Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2021/02/12 15:50] apeterova failover - multiple lines, removed misleading information |
tutorial:adm:manage_ad [2021/02/25 08:45] apeterova extensionAttribute1 |
||
---|---|---|---|
Line 91: | Line 91: | ||
* **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | * **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | ||
* **Object classes to synchronize** - usually the same as "Entry object classes" | * **Object classes to synchronize** - usually the same as "Entry object classes" | ||
- | * **Specified attributes to be returned** - default " | + | * **Specified attributes to be returned** - default " |
<note warning> | <note warning> | ||
Line 215: | Line 215: | ||
If you are running on a Windows server, the ' | If you are running on a Windows server, the ' | ||
+ | |||
+ | ===== Mapping extensionAttributes ===== | ||
+ | |||
+ | AD enables additional attributes named extensionAttribute1 - extensionAttribute10. If you want to fill these attributes by IdM, you must do following steps in the configuration of the connected system: | ||
+ | * Go to **Configuration** -> **Specified attributes to be returned (multi)**, add **extensionAttribute1** to a new line under existing values. | ||
+ | * Go to **Scheme** -> **\_\_ACCOUNT\_\_** -> use the button **Add**, fill in the name **extensionAttribute1**, | ||
+ | * Go to **Mapping** -> **Provisioning mapping** -> use the button **Add** and map the attribute according to your choice. The following example can be used when you want to fill the extensionAttribute1 by personal numbers of identities | ||
+ | * Attribute in schema - extensionAttribute1 | ||
+ | * Name - extensionAttribute1 | ||
+ | * Entity attribute - true | ||
+ | * Entity field - Personal number | ||
===== Connection via SSL not working ===== | ===== Connection via SSL not working ===== | ||
Line 224: | Line 235: | ||
===== LdapErr: DSID-0C0907C5 ===== | ===== LdapErr: DSID-0C0907C5 ===== | ||
If you see this error when reconciliating AD groups: | If you see this error when reconciliating AD groups: | ||
- | < | + | < |
the likely cause is that some groups have many members. AD has a property MaxPageSize which is probably set to lower than necessary (default is 1000). Increasing the value to an arbitrary large number (30000) helped in our case but only AD admin can change this. | the likely cause is that some groups have many members. AD has a property MaxPageSize which is probably set to lower than necessary (default is 1000). Increasing the value to an arbitrary large number (30000) helped in our case but only AD admin can change this. |