Jump to content

LDAP import: Associating Roles to Hornbill User Accounts


Steve Giller
 Share

Recommended Posts

I'm way behind the curve and have only just upgraded to the latest LDAP import.

What happened the first time it ran was that the Roles all reset to the four basic defaults I have, and all users reverted to Basic rather than Full.
Which means I did something very wrong! This confuses me as I imported the working conf file from the old version - so I'm not sure exactly where I messed up, unless there's a new option that I have misconfigured or neglected to configure.

 

{
  "User": {
    "AccountMapping": {
      "UserId": "[sAMAccountName]",
      "UserType": "basic",
      "Name": "[displayName]",
      "Password": "",
      "FirstName": "[givenName]",
      "LastName": "[sn]",
      "JobTitle": "[title]",
      "Site": "",
      "Phone": "",
      "Email": "[userPrincipalName]",
      "Mobile": "[mobile]",
      "AbsenceMessage": "",
      "TimeZone": "",
      "Language": "",
      "DateTimeFormat": "",
      "DateFormat": "",
      "TimeFormat": "",
      "CurrencySymbol": "",
      "CountryCode": ""
    },
    "UserDN": "[distinguishedName]",
    "Type": {
      "Action": "Both",
      "Value": "user"
    },
    "Status": {
      "Action": "Both",
      "Value": "active"
    },
    "Role": {
      "Action": "Both",
      "Roles": [
        "Basic User Role",
        "Self Service User",
        "Hornbill Authorised Guest",
        "Service Manager Authorised Guest"
      ]
    },
    "ProfileMapping": {
      "MiddleName": "",
      "JobDescription": "[title]",
      "Manager": "",
      "WorkPhone": "",
      "Qualifications": "",
      "Interests": "",
      "Expertise": "",
      "Gender": "",
      "Dob": "",
      "Nationality": "",
      "Religion": "",
      "HomeTelephone": "",
      "SocialNetworkA": "",
      "SocialNetworkB": "",
      "SocialNetworkC": "",
      "SocialNetworkD": "",
      "SocialNetworkE": "[userPrincipalName]",
      "SocialNetworkF": "",
      "SocialNetworkG": "",
      "SocialNetworkH": "",
      "PersonalInterests": "",
      "homeAddress": "",
      "PersonalBlog": "",
      "Attrib1": "",
      "Attrib2": "",
      "Attrib3": "",
      "Attrib4": "",
      "Attrib5": "",
      "Attrib6": "",
      "Attrib7": "",
      "Attrib8": ""
    },
    "Manager": {
      "Action": "Both",
      "Value": "[manager]",
      "Options": {
        "GetStringFromValue": {
          "Reverse": true,
          "Regex": ""
        },
        "MatchAgainstDistinguishedName": true,
        "Search": {
          "Enable": false
        }
      }
    },
    "Image": {
      "Action": "Both",
      "UploadType": "AD",
      "InsecureSkipVerify": true,
      "ImageType": "jpg",
      "Value": "[thumbnailPhoto]",
      "URI": "[thumbnailPhoto]"
    },
    "Site": {
      "Action": "Both",
      "Value": "[streetAddress]"
    },
    "Org": [
      {
        "Options": {
          "OnlyOneGroupAssignment": false,
          "Type": 5,
          "Membership": "member",
          "TasksView": false,
          "TasksAction": false
        },
        "Action": "Both",
        "Value": "Derby College"
      }
    ]
  },
  "LDAP": {
    "Server": {
      "keySafeID": 10,
      "InsecureSkipVerify": false,
      "Debug": false,
      "ConnectionType": "SSL"
    },
    "Query": {
      "Attributes": [
        "cn",
        "distinguishedName",
        "sn",
        "telephoneNumber",
        "mobile",
        "sAMAccountName",
        "userPrincipalName",
        "givenName",
        "description",
        "department",
        "manager",
        "thumbnailPhoto",
        "sAMAccountName",
        "cn",
        "displayName",
        "givenName",
        "sn",
        "title",
        "userPrincipalName",
        "telephoneNumber",
        "mobile",
        "distinguishedName",
        "manager",
        "streetAddress",
        "description",
        "thumbnailPhoto",
        "physicalDeliveryOfficeName",
        "company",
        "department"
      ],
      "Scope": 2,
      "DerefAliases": 1,
      "TypesOnly": false,
      "SizeLimit": 0,
      "TimeLimit": 0,
      "Filter": "(objectClass=user)",
      "DSN": "OU=General User Accounts..."
    }
  },
  "Advanced": {
    "LogLevel": 2,
    "LogRetention": 28,
    "PageSize": 500
  },
  "version": 4
}

Anyone know where I messed up?

Link to comment
Share on other sites

@DeadMeatGF

I'm not at my work PC at the moment so cannot double check if what I am saying is correct but have you configured the configs via the Hornbill Admin Tool?

The configs are set up on Hornbill, then you use a .bat file (or in my case a powershell .PS1 file) to run the LDAP_Import and it points to the name of the config you set up on Hornbill in Administration.

Link to comment
Share on other sites

@samwoo @James Ainsworth

I'm using the Admin Portal with the existing configuration uploaded from the old on-prem solution.

Having slept on it I suspect having the "Type" Action set to "Create and Update" was the reason - if that is the case is this value best left to "No Action" or "Create Only" when this import is picking up new users?
I assume a newly created user defaults to "Basic"

2018-10-26.png

Link to comment
Share on other sites

On 10/26/2018 at 8:34 AM, DeadMeatGF said:

I suspect having the "Type" Action set to "Create and Update" was the reason

Yes

On 10/26/2018 at 8:34 AM, DeadMeatGF said:

I assume a newly created user defaults to "Basic"

Depends on the configuration in user account mapping...

image.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...