Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:manage_ad [2019/03/19 13:38]
kucerar ssl tip
+++ tutorial:adm:manage_ad [2019/09/06 08:32]
poulm obsolete tutorial
@@ Line 1: / Line 1: @@
 ====== Systems - AD: Manage users ======
+<note warning>This tutorial uses AD bundle connector, which is OBSOLETE. Since CzechIdM v 9.7.x, it is advised to use our new AD+Powershell connector</note>
 ===== Introduction =====
@@ Line 7: / Line 8: @@
 ==== Adding Active Directory connector ====
 First of all, you need to download the connector from Connid (e.g. [[http://repo1.maven.org/maven2/net/tirasa/connid/bundles/net.tirasa.connid.bundles.ad/1.3.4/net.tirasa.connid.bundles.ad-1.3.4.jar| Connid AD bundle 1.3.4 jar file]]).
 Then add the jar file into CzechIdM folder inside the application server. In case you installed CzechIdM into tomcat by standard installation, the path would be ''/opt/tomcat/current/webapps/idm/WEB-INF/lib/''.
@@ Line 89: / Line 91: @@
   * **User search scope** - manage users in specified container or subtrees. Usually subtree
   * **Entry object classes** - only objects (accounts) with object classes specified there will be managed. Each object class on new line, no comma or another separator. Usual values: top, person, organizationalPerson, inetOrgPerson,
+  * **Base contexts for group entry searches** - container in AD where the groups are located. If the groups are in different container then people and the group container is not under the path which is in "Root suffixes". You need to put it here, otherwise connector will not be able to load users groups
   * **Base contexts for user entry searches** - usually the same as "Root suffixes".
   * **Group members reference attribute** - usually "member", use this if you want to manage group membership of user accounts