How can we sync group and its member to ServiceNow by LDAP integration skip users not in sys_user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello Expert,
We need to sync groups by LDAP integration to ServiceNow groups with group manager and its members. We want membership to mirror, but never create or delete users in sys_user. If an Azure group contains someone not present in sys_user, we should skip adding them to sys_user_grmember at that time. As people are added/removed in Azure, ServiceNow group membership should update accordingly.
How can we achieve this Please guide, I want to Use Script Include LDAPutils for this & don't want to create our custom logic.
Thank you in advanced!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
You can just ignore inserts on your user transform map; this way you will still get updates on users and group transforms are unchanged. Group memberships are updated by the onAfter script and the match is based on the source field value on sys_user and it will not insert users [sys_user].
ldapUtils.addMembers(source, target);
For example update the script on the transform map. The action variable will have a string value of insert or update based on if a coalesce value is found.
(function transformRow(source, target, map, log, isUpdate) {
// The manager coming in from LDAP is the DN value for the manager.
// The line of code below will locate the manager that matches the
// DN value and set it into the target record. To ignore the manager
// from LDAP, remove or comment out the line: ldapUtils.setManager(source, target);
//
// NOTE: The 'manager' field SHOULD NOT be mapped in the 'Field Maps' related list
// if the manager is brought in through an LDAP import. The 'ldapUtils' scripts
// here and in the 'onComplete' Transform Map will map this value automatically.
ldapUtils.setManager(source, target);
// Set the source LDAP server into the target record
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;
//if not an update -> ignore
if (!isUpdate) {
ignore = true;
}
})(source, target, map, log, action === "update");
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago - last edited 2 weeks ago
Hi @lauri457
Thanks for your response but it is not working. it is not setting the Group manager and it member while I am using in the main script in transform map
ldapUtils.setManagerField('u_managedby');
ldapUtils.setManager(source, target);OR
ldapUtils.setManager(source, target);
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;
And Using below transform scripts also
1. onStart:
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);
2. onAfter:
(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
ldapUtils.addMembers(source, target);
})(source, map, log, target);3. onComplete:
ldapUtils.processManagers();
in import set managed by field coming like this format is it affecting
CN=0000000,OU=India-HYD,OU=IT HUB,OU=AMEA,DC=cww,DC=pep,DC=pvtand there is a member field and data coming like this format
CN=abc {PBC},OU=PBG,OU=People,DC=corp,DC=pep,DC=pvt^CN=BCD{PBC},OU=PBG,OU=People,DC=corp,DC=pep,DC=pvt^.......
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
There shouldn't be any changes needed in the transforms to get this working if you are using AD and the information is in the "default" attributes. Check the attributes so that data is in the correct field in the staging table.
CN=80328828,OU=India-HYD,OU=IT HUB,OU=AMEA,DC=cww,DC=pep,DC=pvtAnd there has to be a sys_user with this DN as source in the sys_user so that they can be matched to the manager field or to be members of groups.
