CA Service Management

Expand all | Collapse all

LDAP-CASD Integration

  • 1.  LDAP-CASD Integration

    Posted 01-19-2016 12:50 AM

    Hello All,

     

    CASD 12.7

     

    We got an requirement from regression testing team on LDAP data validation in CASD. They want our Development CASD to be pointed out to test LDAP domain(test.xxxxx.com) where they have loaded some contact detail information and would like to validate whether the data(contact information) is getting reflected into DEV-CASD or not from the E-directory once the configuration has been made. I am looking for more detailed information on this since this is my first testing project. Your contribution is greatly appreciated.

     

    1.    Currently our DEV environment is configured to other LDAP domain not to test.xxxx.com. If I want to re-configure the LDAP to point to test.xxxx.com in CASD, whether updating the below parameters (ldap_dn, ldap_host, ldap_port, ldap_pwd, ldap_search_base) based on the new domain information is alone enough to complete the LDAP configuration in CASD.

    2.    If not , please specify the remaining steps and also confirm whether the LDAP re-configuration requires application recycle.

    3.    From CASD perspective, as per my knowledge to connect to the new LDAP domain, CASD needs LDAP resource account for establishing connection. Please specify if anything else needed from LDAP side requirements.

    4.    Is there any command to check the LDAP connection completion.

    5.    Once the re-configuration is made, using the “pdm_ldap_import utility” we can import contacts but what will happen to the contacts that already present in CASD.

    6.    Please specify if there any backup is needed/what should be taken care of.

     



  • 2.  Re: LDAP-CASD Integration

    Posted 01-19-2016 01:51 AM

    Hi MohanSrinivas,

     

    Here are your answers :

    # 1      As your trying to change the existing LDAP configuration setting to new LDAP server, make it a practice to take a backup of contact tables, so that with this you can restore it to previous state if you find all your existing contacts have gone inactive.

    commands :

    pdm_extract -f "select * from ca_contact " > backup_ca_contact.txt

    pdm_extract -f "select * from usp_contact " > backup_usp_contact.txt

     

    Follow these technical document

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec479889.aspx?intcmp=searchresult…

    Also Please review the Product documentation : administration guide . if its 12.9 then visit page 306 Article "

     

    How CA SDM Uses LDAP Data to Communicate ".

     

    # 2 : When ever you make any changed in options manager, you need to recycle services.

    # 3 : As you need to configure LDAP, you may run this command on AD server to get the exact DN value

    dsqeuery user -name "administrator"

    Get the correct Password.

    # 4  you may run pdm_ldap_test command to check if connection set correctly.

    # 5  As your planning to import, all your existing contact will be inactive because its domain value is not the same. You have now changed to new domain.

    #6   Please check the step 1 for the backup commands.

     

    ~Vinod

     

     



  • 3.  Re: LDAP-CASD Integration

    Posted 01-22-2016 09:02 AM

    Hi Vinod,

     

    Once CASD configured to  new LDAP domain you mentioned that " all your existing contact will be inactive because its domain value is not the same. You have now changed to new domain.".

     

    Please advise on the below,

    1. Once I ran pdm_ldap_import command, I will get fresh contacts from new LDAP and it will be in active state.After re-config to existing domain, whether the contacts present in this domain will get stored in contact table as inactive.

     

    2. If, I want to switch back to my existing LDAP domain, after re-configuration whether the inactive contacts become will be active or I need to use pdm_load feature to make it active?

     



  • 4.  Re: LDAP-CASD Integration

    Posted 01-26-2016 06:54 AM

    Hi Vinod,

     

    Please update.

     

    Regards,

    Mohan



  • 5.  Re: LDAP-CASD Integration

    Posted 01-28-2016 03:28 AM

    after Re-configuration am getting he below error,

     

    Starting pdm_ldap_test...

    LDAP Directory Type      : active direc

    Service Desk Platform    : windows

    Search Base              : OU=Users,OU=

    Search Filter            : (objectClass

    Administrator Username   : CN=SD_Test_a

    Administrator Password   : **********

    LDAP Host                : test.***.com

    LDAP Port                : 389

    ldap_bind() ERROR(Invalid Credentials)

     

    Please advise.



  • 6.  Re: LDAP-CASD Integration

     
    Posted 01-28-2016 09:01 AM

    That error message suggests that either the account or the password that you have configured to access AD are incorrect.  Try entering the credentials in a tool such as 'JXplorer' to access AD.  Once you have the credentials right and have a successful connection from JXplorer, re-configure SDM's LDAP options to match, and restart the SDM service.

    Regards, James



  • 7.  Re: LDAP-CASD Integration

    Posted 02-02-2016 06:20 AM

    Yes, the account was locked out and after enableing all work fine now. Is it possible to import selected multiple contacts from LDAP, I tried using the bewlo command but it throws an error.

     

    C:\pdm_ldap_import -l "userid = 'yr83' , 'x290'"

    pdm_ldap_sync: Starting...

    pdm_ldap_import: LDAP where clause = "userid = 'yr83' , 'x290'"

    pdm_ldap_import: Contact where clause = "userid = ?"

    pdm_ldap_import: Method got_record in Ldap_Catcher failed (AHD03053:Bad where cl

    ause: Parse error at : "userid = 'yr83' , 'x290'" (syntax error))



  • 8.  Re: LDAP-CASD Integration

    Posted 01-21-2016 12:03 PM

    Hi mohansrinivas  - Did Vinod's response answer your questions? If so please mark his response as Correct Answer. Thanks! Chris