Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:ad_groups_sync [2020/03/17 08:40] kubicar [Connector configuration] |
tutorial:adm:ad_groups_sync [2020/12/15 11:44] kubicar add role code for synchronization mapping |
||
---|---|---|---|
Line 61: | Line 61: | ||
LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | LDAP: error code 12 - 000020EF: SvcErr: DSID-03140552, | ||
- | workaround/ | + | workaround/ |
- | * OU=001AGL, | + | * OU=001OU, |
- | * OU=002NPO, | + | * OU=002OU, |
- | * OU=003NCT, | + | * OU=003OU, |
- | * OU=004NNJ, | + | * OU=004OU, |
- | * OU=005HPO, | + | * OU=005OU, |
and so on... | and so on... | ||
</ | </ | ||
Line 80: | Line 80: | ||
{{ : | {{ : | ||
- | * Now we will map just 3 attributes. Click on green add button like on picture below and this fill in: | + | * Now we will map just 4 attributes. Click on green add button like on picture below and this fill in: |
< | < | ||
Line 86: | Line 86: | ||
| __Name__ (__GROUP__)| Distinguished name | extended | | __Name__ (__GROUP__)| Distinguished name | extended | ||
| name (__GROUP__) | | name (__GROUP__) | ||
+ | | code (__GROUP__) | ||
| __UID__ (__GROUP__) | __UID__ | | __UID__ (__GROUP__) | __UID__ | ||
</ | </ | ||
Line 131: | Line 132: | ||
Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | Otherwise provisioning of any user who is a member of the modified group will fail with following error in provisioning queue. | ||
- | ==== 2) Delete group in Actvive | + | ==== 2) Delete group in Active |
If you want to delete role or move it from IDM scope: | If you want to delete role or move it from IDM scope: | ||
- | * Make sure that no users have assigned role for this group and than delete role from IDM and that role is not used as automatic role. | + | * Make sure that no users have assigned role for this group and that the role is not used as automatic role. |
* Then you can remove group from AD and **remove role from managed attributes**. | * Then you can remove group from AD and **remove role from managed attributes**. | ||
- | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, | + | If you deleted groups or moved from IDM scope and you will try provisioning of users with linked role before synchronization of roles, |
- | You will recognize this situation by error mention | + | |
+ | You will recognize this situation by error mentioned | ||
**To correctly remove group and role:** | **To correctly remove group and role:** |