Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:manage_ad [2019/10/23 10:33]
doischert [Scheme] 		tutorial:adm:manage_ad [2019/11/20 12:14]
doischert [Connector configuration]
Line 97: Line 97:
   * **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use "sAMAccountName", since connId connector has some problem with returning this specific attribute if mapped by other means.**   * **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use "sAMAccountName", since connId connector has some problem with returning this specific attribute if mapped by other means.**
   * **Object classes to synchronize** - usually the same as "Entry object classes"   * **Object classes to synchronize** - usually the same as "Entry object classes"
 +  * **Specified attributes to be returned** - default "ldapGroups" and "sAMAccountName"
 +
 +<note warning>If you are setting this on a Windows server, make sure to delete the 'Specified attributes to be returned' values and write them manually. Otherwise, ldapGroups will not be returned. </note>
  
 <note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName').</note> <note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName').</note>
Line 129: Line 132:
 <note tip>It is possible you will not see the full scheme even with root suffix set to the top container. In that case, check that schemas are not stored separately and if they are, set root suffixes to the appropriate DC.</note> <note tip>It is possible you will not see the full scheme even with root suffix set to the top container. In that case, check that schemas are not stored separately and if they are, set root suffixes to the appropriate DC.</note>
  
-<note warning>In order to activate a user in AD, you must send a password. The attribute password is not created by default in the schema, so you must add it manually: name "__PASSWORD__", type "eu.bcvsolutions.idm.core.security.api.domain.GuardedString".+<note warning>In order to activate a user in AD, you must send a password. The attribute password is not created by default in the schema, so you must add it manually: name<nowiki> "__PASSWORD__", </nowiki>type "eu.bcvsolutions.idm.core.security.api.domain.GuardedString".
 If you want to use the workflow for groups synchronization, you must also create an attribute in schema, this time called "ldapGroups", type "java.lang.String".</note> If you want to use the workflow for groups synchronization, you must also create an attribute in schema, this time called "ldapGroups", type "java.lang.String".</note>
  
  • by neznajf