Layton ServiceDesk - FAQ - Active Directory Field Mapping
Contents |
Overview
To complete the setup of the Active Directory connection the field mappings and filters need to be configured. Click the Map Fields button 
or Filter button 
in the LDAP connection list.
Active Directory Attribute Mapping
Selecting the Map Fields button will allow you to select an End User field and map this to an Active Directory Attribute.
If the sys_eusername field is not mapped it will be mapped by default to the login name of the directory user.
The Active Directory attribute is a free type field as versions of Active Directory are extensible and can have custom attributes attached to them.
A list of standard Active Directory Attributes for 2000/2003 domains are shown below:
| 2000 Server Domain | 2003 Server Domain | Fields to Map |
|---|---|---|
| sys_email | ||
| name | samaccountname | sys_eusername |
| givenname | givenname | sys_forename |
| sn | sn | sys_surname |
| department | department | sys_eclient_id |
| DisplayName | DisplayName | Map to user defined field |
Retrieving Additional Active Directory Attributes
Above are the most common settings for most domains, however these may not work in every environment. The most effective way to obtain the LDAP mappings for your domain is to run the LDP tool.
- Log into the LDAP server as a domain admin.
- Run LDP.exe.
- From the Connection menu, click Connect.
- In the Connect pop up, ensure the Domain controller's machine name appears, and leave the rest as default, then click OK. You should now see some information about the Active Directory schema.
- From the Connection menu, click Bind.
- A Bind window will pop up asking for your user name and password. Enter these credentials. Ensure the correct domain name appears in the Domain box.
- Click OK.
- Click the View menu and select Tree.
- A Tree view pop up will appear, asking for a BaseDN. Leave it blank and click OK.
- In the left-hand pane, you should now see a tree structure of the different OUs that have been created in Active Directory. Expand an OU.
- You should now see a list of users identified as an LDAP string. Double-click one of the user strings in the left-hand pane.
- In the right-hand pane, you should now see the user within the pane.
All LDAP attribute names are now clearly identified showing something like this:
Expanding base 'CN=Glenn Parker,CN=Users,DC=domain,DC=local'... Result <0>: (null) Matched DNs: Getting 1 entries: >> Dn: CN=Glenn Parker,CN=Users,DC=domain,DC=local 1> memberOf: CN=users,CN=Builtin,DC=domain,DC=local; 1> accountExpires: 9223374567854775807; 1> adminCount: 0; 1> badPasswordTime: 14658789812203906250; 1> badPwdCount: 1; 1> codePage: 0; 1> cn: Glenn Parker; 1> countryCode: 0; 1> department: Accounting; 1> displayName: Glenn Parker; 1> mail: [email protected]; 1> givenName: Glenn Parker; 1> instanceType: 4; 1> lastLogoff: 0; 1> lastLogon: 127590245253906250; 1> logonCount: 2; 1> distinguishedName: CN=Glenn Parker,CN=Users,DC=domain,DC=local; 1> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local; 4> objectClass: top; person; organizationalPerson; user; 1> objectGUID: 5a3456cb-9723-4r123-8172-06231223b048; 1> objectSid: S-15-B2768d30-1E9285F2-8Fc3EE1G-414; 1> primaryGroupID: 513; 1> pwdLastSet: 127590244556093750; 1> name: Glenn Parker; 1> sAMAccountName: Gparker; 1> sAMAccountType: 8023016168; 1> userAccountControl: 64546; 1> userPrincipalName: [email protected]; 1> uSNChanged: 52347; 1> uSNCreated: 6719; 1> whenChanged: 4/26/2005 17:27:35 Eastern Standard Time `Eastern Standard Time; 1> whenCreated: 8/23/2004 8:52:4 Eastern Standard Time Eastern Standard Time;
Note
Any fields to be imported from Active Directory that are not already identified in ServiceDesk (e.g. Address, State, Zip, etc.), will need to be added to the user table via Settings > Data Design > End User Data.
Once you have added your custom fields, go to Form Design > End User to add the new user-defined fields.
When the import runs, it will allow you to populate these fields.
Filtering Users & Organizational Units
Selecting the Filter button in the LDAP connection list will allow you to select which OUs and/or users are to be imported. The Active Directory tree structure will be displayed with OUs indicated by a folder button and users represented by a user button. Select which OUs and/or users you wish to import. Click the save button to save the filter settings.
Running the Import
The LDAP Active Directory import will run automatically according to the setting specified in the LDAP End User Import section of the LDAP configuration settings. If this field was set to Never the import can be run manually by clicking the Import Users button . This runs the Import in three steps and outputs the results to a log file.
The import checks for:
- All End Users in Layton ServiceDesk that are not in Active Directory. These users are written to the Log file. They can be dealt with by the Layton ServiceDesk Administrator at a later time.
- All End Users in Layton ServiceDesk that are present in Active Directory. If they are included in the Filter then these users are updated with data from Active Directory and written to the Log file.
- All users in Active Directory that are not listed as End Users in Layton ServiceDesk. If they are selected in the filter then Layton ServiceDesk will create these End Users from Active Directory.
These users are also written to the Log file, which can be viewed by clicking the View Log button.
