LDAP Group Import - Group members not being added

ericfisch · ‎11-03-2011

We are planning on putting the maintenance of groups membership into Active Directory and have them imported via LDAP. I have successfully imported a test group. However, the members are not being added to the group. I have verified that the members already have active accounts in Service-now through our user import.

I'm not sure if this would affect anything, but since we did not want to bring in all groups and we did not want to create additional OUs, we added a custom attribute to the account: extensionAttribute12=servicenow. The filter for our group import is as follows: (&(objectClass=group)(extensionAttribute12=servicenow)).

Has anyone come across this issue? Does anyone know exactly how the function dapUtils.addMembers(source, target) adds the members?

Any help is much appreciated!

march · ‎09-05-2012

I encountered the same issue. And after troubleshooting further and identifying on how this group membership works, i noticed that the issue was due to some truncated fields when extracted from the LDAP.

To have it working, i had to increase the size of a couple of field.

In my import set table for the LDAP group, the default size of the u_member field was set to 40 characters, i increased this one. The size you will put will really depend on the number of members you may have i a group, the syntax of this field is something like "CN=John Doe,OU=Sales Accounts,OU=Accounts,OU=UK,DC=johndoe,DC=com^CN=Jane Doe,OU=Legal Accounts,OU=Accounts,OU=UK,DC=johndoe,DC=com^....." so for each members you have already a lot of characters
In my import set table for the LDAP Users, the default size of the u_source field was set to 40 characters, i increased this one as well, as the source was truncated as well.
In the sys_user table i also increased the size of the source field to the same size as the u_source field of my import set table for LDAP users.

And then i launched the group sync, and the users existing in the service-now instances were added to the groups automatically.

Be careful that to have this working, you need to have a onAfter Transform Scripts containing the following (as included in the example provided by SNC):


ldapUtils.addMembers(source, target);

Hope this will help other people encountering the same issue.

gtk · ‎01-24-2018

march,

we have an issue while importing data from the AD, we are using ldaputils() and data is stored in a different table, not in the sys_grpmember table

transform script for in onAfter

addmembers(source,target);

transform script for onStart

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {

// Add your code here

gs.include("LDAPUtils");

var ldapUtils = new LDAPUtils();

ldapUtils.setLog(log);

})(source, map, log, target);

imported data (screenshot):

but in the table, the only user1 is stored

can anyone help to pass all users to the table

any help appreciated

joaof · ‎12-17-2019

Increasing the sizes of u_member and u_source fields on the import table solved the issue. Thank you!

billi_lumley · ‎04-29-2013

This helped! I too could not pull in group members via LDAP. I had to increase the size of u_memberof and u_member within my import sets. However, some of these groups have A LOT of members, therefore I would have to increase the column size from 40 to 1000+. This doesn't seem like best practice. Is there another way to bring in members without massively increasing this column size?