Administer > Configuring installation and setup options > Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP)

You can integrate Service Manager to an LDAP directory service to share contact information across your network. Once you have enabled an LDAP integration to Service Manager, you can then configure Service Manager to automatically create operator records for LDAP users by either of the following methods:

Using either method, you can map fields in the operator record to contact information in the LDAP directory service. This mapping allows Service Manager to create an operator record with all the available contact details defined in the LDAP directory service. If you create an LDAP user template, you can make changes to all users built from this template by editing the template operator record. If you create a system default record, then you must manually make changes to each individual operator record that Service Manager creates. If you create both an operator template and a system default operator record, Service Manager uses the operator template to create new operator records.

Caution Using the legacy listener with an LDAP integration is NOT supported.

Note Service Manager denies access to LDAP users unless the system administrator defines either an operator template or a system default operator record.

Note The ESS access can only be picked up from the *SYSDEFAULTS template, not the template operator specified in the system information record.

The Service Manager server uses the LDAP Bind DN user that is defined in the “ldapbinddn” parameter to access LDAP. The privileges of this LDAP user determine whether the Service Manager server can add or update LDAP accounts. When a system administrator adds or updates operators in Service Manager, whether the operator changes in Service Manager can be synchronized to LDAP or not is determined by the privileges of the LDAP Bind DN user.

Note Deleting an operator record does not cause Service Manager to delete LDAP users. Only an LDAP administrator can delete LDAP entries.

Typically, Service Manager system administrators will want to map only the operators file to an LDAP directory, however they can also map any other system table, for example, the contacts or device table, to an LDAP directory. You can map a Service Manager table to only one LDAP server at a time, although you may specify a different LDAP server for each table.

When mapping between Service Manager and LDAP directories, you can decide which data source you want to be primary. In cases where there are duplicate entries between data sources, Service Manager displays only the data listed in the primary data source.

 

 

Related topics

Enable an integration to LDAP
Create SM Operational Reports