The "ldap_dn" has changed for users in LDAP. How do I get the same to be reflected in Service Desk?

Document ID : KB000049249
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Due to some organizational change, all the users in Service Desk are being moved from one container to another in LDAP.
How do I make sure the same gets reflected in Service Desk. Also, what precautions do I need to take?

Solution:

The existing contacts in Service Desk that have the old "ldap_dn" values, have been moved to a new container in LDAP (which implies that a different DN value is assigned).

Assuming that all the contacts were moved from the old CN to new CN. You will need to do the following:

  1. Ensure that the LDAP options in options manager are setup properly -

    ldap_search_base (The new Containers DN value) and
    ldap_dn (This specifies the DN value for logging into the LDAP server)

  2. Ensure that in the LDAP the login for these contacts has not changed.

    For example: If current user login in LDAP was 'DavidN' and the new user login on has been set to 'DavidNS', ensure that the Pre windows 2000 user logon is also set up as 'DavidNS'

    IMPORTANT: If there is a mismatch between them, when you run pdm_ldap_sync, the contact would become inactive as it does not find a match in Active Directory.

  3. Once the above 3 steps is taken care of at the Active Directory level, you only need to run "pdm_ldap_sync" and the contact will get updated with the new ldap_dn values.