Warning: Long post
SDM 14.1.03 (no xFlow)
Customer has current Windows AD DOMAIN_A where all users and the old SDM application reside. This was the only domain. All users were created manually or using the existing LDAP settings in Options Manager to auto create when userid was found in the domain and that is how their ldap_dn value was populated.
The customer is merging/acquiring other AD domains and have created a new DOMAIN_B to eventually be the top of a forest to include all the users in DOMAIN_A and new DOMAIN_C and DOMAIN_D. The new SDM servers are in this DOMAIN_B. There are already trusts between these domains. They will be moving accounts from DOMAIN_A to DOMAIN_B in sections. There are test accounts in DOMAIN_B
After using pdm_export and pdm_load to bring over all contacts from the old SDM, I enabled the LDAP settings in Option Manager in the new SDM server and restarted SDM services. I tested the trust relationship by setting External Authentication / OS-Use Operating System authentication for a test access type and modifying their userid to 'DOMAIN_A\userid' and they can login. I verified that the DN credentials to all domains using
pdm_ldap_test -s DC=DOMAIN-xx,DC=com
changing the domain for each test and this returned accounts from all domains.
I modified the cnt schema in WSP and created the ldap_mod per TEC489029: "How to get pdm_ldap_sync to synchronize the ldap-enabled/disabled status with contact's active/inactive status in servicedesk?" Knowledge Base Articles
I then followed the instructions in the Wiki:
at section "Manage LDAP Servers Using the LDAP Configuration Utility" by first creating a name for the default ldap domain (DOMAIN_B)
pdm_options_mgr -c -a pdm_option.inst -s LDAP_DOMAIN -v DOMAIN_B
pdm_options_mgr -c -a pdm_option.inst -s LDAP_DOMAIN -v DOMAIN_B -t
and restarted SDM services.
I then ran:
pdm_ldap_import -n DOMAIN_B
This imported the test contacts from DOMAIN_B and prepended "DOMAIN_B\" to each userid.
I then ran:
pdm_ldap_sync -n DOMAIN_B
and all the contacts that were deactivated in DOMAIN_B were set to inactive in SDM.
Next, I added the DOMAIN_A using the
utility. Adding the same values as the default, except changing the NX_LDAP_SEARCH_BASE to match the new DOMAIN_A. I verified these new values were in NX.env and restarted services.
Now, when I try to run:
pdm_ldap_import -n DOMAIN_A
it fails and I get:
pdm_ldap_import: Method got_record in Ldap_Catcher failed ()
I've researched this online and I do not have any spaces between elements in my ldap_search_base. There are at least two open questions here in the Community that don't have an answer (or they were resolved and the OP didn't update)
I have a case open with CA Support but they have had it for several days and I am waiting on them.They keep asking me to walk through the procedure I used, so I decided to post it here for more eyes.
Has anyone successfully complete multiple domain integration and, if so, can you post the correct procedure or point out what I am missing?