1. Kayako Download customers: we will continue to develop and support Kayako Download beyond July 2017, alongside the new Kayako for existing customers.

    Find out more.

  2. The forum you are viewing relates to Kayako Classic. If you signed up or upgraded to the new Kayako (after the 4th July 2016), the information in this thread may not apply to you. You can visit the forums for the new Kayako here.

Active Directory User Sync Script

Discussion in 'Apps and modifications' started by Dylan Lindgren, Aug 26, 2009.

  1. bluesquares

    bluesquares Member

    We have a really simple AD Environment.

    Basically, we have this

    domain.com
    +Users
    -john1
    -john2
    -john3
    +Admins
    -admin1
    -admin2

    and so forth.

    Here's what I used to grab ALL the user accounts in the Users CN (it's not an OU).

    $dn = "CN=Users,DC=domain,DC=com";
    $filter = "(objectCategory=user)";

    You can find out if it's an OU or CN by going to Start > Run > adsiedit.msc on the server. Thanks for that link above, Dylan.

    Here's a new question, how can I sync extra OU's and CN's?
    My users are in various OU's and CN's.

    Do I need to create multiple files like Import_AD_Users.php, Import_AD_Users2.php, Import_AD_Users3.php, etc and run a cron for each one?
     
  2. bluesquares

    bluesquares Member

    I got a PM from Dylan in response to this issue. Here was his answer:

     
  3. bluesquares

    bluesquares Member

    Dylan, I wanted to personally thank you for helping me through this. I finally got the script to crawl through my entire (multiple OU, multiple CN) domain. It will pull every single user account into Kayako. A lot of extra junk accounts are imported...but I needed something "handsoff" that will run on autopilot.

    Here's the final modification to the script that worked for me.

    I'm only highlighting the // AD part of the script:

    Code:
    // AD
    $host = "192.168.1.1";
    $user = "domain\administrator";
    $pswd = "yourpassword";
    $dn = "DC=domain,DC=com";
    $filter = "(objectCategory=user)";
    $ad = ldap_connect($host) or die( "Could not connect to LDAP server!" );
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap protocol");
    ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);    
    $bd = ldap_bind($ad, $user, $pswd) or die ("Could not bind to LDAP server");
    $attrs = array("sn", "givenname" ,"mail","telephonenumber","mailnickname","physicaldeliveryofficename",
                        "initials","department","description","objectguid", "l");
    
    The example above uses domain.com as the example.
     
  4. LOGSVince

    LOGSVince Member

    ADOLDAP-Import

    Attached is a modified import script that I wrote for my company. I run this nightly on a windows server using wget from the task scheduler. There are tutorials on how to do this. Otherwise manually browsing to it will populate and update your Users and Organizations.

    I hope this helps someone.
     

    Attached Files:

  5. LOGSVince

    LOGSVince Member

    Keep in mind, the above script assumes you have a user group (I think id 3) that you want imported users to get assigned to. Feel free to modify the script to suit your needs.

    The reason I used ADO for importing AD info is you are not limited by the 1000 object return that a lot of people run into.
     
  6. jlane

    jlane Member

    Does this script work with Kayako v4 in it's current state? If not, is an update on the way? Thanks in advance.
     
  7. LOGSVince

    LOGSVince Member

    The script I posted was written for fusion 4.01.106. It will require minor modification before it will work.
     
  8. jlane

    jlane Member

    Hi LogsVince,

    Would you be able to point us in the right direction as to what sort of "minor modification" would be required in order to get this script working with the latest v4 release? I think it would be very useful to many customers and I can ask my developer to take a look, but any direction from you would be most helpful. Thanks in advance.
     
  9. LOGSVince

    LOGSVince Member

    At the top of the file you need to fill in your database information, Active Directory OU/DC, and any other info above "// YOU SHOULDNT HAVE TO MODIFY ANYTHING BELOW THIS LINE"
    If you don't want the email import status just set $sendmail to false. You will also want to setup a cron job (or windows scheduled task) to browse to this php file every night.

    Our company just purchased the full version of fusion today, so I'll test this on the latest release when we get it setup.
     
  10. andrewaitken

    andrewaitken New Member

    Has anyone had any luck getting this import to work. The original scripts are for v3 but have tried to use LOGSVince's one but I get this error

    Fatal error: Uncaught exception 'com_exception' with message '<b>Source:</b> Provider<br/><b>Description:</b> Unspecified error on line 50?

    Any ideas what is wrong?

    Thanks

    Andrew
     
  11. LOGSVince

    LOGSVince Member

    Just an update on my script. It will only work on a MS server, not on linux.

    When we ported from trial to full we found out the hard way that COM objects are MS only. I have rewritten the script to work with linux, with one issue. php_ldap does not support paging of results by default. You would need to manually patch the module to allow paging (there is a bug fix thread over on php's site) so you can get more than the default 1000 results from AD. I will post up the linux rewrite when I have some time along with the patch to the ldap module that I used. Later versions of php_ldap will eventually support paging.
     
  12. LOGSVince

    LOGSVince Member

    Here you go. This will work with linux and will page more then 1000 results.

    The patch file works with php-5.2's ldap module. You will need to download the source for php-5.2 and you can just recompile the module if you are already using 5.2.
     

    Attached Files:

  13. Johan

    Johan New Member

    Hi i get this error:
    Unknown column 'loginapi_userid' in 'field list'
     
  14. mlsadler

    mlsadler New Member

    Hi the challenge i have is i cant seem to get the mysql database script for the Import_AD_Users.php script please help
     
  15. Mle

    Mle Established Member

    This isn't for Kayako 4. It should be moved out of the Kayako 4 section. We are still waiting for a import script for Kayako 4
     
  16. Dylan Lindgren

    Dylan Lindgren Established Member

    Hey guys,

    Sorry I've gone M.I.A. for a while. Kayako v3 has been working perfect for us, and we haven't done any modifications for a long time and hence no real needs to go on here.

    I'm looking into upgrading our installation to v4 now, so will have to rebuild this script to suit v4. I haven't investigated what LOGSVince has written yet, that may be suitable for us to use. If not, I'll post up my custom script here.

    Dylan.
     
  17. jcossota

    jcossota Established Member

    Thanks Dylan. We can't really use v4 until we have a way to create phone tickets for users who have not manually logged in and created their accounts.
     
  18. Dylan Lindgren

    Dylan Lindgren Established Member

    No probs. I'm sure we'll be in the same situation too then, as we use SupportSuite to log phone tickets for our users too. Hopefully over the next week or so I'll have some time to do some work on it.
     
  19. jcossota

    jcossota Established Member

    Hey Dylan, have you been able to make any headway into AD synchronization with v4?
     
  20. chelseadstevenson

    chelseadstevenson New Member

    So this doesnt work for fusion? Ok i will watch this thread until it does probably explains why the script didnt display anything when i ran it :S
     

Share This Page