Notifications

2984 views

Importing photos from Active Directory (AD) into ServiceNow using an LDAP Import | Procedure

 

Overview
This article explains how to import a thumbnail photo from your Active Directory server into ServiceNow using an LDAP import.
Procedure

Step 1: Import Set Table (u_thumbnail)

If you use the import set table (ldap_import) to import users, ensure that there is a u_thumbnail (or similar) column with string(13,500). This column is usually created by your LDAP user import. 

  1. Use the following URL and replace <yourinstance> with your ServiceNow instance name:

    https://<yourinstance>.servicenow.com/sys_dictionary_list.dosysparm_query=name%3Dldap_import%5Eelement%3Du_thumbnailphoto

    13,500 is an estimated value; you may need a larger size for your thumbnails.

 

Step 2: LDAP and MID Server Binary Attributes

Add the value thumbnailphoto to the system property glide.ldap.binary_attributes.

  1. Use the following URL and replace <yourinstance> with your ServiceNow instance name:

    https://<yourinstance>.service-now.com/sys_properties_list.do?sysparm_query=name%3Dglide.ldap.binary_attributes 

    The value for the system property should be similar to: objectsid,thumbnailphoto.
     
  2. In MID Server Properties, use the following URL and replace <yourinstance> with your ServiceNow instance name:

    https://<yourinstance>.service-now.com/ecc_agent_property_list.do?sysparm_query=name%3Dglide.ldap.binary_attributes

  3. Add the value thumbnailphoto to the system property glide.ldap.binary_attributes.

    Restart MID SERVER - MID Properties are read during start-up. 

Step 3: Add Transform Script

Add a transform script to your LDAP user import transform map.

Note: This is a sample OnAfter script and is not supported by ServiceNow to import thumbnail photos.

 

Transform Map Script: OnAfter
Script: 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//gs.log('User Photo Script: Check for Existing Attachment');
var grPhotoAttachmentExists = new GlideRecord('sys_attachment');
grPhotoAttachmentExists.addQuery('table_name', 'ZZ_YYsys_user');
grPhotoAttachmentExists.addQuery('table_sys_id', target.sys_id);
grPhotoAttachmentExists.addQuery('file_name', 'photo');
grPhotoAttachmentExists.query();
if (source.u_thumbnailphoto != '') {
    //gs.log('User Photo Script: LDAP Source Photo Exists'); 
    if (!grPhotoAttachmentExists.next()) {
        //gs.log('User Photo Script: No existing photo attachment, attach new photo'); 
        attachPhoto();
    } else {
        //gs.log('User Photo Script: Photo Attachment Exists, Compare Attachments'); 
        var sysEncodedAttachment = new GlideSysAttachment();
        var binData = sysEncodedAttachment.getBytes(grPhotoAttachmentExists);
        var EncodedBytes = GlideStringUtil.base64Encode(binData);
        if (EncodedBytes != source.u_thumbnailphoto) {
            //gs.log('User Photo Script: Photo attachment exists, bytes don't match, delete existing attachment and attach new photo'); 
            grPhotoAttachmentExists.deleteRecord();
            attachPhoto();
        }
    }
} else {
    //gs.log('User Photo Script: LDAP Source Photo Does Not Exist'); 
    if (grPhotoAttachmentExists.next()) {
        //gs.log('User Photo Script: Delete existing photo attachment'); 
        grPhotoAttachmentExists.deleteRecord();
    }
}

function attachPhoto() {
    //gs.log('User Photo Script: Attach Photo'); 
    var sysDecodedAttachment = new GlideSysAttachment();
    var DecodedBytes = GlideStringUtil.base64DecodeAsBytes(source.u_thumbnailphoto);
    var attID = sysDecodedAttachment.write(target, 'photo', 'image/jpeg'
        , DecodedBytes);
    var newAttachment = new GlideRecord("sys_attachment");
    newAttachment.addQuery("sys_id", attID);
    newAttachment.query();
    if (newAttachment.next()) {
        newAttachment.table_name = "ZZ_YYsys_user";
        newAttachment.table_sys_id = target.sys_id;
        newAttachment.content_type = 'image/jpeg';
        newAttachment.update();
    }
}
 

Step 4: Limit Import

Limit your LDAP user import to only a few users so you can test. It is safer and quicker to test one user rather than 10,000.

  1. In your LDAP OU Definition for LDAP Users, add a filter.  
    For example: (sAMAccountName=joe.employee)
  2. On the LDAP OU Definition for LDAP Users, click Browse.
  3. To verify that only the one user is returned, click the plus sign on the LDAP Nodes.

Step 5:  Add the Photo Field

  1. On the user form, right click in the header bar and select Configure > Form Layout.
  2. Add the Photo field to the form.
  3. Click Save.

Step 6: Test

  1. Navigate to System Import Sets > Administration > Scheduled Imports.
  2. Open LDAP User Import.
  3. Click Execute Now.
  4. Wait until import finishes.  
    You can check active transactions to see if process is running.
  5. Check Imported User.
  6. Remember to change LDAP OU Definition back to import all users.
  7. Run the scheduled import for all users again.

Step 7: Troubleshooting

  • Check the following system property “glide.attachment.extensions” remove the data in the value field. The list of file extensions (comma-separated) that can be attached to documents via the attachment dialog. Extensions should not include the dot (.) e.g. xls,xlsx,doc,docx. Leave blank to allow all extensions. 
  • You may need to increase the u_thumbnail column to a size larger than 13500 (for example, if some pictures are not imported)
  • Watch the warning and error logs during import
  • The transform script includes some gs.log statements you can uncomment out for debugging

Some forum posts mention setting the system property com.glide.loader.verify_target_field_size to true. This property controls if import set fields can automatically increase in size during an import (true) or not (false). By default, data that exceeds the import field size is truncated. Set this property to true to allow any import set field to increase the column size to match the length of the data. This is not the best practice. Instead, manually set the size of the u_thumbnail column as in Step 1 (Import Set Table (u_thumbnail)) above.  Some columns in LDAP that store credentials are very large. If you use this property ,you may receive this error and not able to import any ldap records:

java.sql.SQLException: java.sql.BatchUpdateException: Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. You have to change some columns to TEXT or BLOBs

If you use the com.glide.loader.verify_target_field_size property and received the error, here are steps to fix the issue:

  1. Set system property com.glide.loader.verify_target_field_size to false.
  2. If needed, set the LDAP attributes to limit fields that are imported.
  3. Delete the columns in the ldap_import table that are too large.
    There may be 2 or 3 large fields.
  4. Reimport the ldap users.
    The columns are recreated in smaller sizes. 

Article Information

Last Updated:2017-09-08 04:19:40
Published:2017-02-07