Versions Compared

Old Version 7

changes.mady.by.user Prasanna Nagaraj

Saved on

compared with

New Version 8

changes.mady.by.user sneha.tripathi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Intelligent Service Management Field Name

Active Directory Service Field Name

Comments

first_name

givenName


last_name

sn


job_title

title


e_mail

mail


user_login

sAMAccountName


manager

manager

Follow these rules:

  • You cannot combine AD values and static values while representing this attribute.
  • If you use the AD value, pass it as:
    manager=manager
  • If you use a static value, you can define it only in one of the following formats:
    • Either "LastName" or "FirstName", without any spaces.
    • "LastName, FirstName ". Do include the comma and single space between the last name and first name.

Note: You cannot refer to the manager attribute in the AD in ${manager} format. So, you cannot combine it with any other AD attribute or static value while defining an attribute.

primary_support_group


The spelling of the value that is provided in this attribute must match exactly with the corresponding value in Intelligent Service Management.

For example, "administrator" is a primary support group in Intelligent Service Management. If you misspell the group as "aministrator" in the mapping, then the user is not mapped to the required group.

This value is not case-sensitive.

The value that you specify here is ignored if:

  • The value does not match with any group in Intelligent Service Management.
  • The value matches with an inactive group in Intelligent Service Management.

You can enter only one primary_support_group for a user.

support_groups


The spelling of the value that is provided in this attribute must match exactly with the corresponding value in Intelligent Service Management.

This value is not case-sensitive.

The value that you specify here is ignored if:

  • The value does not match with any group in Intelligent Service Management.
  • The value matches with an inactive group in Intelligent Service Management.

You can enter multiple support_groups for a user, separating them with a semicolon (;).

If you have multiple support groups, you can pass them as either a static string or an active directory attribute. Consider the following rules while passing multiple values:

  1. If you want to use AD attributes, you can enter only one AD value in this file. Your definition of that AD attribute itself must include all the group names, separated by semicolons. For example, you want to pass the groups admin and public for a user. You can have an attribute that is named supportgroup in active directory and you can define its value within active directory as "admin; public". So, the mapping in the attribute_map.list looks like: support_groups=supportgroup
  2. If you pass a static string, you can do so by putting all the group names together, separated with semicolons, and included within quotes. So, the mapping in the attribute_map.list looks like: support_groups="admin; public"

Also see, override_existing_support_group_values attribute.

override_existing_support_group_values"False"

This attribute is supplementary to the support_groups attribute. With this attribute, you can specify whether the value passed for the support_groups attribute overwrites the existing value or is appended to it.

This attribute can have one of the following two values:

  • False: This is the default value. When the attribute is set to false, existing values are NOT overwritten.
  • True: When the attribute is set to true, existing values are overwritten.

Any invalid value for this attribute is treated as "False". This attribute affects only the support_groups attribute.

license_type

"1"

You can either directly provide a value as a static string or pass the corresponding attribute from active directory. To pass the value as a static string, put it in double quotes. The valid values are: 0, 1, 2, and 4, where:

  • 0 = Fixed License
  • 1 = Self-Service User
  • 2 = Floater License
  • 4 = Web Service User

The default value is 1.

Note: When the license type is 1, then the primary_support_group is automatically set to Self-Service. The value that is provided while defining the primary_support_group attribute is ignored. If you do not map this attribute or enter an invalid value, the license type is set to Self-Service (1) by default.

language

"en_US"

You can either directly provide a value as a static string or pass the corresponding attribute from active directory. To pass the value as a static string, put it in double quotes.

For a list of all valid language codes, see Set Locations and Time Zones.

The default language is “en-US”.

This attribute is not case-sensitive.

org_name


Note: The mapping of org_name is governed by strict rules. For more information about this attribute, see Configure the org_name Attribute.

lvl1_name

company

Note: Always use the org_name attribute instead of lvl1_name, lvl2_name, and lvl3_name. If you are using the org_name attribute, there is no need to define lvl1_name, lvl2_name, and lvl3_name. These levels are only provided for backwards compatibility with earlier versions of the application.

lvl2_name

physicalDeliveryOfficeName

lvl3_name

department

phone1

telephoneNumber


phone2

mobile


...

Note

Always use the org_name attribute instead of lvl1_name, lvl2_name, and lvl3_name. If you are using the org_name attribute, there is no need to define lvl1_name, lvl2_name, and lvl3_name. These levels are only provided for backwards compatibility with earlier versions of the application. For more information about these levels, see attribute_map.list File. You can also define lvl1_name, lvl2_name, and lvl3_name with the org_name attribute. However, the utility gives a higher priority to the hierarchy defined in the org_name attribute.

Anchor
EnableanSSLEnvironmentfortheADSyncUtility
EnableanSSLEnvironmentfortheADSyncUtility
Enable an ISM SSL Environment for the ADSync Utility

To enable an SSL environment for the ADSync Utility, perform the following steps:

  1. Click view site information (the lock icon) next to the Intelligent Service Management URL in your browser address bar.
  2. Navigate to Certificate, Details, and click Copy to File.
  3. Click Next and set the format that you want to use as .DER encoded binary X.509 (.CER).
  4. Click Next, enter the file name, and save the file.
  5. Click Next, verify the path, and click Finish.
  6. Copy the saved certificate file to the ADSync root (ad-user-sync\) location.
  7. Run the keytool command from the ADSync root (ad-user-sync\) location.

  8. Import the saved certificate to the ADSync local keystore si by running the following command from the ADSync root:
    keytool -importcert -trustcacerts -alias aliasname -keystore si -file saved_certificate_file_name
    Note: To run the keytool command from the ADSync root, you need jre/bin in your PATH environment variable.
    Replace aliasname with the alias of your choice. For example, cacloudsmcert.
    Replace saved_certificate_file_name with the name of the saved certificate file. For example, cacloudsmcert.cer
    Use itmaas when prompted for password. The command prompt asks you to confirm whether the certificate can be trusted. Enter y.
    A message displays stating that the Certificate was added to keystore.

Anchor
EnableLDAPSSLEnvironmentfortheADSyncUtility
EnableLDAPSSLEnvironmentfortheADSyncUtility
Enable LDAP SSL Certificate for the ADSync Utility

To enable an LDAP SSL certificate for the ADSync Utility, perform the following steps:

  1. Get the LDAP SSL certificate either .DER or .CER format
  2. Run the keytool command from the ADSync root (ad-user-sync\) location.
  3. Import the saved certificate to the ADSync local keystore si by running the following command from the ADSync root:
    keytool -importcert -trustcacerts -alias aliasname -keystore si -file saved_certificate_file_name
    Note: To run the keytool command from the ADSync root, you need jre/bin in your PATH environment variable.
    Replace aliasname with the alias of your choice. For example, cacloudsmcert.
    Replace saved_certificate_file_name with the name of the saved certificate file. For example, cacloudsmcert.cer
    Use itmaas when prompted for password. The command prompt asks you to confirm whether the certificate can be trusted. Enter y.
    A message displays stating that the Certificate was added to keystore.

Follow the below steps to verify the certificates in the keystore:

  1. Copy the si file to a directory.
  2. Execute the below command:

    E:\>keytool -list -keystore si
    Enter the keystore password, Keystore type and Keystore provider.

  3. Upon successful certificate import, 2 certificate entries should be available in the Keystore.

Note

This procedure is verified on Internet Explorer and Chrome browsers.

...