Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:ad_groups_sync [2019/08/22 20:22]
apeterova tips
tutorial:adm:ad_groups_sync [2019/11/29 09:41] (current)
apeterova page size
Line 48: Line 48:
   * **Group members reference attribute** - a name of the attribute, which indicates membership. It contains whole DNs of users.   * **Group members reference attribute** - a name of the attribute, which indicates membership. It contains whole DNs of users.
   * **useVlvControls** - have to be enabled - this is only supported option   * **useVlvControls** - have to be enabled - this is only supported option
-  * **pageSize** - number, it should be greater ​than a count of all groups on AD. +  * **pageSize** - number, it should be lower than maximum page size limit in AD, which is by default 1000. Recommended:​ 100
-  * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended is sAMAccountName+  * **vlvSortAttribute** - this should be identifier with sorting properties. Recommended ​for groups ​is cn
-  * **Uid Attribute for groups** - unique identifier, recommended is sAMAccountName or objectGUID.+  * **Uid Attribute for groups** - unique identifier, recommended is objectGUID.
   * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**.   * **Object classes to synchronize** - Based on this filled object classes, groups to synchronized will be found. Content is usually same as **Entry object classes**.
 +
 +<note tip>​**When you configure the system for the first time, root suffix should lead to the top container (e.g. DC=domain,​DC=local),​ so the system schema can be correctly generated**</​note>​
  
 ===== Connector'​s mapping ===== ===== Connector'​s mapping =====
Line 93: Line 95:
 <note tip> In user provisioning system'​s schema and mapping should have attribute memberOf/​ldapGroups and **Strategy** as "​Merge"​.</​note>​ <note tip> In user provisioning system'​s schema and mapping should have attribute memberOf/​ldapGroups and **Strategy** as "​Merge"​.</​note>​
  
 +<note warn>If you synchronize groups with resolving users membership, the connector doesn'​t support groups with more than 1000 members (by default). If you need more, you must (temporarily) increase MaxPageSize in the AD configuration.</​note>​
  
 ===== Tips ===== ===== Tips =====