Close
Thank you for your feedback.

Differences between LDAP transform maps and legacy import maps

Differences between LDAP transform maps and legacy import maps

When specifying LDAP mapping relationships using transform maps, there is a major difference in how reference fields are set for manager and department.

When using a transform map, it is necessary to use a transform script to create references. This is because the value associated with an LDAP attribute like "manager" is the distinguished name (DN) of the manager.

Without some extra logic in place, the result is the creation of a user record with a manager name that is the distinguished name of that user in LDAP. The integration includes a transform script to facilitate the creation of these references. The default transform map "LDAP User Import" includes transform scripts for these references.

Existing mapping relationships

When updating legacy import maps to transform maps, you can retain the LDAP mapping relationships that existed prior to the addition of the System LDAP application. The LDAP server has a Map field that is a reference to the legacy import map.

Note: By default this field is hidden, so you have to configure the form to display it.
If you want to transition to using a transform map, clear the reference to the legacy import map.

LDAP import map settings

Verify and use attributes to limit the fields the integration imports from the LDAP source. Additionally, it is important to map the user_name field to the LDAP attribute that contains the user's login ID. For Active Directory this is usually the sAMAccountName attribute. If you would like to import and coalesce on a binary attribute (such as objectSID or objectGUID), you have to create a custom transform script.

Note: Any value mapped to the user_name field must be unique.

If you do not specify a transform map (such as LDAP User Import), the integration uses the following default mappings:

Table 1. LDAP import default mapping
User field or variable LDAP attribute
user_name sAMAccountName
email mail
phone telephoneNumber
home_phone homePhone
mobile_phone mobile
first_name givenName
last_name sn
title title
department department
manager manager
middle_name initials
u_memberof groups
u_member members
u_manager manager

Products > ServiceNow Platform > Platform Security; Versions > Istanbul