Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:ad_groups_sync [2020/03/17 07:57] kubicar [Connector configuration] |
tutorial:adm:ad_groups_sync [2020/12/15 11:44] kubicar add role code for synchronization mapping |
||
---|---|---|---|
Line 58: | Line 58: | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
<note warning> | <note warning> | ||
- | Project AGEL: There are more than 10000 groups in AD and "Base contexts for group entry searches" | + | If there are more than 10000 groups in AD and "Base contexts for group entry searches" |
LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | ||
- | workaround/ | + | workaround/ |
- | * OU=001AGL,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=001OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=002NPO,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=002OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=003NCT,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=003OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=004NNJ,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=004OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
- | * OU=005HPO,OU=AGEL,DC=ad,DC=agel,DC=cz | + | * OU=005OU,OU=FIRMA,DC=ad,DC=FIRMA,DC=cz |
and so on... | and so on... | ||
</ | </ | ||
Line 80: | Line 80: | ||
{{ : | {{ : | ||
- | * Now we will map just 3 attributes. Click on green add button like on picture below and this fill in: | + | * Now we will map just 4 attributes. Click on green add button like on picture below and this fill in: |
< | < | ||
Line 86: | Line 86: | ||
| __Name__ (__GROUP__)| Distinguished name | extended | | __Name__ (__GROUP__)| Distinguished name | extended | ||
| name (__GROUP__) | | name (__GROUP__) | ||
+ | | code (__GROUP__) | ||
| __UID__ (__GROUP__) | __UID__ | | __UID__ (__GROUP__) | __UID__ | ||
</ | </ | ||
Line 131: | Line 132: | ||
Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | ||
- | ==== 2) Delete group in Actvive | + | ==== 2) Delete group in Active |
If you want to delete role or move it from IDM scope: | If you want to delete role or move it from IDM scope: | ||
- | * Make sure that no users have assigned role for this group and than delete role from IDM and that role is not used as automatic role. | + | * Make sure that no users have assigned role for this group and that the role is not used as automatic role. |
* Then you can remove group from AD and **remove role from managed attributes**. | * Then you can remove group from AD and **remove role from managed attributes**. | ||
- | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, | + | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, |
- | You will recognize this situation by error mention | + | |
+ | You will recognize this situation by error mentioned | ||
**To correctly remove group and role:** | **To correctly remove group and role:** |