Best practice if using multiple OU definitions for LDAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2014 10:17 AM
Hi SNow Community
Can you give me some advice on what is the best way to handle data sources if using multiple OU definitions for LDAP setup.
Can I specify the same Import set table for different OUs, as they will use the same transform map? I'm asking, because I'm a little bit confused, that if you set up a new OU definition you need to create a new data source, you cannot choose an existing one. Now I'm wondering if I just can give them differen names to better identify them, but the same import set table name so each OU definition would populate the same import set table?
Thanks for any advices.
Regards
Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2014 10:53 AM
Daniel,
I've always settled it this way in my head. At the base end is the LDAP server (table: ldap_server_config). This retains one record for each connection (URL, login, etc). Each of these can have multiple LDAP OU Definitions (table: ldap_ou_config) which specifies an LDAP server, and a queryfield/filter/OU to specify what data to look at from the LDAP server, and links that to a form on the ServiceNow side. It'd be great in my mind if they didn't force you to specify that here, or if they specified it as an example destination, since that's also specified in the Transform map and I think that leads to confusion.
But getting back to your question, creating multiple OU sources is the way you want to go, I think. Another user had a similar solution suggested here: Ldap - Multiple OU Definitions for users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2014 11:03 AM
As for using the same transform, I personally would prefer to map the records into a federated table, tagged somehow with their originating OU Definition unless I knew I wouldn't have to sift through duplicate or bad data before moving it into the User/Group table.
But maybe I'm a bit paranoid like that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 01:10 AM
Hi Peter
Thank you for your input on this.
Using multiple OU sources is working fine, just wondered about transform maps, now I've seend that you can do it this way:
For example you can set up a data source for OU1 with the name "LDAP OU 1" with import set table name "ldap_company_all".
You can then set up a other data source for the OU2 with "LDAP OU 2" but use the same import set table name "ldap_company_all".
You then have two data sources, that you can identify, but they both populate the same import set table, so you can use one transform map for all OU definition for this LDAP set up.
This seems to work fine, but I was not sure if this is the way to go? But how would you do the transform if you set up a a import set table for each OU definition, as you can choose only one table if creating a transform map, so you would need to setup multiple transorm maps or are there other ways to do this?
Regards
Daniel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2014 01:40 AM
Hi Daniel,
I would second Peters approach and use multiple transform maps.
I used to work at company that used to operate multiple ADs with multiple OU sources, separating them out helps if you ever need to trouble shoot. This was useful because different countries used to manage their own area of the AD system in different ways.
Regards,
Karl
