Importing LDAP Users

If you have LiveCompare Administrator privileges, LiveCompare allows you to import users from the LDAP server and security group specified in an Import Specification defined in the LiveCompare hierarchy. When an LDAP user logs into LiveCompare, their username and password are authenticated with the appropriate LDAP server and security group.

To import LDAP users, carry out the following steps:

  1. Create an LDAP Import Specification if required

  2. Select an LDAP Import Specification from the Administration/LDAP Import Specifications folder in the LiveCompare hierarchy, and choose ‘Import Users’ from the context menu.

The user accounts obtained from the Import Specification’s LDAP server and security group are imported into LiveCompare. Each user account is assigned the role selected in the Import Specification, and added to each of the projects selected in the Import Specification.

  • If an imported account has been created manually in LiveCompare, it is converted to an LDAP account and assigned the role specified in the Import Specification.
  • If an imported account already exists in LiveCompare, it is added to the projects selected in the Import Specification, and removed from any other projects.

When the import has finished, a summary message box is displayed which indicates the number of LiveCompare accounts that were added, updated or removed.

Imported LDAP users are assigned to the Development, Testing and Operations DevOps teams.

A LiveCompare user may be included in more than one import specification group. In this case, any of the user’s import specifications may be used to authenticate their login. LiveCompare keeps track of which import specification groups a user belongs to in order to maintain their project assignments when any of the import specifications are imported.

Project Membership Examples

The following examples show how LDAP imports affect a user’s project membership.

  • Group A contains User1, and is associated with Project A. User1 was previously imported from Group B, associated with Project B. When Group A is imported, the project lists for Group A and B are merged, and User1 will be a member of Projects A and B.
  • User2 was previously in Groups A and B, but has just been removed from Group B. If Group B is imported, the User2 account will remain in LiveCompare, but it will only be a member of Project A.
  • User3 was previously only in Group A, but has been removed from this group. When Group A is imported, User3 will be removed from Project A and deleted from LiveCompare.
  • User4 was previously only in Group A, but has been removed from Group A and added to Group B. If Group B is imported first, User4 will be added to Project B and will be able to access Project A until Group A is imported. If Group A is imported first, User4 will be deleted, and then recreated when Group B is imported. In each case, after both groups are imported, User4 will have access to Project B only.

If a user’s account is imported from two Import Specifications, one with the Editor role and one with the Consumer role, the user’s account with be assigned the Editor role. In this case, a Consumer account may be promoted to an Editor account, however an Editor account will never be demoted to a Consumer account. The Administrator role may not be assigned during an LDAP import.

Preserving Project Assignments

By default, if imported LDAP user accounts already exist in LiveCompare, they are removed from their current projects and assigned to the projects specified in the associated Import Specification. However, this behavior may be changed in the Configuration - Security screen by setting the ‘PreserveProjectAssignments’ field to a non-empty value. If this is done, the existing users will retain their project assignments. Newly-created users are always assigned to the projects associated with the import specification, regardless of the ‘PreserveProjectAssignments’ setting.

Scheduling LDAP Imports

If an Import Specification’s Scheduling tab has been completed and the schedule has been enabled, imports of LDAP users are performed according to the schedule. A summary message box is not displayed for scheduled imports.