The LDAP Integration feature enables an agent that updates and synchronizes iSupport Customer Profile, Support Representative Profile, and Asset records with the information in one or more LDAP sources.
You’ll create a data source integration definition to specify the server and related settings, field mappings, and exclusions, and use sync definitions to specify the type of record you are synchronizing and the directory node and filters for the data to be synchronized. You can utilize both filtering and exclusions to specify the values that should not be synchronized; what you use will depend on how much you need to prevent from synchronizing for the level in the targeted source. You can also set default values based upon the LDAP sync setting entry from which a record was created. Exclusions target everything under a node in a directory and apply to all sync definitions of the same record type within a data source integration definition. Filters use syntax that can target multiple nodes in a tree, and apply to a specified base directory node in a sync definition.
If you are using multiple sources for populating iSupport’s customer, support representative, and asset data, use the Order of Precedence link to specify the order of precedence if there are matching records. (For customers and support representatives: a match on first name, last name, and email address; for assets, a match on name.)
Use the Basics tab to specify the primary connection and authentication details for accessing the data source.
LDAP Source Definition Example
LDAP Source Name |
Enter a name for the LDAP source definition. This name will appear in the Source field in the associated Customer Profile record. |
Server |
Enter the server on which the source entries are located. |
Domain Controller |
If the domain controller that iSupport authenticates against cannot resolve the Secondary Login field, specify the domain controller that can. This can be the name of the domain controller or the fully qualified DNS name of the domain controller. All of the following examples represent correctly formatted domain controller names: FAB-DC-01 \\FAB-DC-01 FAB-DC-01.fabrikam.com \\FAB-DC-01.fabrikam.com |
Use SSL |
SSL is an encryption method that overlays the connection between the iSupport server and the LDAP source server. Select Yes if SSL encryption is enabled on the LDAP source server. Use the Test Connection link to verify access. |
Connect As |
Select:
|
Active |
Select Yes to enable the agent that updates the applicable records in iSupport with the information in the LDAP source. The agent runs immediately and then continues to run as scheduled in the LDAP Synchronization Interval field. |
AD Synchronization Interval |
Select the amount of time in the interval for the synchronization to be performed. |
Username Password |
If anonymous Active Directory connections are not allowed in your environment, use these optional fields to enter a username and password for authentication when queries are performed. If anonymous connections are allowed, leave these fields blank. Use the fully qualified Distinguished Name for best results. If accessing a server hosting an Active Directory installation, it will work with several formats. For example, if the user name is lbladmin and it is in the lbl domain, you could enter lbladmin, lbl\lbladmin, [email protected]. All of these entries would work, but you could also enter the full Distinguished Name for the lbladmin user account (cn=lbladmin,cn=users,dc=lbl,dc=soft,dc=com). Note that if you are connecting to a non-AD server like E-directory, the Username field must contain the fully qualified Distinguished Name. |
Use the Sync Definition section to select the type of record that you are synchronizing, select the directory node that contains the data to be synchronized, and enter a search filter if applicable.
Active |
Select Yes to enable the sync definition. |
Sync Entries As |
Select the type of record that you are synchronizing: Customer Profile, Support Representative Profile, or Asset record. When synchronization occurs, the record will be created if there is an entry in the LDAP source that does not exist in iSupport.
This feature utilizes LDAP (Light Weight Directory Access Protocol), which defines how information can be accessed in directories. Active Directory supports the LDAP search filter syntax as specified in RFC 1960. For information on LDAP and search filters, see http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx#Examples. |
Base DN |
Click this button to select the directory node that contains the data to be synchronized. |
Search Filter |
Enter the conditions that must be met for returning a specific set of information to iSupport. Note that a filter is only needed if the selected Base DN contains unwanted lower level nodes or if the data source's exclusions do not already remove the unwanted nodes. |
Use the Default Values section to set Customer Profile, Support Representative, and Asset field values based upon the AD/LDAP sync setting entry from which a record was created. For example, if AD/LDAP users are organized into a specific OU or group that indicates other user properties (such as location) and if the AD/LDAP user profiles don't have the location attribute populated in the directory, you can simply add a default value for the location field to the sync setting entry that is linked to the OU or group.
In the Force column, select Yes if you wish to have the configured default value override the AD/LDAP value in cases where the attribute was populated in the source user profile. If the Force field is set to No, the default value will only be applied if the AD/LDAP attribute is either unmapped or has no value on the user profile.
Use the applicable subtab (Customer, Support Rep, or Asset) under the Field Mappings tab to specify the attributes in your LDAP source from which data will be pulled for corresponding iSupport fields.
Mapping options include:
Use the Sync Key field to map to a value that is an unchanging unique identifier field in the source database.
Use the Map a Custom Field button to select a custom field to add to the list of fields to be mapped. Use the Preview button to select a record to use for verifying your selections. Values from the record will next to the fields.
Use the Exclusions tab to specify the values that should not be synchronized; click the Add link to select the directory nodes or objects that should be excluded. All lower level nodes will also be excluded. Note that exclusions apply to all sync definitions within a data source integration definition.