Skip to main content

Is there a way to set the LDAP to restrict it to only load new users from an active directory instead of using the full scan or normal scan option ?

Hi @mollo ,

 

It is possible to limit user import from LDAP based on three levels:

 

1. Define which OU you want to import users from.

2 Set the LDAP integration to import from all OUs, but with a condition of group membership (only import users if they are members of a certain group).

3. Set the LDAP integration to import from all OU's, but with a condition being one of the user's attributes.

The way our LDAP integration works does not really allow just synchronizing new users and leaving the ones which are already imported unchanged. That happens also because of the fact that for a Domain account (which is AD), the password will be updated at periodical times (or on demand). SysAid will also need to synchronize the password hence the need of getting the information for existing users as well. There are also cases where attributes (such as location for example) are updated for users in AD, as a result, it would be beneficial to have this updated in SysAid as well. If you could be so kind as to provide us with a use-case where it would be beneficial not to sync users which are already imported, but only import new ones which are created in AD, this can be evaluated as a feature request for further development of our product.

You can find more details about LDAP here. If you still need assistance, do let me know what you’re trying to achieve and I can help.


The main use case of this would be to assure when adding new users to the system you can quickly add them to sysaid without taking a lengthy scan.


Thank you for your quick reply

 


Reply