Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2021/02/09 19:12] apeterova removed old info about ConnId - the connector is bundled, reformated some instructions |
tutorial:adm:manage_ad [2021/02/12 15:50] apeterova failover - multiple lines, removed misleading information |
||
---|---|---|---|
Line 77: | Line 77: | ||
* **Server hostname** - hostname of the AD domain controller. (IP address could be used as well, but then it must be stated in the server' | * **Server hostname** - hostname of the AD domain controller. (IP address could be used as well, but then it must be stated in the server' | ||
* **Server port** - typically 636. (389 if not using SSL) | * **Server port** - typically 636. (389 if not using SSL) | ||
- | * **Failover** - an optional list of other domain controllers used in the case that the primary server is not available. Use URL format ''< | + | * **Failover** - an optional list of other domain controllers used in the case that the primary server is not available. Use URL format ''< |
* **Principal** - login@domain of the user with admin privilege that CzechIdM will use for the connection. DN of the user works too. | * **Principal** - login@domain of the user with admin privilege that CzechIdM will use for the connection. DN of the user works too. | ||
* **Principal password** - password of the administrator user | * **Principal password** - password of the administrator user | ||
Line 111: | Line 111: | ||
If you are connecting AD for the first time, it is a good idea to check some minimal set of attributes that allows you to create an account, which is usually: | If you are connecting AD for the first time, it is a good idea to check some minimal set of attributes that allows you to create an account, which is usually: | ||
- | * sAMAccountName - this attribute is not sometimes generated by default. If so you must create it manually. Use the button **Add**, fill in the name " | + | * sAMAccountName - this attribute is sometimes |
- | * \_\_ENABLE\_\_ - if you want to allow disabling a user in AD. Sometimes this attribute is not generated by default, so you can create it manually. Use the button **Add**, fill in the name " | + | * \_\_ENABLE\_\_ - if you want to allow disabling a user in AD. This attribute is not generated by default, so you can create it manually. Use the button **Add**, fill in the name " |
- | * \_\_NAME\_\_ (synonymous to DN, hard-coded in the connector). | + | * \_\_NAME\_\_ (synonymous to DN, hard-coded in the connector). |
* \_\_PASSWORD\_\_ - this special attribute is used for setting the passwords for user accounts. User in AD can't be activated when a password is not set. This attribute is not created by default in the schema, so you must add it manually: name " | * \_\_PASSWORD\_\_ - this special attribute is used for setting the passwords for user accounts. User in AD can't be activated when a password is not set. This attribute is not created by default in the schema, so you must add it manually: name " | ||
* ldapGroups - use this attribute if you want to manage users' group membership. This attribute is not created by default, add it manually: name " | * ldapGroups - use this attribute if you want to manage users' group membership. This attribute is not created by default, add it manually: name " | ||
Line 120: | Line 120: | ||
{{ : | {{ : | ||
- | |||
- | If you want to set everything by yourself: | ||
- | |||
- | * Use button **Add** to create a new scheme. For users, you need to name it " | ||
- | * Add all attributes that you want to work with. As a minimum, the " | ||
- | * Set all attributes as **Able to read, update, create**. | ||
<note tip>It is possible you will not see the full scheme even with root suffix set to the top container. In that case, check that schemas are not stored separately and if they are, set root suffixes to the appropriate DC.</ | <note tip>It is possible you will not see the full scheme even with root suffix set to the top container. In that case, check that schemas are not stored separately and if they are, set root suffixes to the appropriate DC.</ | ||
Line 251: | Line 245: | ||
Please note that this property is not used in the case that the primary server is accessible on the given port, but there is some other problem with the communication (e.g. the credentials are incorrect). | Please note that this property is not used in the case that the primary server is accessible on the given port, but there is some other problem with the communication (e.g. the credentials are incorrect). | ||
- | The value of this property must be a proper URL, e.g. ''< | + | The value of this property must be a proper URL, e.g. ''< |
===== Video Guide ===== | ===== Video Guide ===== | ||
[[https:// | [[https:// |