Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:ad_groups_sync [2020/03/16 22:23]
michalp finished tutorial 		tutorial:adm:ad_groups_sync [2020/03/17 07:53]
kubicar [Connector configuration]
Line 57: Line 57:
 <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note> <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note>
 <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note> <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note>
 +<note warning>
 +There are more than 10000 groups in AD and "Base contexts for group entry searches" is set for DC=AD,DC=AGEL,DC=CZ(root OU).
 +Error appeared in project AGEL: LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, problem 5010 (UNAVAIL_EXTENSION), data 0
 +
 +workaround/solution: separate ldap search with Base context for group entry searches and divide it into smaller searches:
 +  * OU=001AGL,OU=AGEL,DC=ad,DC=agel,DC=cz
 +  * OU=002NPO,OU=AGEL,DC=ad,DC=agel,DC=cz
 +  * OU=003NCT,OU=AGEL,DC=ad,DC=agel,DC=cz
 +  * OU=004NNJ,OU=AGEL,DC=ad,DC=agel,DC=cz
 +  * OU=005HPO,OU=AGEL,DC=ad,DC=agel,DC=cz
 +atd... 
 +</note>
  
  
  • by kotynekv