LDAP - Manager field not getting populated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2018 07:13 PM
I have a new LDAP setup and the managers have never correctly loaded in. One of our folks noticed that the incoming 'manager' field was being truncated...so he increased the default char size of the ldap_import table manager field to 160. Manager is still not loading in.
To try to isolate the issue I nuked all users from the sys_user table (except admin accounts) ... and now I am only pulling in 4 names from LDAP. One manager (Sally) and 3 direct reports as defined in Active Directory and verified in LDAP. (Joe, John, Bill). I clean out the sys_user table...force a scheduled load of these 4 names...they come in fine. But no manager field.
In my transform map I have it set to Run script...and I even added the following code to the end of the script to prove it was firing:
target.u_usda_eauth_id_test='USDAEAUTHTESTID';
After the load of the LDAP records all users have this USDAEAUTHTESTID string in that field...so I assume
ldapUtils.setManager(source, target);
is firing.
Everything else is out of the box for onBefore, onStart and onComplete.
I even tried running the ldapUtils.processManagers() in a Background Scripts window...it says it ran with no errors...but again, no managers.
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
//ldapUtils.setLog(log);
ldapUtils.processManagers();
Any ideas?
Thank you !!!
ER
PS: On a side note...where do I find ldapUtils to go look at how it works??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 08:41 AM
onBefore (not active):
//Deactivate LDAP-disabled users during transform based on 'userAccountControl' attribute.
//This transform script is inactive by default
//
//NOTE: User records must be visible based on the OU filter in order to be disabled
//Convert the userAccountControl attribute to a hex value
var ctrl = parseInt(source.u_useraccountcontrol, 10);
ctrl = ctrl.toString(16);
//The relevant digit is the final one
//A final hex digit value of '2' in 'ctrl' means disabled
if (ctrl.substr(-1) == "2") {
target.active = false;
target.locked_out = true;
if (action == 'insert')
ignore = true;
} else {
//Optional: Reactivate and unlock the user account
//target.active = true;
//target.locked_out = ctrl.substr(-2, 1) == "1";
}
onStart:
gs.include("LDAPUtils");
var ldapUtils = new LDAPUtils();
ldapUtils.setLog(log);
onComplete:
//
// It is possible that the manager for a user did not exist in the database when
// the user was processed and therefore we could not locate and set the manager field.
// The processManagers call below will find all those records for which a manager could
// not be found and attempt to locate the manager again. This happens at the end of the
// import and therefore all users should have been created and we should be able to
// locate the manager at this point
ldapUtils.processManagers();
Main Xform Map Page Script:
//
// The manager coming in from LDAP is the DN value for the manager.
// The line of code below will locate the manager that matches the
// DN value and set it into the target record. To ignore the manager
// from LDAP, remove or comment out the line: ldapUtils.setManager(source, target);
//
// NOTE: The 'manager' field SHOULD NOT be mapped in the 'Field Maps' related list
// if the manager is brought in through an LDAP import. The 'ldapUtils' scripts
// here and in the 'onComplete' Transform Map will map this value automatically.
ldapUtils.setManager(source, target);
// Set the source LDAP server into the target record
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 08:52 AM
Can you make sure LDAP Util is active and has set Manager function.
https://xxx.service-now.com/sys_script_include_list.do?sysparm_query=name%3DLDAPUtils
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 09:07 AM
The LDAPUtils script include is Active ... it is not "Client callable"
Below are a couple manager functions...
setManagerField: function(field) {
this.manager = field;
},
setManager: function(source, target) {
var ge = source.getElement(this.manager);
if (!ge || ge.isNil())
return;
this._getLdapUserUpdate();
var ldap = new GlideLDAPUserUpdate();
var mid = this.ldapUserUpdate.getManagerValue(target, ge.toString());
if (mid == null)
return;
target.manager = mid;
},
processManagers: function() {
if (this.ldapUserUpdate == null)
return;
this.ldapUserUpdate.processManagers();
},
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 10:09 AM
Not sure what else it can be. Can you also check if there is more than 1 transform map ?
https://xxx.service-now.com/sys_transform_map_list.do?sysparm_query=target_table%3Dsys_user%5Eactive%3Dtrue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2018 01:44 PM
In that list there are 5 entries....3 have *_saml_user* in their Source table name.
One is imp_user
And finally there is an ldap_import.
Thanks,
ER
