Data Protection - How to concatenate LDAP attributes to create hierarchy Group names.

Document ID : KB000009629
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

To simplify mass deployments, Account Import enables administrators to import user details into CA Data Protection from an external Lightweight Directory Access Protocol (LDAP) directory or a source file. Account Import can import new users and groups into the existing CA Data Protection user hierarchy, or it can reorganize existing users to synchronize them with an external hierarchy. It can also import user attributes such as email addresses and employee IDs.

Background:

Account Import can import user details from several sources and supports two import methods: command line operations (which can be scheduled to keep your LDAP directory and CA Data Protection user hierarchy synchronized) and the Account Import wizard.  This technical document discusses the command line operations. 

 

The command line operation executes from the default install system directory (i%wgninstalldir%\system) see the example below:

 

C:\Program Files (x86)\CA\CA DataMinder\system>wgninfra -run wigan/infrastruct/accounts/AccountImport /op ldp.opt

 

 

The options file (i.e. ldp.opt) is a text file that contains a series of instructions for accessing your LDAP source and integrating it with the CA Data Protection hierarchy. For example;

 

/ca

/re

/at

/sv Wincon

/un Administrator

/pw P@ssword07

/dn tom.local

/me

/eg "Non-LDAP users"

/pd TOM

/ua 'EmployeeID'

/ga Division,Department

/ml 'mail'

/ml 'proxyAddress'

/ml 'legacyExchnageDN'

/al 'EmployeeID'

/al 'Division'

/al 'Department' 

 

In the example above the /ga attribute is employed.  

Syntax:

/ga <LDAP attribute list>

 

This derives a user's group from the LDAP attributes in a comma separated list. You can specify a single /ga parameter, set to a comma-separated list of LDAP attributes, or you can specify multiple instances of the /ga parameter, each set to a single LDAP attribute; the instances are processed in the order in which they occur in the command or configuration file. For example:

/ga division,department,team

Or

/ga division

/ga department

/ga team

 

Using the example /ga Division,Department this will produce the following style of hierarchy structure.

concat2.jpg

 

 

 

Environment:
CA Data Protection 15.x
Instructions:

If you wish to concatenate the LDAP attributes to form the group names in the CA Data Protection Hierarchy you can use the following syntax:

/ga <LDAP attribute>["{???%untilEnd%}"]<LDAP attribute>["{???%untilEnd%}"]

 

For example;

/ga Division["{???%untilEnd%}"]Department["{???%untilEnd%}"]

 

This will provide output in the following structure:

 

concat1.jpg

 

Note: All concatenated groups using the /ga switch will automatically use s pipe ('|') to separate the LDAP attributes.

Additional Information:

For more information on configuring the options file and for further examples please refer to the CA Data Protection Documentation