CA Service Management

We have more than 4 domains need to import CA CMDB with following commands. 

But the 3rd domains always failed with error message 'pdm_ldap_import: Method got_record in Ldap_Catcher failed ()' .

pdm_ldap_import -l "last_name='%%'" -c "userid=?"
pdm_ldap_import -n DomainB -l "last_name='%%'" -c "userid=?"

pdm_ldap_import -n DomainC -l "last_name='%%'" -c "userid=?"

pdm_ldap_sync
pdm_ldap_sync -n DomainB

pdm_ldap_sync -n DomainC

@NX_LDAP_DN=account1
@NX_LDAP_ENABLE=Yes
@NX_LDAP_ENABLE_AUTO=Yes
@NX_LDAP_HOST=ADServerA
@NX_LDAP_PORT=389
@NX_LDAP_PWD=xxxx
@NX_LDAP_SEARCH_BASE=dc=xx,dc=xx,dc=xx
@NX_LDAP_SERVICE_TYPE=Active Directory
@NX_LDAP_SYNC_ON_NULL=Yes
@NX_LDAP_USER_OBJECT_CLASS=person

@NX_LDAP_DOMAIN1=DomainB
@NX_LDAP_DN1=account2
@NX_LDAP_ENABLE_AUTO1=Yes
@NX_LDAP_ENABLE_GROUPS1=No
@NX_LDAP_GROUP_OBJECT_CLASS1=group
@NX_LDAP_HOST1=ADServerB
@NX_LDAP_PORT1=389
@NX_LDAP_PWD1=***
@NX_LDAP_SEARCH_BASE1=dc=xx,dc=xx
@NX_LDAP_SERVICE_TYPE1=Active Directory
@NX_LDAP_SYNC_ON_NULL1=Yes
@NX_LDAP_USER_OBJECT_CLASS1=person

@NX_LDAP_DOMAIN2=DomainC
@NX_LDAP_DN2=account3
@NX_LDAP_ENABLE_AUTO2=Yes
@NX_LDAP_ENABLE_GROUPS2=No
@NX_LDAP_GROUP_OBJECT_CLASS2=group
@NX_LDAP_HOST2=ADServerC
@NX_LDAP_PORT2=3268
@NX_LDAP_PWD2=xxxx
@NX_LDAP_SEARCH_BASE2=dc=xx,dc=xx
@NX_LDAP_SERVICE_TYPE2=Active Directory
@NX_LDAP_SYNC_ON_NULL2=Yes
@NX_LDAP_USER_OBJECT_CLASS2=person

Could you advise how to fix it ? thanks

Chris,

Which version of SDM is this?

Checkout this doc: pdm_ldap_import errors out with "Method got_record in Ldap_Group_Catcher failed (LDAP agent not found)".   maybe that'll help?

Thx

_R

Thanks,

version: 14.1

I did checked this document, it is different case with me, thanksk

Just quick question: Why is the 3rd domain NX_LDAP_PORT2=3268 while the 1st and 2nd are port 389?

The 3rd company only release 3268 for us, i have to use it to configure on CA.

And i did guess whether it related 2 different ports for same service,  so change all ports to 3268,  then 3rd one is not still work, no idea why.

Thanks

Hi Chris,

Have you tested a connection to the 3rd party’s ldap server outside of service desk? Sorry if this is obvious, you didn’t mention it so I wanted to make sure.

I suggest running the ldp utility from the background or standby server to see if it works outside of sdm before adding the config to service desk.

That is standalone server, and it can be return ldap entries via LDAP browser on the server, always failed by PDM LDAP commands, no idea why 

Chris.......

Is this behavior with the 3rd LDAP domain still happening?

If so, does the 'pdm_ldap_test' show any issues when connecting to the LDAP domain?

Hi Paul,

I think we managed to resolve this via the support case.

An LDAP browse of the DN account for the 3rd domain showed the sAMAccountname had one value whereas the CN and name had different values.They updated the sAMAccountname so that it matched the cn and name and that resolved the problem.

Thanks,

Gordon.