Maximo Application Suite
Customer-managed

Mapping LDAP fields as person ID for Maximo Manage in Maximo Application Suite 8.11

In Maximo Application Suite 8.11 and earlier versions, the person ID is equal to the user ID in Maximo® Manage. If you are migrating users from Maximo Asset Management to Maximo Application Suite from an LDAP server and the person ID is different than the user ID, you can configure the user data to maintain the person ID data.

Before you begin

Before you can configure the user data to maintain the person ID, install Maximo Application Suite 8.11.7 or 8.10.10 fix packs or later. You can install fix packs by using a channel subscription. For more information, see Upgrading IBM Maximo Application Suite by using the channel subscription method.

If you are using Maximo Application Suite 9.0, see Mapping LDAP fields as person ID for Maximo Manage in Maximo Application Suite 9.0

About this task

When a user is added in Maximo Application Suite, the user ID is created as the primary identifier for that user. When user synchronization occurs with Maximo Manage, the user ID is added in Maximo Manage as the user ID and the person ID.

If you need to maintain separate person ID data to meet your business needs, create an automation script in Maximo Manage that copies the value from the LDAP employeeNumber field to the personid field during the user synchronization process. You can also use this automation script to map to other fields in Maximo Manage.

If the field you are using in the LDAP server is not employeeNumber, you must also map the field to employeeNumber in the ScimCfg LDAP configuration record.

Procedure

  1. Create an automation script that copies the value from the employeeNumber field to the personid field,
    1. In Maximo Manage, open the Automation Scripts application.
    2. From the More Actions menu, select Create > Script for Integration.
    3. In the Integration Details section, select Enterprise Services and in the Enterprise Service field, select MASPERUSER.
    4. Select Request, User Exit, and After External Exit.
    5. In the Script Details section, enter the following code as Jython code:
      from com.ibm.tivoli.maximo.oslc import OslcUtils
      from com.ibm.tivoli.maximo.oslc.provider import OslcJSONStructureData
      
      data = irData.getDataAsBytes()
      dataEr = erData.getDataAsBytes()
      
      jo = OslcUtils.bytesToJSONObject(data)
      erJo = OslcUtils.bytesToJSONObject(dataEr)
      
      if erJo.get("owner").upper() == 'SCIM':
         extjo = jo.get("extension")
         empno = extjo.get("employeeNumber")
         jo.put("personid",empno)
         irData = OslcJSONStructureData(jo,"MASPERUSER","PERSON",userInfo,"Sync",True)
  2. If the field in the LDAP server is not employeeNumber, update the ScimCfg LDAP configuration record to map the field to employeeNumber.
    1. In Red Hat® OpenShift®, from the side navigation menu, click Administration > CustomResourceDefinitions.
    2. On the CustomResourceDefinitions page, search for and open the ScimCFG custom resource definition.
    3. On the Instances tab, search for and open the CR that starts with the Maximo Application Suite instance ID.

      For example, <your_mas_instance>-scim-default-system.

    4. On the YAML tab, in the spec: section under usersync, map the field to employeeNumber.
    For example, if the field in LDAP is named employeeID, add the following configuration in spec.usersync to map to employeeNumber.
    userSync:
      mappings:
        extensions:
          employeeNumber: employeeID