Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:wizards [2021/02/26 13:05] svandav [Additional data] |
devel:documentation:wizards [2021/03/01 08:43] svandav [Microsoft Active Directory (MS AD) wizard] |
||
---|---|---|---|
Line 38: | Line 38: | ||
The complication starts in communication with AD. Here it is very important to use **secure communication** (SSL), which requires the installation of a **correct** **certificate**. It is also important to verify that our service AD account has sufficient privileges. | The complication starts in communication with AD. Here it is very important to use **secure communication** (SSL), which requires the installation of a **correct** **certificate**. It is also important to verify that our service AD account has sufficient privileges. | ||
- | However, the biggest difficulties can occur with many rules that must be followed during the connection (**connector settings**) and especially in the way to correctly map the individual attributes of AD. Just choosing | + | However, the biggest difficulties can occur with many rules that must be followed during the connection (**connector settings**) and especially in the way to correctly map the individual attributes of AD. Selecting |
**This guide therefore solves all the mentioned problems** and is based on **our best experience** of how to effectively manage an AD system. | **This guide therefore solves all the mentioned problems** and is based on **our best experience** of how to effectively manage an AD system. | ||
Line 73: | Line 73: | ||
==== Attributes ==== | ==== Attributes ==== | ||
+ | In the penultimate step, the wizard prompts you to specify which attributes of the user account in **AD** you want to manage and from which identity attribute in IdM you want to fulfill them. | ||
+ | The wizard automatically offers **the most frequently used attributes and their typical fulfillment from CzechIdM**. If there are some attributes that you do not use in your AD or do not want to fulfill, disable them or remove them from the list altogether. | ||
+ | |||
+ | **The wizard automatically sets even the most common transformation rules for fulfillment.** For example, to fill ** DN (_ NAME _) ** or ** displayName **, where it selects the first and last name combination. If you want to perform some attributes with a different transformation than the one listed here, you can now deactivate the attribute and later modify the transformation to your liking. | ||
Line 79: | Line 83: | ||
==== Conclusion ==== | ==== Conclusion ==== | ||
+ | **The last step** of this wizard only informs you about the successful completion and allows you to be redirected to the detail of the new system. For example, **you can immediately start a pairing sync** on this detail, which loads the users in the OU you specify and tries to pair them with existing users in IdM. | ||
+ | <note tip>The new system is installed on **READ-ONLY** for safety reasons. This means it cannot perform an active operation on the AD (create/ | ||
{{ : | {{ : |