Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:ad_groups_sync [2019/08/22 16:26]
apeterova group search filter 		tutorial:adm:ad_groups_sync [2019/10/24 07:29]
doischert [Connector configuration]
Line 50: Line 50:
   * **pageSize** - number, it should be greater than a count of all groups on AD.   * **pageSize** - number, it should be greater than a count of all groups on AD.
   * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended is sAMAccountName.   * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended is sAMAccountName.
-  * **Uid Attribute for groups** - unique identifier, recommended is sAMAccountName or objectGUID.+  * **Uid Attribute for groups** - unique identifier, recommended is objectGUID.
   * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**.   * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**.
 +
 +<note tip>**When you configure the system for the first time, root suffix should lead to the top container (e.g. DC=aktest,DC=local), so the system schema can be correctly generated**</note>
  
 ===== Connector's mapping ===== ===== Connector's mapping =====
Line 92: Line 94:
 <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note> <note tip> In user provisioning system's configuration **Base context of groups** should be filled too, for correctly provisioning memberships</note>
 <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note> <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note>
 +
 +
 +===== Tips =====
 +
 +You can create a new security group in Active Directory with the Apache Directory Studio by following these steps:
 +
 +  - Select an existing group
 +  - Right click on the group name -> New -> New entry
 +  - Check the "Use existing entry as template" and click Next
 +  - Object classes: Write "group" and click Add -> group and top are added to "Selected object classes" -> Next
 +  - Distinguished Name: Set the value of RDN to your choice -> Next
 +  - A warning is displayed - click Cancel
 +  - Set instanceType = 4
 +  - Set sAMAccountName to your choice (right click -> Edit values)
 +  - Delete values (right click -> Delete values) of these attributes:
 +    - nTSecurityDescriptor
 +    - objectCategory
 +    - member (if you don't want to copy members)
 +    - sAMAccountType
 +
 +{{:tutorial:adm:new_entry_attributes.png?400|}}
 +
 +Finally, click Finish
 +
 +
  • by kotynekv