ldap group member import

Go to solution
jwerkmann
Tera Contributor

‎11-06-2017 02:34 AM

I'm struggling with importing AD group members into ServicceNow by using the default AD utility functions as described here:

https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/integrate/ldap/concept/c_LDAPTra...

Unfortunately I can't find any detailed description how users and groups are identified and mapped by using function 'ldapUtils.addMembers(source, target);'.

 

Can anybody explain which information is expected?

Labels:
0 Helpfuls
  • 9,508 Views
1 ACCEPTED SOLUTION

Go to solution
jose_valle
ServiceNow Employee
ServiceNow Employee

‎11-06-2017 06:25 AM

Hi Jürgen,



Essentially, what will happen is that for each dn that is in the u_members field of the incoming group staging record will be used to look an existing user with a matching value for source




Here are a couple of points about how members are added as part of the group import.



  • The transform script looks for the members in a field named "u_members" by default. This can be changed with a line like "ldapUtils.setMemberField('u_yourAttributeNameGoesHere')" on the same script that calls the .addmembers() method "ldapUtils.addMembers(source, target)"
  • The value of the "u_members" field should contain a list of full dn's for each member. This is used to find the corresponding user in the sys_user table with a matching source value.
  • You should not map the members field as this is handled by the scripts


Hope this helps.


View solution in original post

9 REPLIES 9

Go to solution
jose_valle
ServiceNow Employee
ServiceNow Employee

‎11-06-2017 06:25 AM

Hi Jürgen,



Essentially, what will happen is that for each dn that is in the u_members field of the incoming group staging record will be used to look an existing user with a matching value for source




Here are a couple of points about how members are added as part of the group import.



  • The transform script looks for the members in a field named "u_members" by default. This can be changed with a line like "ldapUtils.setMemberField('u_yourAttributeNameGoesHere')" on the same script that calls the .addmembers() method "ldapUtils.addMembers(source, target)"
  • The value of the "u_members" field should contain a list of full dn's for each member. This is used to find the corresponding user in the sys_user table with a matching source value.
  • You should not map the members field as this is handled by the scripts


Hope this helps.


Go to solution
jwerkmann
Tera Contributor
In response to jose_valle

‎11-07-2017 11:57 AM

Hi Jose,



Thank you! The source field on the user record does the mirracle!!



Best regards


Jürgen


0 Helpfuls

Go to solution
gtk
Mega Sage
In response to jose_valle

‎12-13-2017 03:31 AM

we have created two custom tables one for groups and other for group member


here are transform maps for each


and now groups are imported successfully but group members are not imported correctly



can you please help on this


****************************************************************************************************************



1. Transform   map for group import


find_real_file.png


Mapping assist\


find_real_file.png


transform script


find_real_file.png


find_real_file.png



_______________________________________________________________________________


_____________________________________________________________________________




2. transform map for group member import


find_real_file.png


Mapping assist


find_real_file.png




field map (Script)




find_real_file.png



Transform script


find_real_file.png


find_real_file.png


Preview file
49 KB
Preview file
62 KB
Preview file
47 KB
Preview file
37 KB
Preview file
54 KB
Preview file
48 KB
Preview file
48 KB
Preview file
28 KB
Preview file
48 KB
0 Helpfuls

Go to solution
ty_roach
Tera Guru
In response to jose_valle

‎08-19-2024 07:18 AM

Question - we're just starting pull users / groups from AD over LDAP into our ServiceNow instance.  Some of these groups have hundreds of members.  When we import, there's a "member" field with a default length of 40.  Even if we change this to be 4000, it still won't be large enough to hold all the members in some groups.

 

Nobody seems to be talking about this so I'm wondering if maybe I'm doing something wrong.

 

How are you suppose to pull members from large groups?

 

I mean, just one user may occupy 40 characters with the full OU structure there.  So if you have 200 members in that group, that mean you need to re-define that member field in the Data Dictionary to be 8000 characters.

 

Well, what if you've got 2000 members in a group?  

 

Am I missing something here?

0 Helpfuls

Go to solution
anud
Kilo Contributor

‎12-19-2018 09:22 AM

Hi Guys,

 

I have gone through all the scripts mentioned but I am still not able to import group members from AD/LDAP into servicenow Groups using those scripts (i.e OnAfter and OnStart scripts).

 

Also I need to know what should be the variable that should be set in 

ldapUtils.setMemberField('u_member'); // is this the correct field variable that we are using?
ldapUtils.addMembers(source, target);

 

Note: We are purely using the OOB tables like Sys_user and sys_user_group tables and fields.

 

Can someone please help me with step by step process of integration to import group members that are added in AD/LDAP to ServiceNow Groups.

 

Thanks

Anupama.

0 Helpfuls