gwynne Posted April 8, 2016 Posted April 8, 2016 First Question: Does the ldap update fields that change in AD to Hornbill? If it does I have changed a bit of the ldap scrip to bring in the DDI rather than the Extension in the phone field however the users in hornbill are not getting the updated data?
TrevorKillick Posted April 10, 2016 Posted April 10, 2016 Hi Gareth, Yes the LDAP Mappings will update the available fields if anything in AD changes then the user accounts will be updated. Currently we do not have extension available only fields available in the userUpdate API can currently be used: https://betaapi.hornbill.com/hornbill/xmlmc/admin/?op=userUpdate We are working on making the extended profile details found in collaboration available to the LDAP Import utility, currently we are waiting on the API's to be completed and rolled out then the Import Utility will be updated, this should allow you to import into any custom profile fields you need. I will reply to this thread once this is available. Kind Regards Trevor Killick
gwynne Posted April 11, 2016 Author Posted April 11, 2016 The updates don't seem to be working, we originally had the phone field concatenate DDI and Extension from The Telephone number field and the Home number field, however due to length we have to reduce to just the telephone number field , this is now not changing the details is there anything in the below script what will stop this "InstanceId": "bits", "UpdateUserType": false, "LDAPConf": { "Server": "kent.benenden.org.uk", "UserName": "", "Password": "", "Port": 389, "Scope": 2, "DerefAliases": 1, "SizeLimit": 0, "TimeLimit": 0, "TypesOnly": false, "Filter": "(&(objectClass=user)(mail=*)(memberof:1.2.840.113556.1.4.1941:=CN=zAllHospitalStaff,OU=Distribution Groups,DC=kent,DC=benenden,DC=org,DC=uk)(!(manager=CN=Doctors Consortium,OU=System Accounts,DC=kent,DC=benenden,DC=org,DC=uk))(!(manager=CN=Jackie Kinch,OU=Win7Users,OU=Ophthalmology Scanloc,OU=Groups,DC=kent,DC=benenden,DC=org,DC=uk)))", "DSN": "OU=Groups,DC=kent,DC=benenden,DC=org,DC=uk" }, "LDAPMapping":{ "UserId":"[mail]", "UserType":"basic", "Name":"[cn]", "Password":"", "FirstName":"[cn]", "LastName":"[sn]", "JobTitle":"[title]", "Site":"[physicalDeliveryOfficeName]", "Phone":"[HomePhone]", "Email":"[mail]", "Mobile":"[mobile]", "AbsenceMessage":"", "TimeZone":"", "Language":"", "DateTimeFormat":"", "DateFormat":"", "TimeFormat":"", "CurrencySymbol":"£", "CountryCode":"" }, "LDAPAttirubutes":[ "cn", "sn", "sAMAccountName", "userPrincipalName", "givenName", "description", "title", "mail", "physicalDeliveryOfficeName", "telephoneNumber", "Mobile" ], "Roles":[ "Basic User Role" ], "SiteLookup":{ "Enabled": true, "Attribute":"site" } }
TrevorKillick Posted April 11, 2016 Posted April 11, 2016 HI Gareth Looking at your configuration the LDAP Attribute you are trying to map to Phone [HomePhone] is not listed in the the LDAPAttirubutes sections. Any field you want to map from LDAP needs to be listed in this section. Kind Regards Trevor Killick
gwynne Posted April 12, 2016 Author Posted April 12, 2016 Great stuff thanks for the spot, please do keep this post in mind when you update the fields available Cheers Gareth
TrevorKillick Posted April 12, 2016 Posted April 12, 2016 Hi Gareth Not a problem, i will see if we can add a future version of the tool the ability for it to do some basic checking of the configuration file for things this like this. I will of course update this post when the additional fields are available. Kind Regards Trevor Killick
gwynne Posted April 12, 2016 Author Posted April 12, 2016 Hi Trevor Apologies for coming back to this, I am still having issues with the ldap script even after the amendment, it still does not update this field also I have notice it does not seem to be updating user details such as job title. Looking at the logs the only error I see is it cannot create as the user exists then when it shows you items updated it says 0 even though I know there should be. Any ideas?
TrevorKillick Posted April 13, 2016 Posted April 13, 2016 Hi Gareth Can you PM me you Log file and i will take a look. Kind Regards Trevor Killick
Ralf Peters Posted May 4, 2016 Posted May 4, 2016 Hi, just wanted to check the spelling in the conf.json file one of the lines read "LDAPAttirubutes" ? I ran it with the correct spelling and got all AD attributes returned. Thought it might fix my site import problem .... instead it filled up my log file with every AD property for every user. I guess the spelling is intended ? Thanks Ralf
TrevorKillick Posted May 4, 2016 Posted May 4, 2016 Hi Ralf Not exactly intended but for now it is required with the incorrect spelling. We will get this fixed for the next version. Kind Regards Trevor Killick
Ralf Peters Posted May 4, 2016 Posted May 4, 2016 Hi Trevor, thanks for the clarification . maybe you are able to spot why our site import doesn't work "LDAPMapping":{ "UserId":"[sAMAccountName]", "UserType":"basic", "Name":"[cn]", "Password":"", "FirstName":"[GivenName]", "LastName":"[sn]", "JobTitle":"[Title]", "Site":"[Office]", "Phone":"[telephoneNumber]", "Email":"[mail]", "Mobile":"[mobile]", "AbsenceMessage":"", "TimeZone":"", "Language":"", "DateTimeFormat":"", "DateFormat":"", "TimeFormat":"", "CurrencySymbol":"", "CountryCode":"" }, "LDAPAttirubutes":[ "cn", "GivenName", "sn", "Title", "Office", "telephoneNumber", "mobile", "sAMAccountName", "mail", "givenName", "description", "department" ], "Roles":[ "Basic User Role", "Self Service User" ], "SiteLookup":{ "Enabled": true, "Attribute":"[Office]" }, "OrgLookup":{ "Enabled": true, "Attribute":"[department]", "Type":2, "Membership":"member", "TasksView":false, "TasksAction":false the log file seems to indicate that the site field has no value, the department update works.. 2016/05/04 15:30:23 [DEBUG] LDAP User: mcr 2016/05/04 15:30:23 [DEBUG] Update User: mcr 2016/05/04 15:30:23 [DEBUG] LDAP Attribute [Office] 2016/05/04 15:30:23 [DEBUG] Looking Up Site 2016/05/04 15:30:23 [DEBUG] Site Lookup found Id 2016/05/04 15:30:23 [DEBUG] LDAP Attribute [department] 2016/05/04 15:30:23 [DEBUG] Looking Up Org Fundraising 2016/05/04 15:30:24 [DEBUG] Org Lookup found Id woodlandtrust/Fundraising/ 2016/05/04 15:30:24 [DEBUG] User: mcr Already Added to Organsiation: woodlandtrust/Fundraising/ I checked the site on service manager and they are the same as our AD attribute. Any ideas ? Thanks Ralf
TrevorKillick Posted May 5, 2016 Posted May 5, 2016 Hi Ralf The log is suggesting that the LDAP attribute Office against the user mcr has now value. I would check the user in AD and the value of Office against mcr i am not sure if the LDAP Attributes from AD are case sensitive. Kind Regards Trevor Killick
Steve Giller Posted May 5, 2016 Posted May 5, 2016 Is Office an AD attribute? I know we use physicalDeliveryOfficeName but I'm no AD guru! 1
Ralf Peters Posted May 5, 2016 Posted May 5, 2016 I tried to used both "Office" and "physicalDeliveryOfficeName" , both carry the same value none gets picked up Enabled : True GivenName : Ralf Name : Ralf Peters ObjectClass : user Office : Grantham physicalDeliveryOfficeName : Grantham Surname : Peters I have Nadeem looking at this as well .
TrevorKillick Posted May 5, 2016 Posted May 5, 2016 HI Ralf Sorry my bad was still a bit early remove the [ ] around Office in the Site Lookup Attribute field. Kind Regards Trevor
TrevorKillick Posted May 11, 2016 Posted May 11, 2016 Hi Gareth Importing additional profile fields is now available in the latest build of the LDAP User Import Tool https://github.com/hornbill/goLDAPUserImport/releases/tag/v2.0.0 Kind Regards Trevor Killick
gwynne Posted May 11, 2016 Author Posted May 11, 2016 Hi Trevor Thanks for that is there a list of the extended fields now available?
TrevorKillick Posted May 21, 2016 Posted May 21, 2016 Hi Gareth The available fields are defined in the UserProfileMapping section of the configuration file documented here: https://github.com/h...oLDAPUserImport Kind Regards Trevor Killick
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now