Creating an LDAP Source Definition

About LDAP Integration

The LDAP Integration feature enables an agent that updates and synchronizes iSupport Customer Profile, Support Representative Profile, and Asset records with the information in one or more LDAP sources.

You’ll create a data source integration definition to specify the server and related settings, field mappings, and exclusions, and use sync definitions to specify the type of record you are synchronizing and the directory node and filters for the data to be synchronized. You can utilize both filtering and exclusions to specify the values that should not be synchronized; what you use will depend on how much you need to prevent from synchronizing for the level in the targeted source. You can also set default values based upon the LDAP sync setting entry from which a record was created. Exclusions target everything under a node in a directory and apply to all sync definitions of the same record type within a data source integration definition. Filters use syntax that can target multiple nodes in a tree, and apply to a specified base directory node in a sync definition.

If you are using multiple sources for populating iSupport’s customer, support representative, and asset data, use the Order of Precedence link to specify the order of precedence if there are matching records. (For customers and support representatives: a match on first name, last name, and email address; for assets, a match on name.)

Configuring Basics

Use the Basics tab to specify the primary connection and authentication details for accessing the data source.

LDAP Source Definition Example

LDAP Source Name	Enter a name for the LDAP source definition. This name will appear in the Source field in the associated Customer Profile record.
Server	Enter the server on which the source entries are located.
Domain Controller	If the domain controller that iSupport authenticates against cannot resolve the Secondary Login field, specify the domain controller that can. This can be the name of the domain controller or the fully qualified DNS name of the domain controller. All of the following examples represent correctly formatted domain controller names: FAB-DC-01 \\FAB-DC-01 FAB-DC-01.fabrikam.com \\FAB-DC-01.fabrikam.com
Use SSL	SSL is an encryption method that overlays the connection between the iSupport server and the LDAP source server. Select Yes if SSL encryption is enabled on the LDAP source server. Use the Test Connection link to verify access.
Connect As	Select: Anonymous to connect to the server as an anonymous user. Specified User to enter a login for connecting to the server.
Active	Select Yes to enable the agent that updates the applicable records in iSupport with the information in the LDAP source. The agent runs immediately and then continues to run as scheduled in the LDAP Synchronization Interval field.
AD Synchronization Interval	Select the amount of time in the interval for the synchronization to be performed.
Username Password	If anonymous Active Directory connections are not allowed in your environment, use these optional fields to enter a username and password for authentication when queries are performed. If anonymous connections are allowed, leave these fields blank. Use the fully qualified Distinguished Name for best results. If accessing a server hosting an Active Directory installation, it will work with several formats. For example, if the user name is lbladmin and it is in the lbl domain, you could enter lbladmin, lbl\lbladmin, [email protected]. All of these entries would work, but you could also enter the full Distinguished Name for the lbladmin user account (cn=lbladmin,cn=users,dc=lbl,dc=soft,dc=com). Note that if you are connecting to a non-AD server like E-directory, the Username field must contain the fully qualified Distinguished Name.

Configuring a Sync Definition

Use the Sync Definition section to select the type of record that you are synchronizing, select the directory node that contains the data to be synchronized, and enter a search filter if applicable.

Active	Select Yes to enable the sync definition.
Sync Entries As	Select the type of record that you are synchronizing: Customer Profile, Support Representative Profile, or Asset record. When synchronization occurs, the record will be created if there is an entry in the LDAP source that does not exist in iSupport. If synchronizing customers, the Enable mySupport Access field will appear. Select Yes to enable the Approved to Access mySupport field by default. If a login name and password exists in the LDAP source record, it will be included in the mySupport login fields for authentication to the mySupport portal. This is not a mapped or synchronized value; it can be edited in iSupport. If synchronizing support representatives, the Default Primary Group field will appear. Select the iSupport group to assign as the primary group by default; you can use the Create New and View/Edit icons to access the Group configuration screen and configure the roles/permissions, Desktop components, the work items/features involved in global search, work item UI settings, and mySupport chat settings for group members. This is not a mapped or synchronized value; it can be edited in iSupport. If synchronizing assets, the Default Type field will appear. Select the asset type to assign by default. You can use the Create New and View/Edit icons to access the Asset Type configuration screen and configure a login for running asset scans, optional and custom fields, maintenance/warranty notifications, and count tracking for the asset type. This is not a mapped or synchronized value; it can be edited in iSupport. This feature utilizes LDAP (Light Weight Directory Access Protocol), which defines how information can be accessed in directories. Active Directory supports the LDAP search filter syntax as specified in RFC 1960. For information on LDAP and search filters, see http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx#Examples.
Base DN	Click this button to select the directory node that contains the data to be synchronized.
Search Filter	Enter the conditions that must be met for returning a specific set of information to iSupport. Note that a filter is only needed if the selected Base DN contains unwanted lower level nodes or if the data source's exclusions do not already remove the unwanted nodes.

Setting Default Values

Use the Default Values section to set Customer Profile, Support Representative, and Asset field values based upon the AD/LDAP sync setting entry from which a record was created. For example, if AD/LDAP users are organized into a specific OU or group that indicates other user properties (such as location) and if the AD/LDAP user profiles don't have the location attribute populated in the directory, you can simply add a default value for the location field to the sync setting entry that is linked to the OU or group.

In the Force column, select Yes if you wish to have the configured default value override the AD/LDAP value in cases where the attribute was populated in the source user profile. If the Force field is set to No, the default value will only be applied if the AD/LDAP attribute is either unmapped or has no value on the user profile.

Field Mappings

Use the applicable subtab (Customer, Support Rep, or Asset) under the Field Mappings tab to specify the attributes in your LDAP source from which data will be pulled for corresponding iSupport fields.

Mapping options include:

Use iSupport Default which populates the default mapping; see the Active Directory/LDAP Data Map for the attributes used by default by iSupport. Note that we recommend that you use iSupport’s default for the Sync Key and Avatar fields because the applicable schema property may vary depending on your version of LDAP.
An applicable schema property (selected via the dropdown)
[Unmapped] which will enable entry in the field. Note that the First Name, Last Name, Email, Sync Key, and Login fields cannot be left unmapped.

Use the Sync Key field to map to a value that is an unchanging unique identifier field in the source database.

Use the Map a Custom Field button to select a custom field to add to the list of fields to be mapped. Use the Preview button to select a record to use for verifying your selections. Values from the record will next to the fields.

Configuring Exclusions

Use the Exclusions tab to specify the values that should not be synchronized; click the Add link to select the directory nodes or objects that should be excluded. All lower level nodes will also be excluded. Note that exclusions apply to all sync definitions within a data source integration definition.