does is a gs.log to see if this is true.   If you do not see the log statements then you are going to have to do something with the LDAPUtils script include.


0 Helpfuls

Dave Smith1
ServiceNow Employee
ServiceNow Employee
In response to DrewW

‎12-13-2017 07:02 AM 

I have seen instances in the system that when the system runs ServiceNow's code/java Objects that it totally bypasses business logic and does what ever it likes.

Ouch - really?   Even bypassing business rules?


0 Helpfuls

DrewW
Mega Sage
Mega Sage
In response to Dave Smith1

‎12-13-2017 07:17 AM

Yes, the sys_user_has_role table is incredibly frustrating in this way.   We had some BR's that would remove all roles from someone if they had a read only role.   I forget the version we upgraded to and the business rules that took care of this stopped working and support told us it was by design.   Since then we have gone a different direction with read only but it was frustrating to discover.



I have never gone back to see if this has changed or not, I would hope it has.


0 Helpfuls

MGanon
Tera Guru

‎04-15-2020 05:35 PM

Did you ever resolve your issue?

The sys_user_grmember business rules will not fire during a background import to the sys_user and sys_user_group tables, unless those groups have a role. Those business rules will run fine in the UI, regardless of whether the group has a role, but not in the background.

https://community.servicenow.com/community?id=community_question&sys_id=09305be5dbdcdbc01dcaf3231f9619a0

0 Helpfuls