CA Service Management

Did someone here in community ever use pdm_ldap_sync to update the userid of the contacts in SDM?

Some background...SDM/AD integration in place with sAMAcountName in AD mapped to userid in SDM. Now

network configuration changes that requires to use upn in AD to authenticate, in stead of sAMAcountName. Therefore,

we would need to update existing SDM contacts to use this upn as userid.

How we can accomplish this?

Thanks and Regards

Chi

One comment... upn field in AD is unique. And our challenge would be pdm_ldap_sync will disable the existing contacts and create brand new contacts in SDM, something we can't afford.

Hi Chi,

Have you created an ldap.mod file to remap userid to upn? I'd try that in a test environment and then test create a new user from ldap and see if they can login.

Grant, thank you for the reply. Yes we know we would need to modify the ldap mapping to change the sAMAcountName to upn and our concern is doing this will create NEW contacts in SDM, not update the existing one and this would be a big issue for the on-going production. Thanks _Chi

Ok so the system functions normally when you remap userid to but pdm_ldap_sync by default keys off the userid field. We built a custom PAM process to handle pdm_ldap_sync because the amount of username changes in our environment. I'm thinking that may be the only solution here..

Thanks Grant.

We are considering some workaround. Since most of time the mail=upn and the mail is mapped to SDM email_address, we are considering do a manually update in mdb update the userid with email_address.

I just wanted to see if someone did this before that update the userid using pdm_ladp_sync for a production env. Creating new contacts is not an option.

We created a custom .net script to handle all this at SSQ due to this kind of use cases.

If you go this way i can share some pieces.