UDM People LDAP Integration with checksum to handle OOTB limitation

Version 3
    Share This:

    1.     Introduction

    Many of the organizations has business requirement to integrate LDAP with BMC Remedy AR System to load organization wide people data into ITSM and also to authenticate users who use BMC Remedy ITSM to be authenticated against the Active Directory. This document describes the development, configuration and implementation of the integration between LDAP and BMC Remedy AR System. This integration will develop interface to load LDAP users into Remedy ITSM People.

    BMC Remedy ITSM 8.X and above, has OOB solution with UDM job to upload people data from LDAP, but OOTB UDM job collect delta data from Active directory by comparing last successful job run date and “whenchanged” attribute from Active Directory i.e.

    For Delta people data Active Directory search query = Last successful ITSM UDM LDAP People job ran date <= whenchanged attribute of Active Directory.

    Why customer asked customization in OOB solution:-

      1. ‘whenchanged’ attribute from Active Directory does not provide actual modified delta records as ‘whenchanged’ attribute can be modified by reset of user password.
      2. Value modification for User profile in LDAP on any attribute which is not used in integration can update ‘whenchanged’ attribute and that user profile unnecessarily fetch in delta data.
      3. If remedy admin create new job to upload the people record from LDAP it will always go in full mode,OOTB solution delta data upload works only for schedule jobs,

      Note:

          1. Integration described in this document is unidirectional from Active Directory to BMC Remedy AR System.
          2. This integration implements creation and modification of Active Directory User into BMC Remedy ITSM People form.
          3. No automatic ITSM user permissions and support group will be given to user created in ITSM.

     

    2.     Implementation Prerequisites

      1. Active Directory available and ready to be connected by BMC Remedy AR System.
      2. Active Directory details are available – Active Directory Host Name (or IP Address), Port Number.
      3. An Active Directory user credentials to connect with Active Directory. Such user must able to perform search users in Active Directory.

    3.     Back Up Steps

    Not Applicable

    4. Implementation Steps

    • Active Directory and BMC ITSM People Field Mapping –
    1. Below is the minimum field mapping to be used between Active Directory and Remedy ITSM.

    Active Directory

    BMC ITSM

    Company

    Company

    givenname

    FirstName

    Sn

    LastName

    email

    Corporate E-Mail

    Department

    Organization

    distinguishedName

    Region

    DepartmentNumber

    Department

    telephonenumber

    LocalBusiness

    PhisicalDeliveryofficename

    Site (Employee location)

    sAMAccountName

    Login ID

    ManagerLogin

    ManagerLoginID

    streetAddress

    Site Address

    Co

    Country

    l

    City

    employeeID

    Corporate ID

     

    Note:  Based on the usage of Active Directory attributes and which can be best match with ITSM People form fields can be further used to map or remap.

    Also based on the need or requirement some of the fields can be hardcoded in BMC Atrium Spoon Transformation.E.g. Region, Site Group

    • Remedy Development –
      1. Open Form CTM:LoadPeople from Developer Studio and from File menu click on Save as and give name as XYZ:CTM:LoadPeople.Note: Follow the Standard naming conventions for development activities as per development framework published
      2. Create field on XYZ:CTM:LoadPeople.

        Label

        Database Name

        Field ID

        Permission

        Name   |  Permission

        Checksum

        Checksum

        536870913

        Assignee| Change

        Public | Change

      3. Create filter on XYZ:CTM:LoadPeople form

    Name

    XYZ:CTM:LoadPeople_PushtoCTM:LoadPeople_800

    Execute On

    Merge

    Execution Order

    800

    Action

    If Action:-

         Push Field

    From Name:- CTM:LoadPeople

    Qualification :- 1=2

    If  No Request match :- Create New Request

    If Any request match:-  Modify All Matching Requests

    Select Checkbox :- Matching Ids

     

     

    • Spoon Development –
      1. Open OOTB transformation LDAP_People and save as with name as XYZ_LD AP_PeopleDataUpload.
      2. Edit the above created transformation as shown in Transformation Flow and Transformation Changes screen shots –

     

    Transformation Flow –

     

           

      Untitled.png

     

    Transformation Changes –

      Untitled.png

     

    Note: - IF you don’t have DB access for Database lookup you can use ARInput and Merge Rows (diff) in transformation to compare check sum. As in ARInput not having functionality to use stream field it might create performance issue on AR server. So recommended is Database lookup.

     

    Create Job –

              1. Open OOTB job LDAP_People and save as with name as XYZ_LD AP_PeopleDataUpload. And change the transformation to XYZ_LDAP_DataUpload.

     

     
      Untitled.png

     

     

    • Remedy Configuration – Register XYZ_LDAP_PeopleDataUpload Job in UDM console –
      1. Go to the Data Management -> Other Functions ->  Atrium Integrator Jobs, click on Create and fill below mentioned details then click on Save. Note: Make sure same Job name is provided as new job create in Create Job section in above step. In example job name is  “XYZ_LDAP_PeopleDataUpload”.Untitled.png
      2. From Atrium Integrator Job list select XYZ_LDAP_PeopleDataUpload job and click on Variable panel. Create all variables identical with OOTB LDAP_People job.
      3. For variable TMP_LDAP_FilterStr  specify value as objectClass=Person,
      4. Do not create variable with name as Search_FilterStr+,Custom_Filter+,New_Accts_Only+,Delta_Import+
      5. Navigate back to the Data Management Job Console -> Other Functions -> Search Template. Search for template name as LDAP_People and click on Search.
      6. Once template record is found click on button Copy Template and fill below mentioned information then click on Save.Untitled.png
      7. Again Search Template with name as XYZ_LDAP_PeopleDataUploadTemplate.
      8. Open Load Step and modify Atrium Integrator Name to XYZ_LDAP_PeopleDataUploadTemplate then click on Save.

    3.Running UDM Job to Load People Data from Active Directory

      1. Navigate back to Data Management Job Console. Provide a Job Name and Company and Save.
      2. From Steps section, click Create and select Using BMC Template.
      3. Select newly created Template. In this example it is XYZ_LDAP_PeopleDataUploadTemplate.
      4. Double click on Load Step and provide LDAP Details in Variables table
        Untitled.png

    Note:

    Search_Base can be like - CN=Users, DC=xyz,DC=com

    LDAP_FilterStr can be like – objectClass=Person

    4.Schedule UDM Job

      1. Navigate back to job ID link. Change status from Draft to Built and save job
      2. Scheduled field will be enabled. Select Yes and provide details as per requirement.

    5.Roll Back Steps

      1. Delete XYZ:CTM:LoadPeople form. This will delete all of the new filters created in this implementation. Or Disable or Disable all the new filters create in Remedy Development section.
      2. Delete UDB Job XYZ_LDAP_PeopleDataUpload registered and UDM Template XYZ_LDAP_PeopleDataUploadTemplate created for this integration.

     

     

    (Note: Designed with 9.0 with new release you can replace custom form and AR input step with AR Upsert steps, to handle check sum logic, Link for upsert AR Upsert step - Documentation for Remedy Action Request System 9.1 - BMC Documentation )