LDAP

[gwynne]

First Question: Does the ldap update fields that change in AD to Hornbill? If it does I have changed a bit of the ldap scrip to bring in the DDI rather than the Extension in the phone field however the users in hornbill are not getting the updated data?

[TrevorKillick]

Hi Gareth,

Yes the LDAP Mappings will update the available fields if anything in AD changes then the user accounts will be updated. Currently we do not have extension available only fields available in the userUpdate API can currently be used: https://betaapi.hornbill.com/hornbill/xmlmc/admin/?op=userUpdate

We are working on making the extended profile details found in collaboration available to the LDAP Import utility, currently we are waiting on the API's to be completed and rolled out then the Import Utility will be updated, this should allow you to import into any custom profile fields you need.

I will reply to this thread once this is available.

Kind Regards

Trevor Killick

[gwynne]

The updates don't seem to be working, we originally had the phone field concatenate DDI and Extension from The Telephone number field and the Home number field, however due to length we have to reduce to just the telephone number field , this is now not changing the details is there anything in the below script what will stop this "InstanceId": "bits",

"UpdateUserType": false,

"LDAPConf": {

"Server": "kent.benenden.org.uk",

"UserName": "",

"Password": "",

"Port": 389,

"Scope": 2,

"DerefAliases": 1,

"SizeLimit": 0,

"TimeLimit": 0,

"TypesOnly": false,

"Filter": "(&(objectClass=user)(mail=*)(memberof:1.2.840.113556.1.4.1941:=CN=zAllHospitalStaff,OU=Distribution Groups,DC=kent,DC=benenden,DC=org,DC=uk)(!(manager=CN=Doctors Consortium,OU=System Accounts,DC=kent,DC=benenden,DC=org,DC=uk))(!(manager=CN=Jackie Kinch,OU=Win7Users,OU=Ophthalmology Scanloc,OU=Groups,DC=kent,DC=benenden,DC=org,DC=uk)))",

"DSN": "OU=Groups,DC=kent,DC=benenden,DC=org,DC=uk"

},

"LDAPMapping":{

"UserId":"[mail]",

"UserType":"basic",

"Name":"[cn]",

"Password":"",

"FirstName":"[cn]",

"LastName":"[sn]",

"JobTitle":"[title]",

"Site":"[physicalDeliveryOfficeName]",

"Phone":"[HomePhone]",

"Email":"[mail]",

"Mobile":"[mobile]",

"AbsenceMessage":"",

"TimeZone":"",

"Language":"",

"DateTimeFormat":"",

"DateFormat":"",

"TimeFormat":"",

"CurrencySymbol":"£",

"CountryCode":""

},

"LDAPAttirubutes":[

"cn",

"sn",

"sAMAccountName",

"userPrincipalName",

"givenName",

"description",

"title",

"mail",

"physicalDeliveryOfficeName",

"telephoneNumber",

"Mobile"

],

"Roles":[

"Basic User Role"

],

"SiteLookup":{

"Enabled": true,

"Attribute":"site"

}

}

[TrevorKillick]

HI Gareth

Looking at your configuration the LDAP Attribute you are trying to map to Phone [HomePhone] is not listed in the the LDAPAttirubutes sections. Any field you want to map from LDAP needs to be listed in this section.

Kind Regards

Trevor Killick

[gwynne]

Great stuff thanks for the spot, please do keep this post in mind when you update the fields available Cheers Gareth

[TrevorKillick]

Hi Gareth

Not a problem, i will see if we can add a future version of the tool the ability for it to do some basic checking of the configuration file for things this like this.

I will of course update this post when the additional fields are available.

Kind Regards

Trevor Killick

[gwynne]

Hi Trevor Apologies for coming back to this, I am still having issues with the ldap script even after the amendment, it still does not update this field also I have notice it does not seem to be updating user details such as job title. Looking at the logs the only error I see is it cannot create as the user exists then when it shows you items updated it says 0 even though I know there should be. Any ideas?

[TrevorKillick]

Hi Gareth

Can you PM me you Log file and i will take a look.

Kind Regards

Trevor Killick

[Ralf Peters]

Hi,

just wanted to check the spelling in the conf.json file one of the lines read "LDAPAttirubutes" ?

I ran it with the correct spelling and got all AD attributes returned.

Thought it might fix my site import problem .... instead it filled up my log file with every AD property for every user.

I guess the spelling is intended ?

Thanks

Ralf

[TrevorKillick]

Hi Ralf

Not exactly intended but for now it is required with the incorrect spelling.

We will get this fixed for the next version.

Kind Regards

Trevor Killick

[Ralf Peters]

Hi Trevor,

thanks for the clarification .

maybe you are able to spot why our site import doesn't work

"LDAPMapping":{

"UserId":"[sAMAccountName]",

"UserType":"basic",

"Name":"[cn]",

"Password":"",

"FirstName":"[GivenName]",

"LastName":"[sn]",

"JobTitle":"[Title]",

"Site":"[Office]",

"Phone":"[telephoneNumber]",

"Email":"[mail]",

"Mobile":"[mobile]",

"AbsenceMessage":"",

"TimeZone":"",

"Language":"",

"DateTimeFormat":"",

"DateFormat":"",

"TimeFormat":"",

"CurrencySymbol":"",

"CountryCode":""

},

"LDAPAttirubutes":[

"cn",

"GivenName",

"sn",

"Title",

"Office",

"telephoneNumber",

"mobile",

"sAMAccountName",

"mail",

"givenName",

"description",

"department"

],

"Roles":[

"Basic User Role",

"Self Service User"

],

"SiteLookup":{

"Enabled": true,

"Attribute":"[Office]"

},

"OrgLookup":{

"Enabled": true,

"Attribute":"[department]",

"Type":2,

"Membership":"member",

"TasksView":false,

"TasksAction":false

the log file seems to indicate that the site field has no value, the department update works..

2016/05/04 15:30:23 [DEBUG] LDAP User: mcr

2016/05/04 15:30:23 [DEBUG] Update User: mcr

2016/05/04 15:30:23 [DEBUG] LDAP Attribute [Office]

2016/05/04 15:30:23 [DEBUG] Looking Up Site

2016/05/04 15:30:23 [DEBUG] Site Lookup found Id

2016/05/04 15:30:23 [DEBUG] LDAP Attribute [department]

2016/05/04 15:30:23 [DEBUG] Looking Up Org Fundraising

2016/05/04 15:30:24 [DEBUG] Org Lookup found Id woodlandtrust/Fundraising/

2016/05/04 15:30:24 [DEBUG] User: mcr Already Added to Organsiation: woodlandtrust/Fundraising/

I checked the site on service manager and they are the same as our AD attribute.

Any ideas ?

Thanks

Ralf

[TrevorKillick]

Hi Ralf

The log is suggesting that the LDAP attribute Office against the user mcr has now value.

I would check the user in AD and the value of Office against mcr i am not sure if the LDAP Attributes from AD are case sensitive.

Kind Regards

Trevor Killick

[Steve Giller]

Is Office an AD attribute?

I know we use physicalDeliveryOfficeName but I'm no AD guru!

[Ralf Peters]

I tried to used both "Office" and "physicalDeliveryOfficeName" , both carry the same value

none gets picked up

Enabled : True

GivenName : Ralf

Name : Ralf Peters

ObjectClass : user

Office : Grantham

physicalDeliveryOfficeName : Grantham

Surname : Peters

I have Nadeem looking at this as well .

[TrevorKillick]

HI Ralf

Sorry my bad was still a bit early remove the [ ] around Office in the Site Lookup Attribute field.

Kind Regards

Trevor

[Ralf Peters]

that did the trick .

Thanks

Ralf

[TrevorKillick]

Hi Gareth

Importing additional profile fields is now available in the latest build of the LDAP User Import Tool

https://github.com/hornbill/goLDAPUserImport/releases/tag/v2.0.0

Kind Regards

Trevor Killick

[gwynne]

Hi Trevor

Thanks for that is there a list of the extended fields now available?

[TrevorKillick]

Hi Gareth

The available fields are defined in the UserProfileMapping section of the configuration file documented here:

https://github.com/h...oLDAPUserImport

Kind Regards

Trevor Killick