Automic Workload Automation

Hello Experts,

We have enabled LDAP Sync in our Automic Wokload Automation system.

By default the users will be created under 'No Folder' location.

Is there any parameter to define a custom location for user objects created by LDAP ?

Regards,

Abin Varghese

Hi AbinVarghese628023,

I don't believe there is an option for it in the latest version looking at the current ldapsync documentation configuration options.

I do know in the early day of ldapsync version, there was an options such as this (looking at my old defaults.xml configuration file):

<AE userFolder="MyTest\LDAP_SYNC_USERS" userDomain="MytestDomain01" autoDeactivateUsers="true"/>

The file used to had the above (in green) as an options but it doesn't appear to be within the documentation anymore.. (maybe someone from support or the community who currently using the latest ldapsync can chime in). 

Thank you Luu Le.

I have opened a support ticket with CA, but even they confirmed that there is no such parameter and advised to raise it in community discussion.

I have updated the xml files as per the configuration guide, however when the sync was executed it is giving a warning message that no user names found in LDAP group. But user IDs were assigned to LDAP group which I have verified.

WARN   No LDAP user found, please verify LDAP credential or setting information.

Can you please share a sample copy of default xml file ?

Regards,

Abin

Hi AbinVarghese628023,

If you are getting the error message:

WARN No LDAP user found, please verify LDAP credential or setting information.

There are two possible place where this can occur:

1. In the LDAPSync.xml
2. Defaults.xml (or Client_*** if you have any defined)

The possibility is that in #1, it maybe be that the users you used does not have permission to view/read the LDAP group (where you had defined in the #2 - defaults.xml) & its user within. 

So the questions, is A) is the 'ldap= ___________' field you have defined in the defaults.xml (or clients_***) a valid grouping in your LDAP?

B) is the users you used have enough permission within the LDAP to view the content of that grouping within LDAP...

Below is my default.xml with some data modification (test/fake system name etc..)...please note that this xml is only an old version so the userFolder field does not exist in the newer version but the rest should still be the same.

<Configuration>
  <Schema baseDN="DC=abc01,DC=spoc,DC=global" userDN="" groupDN=""/>
  <UserSchema userFilter="(&amp;(objectCategory=person)(objectClass=user)(sAMAccountName=*))" userNameAttribute="sAMAccountName" userFirstNameAttribute="givenName" userLastNameAttribute="sn" userEmailAttribute="mail"/>
  <GroupSchema groupFilter="(objectClass=group)" groupNameAttribute="cn"/>
  <AE userFolder="LUL\LDAP_SYNC_USERS" userDomain="abc01" autoDeactivateUsers="true"/>
    <GroupMappings>
        <map ae="ADMINISTRATORS" ldap="_Test_LDAP_Group_Support.fake" />
    </GroupMappings>
  <ARA enabled="false" url="http://test10u01/ARA" username="300/Test/Test" password="--10a13de42c213"/>
</Configuration>

Thank you Luu Le.

Issue is resolved and the LDAP Sync is working fine now. Made some changes in default.xml file for the user search to work.

But the default folder for storing user object is not working even if I specify the path. Seems like it is not valid for the latest version.

We are currently on 12.1.2

Regards,

Abin Varghese

Glad to hear it is working now.  As for the location where the user object is created - As it does not seem to be available in the current version - I recommend creating an "Ideas" post as it will get review by product management (and other community user can also vote up the idea too).