Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:ad_groups_sync [2020/03/16 22:23] michalp finished tutorial |
tutorial:adm:ad_groups_sync [2021/01/15 13:45] stekld |
||
---|---|---|---|
Line 57: | Line 57: | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
+ | <note warning> | ||
+ | If there are more than 10000 groups in AD and "Base contexts for group entry searches" | ||
+ | LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | ||
+ | |||
+ | workaround/ | ||
+ | * OU=001OU, | ||
+ | * OU=002OU, | ||
+ | * OU=003OU, | ||
+ | * OU=004OU, | ||
+ | * OU=005OU, | ||
+ | |||
+ | Another way to solve this problem is by using " | ||
+ | </ | ||
Line 68: | Line 81: | ||
{{ : | {{ : | ||
- | * Now we will map just 3 attributes. Click on green add button like on picture below and this fill in: | + | * Now we will map just 4 attributes. Click on green add button like on picture below and this fill in: |
< | < | ||
Line 74: | Line 87: | ||
| __Name__ (__GROUP__)| Distinguished name | extended | | __Name__ (__GROUP__)| Distinguished name | extended | ||
| name (__GROUP__) | | name (__GROUP__) | ||
+ | | code (__GROUP__) | ||
| __UID__ (__GROUP__) | __UID__ | | __UID__ (__GROUP__) | __UID__ | ||
</ | </ | ||
Line 119: | Line 133: | ||
Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | ||
- | ==== 2) Delete group in Actvive | + | ==== 2) Delete group in Active |
If you want to delete role or move it from IDM scope: | If you want to delete role or move it from IDM scope: | ||
- | * Make sure that no users have assigned role for this group and than delete role from IDM and that role is not used as automatic role. | + | * Make sure that no users have assigned role for this group and that the role is not used as automatic role. |
* Then you can remove group from AD and **remove role from managed attributes**. | * Then you can remove group from AD and **remove role from managed attributes**. | ||
- | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, | + | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, |
- | You will recognize this situation by error mention | + | |
+ | You will recognize this situation by error mentioned | ||
**To correctly remove group and role:** | **To correctly remove group and role:** |