CA Service Management

Hello All,

CASD 12.7

We got an requirement from regression testing team on LDAP data validation in CASD. They want our Development CASD to be pointed out to test LDAP domain(test.xxxxx.com) where they have loaded some contact detail information and would like to validate whether the data(contact information) is getting reflected into DEV-CASD or not from the E-directory once the configuration has been made. I am looking for more detailed information on this since this is my first testing project. Your contribution is greatly appreciated.

1.    Currently our DEV environment is configured to other LDAP domain not to test.xxxx.com. If I want to re-configure the LDAP to point to test.xxxx.com in CASD, whether updating the below parameters (ldap_dn, ldap_host, ldap_port, ldap_pwd, ldap_search_base) based on the new domain information is alone enough to complete the LDAP configuration in CASD.

2.    If not , please specify the remaining steps and also confirm whether the LDAP re-configuration requires application recycle.

3.    From CASD perspective, as per my knowledge to connect to the new LDAP domain, CASD needs LDAP resource account for establishing connection. Please specify if anything else needed from LDAP side requirements.

4.    Is there any command to check the LDAP connection completion.

5.    Once the re-configuration is made, using the “pdm_ldap_import utility” we can import contacts but what will happen to the contacts that already present in CASD.

6.    Please specify if there any backup is needed/what should be taken care of.

Hi MohanSrinivas,

Here are your answers :

# 1      As your trying to change the existing LDAP configuration setting to new LDAP server, make it a practice to take a backup of contact tables, so that with this you can restore it to previous state if you find all your existing contacts have gone inactive.

commands :

pdm_extract -f "select * from ca_contact " > backup_ca_contact.txt

pdm_extract -f "select * from usp_contact " > backup_usp_contact.txt

Follow these technical document

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec479889.aspx?intcmp=searchresult…

Also Please review the Product documentation : administration guide . if its 12.9 then visit page 306 Article "

How CA SDM Uses LDAP Data to Communicate ".

# 2 : When ever you make any changed in options manager, you need to recycle services.

# 3 : As you need to configure LDAP, you may run this command on AD server to get the exact DN value

dsqeuery user -name "administrator"

Get the correct Password.

# 4  you may run pdm_ldap_test command to check if connection set correctly.

# 5  As your planning to import, all your existing contact will be inactive because its domain value is not the same. You have now changed to new domain.

#6   Please check the step 1 for the backup commands.

~Vinod

Hi Vinod,

Once CASD configured to  new LDAP domain you mentioned that " all your existing contact will be inactive because its domain value is not the same. You have now changed to new domain.".

Please advise on the below,

1. Once I ran pdm_ldap_import command, I will get fresh contacts from new LDAP and it will be in active state.After re-config to existing domain, whether the contacts present in this domain will get stored in contact table as inactive.

2. If, I want to switch back to my existing LDAP domain, after re-configuration whether the inactive contacts become will be active or I need to use pdm_load feature to make it active?

Hi Vinod,

Please update.

Regards,

Mohan

after Re-configuration am getting he below error,

Starting pdm_ldap_test...

LDAP Directory Type      : active direc

Service Desk Platform    : windows

Search Base              : OU=Users,OU=

Search Filter            : (objectClass

Administrator Username   : CN=SD_Test_a

Administrator Password   : **********

LDAP Host                : test.***.com

LDAP Port                : 389

ldap_bind() ERROR(Invalid Credentials)

Please advise.

That error message suggests that either the account or the password that you have configured to access AD are incorrect.  Try entering the credentials in a tool such as 'JXplorer' to access AD.  Once you have the credentials right and have a successful connection from JXplorer, re-configure SDM's LDAP options to match, and restart the SDM service.

Regards, James

Yes, the account was locked out and after enableing all work fine now. Is it possible to import selected multiple contacts from LDAP, I tried using the bewlo command but it throws an error.

C:\pdm_ldap_import -l "userid = 'yr83' , 'x290'"

pdm_ldap_sync: Starting...

pdm_ldap_import: LDAP where clause = "userid = 'yr83' , 'x290'"

pdm_ldap_import: Contact where clause = "userid = ?"

pdm_ldap_import: Method got_record in Ldap_Catcher failed (AHD03053:Bad where cl

ause: Parse error at : "userid = 'yr83' , 'x290'" (syntax error))

Hi mohansrinivas  - Did Vinod's response answer your questions? If so please mark his response as Correct Answer. Thanks! Chris