Layton ServiceDesk - Utilities - LDAP Import End User
Contents |
Setting up the LDAP (Active Directory) Connection
The LDAP End User import function allows you to connect to an Active Directory server or multiple servers and pull back user information. The import can be processed manually or can be configured to allow Layton ServiceDesk to automatically create and update (but not remove) end users from information captured from Active Directory.
Field mappings (Map Fields button) can be specified to ensure that all required data is captured and filters (Filter Users button) provide the ability to select which OUs or Users are imported.
To set up an LDAP connection go to Administration > Utilities > LDAP (Active Directory) Import End User. Any existing LDAP connections will be displayed in the list. To create a new connection click the Add button and then a pop up dialog will appear with the following configuration settings:
Server Name
This is simply a name used to identify this LDAP connection. It is not mandatory and any value can be entered.
LDAP Active Directory
This setting contains the type of LDAP connection. At this stage only Active Directory is supported and so the two options are Active Directory of none.
LDAP Server
This contains the LDAP Server to connect to. An example string is as follows: LDAP://SERVER1
Where SERVER1 is the LDAP server name to connect to.
LDAP User
Specify the user account that will be used to access the LDAP server. The account used will need to have permission to access the LDAP server.
LDAP Password
The password for the LDAP User account above.
Filter End Users with Empty Email
If turned on Layton ServiceDesk will not import any Active Directory users if they do not have an email address.
LDAP End User Auto Import
This contains the frequency at which the import is run. Settings are Never, Hourly and Daily at a specified hour. If you are only to run manual imports, you should specify Never. The automatic import is run by the Layton ServiceDesk background process and does not require any Analyst intervention or an Analyst to be logged in the system.
Import AD End User Default Password
This allows you to specify a default Password used by all End Users imported from AD. This is useful for new End Users so that the same password can be given out and then changed by the End User if allowed for subsequent logins.
Company
This field will only be displayed if you have turned on the Company Level feature in Administration > System Settings > Application Settings. See the Company section for more information. If you are supporting End Users from multiple companies then you can assign the End Users from this LDAP connection to a particular company. You will need to have created the Companies first in Administration > Users & Groups > Manage Company.
Once the LDAP connection has been saved it will be displayed in the list of LDAP connections along with options to Map fields, Filter Users & Groups, view the log file and manually run the import.
Setting up Active Directory Mappings & Filters
To complete the set up of the Active Directory connection the field mappings and filters need to be configured. Once the LDAP connection has been configured as outlined in the above section the Mappings and Filters can then be applied by clicking on Map Fields button or Filter button in the LDAP connection list.
Active Directory Attribute Mapping
Selecting the Map Fields button will allow you to select an End User field and map this to an Active Directory Attribute.
If the sys_eusername field is not mapped it will be mapped by default to the login name of the directory user. The Active Directory attribute is a free type field as Versions of Active Directory are extensible and can have custom attributes attached to them. A list of standard Active Directory Attributes for 2000/2003 domains are shown below:
| 2000 Server Domain | 2003 Server Domain | Fields to Map |
|---|---|---|
| sys_email | ||
| name | samaccountname | sys_eusername |
| givenname | givenname | sys_forename |
| sn | sn | sys_surname |
| department | department | sys_eclient_id |
| DisplayName | DisplayName | Map to user defined field |
To obtain a complete list of LDAP attribute names we recommend using the LDP.exe tool which is included in the support tools kit from the server Operating System CD.
If you would like to map additional Active Directory attributes to new user defined End User fields then these fields will first need to be created in Administration | Data Design | End User Data.
Filtering Users & Organizational Units
Selecting the Filter button in the LDAP connection list will allow you to select which OU’s and/or Users are to be imported. The Active Directory tree structure will be displayed with OU’s indicated by a folder button and Users represented by a user button . Simply select which OUs and/or Users you wish to import. Click the save button to save the filter settings.
Retrieving Active Directory Attributes
Running the Import
The LDAP Active Directory import will run automatically according to the setting specified in the “LDAP End User Import” section of the LDAP configuration settings. If this field was set to “Never” the import can be run manually by clicking the Import Users button . This runs the Import in three steps and outputs the results to a log file.
- The import checks for all End Users in Layton ServiceDesk that are not in Active Directory. These users are written to the Log file. They can be dealt with by the Layton ServiceDesk Administrator at a later time.
- The import checks for all End Users in Layton ServiceDesk that are present in Active Directory. If they are included in the Filter then these users are updated with data from Active Directory and written to the Log file.
- The import checks for all users in Active Directory that are not listed as End Users in Layton ServiceDesk. If they are selected in the filter then Layton ServiceDesk will create these End Users from Active Directory. These users are also written to the Log file.
