Jump to content

LDAP User Import - Required rights


Guest
 Share

Recommended Posts

Hi I've been working through the implementation of the LDAP User Import script and have a problem with user account I've created within Hornbilll to use within the config. The Wiki instructions say that the account needs create and update rights. I've created a role for the account and given rights to Manage, Create and Update Users. When I run the exe it now fails saying that the account needs rights to the swdata database.

Could someone let me know the permissions I need to assign within the Database section to allow this to function with least privilege. I have successfully run the import under an Admin Role but don't want to leave it in this state.

Cheers

Mark

Link to comment
Share on other sites

Hi Mark

I will create a role with the minimum set of rights required to run the import tool let you know.

It might be worth us dropping the role in as a default role for the system but i will post the list of Database Table rights required.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

Hi Mark

My pleasure,

We have added a default System Role [user Import] which will be available in the a server release in the next few weeks, i will post back here once its available.

This role will be kept up to date with any permissions changes needed by the User Import Tool.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

Got a further question for you re the import. I am being asked to assign any accounts created by the script to its site and also add to the correct group within the organisation table. The department field within LDAP matches the group names setup in the orgnaisation. Is this possible, if yes what extra permissions are required?

Cheers

Mark

Link to comment
Share on other sites

Hi Mark,

Currently you can only add users to sites for this to work you need to have the name of the site as is appears in Hornbill in a attribute in LDAP.

https://wiki.hornbill.com/index.php?title=LDAP_User_Import#SiteLookup

There is no current functionality to add users to Groups or Organisations this is planned for future versions of the tool.

The permissions required to add a user to a Site are included in the permissions i posted.

Kind Regards

Trevor Killick

Link to comment
Share on other sites

Hi Trevor,

I just tried running the LDAP Import Utility, however correct me if I'm wrong but I seem to be getting this issue in the logs as described:

2016/03/01 13:10:34 [DEBUG] LDAP User: hornbill_test

2016/03/01 13:10:34 [DEBUG] Create User: hornbill_test

2016/03/01 13:10:34 [DEBUG] Auto Generated Password for: hornbill.test - blah blah

2016/03/01 13:10:34 [ERROR] Unable to Load LDAP Attribute: telephoneNumber For Input Param: Phone

2016/03/01 13:10:34 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: Mobile

2016/03/01 13:10:34 [ERROR] Unable to Create User: User already exists with account status: active

2016/03/01 13:10:35 [DEBUG] Logout

2016/03/01 13:10:35 [ERROR] Error Count: 1

2016/03/01 13:10:35 [ERROR] Check Log File for Details

2016/03/01 13:10:35 [DEBUG] Updated: 0

2016/03/01 13:10:35 [DEBUG] Updated Skipped: 0

2016/03/01 13:10:35 [DEBUG] Created: 0

2016/03/01 13:10:35 [DEBUG] Created Skipped: 0

2016/03/01 13:10:35 [DEBUG] Time Taken: 1.0991099s

2016/03/01 13:10:35 [DEBUG] ---- XMLMC LDAP Import Complete ----

I thought we could update the users even AFTER we have imported them into Service Manager?

Thanks.

Ainul.

Link to comment
Share on other sites

Hi Ainul,

Can you log a call with support so we can a look at this i would need to see the entire configuration file and log file to confirm what is going on but updating users does / should work?

Kind Regards

Trevor Killick

Link to comment
Share on other sites

  • Victor locked this topic
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...