Best practice if using multiple OU definitions for LDAP

danrad
Kilo Explorer

Hi SNow Community

 

Can you give me some advice on what is the best way to handle data sources if using multiple OU definitions for LDAP setup.

 

Can I specify the same Import set table for different OUs, as they will use the same transform map? I'm asking, because I'm a little bit confused, that if you set up a new OU definition you need to create a new data source, you cannot choose an existing one. Now I'm wondering if I just can give them differen names to better identify them, but the same import set table name so each OU definition would populate the same import set table?

 

Thanks for any advices.

 

Regards

Daniel

6 REPLIES 6

peterwestergaar
Kilo Expert

Daniel,



I've always settled it this way in my head.     At the base end is the LDAP server (table: ldap_server_config).   This retains one record for each connection (URL, login, etc).   Each of these can have multiple LDAP OU Definitions (table: ldap_ou_config) which specifies an LDAP server, and a queryfield/filter/OU to specify what data to look at from the LDAP server, and links that to a form on the ServiceNow side.     It'd be great in my mind if they didn't force you to specify that here, or if they specified it as an example destination, since that's also specified in the Transform map and I think that leads to confusion.



But getting back to your question, creating multiple OU sources is the way you want to go, I think.     Another user had a similar solution suggested here:   Ldap - Multiple OU Definitions for users  


peterwestergaar
Kilo Expert

As for using the same transform, I personally would prefer to map the records into a federated table, tagged somehow with their originating OU Definition unless I knew I wouldn't have to sift through duplicate or bad data before moving it into the User/Group table.            



But maybe I'm a bit paranoid like that.  


Hi Peter



Thank you for your input on this.


Using multiple OU sources is working fine, just wondered about transform maps, now I've seend that you can do it this way:



For example you can set up a data source for OU1 with the name "LDAP OU 1" with import set table name "ldap_company_all".


You can then set up a other data source for the OU2 with "LDAP OU 2" but use the same import set table name "ldap_company_all".


You then have two data sources, that you can identify, but they both populate the same import set table, so you can use one transform map for all OU definition for this LDAP set up.



This seems to work fine, but I was not sure if this is the way to go? But how would you do the transform if you set up a a import set table for each OU definition, as you can choose only one table if creating a transform map, so you would need to setup multiple transorm maps or are there other ways to do this?



Regards


Daniel


Hi Daniel,



I would second Peters approach and use multiple transform maps.




I used to work at company that used to operate multiple ADs with multiple OU sources, separating them out helps if you ever need to trouble shoot. This was useful because different countries used to manage their own area of the AD system in different ways.




Regards,




Karl