Why is LDAP failing to set managers?

Stephen W_ · ‎02-11-2016

users are imported correctly, have correct source value etc. and I do not have a map for the manager field..

I have added correct code to transform map and have expanded all relevant fields to 255 characters and validated their data type.

I could script around this so easily.. but it should just work!

I threw some logging into LDAPUtils:

setManager: function(source, target) {
             var ge = source.getElement(this.manager);
             if (!ge || ge.isNil()){
                   return;
             }
             this._getLdapUserUpdate();
             var ldap = new GlideLDAPUserUpdate(); //what's the point of this.. never used..
             var mid =   this.ldapUserUpdate.getManagerValue(target, ge.toString());
             if (mid == null) {
                         gs.logWarning("mid is null. Manager: "+ge.toString(),"LDAPUtils");
                         gs.logWarning("mid is null. Source: "+source,"LDAPUtils");
                         return;
             }
             target.manager = mid;
       }
             target.manager = mid;
       },

The results are exactly as expected, not truncated, and matches another user's "source" field value..

mid is null. Source: [object GlideRecord]

mid is null. Manager: CN=Jimmy Hermo,OU=Users,OU=EXC,OU=CCRA,OU=CCR,DC=CCR,DC=local

Clearly it's calling the script include and not truncating.. so why is it not actually updating the user record?

Of course GlideLDAPUserUpdate source isn't described in the wiki/api. Anyone have that somewhere?

Thanks!

Stephen W_ · ‎02-12-2016

Solved!

When the transform was setup the user.source field was mapped to a value that contained the DN, but not to a field that contained the "ldap:" prefix.

So when I was evaluating:

this.ldapUserUpdate.getManagerValue(target, ge.toString());

What I didn't know that it filtered on an "ldap:" prefix when evaluating the source field.

The second attribute of getManagerValue() is:

ldap:CN=Jimmy Hermo,OU=Users,OU=EXC,OU=CCRA,OU=CCR,DC=CCR,DC=local

not this:

CN=Jimmy Hermo,OU=Users,OU=EXC,OU=CCRA,OU=CCR,DC=CCR,DC=local

View solution in original post

Brian Dailey1 · ‎02-11-2016

Hi Stephen,

Are you running this as an onComplete transform script? Otherwise, it's possible the manager values won't exist when you are attempting to set them.

-Brian

Stephen W_ · ‎02-11-2016

Not that exact function. But I've run this several times, so the second run would have caught those.

Regardless, I am running ldapUtils.processManagers() onComplete which is intended to handle that scenario.

Thanks,

-Stephen

Stephen W_ · ‎02-12-2016

Transform script:

ldapUtils.setManager(source, target);

target.ldap_server = source.sys_import_set.data_source.ldap_target.server;

onBefore:

var ctrl = parseInt(source.u_useraccountcontrol, 10);

ctrl = ctrl.toString(16);


if (ctrl.substr(-1) == "2") {

   target.active = false;

   target.locked_out = true;

   if (action == 'insert')

           ignore = true;

} else {

   //Optional: Reactivate and unlock the user account

   //target.active = true;

   //target.locked_out = ctrl.substr(-2, 1) == "1";

}

onStart:

gs.include("LDAPUtils");

var ldapUtils = new LDAPUtils();

ldapUtils.setLog(log);

onAfter:

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {

   ldapUtils.addMembers(source, target);

})(source, map, log, target);

onComplete:

ldapUtils.processManagers();

Stephen W_ · ‎02-12-2016