Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
devel:documentation:wizards [2021/02/26 12:31] svandav [Connection to an AD system] |
devel:documentation:wizards [2021/02/26 12:55] svandav [Permissions] |
||
|---|---|---|---|
| Line 52: | Line 52: | ||
| ==== Certificate ==== | ==== Certificate ==== | ||
| + | In the second step, the wizard can **download the certificate from the AD** and save it to the server. First, the wizard verifies that your IdM server has the correct certificate installed for communication with AD. Next, the certificate is searched directly in AD. The goal is to **find a certificate issued by the highest possible authority**. The found certificate needs to be inserted into the **trusted certificate store** and the IdM restarted. The reason why we do not recommend using a server certificate directly in the trusted certificate store (it would be functionally sufficient) is its shorter validity (typically only 1 year). | ||
| {{ : | {{ : | ||
| - | ==== Permissions | + | ==== Check of permissions |
| + | In the next step, you have the option to **perform a set of tests for a successful IdM connection**. The most basic test is to **create and delete a user**. This will verify that you have correctly defined the rights for the service account that **IdM accesses to AD** and set the authentication information correctly in the previous steps. | ||
| + | Not all tests need to be performed to complete the connection. For example, grouping a user is an optional operation for some deployments | ||
| {{ : | {{ : | ||