...
This article provides a quick overview of the procedures of installing, configuring, and running the ADSync utility. To integrate ADSync Utility with the CA Cloud Serviceaide Intelligent Service Management application, perform the tasks that are described in this article.
...
- Create the organization structures of the records in CA Cloud Intelligent Service Management before you start using the ADSync Utility. In the absence of the organization structure, users are not mapped to their respective organizations.
- The latest version of Java (version 8 or later) is installed on the system where you install the ADSync Utility.
- The system has network connectivity with the Active Directory (You can install on the AD server itself).
...
- Download the ADSync utility from the Downloads section within CA Cloud Intelligent Service Management. Navigate to MANAGE, ADMINISTRATION, Tools, MANAGE> ADMINISTRATION> Tools> Downloads.
- Create an account on the Active Directory (AD) which can access and run queries on the active directory server.
- Unzip the ADSync folder.
- On the system where you unzip the ADSync Utility, modify the environment variable path. Navigate to My Computer, Computer> Advanced Settings, Settings> Environment Variables, Variables> Path.
Set the path to the install bin directory of the JRE installation.
...
- LDAP GC and LDAP DC: These values are generally the same. Change these values to your AD server or the domain controller.
Example:
# Global Catalog Server
ldap.gc=ldap://localhost:3268
# Domain Controller Server
ldap.dc=ldap://localhost:389 - Authtoken and slicetoken: These values are auto-populated when you download the ADSync Utility. DO NOT edit these values. If you happen to edit these values by mistake, download the ADSync Utility again.
- action.url: The action.url is the URL to your application instance. This value is auto-populated when you download the ADSync Utility. DO NOT edit this value. If you happen to edit this value by mistake, download the ADSync Utility again.
Note: For large transactions, the support team can provide you with a direct URL to the application, to resolve timeout issues. Only in such cases, you can update this attribute manually. - LDAP Bind credentials= LDAP Bind credentials is the service account that you created in the AD.
- send.data: This parameter determines whether to stream data over to Cloud service management to Intelligent Service Management or not. The value is set to Yes. However, you can set it to No while running the ADSync Utility for diagnostic purposes.
...
The application cycles through each Organization Unit (OU) and looks for users in accordance with the search criteria. Enter the DN of container that you want to sync.
Example:
OU=HR,DC=ForwardInc,DC=ca,DC=com
ADSync Utility syncs users from the HR organization to the application with the following search base.
If the file is empty, the utility pulls all the data from the LDAP server.
...
This file is used to map fields from AD with the fields in CA Cloud Intelligent Service Management. Configure it by mapping the application attributes with their corresponding AD attributes, in the following format:
CSM Intelligent Service Management attribute=AD attribute
For more information about these files and attributes, see Configure the ADSync Utility and look for attribute_map.list.
...
- Click the View Site Information icon (the lock icon) next to the application URL in your browser address bar.
- Navigate to Certificate, Details, and click Copy to File.
- Click Next and set the format as .DER encoded binary X.509 (.CER).
- Click Next, enter the file name, and save the file.
- Click Next, verify the path, and click Finish.
- Copy the saved certificate file to the ADSync root (ad-user-sync\) location.
- Navigate to ad-user-sync\ location.
- Import the saved certificate file to the ADSync local keystore si, by running the following command from the ad-user-sync location:
Keytool –import –trustcacerts –alias aliasname –keystore si –file saved_certificate_file_name.cer- Use itmaas as password, when prompted for one.
- Alias name could be anything, for example, CSM Intelligent Service Management-AD-connection.
- After the command runs successfully, a file name si is created in ad-user-sync location.
...
You can test the ADSync Utility without actually sending data to CA Cloud Intelligent Service Management. Set the send.data attribute in the sync.properties file to No.
...
The following diagram explains how the ADSync Utility works:
See Get Started with ADSync Utility for more details.
...
- Sync data log file: After the synchronization is done, CSM Intelligent Service Management generates an XML file that is written to <install directory>\sync\logs\sync_data.log.0. Any error during the synchronization can be seen here.
- Backup file: The backup file is generated at the following location:
<Install directory>\sync\backup
The backup file stores the changes that are written in the data after the last successful synchronization.
For more information about troubleshooting tips, see Troubleshoot ADSync Utility Errors. Widget Connector