Hello,

We are trying to synchronize users via LDAP.
The LDAP is set up to connect via MID server.

The problem we are facing is with mapping user's company configured in LDAP with the user's company record in SNOW.
User's company comes from the LDAP in the form of a dn (e.g. ceSebaId=xxx,cn=Companies,cn=BusinessObjects,cn=EN-Entitlement), but Companies in SNOW are not synchronized via LDAP and SNOW knows nothing about a that dn. In the company's record in LDAP there is an attribute by which the company record in SNOW can be uniquely identified.

I see two options:
1. Synchronize the companies => add a field in SNOW (core_company table) to store the LDAP dn of a company.
2. Create a script in the user's transform map to retrieve a company (and its unique attribute known in SNOW) from LDAP for each user record to be processed.

For some reason we're not able to retrieve any records from LDAP via script.
Test server and test server URL connections return success, but fetching records results in an error. Depending on how the servers are configured - IP or hostname, the errors are different
* servers configured with IP
LDAP API - LDAPLogger : {ldap server IP}:389
LDAP API - LDAPLogger : Communication error: {ldap server IP}:389
LDAP API - LDAPLogger : java.net.SocketTimeoutException: connect timed out
* servers configured with hostname
LDAP API - LDAPLogger : {ldap server hostname}:389
LDAP API - LDAPLogger : Communication error: {ldap server hostname}:389
LDAP API - LDAPLogger : java.net.UnknownHostException: {ldap server hostname}

Given the 2 errors above I think the MID server is not being used when fetching records from LDAP via the script below.
From the code the 'env' variable after ldap.setup() has the following value:
{java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=CE_SNowReadUsersAdmin,cn=EN-Entitlement, com.sun.jndi.ldap.connect.timeout=20000, java.naming.ldap.attributes.binary=objectsid objectguid, java.naming.ldap.derefAliases=never, com.sun.jndi.ldap.read.timeout=30000, java.naming.provider.url=ldap://{ldap server hostname}:389 ldap://{ldap server hostname}:389, java.naming.security.authentication=simple, java.naming.security.credentials={LDAP user password}}
It seems to contain connection details like server URLs, username, password etc, but nothing about a MID server. Is this normal?

Questions:
1. What would be the preferred way of mapping company to a user record in terms of performance?
2. What would be a code example for LDAP connection via MID server? Is it supported?

var step=0;
var ldapServer = new GlideRecord("ldap_server_config");
ldapServer.addQuery('name', 'Unify Central Entitlement');
ldapServer.addActiveQuery();
ldapServer.query();
ldapServer.next();
gs.log('step: ' + step++);
testServerURLConnections(ldapServer.sys_id.toString());
gs.log('step: ' + step++);
testServerConnection(ldapServer.sys_id.toString());
gs.log('step: ' + step++);
var ldap = new GlideLDAP();
ldap.setConfigID(ldapServer.sys_id.toString());
var env = ldap.setup();
gs.log(env);
gs.log('step: ' + step++);
var query = "(ceGALoginName=test@test.com)";
var result = ldap.getMatching('',query,true,1);
gs.log('step: ' + step++);
gs.log(result);
gs.log('step: ' + step++);

if(!JSUtil.nil(result)){
while(test = result.next()){
var strResult = test.toString();
gs.log(strResult);
}
} else {
gs.log("ERROR");
}



function testServerURLConnections(sys_id) {
var serverSysId = sys_id;
var markUpAuthoritative = true;
var markDownAuthoritative = true;
var ldapConnectionTester = new GlideLDAPTestConnectionProcessor(serverSysId, null, markUpAuthoritative, markDownAuthoritative);
var testResult = false;
try {
testResult = ldapConnectionTester.testServerURLConnections();
var allURLConnResults = gs.getSession().getProperty("ldap_test.all_urls.result");
// Clear results in session
gs.getSession().clearProperty("ldap_test.all_urls.result");

var urlresultIterator = allURLConnResults.iterator();
var allSuccessful = true;
while(urlresultIterator.hasNext()) {
var ldapURL = urlresultIterator.next();

gs.log('id: ' + ldapURL.getID());
gs.log('url: ' + ldapURL.getURL());
gs.log('code: ' + ldapURL.getTestErrorCode());
gs.log(ldapURL.getTestErrorMessage());
}
} catch(e) {
gs.log('error: ' + e.getMessage());
}
return testResult;
}

function testServerConnection(sys_id) {
var serverSysId = sys_id;
var ldapConnectionTester = new GlideLDAPTestConnectionProcessor(serverSysId, null);
var testResult = false;
try {
testResult = ldapConnectionTester.testConnection();
gs.log('code: ' + gs.getSession().getProperty("ldap_test.errorCode"));
gs.log(gs.getSession().getProperty("ldap_test.errorMessage"));
}catch(e) {
gs.log('error: ' + e.getMessage());
}
return testResult;
}


The code above gives the following output:
* for server URLs configured by IP
*** Script: step: 0
*** Script: id: d685d39ddbfbf380638de1aa4b961939
*** Script: url: ldap://{ldap server IP}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: id: e015971ddbfbf380638de1aa4b96193b
*** Script: url: ldap://{ldap server IP}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: step: 1
LDAPConnectionViaMidServerTester.testConnection ldap://{ldap server IP}:389 ldap://{ldap server IP}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: step: 2
*** Script: {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=CE_SNowReadUsersAdmin,cn=EN-Entitlement, com.sun.jndi.ldap.connect.timeout=20000, java.naming.ldap.attributes.binary=objectsid objectguid, java.naming.ldap.derefAliases=never, com.sun.jndi.ldap.read.timeout=30000, java.naming.provider.url=ldap://{ldap server IP}:389 ldap://{ldap server IP}:389, java.naming.security.authentication=simple, java.naming.security.credentials={LDAP user password}}
*** Script: step: 3
LDAP API - LDAPLogger : {ldap server IP}:389
LDAP API - LDAPLogger : Communication error: {ldap server IP}:389
LDAP API - LDAPLogger : java.net.SocketTimeoutException: connect timed out
*** Script: step: 4
*** Script: null
*** Script: step: 5
*** Script: ERROR

* for server URLs configured by hostname
*** Script: step: 0
*** Script: id: d685d39ddbfbf380638de1aa4b961939
*** Script: url: ldap://{ldap server hostname}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: id: e015971ddbfbf380638de1aa4b96193b
*** Script: url: ldap://{ldap server hostname}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: step: 1
LDAPConnectionViaMidServerTester.testConnection ldap://{ldap server hostname}:389 ldap://{ldap server hostname}:389
*** Script: code: 0
*** Script: Connected successfully
*** Script: step: 2
*** Script: {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.security.principal=cn=CE_SNowReadUsersAdmin,cn=EN-Entitlement, com.sun.jndi.ldap.connect.timeout=20000, java.naming.ldap.attributes.binary=objectsid objectguid, java.naming.ldap.derefAliases=never, com.sun.jndi.ldap.read.timeout=30000, java.naming.provider.url=ldap://{ldap server hostname}:389 ldap://{ldap server hostname}:389, java.naming.security.authentication=simple, java.naming.security.credentials={LDAP user password}}
*** Script: step: 3
LDAP API - LDAPLogger : {ldap server hostname}:389
LDAP API - LDAPLogger : Communication error: {ldap server hostname}:389
LDAP API - LDAPLogger : java.net.UnknownHostException: {ldap server hostname}
*** Script: step: 4
*** Script: null
*** Script: step: 5
*** Script: ERROR