Import LDAP Users

If you have LiveCompare Administrator privileges, LiveCompare allows you to import users from the LDAP server and security group specified in an Import Specification defined in the LiveCompare hierarchy. When an LDAP user logs into LiveCompare, their username and password are authenticated with the appropriate LDAP server and security group.

To import LDAP users, carry out the following steps:

  1. Create an LDAP Import Specification if required

  2. Select an LDAP Import Specification from the Administration/LDAP Import Specifications folder in the LiveCompare hierarchy, and choose ‘Import Users’ from the context menu.

The user accounts obtained from the Import Specification’s LDAP server and security group are imported into LiveCompare. Each user account is assigned the role selected in the Import Specification, and added to each of the resource groups selected in the Import Specification.

  • If an imported account has been created manually in LiveCompare, it is converted to an LDAP account and assigned the role specified in the Import Specification.
  • If an imported account already exists in LiveCompare, it is added to the resource groups selected in the Import Specification, and removed from any other resource groups.

When the import has finished, a summary message box is displayed which indicates the number of LiveCompare accounts that were added, updated or removed.

Imported LDAP users are assigned to the Development, Testing, InfoSec and Operations DevOps teams.

A LiveCompare user may be included in more than one import specification group. In this case, any of the user’s import specifications may be used to authenticate their login. LiveCompare keeps track of which import specification groups a user belongs to in order to maintain their resource group assignments when any of the import specifications are imported.

Resource Group membership examples

The following examples show how LDAP imports affect a user’s resource group membership.

  • Group A contains User1, and is associated with Resource Group A. User1 was previously imported from Group B, associated with Resource Group B. When Group A is imported, the resource group lists for Group A and B are merged, and User1 will be a member of Resource Groups A and B.
  • User2 was previously in Groups A and B, but has just been removed from Group B. If Group B is imported, the User2 account will remain in LiveCompare, but it will only be a member of Resource Group A.
  • User3 was previously only in Group A, but has been removed from this group. When Group A is imported, User3 will be removed from Resource Group A and deleted from LiveCompare.
  • User4 was previously only in Group A, but has been removed from Group A and added to Group B. If Group B is imported first, User4 will be added to Resource Group B and will be able to access Resource Group A until Group A is imported. If Group A is imported first, User4 will be deleted, and then recreated when Group B is imported. In each case, after both groups are imported, User4 will have access to Resource Group B only.

If a user’s account is imported from two Import Specifications, one with the Editor role and one with the Consumer role, the user’s account with be assigned the Editor role. In this case, a Consumer account may be promoted to an Editor account, however an Editor account will never be demoted to a Consumer account. The Administrator role may not be assigned during an LDAP import.

Preserve Resource Group assignments

By default, if imported LDAP user accounts already exist in LiveCompare, they are removed from their current resource groups and assigned to the resource groups specified in the associated Import Specification. However, this behavior may be changed in the Configuration - Security screen by setting the PreserveResourceGroupAssignments field to a non-empty value. If this is done, the existing users will retain their resource group assignments. Newly-created users are always assigned to the resource group associated with the import specification, regardless of the PreserveResourceGroupAssignments setting.

Schedule LDAP imports

If an Import Specification’s Scheduling tab has been completed and the schedule has been enabled, imports of LDAP users are performed according to the schedule. A summary message box is not displayed for scheduled imports.