Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:ad_groups_sync [2020/03/17 07:57] kubicar [Connector configuration] |
tutorial:adm:ad_groups_sync [2020/11/02 12:42] apeterova typos |
||
---|---|---|---|
Line 58: | Line 58: | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
<note warning> | <note warning> | ||
- | Project AGEL: There are more than 10000 groups in AD and "Base contexts for group entry searches" | + | If there are more than 10000 groups in AD and "Base contexts for group entry searches" |
LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | ||
- | workaround/ | + | workaround/ |
- | * OU=001AGL,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=001OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=002NPO,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=002OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=003NCT,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=003OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=004NNJ,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=004OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=005HPO,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=005OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
and so on... | and so on... | ||
</ | </ | ||
Line 131: | Line 131: | ||
Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | ||
- | ==== 2) Delete group in Actvive | + | ==== 2) Delete group in Active |
If you want to delete role or move it from IDM scope: | If you want to delete role or move it from IDM scope: | ||
- | * Make sure that no users have assigned role for this group and than delete role from IDM and that role is not used as automatic role. | + | * Make sure that no users have assigned role for this group and that the role is not used as automatic role. |
* Then you can remove group from AD and **remove role from managed attributes**. | * Then you can remove group from AD and **remove role from managed attributes**. | ||
- | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, | + | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, |
- | You will recognize this situation by error mention | + | |
+ | You will recognize this situation by error mentioned | ||
**To correctly remove group and role:** | **To correctly remove group and role:** |