Steve Giller Posted January 3, 2017 Share Posted January 3, 2017 As you can see from the screen grab, my basic user import from AD is assigning each customer as their own manager. I've attached the config file, any ideas how I can fix this? The manager portion is, as far as I'm aware, unchanged from the defaults. basic_user_import_conf.json Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 3, 2017 Share Posted January 3, 2017 @DeadMeatGF Can you please post a screen grab of what the manager field looks like in AD? Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 3, 2017 Share Posted January 3, 2017 Also "UserProfileMapping":{ "MiddleName":"", "JobDescription":"Derby College Employee", "Manager":"[displayName]" } The line "Manager":"[displayName]", should be "Manager":"", Link to comment Share on other sites More sharing options...
Steve Giller Posted January 3, 2017 Author Share Posted January 3, 2017 Thanks Trevor - I didn't spot that. If you find that it's not in the default config please let me know, as I haven't altered that and there's only one other person with access, so I'll be able to have a polite word about not messing with things when they aren't fully aware of the consequences! Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 3, 2017 Share Posted January 3, 2017 Hi Steve Its not in the default configuration in github https://github.com/hornbill/goLDAPUserImport/blob/master/conf.json Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted January 3, 2017 Author Share Posted January 3, 2017 Thanks Trevor, I shall have a chat with the rest of the team about change management 1 Link to comment Share on other sites More sharing options...
Steve Giller Posted January 4, 2017 Author Share Posted January 4, 2017 OK, so now I'm getting the distinguishedName (see attached) but most of these are longer than allowed, and as the user IDs are sAMAccountName will having the dN in there resolve back correctly, or do I need to tweak further? Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 Hi Steve Is your Config for UserManager as it was when you attached the configuration file? "UserManagerMapping":{ "Action":"Both", "Enabled":true, "Attribute":"[manager]", "GetIDFromName":true, "Regex":"CN=(.*?)(?:,[A-Z]+=|$)", "Reverse":true }, Looking at your distinguishedName example you might want to disable Reverse in the config and set it to false as your CN attribute appears in the correct order? Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted January 5, 2017 Author Share Posted January 5, 2017 Hi Trevor, it is, yes. I wouldn't expect to see the CN appearing in the user details, though, I'd expect to see the manager's name. Should I be using the [manager] AD attribute or do I use the [sAMAccountName] as this maps to the user's ID in Service Manager? I re-ran it with "Reverse":false which hasn't changed anything. I've also noticed that if I access a co-worker (not in the admin tool) I getThe maximum length of the value in element <userId> was expected to be 64 but was actually 114 at location '/methodCall/params/userId' Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 Hi Steve What should be happening is we query the LDAP attribute that holds the managers name for a given user typically this is manager, the field typically contains a distinguishedName so we run the regex to grab the name out of the distinguishedName string, we then looking the userId in Hornbill for that name and use that as the value of Manager when updating or creating a given user. Whats happening here is the manager id is being set as the distinguishedName which will cause issues when we assume its a valid user id in other areas of the application thus the error you are seeing. Can you ping me over your LDAP import log in a PM as it will likely contain sensitive information. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted January 5, 2017 Author Share Posted January 5, 2017 Right - I'm with it now. I believe the issue is that the Regex will pull back, for example, 'Steve Giller' (from 'CN=steve.giller,OU=General User Accounts,OU=...') but my UserID is 'Giller_S' (or, for newer staff, 'Steve.Giller') btw; Sorry for not sticking the manager field in a regex checker sooner, if I had that would have been apparent from the start! Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 Hi Steve No Worries, yeah what we do is search hornbill for users with the name Steve Giller then use the id we have in the hornbill database for that user. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted January 5, 2017 Author Share Posted January 5, 2017 I've sent the config and log files in a PM, On the last run it simply didn't import any managers at all! Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 I found an issue with the code that would prevent the manager from ever being imported when the action is set to Update, working on a fix for that now. Link to comment Share on other sites More sharing options...
Steve Giller Posted January 5, 2017 Author Share Posted January 5, 2017 Oooh! I think this could be the first time with Service Manager that the issue isn't me getting it wrong! 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 Yeah there is at least one issue i have found here: i have sent you an email with an updated import tool to run when you get a moment. There is likely to be a second issue where the code assume the names are separated with a , and i can see in your example its a . but i have added some debugging to show these in the logs and corrected the Update action issue. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Steve Giller Posted January 5, 2017 Author Share Posted January 5, 2017 Our IDs are separated with a . but the names (displayName attribute) are still separated with a space. 1 Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 5, 2017 Share Posted January 5, 2017 Thanks for confirming the fix is working for anyone else a formal release of the LDAP User Import tool 2.0.6 can be found here: https://github.com/hornbill/goLDAPUserImport/releases/tag/v2.0.6 Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now