search cancel

LDAP Import wipes out Access Types on contact records


Article ID: 4600


Updated On:


SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager


After running pdm_ldap_import to import contacts from LDAP into CA Service Desk Manager, the access type on existing contacts was removed and set to NULL.


In CA Service Desk Manager, there is an option in options manager called "ldap group enable".  When this option is turned on, what the system does does is match an LDAP Group to an Access Type in CA Service Desk Manager.  Thus, when importing users via pdm_ldap_import, or updating users via pdm_ldap_sync, it will give the user the access type that matches their group in LDAP. The key to this function is that the LDAP groups and access types much match exactly, at which point it will look at the users group, match it to the access type with the same exact name in CA Service Desk Manager, and give the contact that access type. IF the user's group(s) do not match an access type, it will blank out the access type field on the CA Service Desk Manager side when a sync/import is done. 


CA Service Desk Manager (All Versions)


There are a few options to resolve this:

Option 1:  Turn off the LDAP Group Enable option in options manager.  This way when doing an LDAP import or sync, it will not overwrite or blank out the access types if they don't match up.

Option 2:  Ensure that you have proper access types created that match the LDAP groups exactly as they are in LDAP. Thus when you do an LDAP import or sync, it will assign the matching access type to the contacts.

Additional Information

See more information about LDAP here: