CA Service Management

Hello Team

We have implemented SDM 170 in our test environment and integrated to our AD server. We can see all the contacts from Ldap search and im able to merge/save the contact in sdm contacts. BUt there are huge number of contacts.. so how can i merge all AD users to sdm contacts? it is difficult to merge one by one.

Secondly...i can see few contact which i save from ldap to sd contacts it doesnot contain 'access type' and 'contact type' which i set manually.... so once i  merge all the contacts from AD to sdm contacts how can i set access type to employee?? and how to set  access type to  IT Staff?? 

Hi La-Qa,

1. You could use pdm_ldap_sync to update the contacts.  If you are concerned about the volume of data to be processed, you can restrict the number of contacts processed in a run by using a 'contact where clause' such as the following, which will only update contacts whose userid begins with 'a':

pdm_ldap_sync -l "userid = ?" -c "userid like 'a%'"

Search CA Service Management Home - CA Service Management - 17.0 - CA Technologies Documentation for 'pdm_ldap_sync' for more details on the pdm_ldap_sync utility.

2. If you set Employee as the default access type, then any contact that does not have an access type specified will be treated as Employee when they log on.

3. One way to allocate the Access Type 'IT Staff' would be to identify (or create) an AD group for IT Staff.  Then in Service Desk Options Manager, install the LDAP option 'ldap_enable_groups' and restart SDM.  You will find a new field 'LDAP Access Group' on the Web Authentication tab for the Access Type detail form.  Edit the Access Type and link it to the AD group.  From that time on, when anyone logs on who is a member of that AD group and does not already have an Access Type specified, they will be assigned the Access Type 'IT Staff'.  If that is not an option for you, then you may have to allocate the access type IT Staff manually, or prepare a pdm_load file to update the relevant contacts.

Regards,

James

Hi James

I am well understood your point 2 & 3 .THanks for it

For point 1, im not clear still.

let suppose i have 1000 + users/contact in my AD which i need to be in SD contacts so that they can login in sdm. i can search those users from ldap directory search and i want to save all those in sdm contacts in a bulk not one by one.

can i achieve this from pdm_ldap_sync command as u mentioned?

Aamir,

The process that is being described in point 1 involves using pdm_ldap_sync to bring in the given contacts.  One can also use pdm_ldap_import to also bring in contact records from your LDAP server in batch.  The given command that was cited allows you to import a small number of records at a time in staggered batches, ie:

pdm_ldap_sync -l "userid = ?" -c "userid like 'a%'"

pdm_ldap_sync -l "userid = ?" -c "userid like 'b%'"

pdm_ldap_sync -l "userid = ?" -c "userid like 'c%'"

This way, you can bring in the LDAP records into the installation in a controlled fashion.

Side:  Jon_Israel is in the process of transitioning to a new position, and his availability to respond to questions on Communities may be limited.

As David points out, there are two LDAP utilities.  Both are intended to be used in batch updates and/or imports of contact details from an LDAP-compliant directory.  Both use the LDAP options in Service Desk Manager to find and access the directory.

pdm_ldap_sync will update an existing contact or contacts based on matching criteria that you set in the command.

pdm_ldap_import will import new contacts and also update existing contacts, again based on matching criteria.

If you have a large number of contacts already in your Service Desk installation, and you want to match them up with AD, then I'd suggest first running pdm_ldap_sync to match up the existing contacts with AD.  Then start running pdm_ldap_import on a regular basis (e.g. as a scheduled task), to bring in new contacts from AD and keep the existing contacts in sync.

If the volume of contacts to be updated is large, when you start running pdm_ldap_sync you may wish to update the contacts in batches.  That is the intention of the '-l' and '-c' arguments in the example commands that David and I have shown above.  That also gives you the opportunity to verify that the sync is having the expected results before you commit to updating every contact.

Search https://docops.ca.com under CA Service Management for 'pdm_ldap_import' and 'pdm_ldap_sync' and you will find full details of the options and a few examples.  Let us know if you have any trouble getting them to work.

Regards,

James

Hello James & David

Thanks for your explanation.

So im using pdm_ldap_import command to bring all new users in sdm contacts but following i got the error.. (ldap agent not found)...even in ldap option agent is installed.

Aamir,

Is this the approach you followed to add multiple LDAP Domains to SDM (nx.env?)

How to integrate CA SDM with LDAP - CA Service Management - 14.1 - CA Technologies Documentation 

_R

Jon_Israel

Hi Aamir,

1. I see a lot of errors where it is complaining about last_name missing. I think the last_name is a key field and must be supplied. So contacts with no last_name will not be imported.

2. It also appears there are tenant issues. When multi-tenancy is enabled you need to also specify the tenant for which the contacts must be associated with. 

Create Contacts in Batch Mode Using LDAP Data - CA Service Management - 17.0 - CA Technologies Documentation 

===

Kind Regards,

Brian