Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:ad_groups_sync [2021/03/04 11:01]
apeterova tips and corrections 		tutorial:adm:ad_groups_sync [2021/03/04 11:38]
apeterova fixed screenshots
Line 75: Line 75:
   * Firstly in **Scheme** tab generate a schema with a green button. If there is some exception, you have probably mistake in the configuration of the connector.   * Firstly in **Scheme** tab generate a schema with a green button. If there is some exception, you have probably mistake in the configuration of the connector.
  
-{{ :tutorial:adm:wfad03.png |}}+{{ :tutorial:adm:systems_-_ad:schema_ad_groups.png?900 |}}
  
   * Then in **Mapping** tab create new mapping - synchronization (\_\_GROUP\_\_ (Object name), Role (Entity type)).   * Then in **Mapping** tab create new mapping - synchronization (\_\_GROUP\_\_ (Object name), Role (Entity type)).
  
-{{ :tutorial:adm:wfad04.png |}}+{{ :tutorial:adm:systems_-_ad:mapping_ad_groups.png?900 |}}
  
   * Now we will map just 4 attributes. Click on green add button like on picture below and this fill in:    * Now we will map just 4 attributes. Click on green add button like on picture below and this fill in: 
Line 85: Line 85:
 <code> <code>
 | Attribute in schema | Name               | Attribute          | IdM key            | | Attribute in schema | Name               | Attribute          | IdM key            |
-__Name__ (__GROUP__)| Distinguished name | extended           | distinguished_name |+__NAME__ (__GROUP__)| DN(__NAME__)       | extended           | distinguished_name |
 | name (__GROUP__)    | name               | entity             | name               | | name (__GROUP__)    | name               | entity             | name               |
-code (__GROUP__)    | name               | entity             | code               |+name (__GROUP__)    | name-code          | entity             | code               |
 | __UID__ (__GROUP__) | __UID__            | identifier                            | | __UID__ (__GROUP__) | __UID__            | identifier                            |
 </code> </code>
  
-{{ :tutorial:adm:wfad05.png |}}+{{ :tutorial:adm:systems_-_ad:mapping_ad_groups_2.png?900 |}}
  
   * In **Synchronization** tab create new synchronization.   * In **Synchronization** tab create new synchronization.
Line 123: Line 123:
 remaining name 'CN=My_test_group,OU=Groups,DC=test_company,DC=local' remaining name 'CN=My_test_group,OU=Groups,DC=test_company,DC=local'
 </code> </code>
-This error means that CzechIdM can not find DisniguishedName set in assigned role for any group in Active Directory.+This error means that CzechIdM can not find DistinguishedName set in assigned role for any group in Active Directory.
 This group could be renamed, moved or deleted. This group could be renamed, moved or deleted.
-if you come across a mentioned error, just delete items in provisioning queue for users, go through the specified tutorial and resave stuck users when it's finished.+If you come across a mentioned error, just delete items in provisioning queue for users, go through the specified tutorial and resave stuck users when it's finished.
 </note> </note>
  
Line 150: Line 150:
   * Remove the role from IDM.   * Remove the role from IDM.
   * Remove group from AD.   * Remove group from AD.
-  * Go to system for AD User -> Attributes maping ->  Maping for provisioning and click on attribute **ldapGroups** -> go to tab **Controlled values** -> In section **Attributes controlled in past**, you will see the group -> delete it+  * Go to system for AD User -> Attributes mapping ->  Mapping for provisioning and click on attribute **ldapGroups** -> go to tab **Controlled values** -> In section **Attributes controlled in past**, you will see the group -> delete it
  
 <note warning> <note warning>
  • by kotynekv