CA Service Management

  • Private Community

  • 1.  LDAP Problems importing contacts of more than one LDAP Domain

    Posted May 01, 2015 08:06 AM

    Hi Team,
    I have 3 problems importing contacts os 3 LDAP domains.

     

    1. LDAP Catcher (Ldap agent not found)
    After researching and testing I found, that for each  Domain Server defined with the Perl-Script pdm_ldap_config.pl two ldap agents must be started.
    The Perl_Script calculates only one agent, so for 2 Domain Server 2 instead of 4 agents are started, which causes the error message
    „ldap agent not found“. In my environment I have 3 Domain Server, so 6 ldap agents are needed.
    I did set the option num_ldap_agents to 10 to be sure that always enough agents are available. Now all contacts of the 3 Domains were imported.
    To make the userid unique it is composed of domain-name and userid like this  domain-name\userid
    Attention! If a new Domain Server is added using pdm_ldap_config.pl the number of agents is new calculated and for each Server one instead of two agents is started,
    you have to change the variable @NX_NUM_LDAP_AGENTS in nx.env directly or uninstall and install the option, to be sure that after the restart of the Service Desk Manager
    all needed ldap agents will be started.
    After I had solved this problem 2 new did arise.

     

    2. It is not possible to update the imported contacts.
    If you use pdm_ldap_import –n "domain-name" –l "userid=‘%‘" the import tries to create all contacts once more, what is not possible because the userid must be unique,
    so only new contacts are created, but no one is updated. It looks like the import first checks if a contact with the userid oft the LDAP domain exists, of course it does not exist
    because the userid of the contact is composed of domain-name and userid. Then the import builds the userid of the domain-name and the userid and tries to create the contact
    what fails as the contact already exists.
    So I tried pdm_ldap_sync. Here we have  the same problem. The tool looks for the contact with the LDAP-userid, does not find it, as in SDM it is build of domain-name and userid
    so no update is possible.

     

    3. Problem 3 is the missing domain-name in front oft he userid of those contacts imported of the default LDAP-Domain defined in the LDAP options.
    To authenticate using EEM the domain-name in front of the userid is needed if the same userid exists in more than one domain. the userid must be unique to authenticate and
    this is reached by adding the domain-name to the userid.
    To import the contacts of  default domain you use the command pdm_ldap_import –n "" -l "userid='%'", no domain-name is specified and not used to compose the userid.
    I tried it with the command pdm_ldap_import –n "default domain-name" -l "userid='%'", now all contacts of the default domain were created once more without userid.
    I had to clean up ca_contact and usp_contact.
    Also adding the default domain-name to the userid in advance by scripting did not help. Again the contacts were created a second time now with their LDAP-userid.

     

    Has somebody an idea how to solve the problems 2 and 3?

     

    Thanks
       Baerbel



  • 2.  Re: LDAP Problems importing contacts of more than one LDAP Domain

    Posted May 04, 2015 02:46 PM

    Any help for Baerbel?

     

    Thanks

     

     

    Hi Team,
    I have 3 problems importing contacts os 3 LDAP domains.

     

    1. LDAP Catcher (Ldap agent not found)
    After researching and testing I found, that for each  Domain Server defined with the Perl-Script pdm_ldap_config.pl two ldap agents must be started.
    The Perl_Script calculates only one agent, so for 2 Domain Server 2 instead of 4 agents are started, which causes the error message
    „ldap agent not found“. In my environment I have 3 Domain Server, so 6 ldap agents are needed.
    I did set the option num_ldap_agents to 10 to be sure that always enough agents are available. Now all contacts of the 3 Domains were imported.
    To make the userid unique it is composed of domain-name and userid like this  domain-name\userid
    Attention! If a new Domain Server is added using pdm_ldap_config.pl the number of agents is new calculated and for each Server one instead of two agents is started,
    you have to change the variable @NX_NUM_LDAP_AGENTS in nx.env directly or uninstall and install the option, to be sure that after the restart of the Service Desk Manager
    all needed ldap agents will be started.
    After I had solved this problem 2 new did arise.

     

    2. It is not possible to update the imported contacts.
    If you use pdm_ldap_import –n "domain-name" –l "userid=‘%‘" the import tries to create all contacts once more, what is not possible because the userid must be unique,
    so only new contacts are created, but no one is updated. It looks like the import first checks if a contact with the userid oft the LDAP domain exists, of course it does not exist
    because the userid of the contact is composed of domain-name and userid. Then the import builds the userid of the domain-name and the userid and tries to create the contact
    what fails as the contact already exists.
    So I tried pdm_ldap_sync. Here we have  the same problem. The tool looks for the contact with the LDAP-userid, does not find it, as in SDM it is build of domain-name and userid
    so no update is possible.

     

    3. Problem 3 is the missing domain-name in front oft he userid of those contacts imported of the default LDAP-Domain defined in the LDAP options.
    To authenticate using EEM the domain-name in front of the userid is needed if the same userid exists in more than one domain. the userid must be unique to authenticate and
    this is reached by adding the domain-name to the userid.
    To import the contacts of  default domain you use the command pdm_ldap_import –n "" -l "userid='%'", no domain-name is specified and not used to compose the userid.
    I tried it with the command pdm_ldap_import –n "default domain-name" -l "userid='%'", now all contacts of the default domain were created once more without userid.
    I had to clean up ca_contact and usp_contact.
    Also adding the default domain-name to the userid in advance by scripting did not help. Again the contacts were created a second time now with their LDAP-userid.

     

    Has somebody an idea how to solve the problems 2 and 3?

     

    Thanks
       Baerbel



  • 3.  Re: LDAP Problems importing contacts of more than one LDAP Domain

    Posted Oct 19, 2016 09:35 AM

    Baerbel.Veit

     

    Did you ever resolve this?  I've been looking for the proper procedure for this as we have a customer with the same requirement and as they are merging several domains into a new top domain, their "domain name/userid" will be changing as they migrate. 

     

    J.W.



  • 4.  Re: LDAP Problems importing contacts of more than one LDAP Domain

    Posted Dec 22, 2016 05:52 AM

    Honestly I have always the ldap_sync functionality of SDM really limited and painful.

    We for long time using our own mechanism that will query the AD and import using Web services.

    This is giving us really more control on the import.

    my 2 cents

    /J



  • 5.  Re: LDAP Problems importing contacts of more than one LDAP Domain

    Posted Dec 22, 2016 06:41 AM

    Thanks, Jerome.

     

    This seems to be the consensus.  I will tell customers that mutli-domain is not supported by CA and that they should tell their sales rep that CA will need to include the cost of CA Services to develop the customization as part of any sales or maintenance agreement.

     

    J.W.