AnsweredAssumed Answered

LDAP Problems importing contacts of more than one LDAP Domain

Question asked by veiba01 Employee on May 1, 2015
Latest reply on Dec 22, 2016 by J_W

Hi Team,
I have 3 problems importing contacts os 3 LDAP domains.


1. LDAP Catcher (Ldap agent not found)
After researching and testing I found, that for each  Domain Server defined with the Perl-Script two ldap agents must be started.
The Perl_Script calculates only one agent, so for 2 Domain Server 2 instead of 4 agents are started, which causes the error message
„ldap agent not found“. In my environment I have 3 Domain Server, so 6 ldap agents are needed.
I did set the option num_ldap_agents to 10 to be sure that always enough agents are available. Now all contacts of the 3 Domains were imported.
To make the userid unique it is composed of domain-name and userid like this  domain-name\userid
Attention! If a new Domain Server is added using the number of agents is new calculated and for each Server one instead of two agents is started,
you have to change the variable @NX_NUM_LDAP_AGENTS in nx.env directly or uninstall and install the option, to be sure that after the restart of the Service Desk Manager
all needed ldap agents will be started.
After I had solved this problem 2 new did arise.


2. It is not possible to update the imported contacts.
If you use pdm_ldap_import –n "domain-name" –l "userid=‘%‘" the import tries to create all contacts once more, what is not possible because the userid must be unique,
so only new contacts are created, but no one is updated. It looks like the import first checks if a contact with the userid oft the LDAP domain exists, of course it does not exist
because the userid of the contact is composed of domain-name and userid. Then the import builds the userid of the domain-name and the userid and tries to create the contact
what fails as the contact already exists.
So I tried pdm_ldap_sync. Here we have  the same problem. The tool looks for the contact with the LDAP-userid, does not find it, as in SDM it is build of domain-name and userid
so no update is possible.


3. Problem 3 is the missing domain-name in front oft he userid of those contacts imported of the default LDAP-Domain defined in the LDAP options.
To authenticate using EEM the domain-name in front of the userid is needed if the same userid exists in more than one domain. the userid must be unique to authenticate and
this is reached by adding the domain-name to the userid.
To import the contacts of  default domain you use the command pdm_ldap_import –n "" -l "userid='%'", no domain-name is specified and not used to compose the userid.
I tried it with the command pdm_ldap_import –n "default domain-name" -l "userid='%'", now all contacts of the default domain were created once more without userid.
I had to clean up ca_contact and usp_contact.
Also adding the default domain-name to the userid in advance by scripting did not help. Again the contacts were created a second time now with their LDAP-userid.


Has somebody an idea how to solve the problems 2 and 3?