Duplicate Users in LDAP

Go to solution
amacqueen
Mega Guru

‎07-10-2014 03:17 AM

We've been having this issue for some time and I haven't been able to get round to checking until this week. The problem is we have multiple user records being created from our LDAP import.

 

For example see below:-

 

find_real_file.png

 

A record seems to be created with an email address and another without the email address.

 

Any initial thoughts? If it would help I'm happy to post our config.

 

Thanks for looking.

Preview file
13 KB
0 Helpfuls
  • 2,450 Views
1 ACCEPTED SOLUTION

Go to solution
ohhgr
Kilo Sage
Kilo Sage
In response to amacqueen

‎07-10-2014 08:13 AM

Hi Angus,




Found a similar discussion (not related to service now),




could you try below line of condition




(&(objectClass=person)(sn=*)(!(objectClass=computer))(mail=*))




Also, mail should be the field storing email in LDAP.




Here's the link where i found it


how to exclude Null or empty fields in a Ldifde export




Thanks,


Mandar


View solution in original post

0 Helpfuls
12 REPLIES 12

Go to solution
ohhgr
Kilo Sage
Kilo Sage

‎07-10-2014 03:50 AM

Hi Angus,



This sounds basic, but still cross-check the transform scripts once and make sure there are no "insert()" function calls, in place of say "update()" calls.



Thanks,
Mandar


0 Helpfuls

Go to solution
amacqueen
Mega Guru
In response to ohhgr

‎07-10-2014 04:40 AM

Thanks Mandar. I think I may have resolved it myself. In our LDAP OU Definition I had a filter as follows:-


(&(objectClass=person)(sn=*)(!(objectClass=computer)))


I amended this in Dev to:-


(&(objectClass=person)(sn=*))


Deleted some users and re-ran the scheduled load and the duplicate entries did not re-appear. I'm assuming the statement I deleted was creating another record.


Going to keep my eye on it for a day or two in Dev before I put it live though


0 Helpfuls

Go to solution
ohhgr
Kilo Sage
Kilo Sage
In response to amacqueen

‎07-10-2014 05:10 AM

Hi Angus,



It's good that the issue hasn't occurred again. However, i'm not sure that removing a condition (!objectClass=computer) might be the reason for that.



Above condtion specifies that objects with Class computer should not be pulled. More details for the filters could be found on google. here's one http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters...



Thanks,
Mandar


0 Helpfuls

Go to solution
amacqueen
Mega Guru
In response to ohhgr

‎07-10-2014 05:26 AM

Thanks Mandar, looks like it might be back to the 'drawing board'. But what a brilliant resource the URL is


0 Helpfuls