Specifies the LDAP server’s base DN or domain. For example, to specify an Active Directory domain, enter one of these formats:
unipraxis.com
or
dc=unipraxis,dc=com
Specifies the base context for import operations in the LDAP directory. All users and groups at and below this level will be copied into CA DataMinder. For example:
ou=dept,ou=room
Specifies the target parent group in the CA DataMinder user hierarchy. All imported users and groups will be added to this parent group. You must specify the path to this group, relative to the root‑level ‘Users’ group.
Derives a user's group from the LDAP attributes in this comma separated list. You can specify a single /ga parameter, set to a comma-separated list of LDAP attributes, or you can specify multiple instances of the /ga parameter, each set to a single LDAP attribute; the instances are processed in the order in which they occur in the command or configuration file. For example:
/ga division,department,team
Or
/ga division /ga department /ga team
Specifies that users imported into CA DataMinder will have a flat hierarchy. That is, new accounts for all imported users will be created in a single group. The target group is the group specified by the /wr parameter—see above.
The LDAP directory structure, or the structure specified in a data file, may contain empty containers. These may hold subcontainers or other items, but no users. This parameter creates corresponding empty user groups in CA DataMinder.
Note: To use the /ce parameter, the /ca parameter must also be set.
If your existing CA DataMinder hierarchy contains users not present in the LDAP directory or data file, this parameter moves them to an ‘exceptions’ group, defined by the /eg parameter—see below.
If required, you can use this parameter in conjunction with /ee parameter to move unknown users and exempt them from policy.
Note: Users prepended with a domain name other than the one set in the /pd <domain> parameter (see below) are not moved.
Used in association with /me. This parameter specifies the target ‘exceptions’ group. This can be any group in the CA DataMinder user hierarchy. You must specify the full path to the group, relative to the root-level ‘Users’ group. For example, this specifies the Users/Non-LDAP users subgroup:
/eg "Non-LDAP users"
If this parameter is omitted and /me is set, Account Import creates a default ‘Exceptions’ group, immediately below the root-level ‘Users’ group.
Prefixes new CA DataMinder user names with the specified domain name. You do not need to add a backslash. If the user names in the LDAP directory or data file do not have a domain prefix (that is, the user name does not contain a backslash), this setting will automatically add one.
Specifies which LDAP attributes are written to the email address table in CA DataMinder.
Important! You must also include the /at parameter, otherwise any /ml attributes you specify will not be written to CA DataMinder user accounts—see the /at parameter.
You can specify a single /ml parameter, set to a comma-separated list of LDAP attributes, or you can specify multiple instances of the /ml parameter, each set to a single LDAP attribute. For example:
/ml mail,proxyAddresses,legacyExchangeDN
Or
/ml mail /ml proxyAddresses /ml legacyExchangeDN
Important! For ease of maintenance, we strongly recommend you use multiple instances of /ml.
The /ml parameter also enables you to modify email addresses in the LDAP directory before writing them to the CMS database. To do this, you specify a conversion expression.
Note: If you use the ICAP agent to integrate with BlueCoat ProxySG servers, you must use the /ml parameter to import the distinguishedName attribute.
Specifies that emaildelete commands are carried out during the import or synchronization process. If you specify this parameter:
If you do not specify this parameter (this is the default), emaildelete commands are ignored.
Use with caution
Important! Use this parameter with caution! If an emaildelete command removes an email address from a user’s address list, any events associated with the deleted email address are no longer associated with that user.
If you use the /ed parameter to clean up a misconfigured import operation, be aware that valid email addresses may also be removed. Instead, you may prefer to remove problematic email addresses using the Administration console or a manually produced command file. Use individual emaildelete commands to specify the user and associated email address that you want to remove.
Specifies which LDAP attributes are written to account attributes of CA DataMinder users.
Important! You must also include the /at parameter, otherwise any /al attributes you specify will not be written to CA DataMinder user accounts—see /at.
You can specify a single /al parameter, set to a comma-separated list of LDAP attributes, or you can specify multiple instances of the /al parameter, each set to a single LDAP attribute; the instances are processed in the order in which they occur in the parameter file. For example:
/al division,employeeID,rank
Or
/al division /al employeeID /al rank
Important! For ease of maintenance, we strongly recommend you use multiple instances of /al.
LDAP attributes are assigned to CA DataMinder account attributes in the order in which they occur. That is, the first LDAP attribute is assigned to UserAttribute1, the second to UserAttribute2, and so on. In both examples above, the LDAP attribute Rank is assigned to UserAttribute3.
The /al parameter also enables you to:
/al <attribute1><SV separator><attribute2><SV separator><attribute3>
For example:
/al Building,Floor,DeskNumber
|
Copyright © 2014 CA.
All rights reserved.
|
|