Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:manage_ad [2020/01/15 06:22] cirkval [Failover] |
tutorial:adm:manage_ad [2020/03/25 06:46] kucerar link to cross domain membership |
<note warning>If you are setting this on a Windows server, make sure to delete the 'Specified attributes to be returned' values and write them manually. Otherwise, ldapGroups will not be returned. </note> | <note warning>If you are setting this on a Windows server, make sure to delete the 'Specified attributes to be returned' values and write them manually. Otherwise, ldapGroups will not be returned. </note> |
| |
<note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName').</note> | <note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName'). **DO NOT** use **CN**, **distinguishedName** or any other unindexed attribute or you'll end up with "[LDAP: error code 12 - 0000217A: SvcErr: DSID-03140414, problem 5010 (UNAVAIL_EXTENSION), data 0 |
| ];" error</note> |
| |
<note important>Since connector version 1.3.4.25 we support change of **sAMAccount** name, even if it is used as identifier (in provisioning mapping use sAMAccountName instead of \_\_Uid\_\_)</note> | <note important>Since connector version 1.3.4.25 we support change of **sAMAccount** name, even if it is used as identifier (in provisioning mapping use sAMAccountName instead of \_\_Uid\_\_)</note> |
| |
Thus every user that has the role assigned is added to the group with provided DN via ldapGroups attribute. | Thus every user that has the role assigned is added to the group with provided DN via ldapGroups attribute. |
| |
| For managing group membership in multi domain AD environment follow [[tutorial:adm:systems_-_manage_groups_membership_in_multi_domain_cross_domain_ad_environment|this tutorial]] |
| |
<note important>Merge was fixed in connector version 1.3.4.25. Before Merge behaved like Authoritative Merge</note> | <note important>Merge was fixed in connector version 1.3.4.25. Before Merge behaved like Authoritative Merge</note> |