LDAP group members not importing

rickseidencdi · ‎10-18-2017

Hello all.

I have what I believe is a common problem, but the common solutions aren't working. Simply put, we import LDAP users, and then LDAP groups, and the group membership is not populated.

Build information from our instance:

Build name: Jakarta

Build date: 09-05-2017_1648

Build tag: glide-jakarta-05-03-2017__patch3-08-23-2017

On the LDAP User import table, I expanded the u_memberof field to 4000, and the u_source field to 255.

On the LDAP Group import table, I expanded the u_members field to 4000 to get all the users in the groups, and I expanded the u_source field to 255.

My transform maps are not the out of the box transform maps, but I followed them as closely as possible. For both the user and the group mappings, I copied and pasted the scripts in the transform and the onStart/onAfter scripts exactly from the out of the box ones (although our LDAP doesn't have managers so the onStart/onAfter for the managers information is marked Active=false). I am mapping u_source to source on both group and user.

I even checked that the information in the u_members field in the group import contains actual users that are in our Users table with the correct source information.

I just don't know what else to check, or what else I'm missing.

Any help would be greatly appreciated.

Thank you!

Rick

rickseidencdi · ‎10-19-2017

I came up with the solution while falling asleep last night.

Since I recreated the transform map, I, of course, used "best practices" and enclosed my code for my onStart/onAfter scripts in the function structure that ServiceNow likes us to use. That means that the variable created in the onStart script was scoped just inside that function, and wasn't available to the onAfter script. When I removed the function structure, that scoped the variable correctly, and it was available to the onAfter script, and the membership populated no problem.

Thanks to everyone how looked and helped.

Rick

View solution in original post

gtk · ‎01-22-2018

transform map scripts for both group and group members:

while loading data from an AD for groups and group members

group member data is imported and after that, at time of transform it considers only first user

imported data :

u_member : CN=user name1,OU=Users,OU=AN,OU=User Accounts,DC=corp,DC=ACD,DC=com^CN=user name2,OU=Users,OU=Eur,OU=User Accounts,DC=corp,DC=ACD,DC=com^CN=user name3,OU=Users,OU=Australia,OU=User Accounts,DC=corp,DC=ACD,DC=com^CN=User name4OU=Users,OU=Australia,OU=User Accounts,DC=corp,DC=ACD,DC=com^CN=user name5,OU=Users,OU=Australia,OU=User Accounts,DC=corp,DC=ACD,DC=com

this is data loaded in import set table

when tranform has done then only user name1 is tranferred and user name 2, 3,4 and 5 are not stored in table

we are using a custom table to store group members - as this is our requirement

field map script:

gtk · ‎01-24-2018

we need to store group members in the custom table

and i have used both onstart and onafter transform script which you provided

and no result in it still not loading all group members in the table

rickseidencdi · ‎01-24-2018

The scripts I provided are designed to load the users into the groups, not a custom table. Like I said earlier, you'll have to look at the ldaputils code and customize\extend it to meet your needs.

I'm sorry I can't be more help than that.

Rick

marcus_redfern · ‎03-15-2019

Hi GTK - did you ever manage to import the group memberships into a different table - we have a similar requirement and if you managed it can you share how?

Thanks

marcus_redfern · ‎03-15-2019

Hi GTK - did you ever manage to import the group memberships into a different table - we have a similar requirement and if you managed it can you share how?

Thanks