Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2021/02/19 09:55] apeterova |
tutorial:adm:manage_ad [2021/03/03 10:49] soval [Role for AD] |
||
---|---|---|---|
Line 91: | Line 91: | ||
* **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | * **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | ||
* **Object classes to synchronize** - usually the same as "Entry object classes" | * **Object classes to synchronize** - usually the same as "Entry object classes" | ||
- | * **Specified attributes to be returned** - default " | + | * **Specified attributes to be returned** - default " |
<note warning> | <note warning> | ||
Line 178: | Line 178: | ||
From now on, every time user gets the role, it is provisioned into the connected system AD. You can see that on users detail menu tab " | From now on, every time user gets the role, it is provisioned into the connected system AD. You can see that on users detail menu tab " | ||
+ | |||
+ | <note important> | ||
Line 215: | Line 217: | ||
If you are running on a Windows server, the ' | If you are running on a Windows server, the ' | ||
+ | |||
+ | ===== Mapping extensionAttributes ===== | ||
+ | |||
+ | AD enables additional attributes named extensionAttribute1 - extensionAttribute10. If you want to fill these attributes by IdM, you must do following steps in the configuration of the connected system: | ||
+ | * Go to **Configuration** -> **Specified attributes to be returned (multi)**, add **extensionAttribute1** to a new line under existing values. | ||
+ | * Go to **Scheme** -> **\_\_ACCOUNT\_\_** -> use the button **Add**, fill in the name **extensionAttribute1**, | ||
+ | * Go to **Mapping** -> **Provisioning mapping** -> use the button **Add** and map the attribute according to your choice. The following example can be used when you want to fill the extensionAttribute1 by personal numbers of identities | ||
+ | * Attribute in schema - extensionAttribute1 | ||
+ | * Name - extensionAttribute1 | ||
+ | * Entity attribute - true | ||
+ | * Entity field - Personal number | ||
===== Connection via SSL not working ===== | ===== Connection via SSL not working ===== |