Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:ad_groups_sync [2019/11/29 09:38]
apeterova
+++ tutorial:adm:ad_groups_sync [2020/02/27 16:34]
kotynekv [Connector configuration] vlv sort error attribute
@@ Line 49: / Line 49: @@
   * **useVlvControls** - have to be enabled - this is only supported option
   * **pageSize** - number, it should be lower than maximum page size limit in AD, which is by default 1000. Recommended: 100.
-  * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended for groups is cn.
+  * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended for groups is cn. **DO NOT** user **distinguishedName** or any other unindexed attribute or you'll end up with "[LDAP: error code 12 - 0000217A: SvcErr: DSID-03140414, problem 5010 (UNAVAIL_EXTENSION), data 0];" error!
   * **Uid Attribute for groups** - unique identifier, recommended is objectGUID.
   * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**.
-<note tip>**When you configure the system for the first time, root suffix should lead to the top container (e.g. DC=aktest,DC=local), so the system schema can be correctly generated**</note>
+<note tip>**When you configure the system for the first time, root suffix should lead to the top container (e.g. DC=domain,DC=local), so the system schema can be correctly generated**</note>
 ===== Connector's mapping =====
@@ Line 95: / Line 95: @@
 <note tip> In user provisioning system's schema and mapping should have attribute memberOf/ldapGroups and **Strategy** as "Merge".</note>
+<note warn>If you synchronize groups with resolving users membership, the connector doesn't support groups with more than 1000 members (by default). If you need more, you must (temporarily) increase MaxPageSize in the AD configuration.</note>
 ===== Tips =====