5.1 Creating LDAP Import Tasks

  1. In ZENworks Control Center, click Configuration > Asset Inventory.

    Configuration > Asset Inventory > LDAP Import Tasks panel
  2. In the LDAP Import Tasks panel, click New to launch the New LDAP Import Task Wizard.

  3. Complete the wizard by using information from the following table to fill in the fields.

    Wizard Page

    Details

    Define Details page

    Fill in the following fields:

    • Name: Provide a unique name for the import task. The name cannot include any of the following characters: / \ * ? : " ' < > | ` % ~

      If you want to use numeric characters in a name, you must include characters like _ , #, or ^ between the name and numeric value. A numeric value cannot immediately follow an alphabetic character. For example, if there is an existing task named ABC, you can create a new task with a name ABC_1 but not ABC1.

    • Description: Provide a short description for the import task. This description is displayed in the LDAP Import Task Details panel of ZENworks Control Center.

    Enter LDAP Settings page > Search pre-configured LDAP source option

    The Enter LDAP Settings page lets you identify the LDAP directory against which you want to perform the import task.

    A preconfigured LDAP source is one that has already been defined as a user source in your Management Zone. For information on how to create a user source, see Adding User Sources in the ZENworks 11 SP2 User Source and Authentication Reference.

    If you want to create a new connection to the LDAP directory, see Enter LDAP Settings page > Specify a new LDAP source option.

    LDAP Import Tasks Wizard

    To use an existing connection to the LDAP directory:

    1. Select Search pre-configured LDAP source from the drop-down list.

    2. In the Source to Search list, select the LDAP source you want to search.

      The Source to Search list contains only the directories that have been defined as user sources within your Management Zone.

    Enter LDAP Settings page > Specify a new LDAP source option

    The Enter LDAP Settings page lets you create a new connection to the LDAP directory to import inventory information.

    A new LDAP source is one that was defined as a new source when the import task was created.

    If you want to use an existing connection, see Enter LDAP Settings page > Search pre-configured LDAP source option.

    To create a new connection to the LDAP directory:

    1. Select Specify a new LDAP source from the drop-down list.

    2. Fill in the following fields:

      LDAP Server: Provide the IP address or DNS hostname of the server that has the LDAP directory installed.

      LDAP Port: Select the LDAP port number. The default is the standard SSL port (636) or non-SSL port (389), depending on whether this option is enabled or disabled. If your LDAP server is listening on a different port, select that port number.

      LDAP Root Context: Provide the root context to establish the entry point in the directory. If you do not provide a root context, the directory’s root container becomes the entry point.

      Credentials: Provide the credentials to acquire read-only access to the directory. You can have more than read-only access, but read-only access is all that is required and recommended.

      When accessing eDirectory, ensure that the account has read rights to the following:

      • WM:NAME DNS attributes on the workstation and server objects

      • All those attributes you want to import

      To add the credentials:

      1. Click Add to display the Enter Credential Information dialog box.

      2. In the Type drop-down list, select LDAP.

      3. In the Username field, specify the appropriate username.

        For Novell eDirectory access, use standard LDAP notation. For example, cn=admin_read_only,ou=users,o=mycompany

        For Microsoft Active Directory access, use standard domain notation. For example, AdminReadOnly@mycompany.com

      4. In the Password and Reenter Password fields, specify the user password.

      5. Click OK.

    3. (Optional) To save the credentials, select the Save credentials to datastore option.

      The saved credentials are encrypted in the database for increased security.

     

    Credentials that are not saved are cleared from memory when the ZENworks Server is restarted. If you are creating a scheduled import task, you should save the credentials to ensure that they are still available when the import task is performed.

    IMPORTANT:If an optional field is defined in the LDAP directory, it must be included in the dirimport.xml file on the ZENworks Server to make it available in the LDAP Fields list. For more information, see Optional fields are not visible in the LDAP Fields list in ZENworks Control Center.

    Map Fields page > Key option

    The Map Fields page displays the LDAP directory fields on the left and ZENworks Inventory fields on the right. The ZENworks Inventory Fields list displays the following information:

    • A small subset of possibly hundreds of classes defined in your LDAP source, showing only those relevant to ZENworks Asset Inventory.

    • All the Workstation and User administrator-defined fields.

    The Key option lets you define a key assignment for the LDAP Import task. You must define a key assignment for each task to uniquely identify the mapped fields. You can define only one key for each task.

    Key is a unique value that is assigned by mapping an LDAP field to a unique ZENworks Inventory field. When a task runs, the key field is searched for the stored key value. If the key is unique, the data from the specified LDAP fields is imported to the specified ZENworks Inventory fields. If the key is not unique, only the first hit is selected for mapping, which might result in incorrect mappings.

    To define a key assignment:

    1. In the LDAP Fields list, locate the field.

    2. In the ZENworks Inventory Fields list, select a corresponding key field from a similar class.

      All workstation-based LDAP fields can be mapped only to the ZENworks Inventory fields belonging to a Device class. Similarly, all user-based LDAP fields can be mapped only to the ZENworks Inventory fields belonging to a User class. Thus, you need to create two independent tasks for workstation-based and user-based fields.

      For example, while importing data from Active Directory, you want to define a key for the LDAP field called name belonging to a computer class (which is unique across the organization). You can select the ZENworks Inventory field called Machine Name belonging to a Device class.

    3. Click Key.

      After you define a key, = [LDAP Fields class] / [LDAP Fields name] is appended to the selected ZENworks Inventory field.

      For example, if you want to define the LDAP field called name belonging to a computer class and the ZENworks Inventory field called Machine Name belonging to a Device class as the key fields, the Inventory Device class Machine Name field changes to Machine Name = computer / name.

    Map Fields page > Map option

    The Map option lets you map one or more LDAP directory fields to the corresponding fields in the ZENworks Inventory database.

    To map an LDAP directory field to the corresponding ZENworks Inventory field:

    1. In the LDAP Fields list, locate a field you want to map.

    2. In the ZENworks Inventory Fields list, select a corresponding field from a similar class.

      All workstation-based LDAP fields can be mapped only to the ZENworks Inventory fields belonging to a Device class. Similarly, all user-based LDAP fields can be mapped only to the ZENworks Inventory fields belonging to a User class. Thus, you need to create two independent tasks for workstation-based and user-based fields.

      For example, while importing data from Active Directory, you want to map the LDAP field called displayName belonging to a user class. You can map it to the ZENworks Inventory field called First Name belonging to a User class.

    3. Click Map.

      Map Key Fields

      After you map the fields, <- [LDAP Fields class] / [LDAP Fields name] is appended to the selected ZENworks Inventory field.

      For example, if you want to map the LDAP field called displayName belonging to a user class to the ZENworks Inventory field called First Name belonging to a User class, the ZENworks Inventory User class First Name field changes to First Name <- user / displayName.

      If the size of the selected LDAP field exceeds the size of the corresponding ZENworks Inventory field, the data is truncated to the maximum size of storage and an error message is displayed in the Last Import Messages column. For more information on the error, see the loader-messages.log file located in the %ZENWORKS_HOME%\logs\ directory on Windows or see the /var/opt/novell/log/zenworks/loader-messages.log file on Linux.

    4. (Optional) To map additional fields, repeat Step 1 through Step 3.

    Map Fields page > Remove option

    To remove a field mapping:

    1. In the ZENworks Inventory Fields list, click a mapped field that you want to remove.

    2. Click Remove.

    To remove a key assignment from the selected field:

    1. In the ZENworks Inventory Fields list, click a field that is defined as a key.

    2. Click Remove.

      You must again define a key to uniquely identify the mapped fields. For more information, see Map Fields page > Key option.

    Set the Import Schedule page

    Configure the schedule when you want to run the import task, then click OK.

    LDAP Import Schedule
    • To immediately run the task after it is created, click Now.

    • To set up a schedule:

      1. Click On a schedule, then select one of the following schedules:

        • No Schedule: Indicates that no schedule has been set. The task does not run until a schedule is set or the task is manually launched. This is useful if you want to create the task and come back to it later to establish the schedule or run the task manually.

        • Date Specific: Specifies one or more dates on which to run the task.

          LDAP Import Schedule - Date Specific
        • Recurring: Identifies specific days each week, month, or on a fixed interval on which to run the task.

          LDAP Import Schedule - Recurring

          IMPORTANT:Ensure that you do not set the same schedule for multiple tasks. If done, the scheduled tasks might not run. For more information, see LDAP import tasks remain in a pending state if they run simultaneously.

      2. (Conditional) If you selected Date Specific or Recurring for the schedule, fill in the schedule’s fields.

        For more information on the schedules, click the Help button.

    Select Primary Server page

    Select the ZENworks Server that you want to perform the LDAP import task.

    LDAP - Primary Server

When you finish the wizard, the import task is listed in the LDAP Import Tasks panel. You can use the panel to monitor the status of the task. If the key is unique, the data from the LDAP fields is imported to the ZENworks Inventory fields based on the mapped assignments.

IMPORTANT:Before running a task, ensure that all the existing tasks are in a finished state. For more information, see the troubleshooting scenario LDAP import tasks remain in a pending state if they run simultaneously.