000019644 - SecurID: How to import users from an iPlanet directory server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019644
Applies ToLightweight Directory Access Protocol (LDAP)
RSA ACE/Server
IssueSecurID: How to import users from an iPlanet directory server
Returned message "no ldap search results Success"
No users imported to ACE/Server database
ResolutionA better understanding can be gained by the test performed below to import data from an iPlanet directory server:

Command used:

sdaceldap -v -h 192.168.1.169 -p 389 -D "cn=Directory Manager" -w password -b "ou=people, dc=bell, dc=net" -d import -m netscape.map -s sub -o ldap.csv "objectclass=person"

Disguised Name = bell.net, people where ou=people, dc=bell, dc=net (e.g. domain is www.bell.net)

Results:

VERSION="1",DIRECTION="import",LDAPPREFIX="ldap://192.168.1.169/"
                chDefaultLogin="uid",
                chLastName="sn",
                chFirstName="givenname",
                chLDAPSource="dn"
                "JLBell","Bell","Julia","uid=JLBell,ou=People, dc=bell,dc=net"
                "BBell","Bell","Bronwyn","uid=BBell,ou=People,dc=bell,dc=net"
                "MBell","Bell","Mark","uid=MBell,ou=People, dc=bell,dc=net"
                "JABell","Bell","Jake","uid=JABell,ou=People,dc=bell,dc=net"

                ** The above shows an example of names in the .CSV file that do not yet exist in the ACE/Server **

The ACE/Server administration interface has Users / Manage LDAP Users. An administrator would select an Input File... and chose a filename (e.g. ldap.csv). The LDAP Users in that file appear on the left and the administrator chooses the Login names required and moves the names to Users to be Processed. Using the Process button adds the users to the ACE/Server database.

Three of these names from the .CSV file were manually imported, say JLBell, BBell, and JABell, and processed into the ACE/Server.

Executing the sdaceldap utility again with the same parameters as before and the results were:

        
VERSION="1",DIRECTION="import",LDAPPREFIX="ldap://192.168.1.169/"
                chDefaultLogin="uid",
                chLastName="sn",
                chFirstName="givenname",
                chLDAPSource="dn"
                "Mbell","Bell","Mark","uid=Mbell,ou=People, dc=bell,dc=net"

                ** MBell did not exist in the ACE/Server, as this name was not previously imported - hence the name appearing in the file **
Legacy Article IDa10938

Attachments

    Outcomes