Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2019/02/27 15:23] fiserp [Preparing Active Directory] |
tutorial:adm:manage_ad [2019/03/19 13:38] kucerar ssl tip |
||
---|---|---|---|
Line 41: | Line 41: | ||
Which subtrees you need to grant privileges on depends on the actual directory tree of your Active Directory. | Which subtrees you need to grant privileges on depends on the actual directory tree of your Active Directory. | ||
- | **Granting full control to user** | + | **Granting full control to CzechIdM application |
The process is fairly straightforward. Just repeat it for every root of every subtree you need to grant the rights on. | The process is fairly straightforward. Just repeat it for every root of every subtree you need to grant the rights on. | ||
Line 55: | Line 55: | ||
- Repeat for other subtrees as necessary. | - Repeat for other subtrees as necessary. | ||
+ | <note important> | ||
+ | **CzechIdM has to have access to objects directly referenced from objects you manage.** | ||
+ | For example: | ||
+ | |||
+ | A user is member of some groups, this is noted in his '' | ||
+ | However this requirement is not transitive in groups hierarchy. | ||
+ | In AD, you have a '' | ||
+ | But the '' | ||
+ | |||
+ | If you want to manage your users and their group membership, you therefore need to grant full control on '' | ||
+ | |||
+ | But you **do not need** to grant anything on '' | ||
+ | </ | ||
===== Basic configuration ===== | ===== Basic configuration ===== | ||
Go to **Systems** from main menu, then above list of current systems use Add button. On the first page just fill system name. | Go to **Systems** from main menu, then above list of current systems use Add button. On the first page just fill system name. | ||
Line 197: | Line 210: | ||
{{ : | {{ : | ||
+ | |||
+ | ===== Connection via SSL not working ===== | ||
+ | If you just imported root certificate to IdM truststore, but SSL connection to AD is still not working try following method to find which server hostname you should use. | ||
+ | Configure connection via SSL to AD in Apache Directory Studio during connection you will see this window: | ||
+ | {{: | ||
+ | click on View certificate -> tab General -> field Issued To -> Common name(CN) and use this value as server hostname. | ||
===== Video Guide ===== | ===== Video Guide ===== | ||
[[https:// | [[https:// |