The CreatorCon Call for Content is officially open! Get started here.

Groups like members of group by ldap

Go to solution
utente
Giga Expert

‎09-25-2017 02:53 AM

Hi All,

I need to import from LDAP some groups which contain within them, other groups of users.

I have note that the function: ldapUtils.addMembers(source, target) , import only the users like members but exclude the groups.

So, I have checked inside the script LDAPUtils and I have find this:

       addMembers : function(source, target) {
             var ge = source.getElement(this.members);
             var geString = null;
if (ge && !ge.isNil()) {
this._log(ge.toString());
geString =   ge.toString();
}
     var group = new GlideLDAPGroups(target, geString);
            group.setMembers(); 
       },

I'm thinking that the working is this:

the variable ge, will contain a big string, (readed in LDAP, field: member)

that contain a list of users and groups identify by the ldap path.

At the end of the script is present, group.setMembers(),

that I think, it procede to read the big string, executing an identify of the objects inside and adding the memebers at the group.

Now,

Is possibie to extend the working to allow the process to add over the users also the groups ?

0 Helpfuls
  • 3,172 Views
1 ACCEPTED SOLUTION

Go to solution
TrevorK
Kilo Sage

‎09-25-2017 08:31 AM

We do some imports similar to what you are asking, however we are not nesting groups.



In our case we just do a weekly sync of two specific groups. There is a "member" field, within this field is a list of users separated by the character ^. What we do is create an array from this, splitting on the ^ symbol. This gives you each member. We then perform the logic we need based on each member.



Unfortunately the hold back I see is that each member is identified by their distinguished name (e.g. CN=ROBERTO,OU=Senior,OU=Engineers,OU=Staff,OU=Accounts,DC=google,DC=ca). This is where the challenge is that I see - you will need to then compare each of these members individually to determine if they are a group or user (possibly against your user record). Of course if you had a strict / reliable AD structure your OU might tell you if it's a group but that can be problematic.



Because what you are asking for returns the list of members as stated above, I think the challenge is more in how you will differentiate between groups and users from this list because in my instance I am only seeing distinguished name.




Sorry I can't add a group to our list to test - we don't have a development AD environment so I cannot add a group and go any further. However I think the above is enough to get you started with syncing the members, at which point your challenge is just how you want to logically determine if it's a group or user (and a couple ways are above).


View solution in original post

7 REPLIES 7

Go to solution
lrossy31
Tera Expert
In response to utente

‎02-04-2019 06:56 AM

Hello Vincenzo,

I am dealing with this scenario and wanted to ask if you would share screenshots of how you did this.  I have followed your steps but some how I think something else is missing because the members are not been added to the parent group.

Will greatly appreciate it.

0 Helpfuls

Go to solution
Davin Biggs
Tera Contributor
In response to lrossy31

‎02-07-2019 08:51 PM

Take a look at me Comment at:

https://community.servicenow.com/community?id=community_question&sys_id=b2def2e5db58dbc01dcaf3231f961904

0 Helpfuls

Go to solution
Hitesh targe
Tera Expert

‎03-25-2018 05:12 PM

HI All,

 

I have a requirement, where in I have to add user in LDAP through servicenow catalog. 

 

Below are the requriements,

 

Add user

update user

update group membership in LDAP

 

how can we do this. we have OOB orchestration activities for AD. is there any OOB scripts available for LDAP?

 

Please suggest.

Thanks

0 Helpfuls