Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:ad_groups_sync [2020/03/16 22:23]
michalp finished tutorial 		tutorial:adm:ad_groups_sync [2020/03/17 09:51]
kubicar [Connector configuration]
Line 57: Line 57:
 <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note> <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note>
 <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note> <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note>
 +<note warning>
 +If there are more than 10000 groups in AD and "Base contexts for group entry searches" is set for DC=AD,DC=FIRMA,DC=CZ(root OU).
 +LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, problem 5010 (UNAVAIL_EXTENSION), data 0
 +
 +workaround/solution: separate ldap search with "Base context for group entry searches" and divide it into smaller searches(each line with one OU):
 +  * OU=001OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz
 +  * OU=002OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz
 +  * OU=003OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz
 +  * OU=004OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz
 +  * OU=005OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz
 +and so on... 
 +</note>
  
  
  • by kotynekv