Custom LDAP - Oracle & SQL Server


One large challenge many organizations face when deploying Clarity is how to keep user accounts up to date. This can be a very time consuming process when done manually. Clarity provides two stock LDAP jobs that can be used to create and deactivate Clarity users based on data obtained from LDAP. When a user is created in Clarity by the stock LDAP job their First Name, Last Name, Full Name, User Name, Resource ID, and Email address are pulled into Clarity. While this gives a Clarity administrator a good start there are many other time consuming activities that go into setting up a new user with Clarity access. Many organizations have the additional information needed to fully establish a Clarity user stored in their LDAP directory but the stock job is not written to use these additional attributes.

In these cases, a custom LDAP job can be written in place of, or as a supplement to, the stock LDAP jobs. A custom job eliminates the limitation of querying LDAP for only the six fields that the stock Clarity job uses. It also allows for additional logic to be applied to establish a more complete user account at the time of creation, and to keep existing information up to date.

The first step is to define the business requirements around what fields are needed to establish a new user and what fields are to be kept in sync with LDAP for existing users. Common requests are to populate the resource manager, booking manager, OBS, active/inactive, open for time entry, and financial fields based on the LDAP data. Logic can be applied to add resources to selected projects based on their business unit or add users to security groups based on their group membership in LDAP. Custom names can be populated in the Clarity database in instances where professional titles are important.

The Rego approach uses a GEL script that calls methods of a custom java class. The java class can be customized to query LDAP for various fields based on the business requirements. When the job is initiated the java class will read the LDAP and database connection parameters from the Clarity CSA, execute the custom LDAP query, and insert the results into a custom database table (the java class will create the table if it doesn't already exist).

Once the staging table is populated with LDAP data the job will determine which records do not exist in Clarity. It will build and execute a XOG that will add the user/resource records to the database. The next steps are determined by the business requirements but typically involve updating existing records using XOG or SQL.

Download Details
Submission Date Sep 21, 2012 9:24 pm
Submitter Rego
Content Type Other
Work Type
Work Categories
Related Content
Supported Versions 12.x, 13.x, 14.x, 15.x
Special Instructions Because of the challenges outlined, we do not recommend this technical trick without help from Rego Consulting. We estimate 20-60 hours of support. The time needed is based solely on the complexity of the requirements for your custom job.
Company Rego Consulting