Guest Posted February 25, 2016 Share Posted February 25, 2016 Hi I've been working through the implementation of the LDAP User Import script and have a problem with user account I've created within Hornbilll to use within the config. The Wiki instructions say that the account needs create and update rights. I've created a role for the account and given rights to Manage, Create and Update Users. When I run the exe it now fails saying that the account needs rights to the swdata database. Could someone let me know the permissions I need to assign within the Database section to allow this to function with least privilege. I have successfully run the import under an Admin Role but don't want to leave it in this state. Cheers Mark Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 25, 2016 Share Posted February 25, 2016 Hi Mark I will create a role with the minimum set of rights required to run the import tool let you know. It might be worth us dropping the role in as a default role for the system but i will post the list of Database Table rights required. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 26, 2016 Share Posted February 26, 2016 Hi Mark I have updated the wiki documentation with the required rights to run the import tool. https://wiki.hornbill.com/index.php/LDAP_User_Import#Required_Permissions Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Guest Posted February 26, 2016 Share Posted February 26, 2016 Hi Trevor, Thanks very much for responding and updating the wiki, I will change my role settings and test. Kind regards Mark Link to comment Share on other sites More sharing options...
Guest Posted February 26, 2016 Share Posted February 26, 2016 Just tested the role permissions and the update was successful, thanks for turning this around so quickly. Cheers Mark Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 26, 2016 Share Posted February 26, 2016 Hi Mark My pleasure, We have added a default System Role [user Import] which will be available in the a server release in the next few weeks, i will post back here once its available. This role will be kept up to date with any permissions changes needed by the User Import Tool. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Guest Posted February 26, 2016 Share Posted February 26, 2016 Got a further question for you re the import. I am being asked to assign any accounts created by the script to its site and also add to the correct group within the organisation table. The department field within LDAP matches the group names setup in the orgnaisation. Is this possible, if yes what extra permissions are required? Cheers Mark Link to comment Share on other sites More sharing options...
TrevorKillick Posted February 26, 2016 Share Posted February 26, 2016 Hi Mark, Currently you can only add users to sites for this to work you need to have the name of the site as is appears in Hornbill in a attribute in LDAP. https://wiki.hornbill.com/index.php?title=LDAP_User_Import#SiteLookup There is no current functionality to add users to Groups or Organisations this is planned for future versions of the tool. The permissions required to add a user to a Site are included in the permissions i posted. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Guest Posted March 1, 2016 Share Posted March 1, 2016 Hi Trevor, I just tried running the LDAP Import Utility, however correct me if I'm wrong but I seem to be getting this issue in the logs as described: 2016/03/01 13:10:34 [DEBUG] LDAP User: hornbill_test 2016/03/01 13:10:34 [DEBUG] Create User: hornbill_test 2016/03/01 13:10:34 [DEBUG] Auto Generated Password for: hornbill.test - blah blah 2016/03/01 13:10:34 [ERROR] Unable to Load LDAP Attribute: telephoneNumber For Input Param: Phone 2016/03/01 13:10:34 [ERROR] Unable to Load LDAP Attribute: mobile For Input Param: Mobile 2016/03/01 13:10:34 [ERROR] Unable to Create User: User already exists with account status: active 2016/03/01 13:10:35 [DEBUG] Logout 2016/03/01 13:10:35 [ERROR] Error Count: 1 2016/03/01 13:10:35 [ERROR] Check Log File for Details 2016/03/01 13:10:35 [DEBUG] Updated: 0 2016/03/01 13:10:35 [DEBUG] Updated Skipped: 0 2016/03/01 13:10:35 [DEBUG] Created: 0 2016/03/01 13:10:35 [DEBUG] Created Skipped: 0 2016/03/01 13:10:35 [DEBUG] Time Taken: 1.0991099s 2016/03/01 13:10:35 [DEBUG] ---- XMLMC LDAP Import Complete ---- I thought we could update the users even AFTER we have imported them into Service Manager? Thanks. Ainul. Link to comment Share on other sites More sharing options...
TrevorKillick Posted March 1, 2016 Share Posted March 1, 2016 Hi Ainul, Can you log a call with support so we can a look at this i would need to see the entire configuration file and log file to confirm what is going on but updating users does / should work? Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Guest Posted March 1, 2016 Share Posted March 1, 2016 Thanks Trevor for the speedy response! I've logged this with support now. Ainul. Link to comment Share on other sites More sharing options...
Recommended Posts