Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2019/02/27 15:23] fiserp [Preparing Active Directory] |
tutorial:adm:manage_ad [2019/02/27 15:39] fiserp [Preparing Active Directory] |
||
---|---|---|---|
Line 41: | Line 41: | ||
Which subtrees you need to grant privileges on depends on the actual directory tree of your Active Directory. | Which subtrees you need to grant privileges on depends on the actual directory tree of your Active Directory. | ||
- | **Granting full control to user** | + | **Granting full control to CzechIdM application |
The process is fairly straightforward. Just repeat it for every root of every subtree you need to grant the rights on. | The process is fairly straightforward. Just repeat it for every root of every subtree you need to grant the rights on. | ||
Line 55: | Line 55: | ||
- Repeat for other subtrees as necessary. | - Repeat for other subtrees as necessary. | ||
+ | <note important> | ||
+ | **CzechIdM has to have access to objects directly referenced from objects you manage.** | ||
+ | For example: | ||
+ | |||
+ | A user is member of some groups, this is noted in his '' | ||
+ | However this requirement is not transitive in groups hierarchy. | ||
+ | In AD, you have a '' | ||
+ | But the '' | ||
+ | |||
+ | If you want to manage your users and their group membership, you therefore need to grant full control on '' | ||
+ | |||
+ | But you **do not need** to grant anything on '' | ||
+ | </ | ||
===== Basic configuration ===== | ===== Basic configuration ===== | ||
Go to **Systems** from main menu, then above list of current systems use Add button. On the first page just fill system name. | Go to **Systems** from main menu, then above list of current systems use Add button. On the first page just fill system name. |