Updating users/groups via LDAP not working anymore.

hafka
Kilo Explorer

‎01-21-2013 02:43 AM

Users/groups have been updated from LDAP. This used to work, but now the connection seems to be partially broken.

Observations:
If a new user is created to AD, it is not created to Service-now.com instance.
If a new group is created to AD, it is created to Service-now.com instance. However the group is empty.
If members are modified in existing group, the change is not replicated to Service-now.com instance.
We have the same problem in TEST,DEV and PROD instances.

LDAP log is attached.
Import scripts haven't been changed recently.

Preview file
1 KB
0 Helpfuls
  • 2,106 Views
4 REPLIES 4

Kostya
Tera Guru

‎01-21-2013 07:14 AM

Hi,

try to double check your User search condition within LDAP OU definitions. Test with an empty Filter or an out of the box one.
"Unbalanced parenthesis" isounds like a bad Regex condition

Kind regards
Konstantin


Hit the Thumb Icon and/or mark as Correct, if my answer was correct. So you help others to see correct responses and I get fame 🙂

Cheers,
Kostya
0 Helpfuls

hafka
Kilo Explorer
In response to Kostya

‎01-21-2013 10:18 PM

LDAP OU Definition for users is:
(&(objectClass=person)(sn=*)(!(objectClass=computer))))

New groups replicate to service-now.com so I do not think that OU filter is causing any problems.

Users are not updated to groups, so here is table transform map for group import:

ldapUtils.setManagerField('u_managedby');
ldapUtils.setManager(source, target);

target.u_managed_services = true;
target.sys_domain.setDisplayValue("global");
target.company.setDisplayValue("XXX");
target.description = "Last updated "+gs.nowDateTime();


User import table transform map is a little bit more complex, but I tried replacing it with this one (copy/paste from demo)

ldapUtils.setManager(source, target);
target.ldap_server = source.sys_import_set.data_source.ldap_target.server;

It did not solve the issue.


0 Helpfuls

hafka
Kilo Explorer
In response to hafka

‎01-23-2013 03:50 AM

Actually this was the problem:

LDAP OU Definition for users is:
(&(objectClass=person)(sn=*)(!(objectClass=computer))))
It should be:
LDAP OU Definition for users is:
(&(objectClass=person)(sn=*)(!(objectClass=computer)))
Now our LDAP problem is solved.


0 Helpfuls

ahatem
Mega Expert

‎02-21-2018 12:08 PM

I have the same issue, information for the user been updated on AD or LDAP but is not changing on Service now, it was working before but now is not

0 Helpfuls