Hi Team,I have 3 problems importing contacts os 3 LDAP domains.
1. LDAP Catcher (Ldap agent not found)After researching and testing I found, that for each Domain Server defined with the Perl-Script pdm_ldap_config.pl two ldap agents must be started.The Perl_Script calculates only one agent, so for 2 Domain Server 2 instead of 4 agents are started, which causes the error message„ldap agent not found“. In my environment I have 3 Domain Server, so 6 ldap agents are needed.I did set the option num_ldap_agents to 10 to be sure that always enough agents are available. Now all contacts of the 3 Domains were imported.To make the userid unique it is composed of domain-name and userid like this domain-name\useridAttention! If a new Domain Server is added using pdm_ldap_config.pl the number of agents is new calculated and for each Server one instead of two agents is started,you have to change the variable @NX_NUM_LDAP_AGENTS in nx.env directly or uninstall and install the option, to be sure that after the restart of the Service Desk Managerall needed ldap agents will be started.After I had solved this problem 2 new did arise.
2. It is not possible to update the imported contacts.If you use pdm_ldap_import –n "domain-name" –l "userid=‘%‘" the import tries to create all contacts once more, what is not possible because the userid must be unique,so only new contacts are created, but no one is updated. It looks like the import first checks if a contact with the userid oft the LDAP domain exists, of course it does not existbecause the userid of the contact is composed of domain-name and userid. Then the import builds the userid of the domain-name and the userid and tries to create the contactwhat fails as the contact already exists.So I tried pdm_ldap_sync. Here we have the same problem. The tool looks for the contact with the LDAP-userid, does not find it, as in SDM it is build of domain-name and useridso no update is possible.
3. Problem 3 is the missing domain-name in front oft he userid of those contacts imported of the default LDAP-Domain defined in the LDAP options.To authenticate using EEM the domain-name in front of the userid is needed if the same userid exists in more than one domain. the userid must be unique to authenticate andthis is reached by adding the domain-name to the userid.To import the contacts of default domain you use the command pdm_ldap_import –n "" -l "userid='%'", no domain-name is specified and not used to compose the userid.I tried it with the command pdm_ldap_import –n "default domain-name" -l "userid='%'", now all contacts of the default domain were created once more without userid.I had to clean up ca_contact and usp_contact.Also adding the default domain-name to the userid in advance by scripting did not help. Again the contacts were created a second time now with their LDAP-userid.
Has somebody an idea how to solve the problems 2 and 3?
Any help for Baerbel?
Did you ever resolve this? I've been looking for the proper procedure for this as we have a customer with the same requirement and as they are merging several domains into a new top domain, their "domain name/userid" will be changing as they migrate.
Honestly I have always the ldap_sync functionality of SDM really limited and painful.
We for long time using our own mechanism that will query the AD and import using Web services.
This is giving us really more control on the import.
my 2 cents
This seems to be the consensus. I will tell customers that mutli-domain is not supported by CA and that they should tell their sales rep that CA will need to include the cost of CA Services to develop the customization as part of any sales or maintenance agreement.