The access type is not assigned but is set to null when a new contact is generated from the LDAP integration.
search cancel

The access type is not assigned but is set to null when a new contact is generated from the LDAP integration.


Article ID: 50211


Updated On:


CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager



The access type is not assigned (it is set to null) when a new contact is generated from Active Directory LDAP with the "ldap_enable_groups" option turned on.

This occurs when the situation is as follows:

  1. The LDAP user joins the 'Domain Users' group in Active Directory.

  2. The LDAP Access Group field for the access type is set to 'Domain Users' on the Access Type Detail form (see Figure 1).

    Figure 1. Access Type Detail

    <Please see attached file for image>

    Figure 1

  3. A user who is defined to LDAP, but who is not defined to Service Desk Manager, logs in. For example, Figure 2 shows a situation in which the contacts named 'LDAP01' does not exist in the Contact List in Service Desk Manager.

    Figure 2. 'LDAP01' and 'LDAP02' don't exist.

    <Please see attached file for image>

    Figure 2

  4. The user is created automatically as new. The log in attempt to Service Desk by the generated user now succeeds as shown in Figure 3. Note that the contact, in this example, has an out-of-the-box Access Type of Vendor Staff for which the only role is Vendor Analyst which only has a single tab as shown so it is displayed as shown.

    Figure 3. Logging into Service Desk Manager by the generated contact, LDAP01, succeeds.

    <Please see attached file for image>

    Figure 3

  5. Login to Service Desk Manager as an Administrator user.

  6. Review the contact detail of the generated contact.

  7. You will see the null value in the Access Type field as Figure 4.

    Figure 4. Generated contact's Access Type is empty.

    <Please see attached file for image>

    Figure 4

    However, when the LDAP user joins a specific group, other than 'Domain Users', and the LDAP group specifies it, the assignment works without any problems.


This behavior is by design.

Service Desk Manager assumes that the contact that generated by 'LDAP Access Group = Domain Users group' does not have any privileges on the system. Hence, the contact that is generated by linking the "Domain Users" group in Active Directory to an Access Type in Service Desk Manager does not provide anything.

You can see the same behavior when you generate a new contact on the GUI. When you create a new contact, the null value is in the access type field. However, when the contact logs in to Service Desk Manager, the screen that is displayed is the one that corresponds to the access type of the Domain Users group.

In both of these situations, you can set a specific access type on the contact detail and save it. After that, the access type that is set is displayed on the contact detail screen.


Component: ARGIS


1558698195623000050211_sktwi1f5rjvs16o9j.gif get_app
1558698193837000050211_sktwi1f5rjvs16o9i.gif get_app
1558698192147000050211_sktwi1f5rjvs16o9h.gif get_app
1558698189928000050211_sktwi1f5rjvs16o9g.gif get_app