Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:ad_groups_sync [2019/08/22 16:26] apeterova group search filter |
tutorial:adm:ad_groups_sync [2019/11/29 09:41] apeterova page size |
||
---|---|---|---|
Line 48: | Line 48: | ||
* **Group members reference attribute** - a name of the attribute, which indicates membership. It contains whole DNs of users. | * **Group members reference attribute** - a name of the attribute, which indicates membership. It contains whole DNs of users. | ||
* **useVlvControls** - have to be enabled - this is only supported option | * **useVlvControls** - have to be enabled - this is only supported option | ||
- | * **pageSize** - number, it should be greater | + | * **pageSize** - number, it should be lower than maximum page size limit in AD, which is by default 1000. Recommended: |
- | * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended is sAMAccountName. | + | * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended |
- | * **Uid Attribute for groups** - unique identifier, recommended is sAMAccountName or objectGUID. | + | * **Uid Attribute for groups** - unique identifier, recommended is objectGUID. |
* **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**. | * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**. | ||
+ | |||
+ | <note tip> | ||
===== Connector' | ===== Connector' | ||
Line 92: | Line 94: | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
<note tip> In user provisioning system' | <note tip> In user provisioning system' | ||
+ | |||
+ | <note warn>If you synchronize groups with resolving users membership, the connector doesn' | ||
+ | |||
+ | ===== Tips ===== | ||
+ | |||
+ | You can create a new security group in Active Directory with the Apache Directory Studio by following these steps: | ||
+ | |||
+ | - Select an existing group | ||
+ | - Right click on the group name -> New -> New entry | ||
+ | - Check the "Use existing entry as template" | ||
+ | - Object classes: Write " | ||
+ | - Distinguished Name: Set the value of RDN to your choice -> Next | ||
+ | - A warning is displayed - click Cancel | ||
+ | - Set instanceType = 4 | ||
+ | - Set sAMAccountName to your choice (right click -> Edit values) | ||
+ | - Delete values (right click -> Delete values) of these attributes: | ||
+ | - nTSecurityDescriptor | ||
+ | - objectCategory | ||
+ | - member (if you don't want to copy members) | ||
+ | - sAMAccountType | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Finally, click Finish | ||
+ | |||
+ |