| Forgot to mention: LDAP-Server: Microsoft AD (Win Serv. 2016) ServiceNow: Orlando (Patch 3, May 7 2020) |
SOLVED!
Sharing the details here to help people who have this problem:
Under "System LDAP" > "LDAP Server" > [your-ldap-server]:
Attributes:
dn,title,name,samaccountname,givenname,sn,mail,l,department,manager,stronghold,source,description,managedby,member
LDAP OU Definitions:
> Users
Query field: sAMAccountName
Filter: (&(objectClass=person)(sn=*)(!(objectClass=computer)) (!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> Groups
Query field: sAMAccountName
Filter: (objectClass=group)
Under "System LDAP" > "Data Source" > [your-ldap-users-datasource]:
Import set table name: u_imp_ldap_users (in my case)
Type: LDAP
LDAP Target: Users
Transforms: LDAP Users Transform Map
Under "System LDAP" > "Data Source" > [your-ldap-groups-datasource]:
Import set table name: u_imp_ldap_groups (in my case)
Type: LDAP
LDAP Target: Groups
Transforms: LDAP Groups Transform Map
Under "System LDAP" > "Transform Maps" > [your-ldap-users-transform-map]:
Source table: u_imp_ldap_users (same as [your-ldap-users-datasource])
Target table: User [sys_user]
Script:
ldapUtils.setManager(source, target);
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;Field Maps:
| Source field | Target field | Coalesce |
| u_samaccountname | user_name | true |
| u_name | name | false |
| u_department | department | false |
| u_stronghold | cost_center | false |
| u_mail | false | |
| u_l | city | false |
| u_source | source | false |
| u_title | title | false |
| u_givenname | first_name | false |
| u_sn | last_name | false |
Transform Scripts (all are OOB-scripts, edited out comments to make them shorter):
When: onStart
gs.include('LDAPUtils');
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);When: onComplete
ldapUtils.processManagers();When: onBefore
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
}Under "System LDAP" > "Transform Maps" > [your-ldap-groups-transform-map]:
Source table: u_imp_ldap_groups (same as [your-ldap-groups-datasource])
Target table: Group [sys_user_group]
Script:
ldapUtils.setManagerField('u_managedby');
ldapUtils.setManager(source, target);
Field Maps:
| Source field | Target field | Coalesce |
| u_samaccountname | name | true |
| u_description | description | false |
| u_source | source | false |
Transform Scripts (all are OOB-scripts, edited out comments to make them shorter):
When: onStart
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);
When: onAfter
ldapUtils.addMembers(source, target);Under "System LDAP" > "Data Source" > [your-ldap-users-datasource]
"Test Load 20 Records" > "Loaded data" > Preview a record by clicking the "(I)"-icon next to it > "Open record" > Right-click on each fieldname (ex. ON the actual text for the field such as "name") > "Configure Dictionary"
Under each entry check that the "MaxLength" is set to a high enough value so the imported values doesn't get cut off.
When you verified this go back to:
"System LDAP" > "Data Source" > [your-ldap-users-datasource] > "Load All Records" and after the import > "Run Transform" and select [your-ldap-users-transform-map] as the transform map to apply.
Under "System LDAP" > "Data Source" > [your-ldap-groups-datasource]
"Test Load 20 Records" > "Loaded data" > Preview a record by clicking the "(I)"-icon next to it > "Open record" > Right-click on each fieldname (ex. ON the actual text for the field such as "name") > "Configure Dictionary"
Under each entry check that the "MaxLength" is set to a high enough value so the imported values doesn't get cut off. For "Groups" I needed to have a value of greater then even 2000 for "MaxLength" for the field "member" since we have some groups that contain A LOT of users.
When you verified this go back to:
"System LDAP" > "Data Source" > [your-ldap-groups-datasource] > "Load All Records" and after the import > "Run Transform" and select [your-ldap-groups-transform-map] as the transform map to apply.
Here is the kicker, here is what I didn't read explicitly anywhere else which made me bash my head in when I found it:
"Organization" > "Users" > Enter the record of [some_random_user]
What? Still no "Manager"-field? And what about the "city"-attribute we mapped earlier?
What you see if the OOB-configured "Users"-form in the "default"-view.
Launch "Form Design" (see printscreen) and add the fields you want to display (see printscreen):
THAT ^
That was what I didn't understand or know, I thought the "Manager"-field would automagically appear after I setup everything correctly.
Hopefully this have helped you, I haven't detailed everything but only what I think is most important, all omitted information should be quite logical and/or default.
If this helped please click the "Helpful"-button below.
Best Regards - Karl
