Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:manage_ad [2020/01/15 06:22]
cirkval [Failover]
+++ tutorial:adm:manage_ad [2020/03/25 06:46]
kucerar link to cross domain membership
@@ Line 103: / Line 103: @@
 <note warning>If you are setting this on a Windows server, make sure to delete the 'Specified attributes to be returned' values and write them manually. Otherwise, ldapGroups will not be returned. </note>
-<note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName').</note>
+<note important>Beware on **useVlvControls** option. CzechIdM now only supports vlv control, so **useVlvControls** option should be enabled and **vlvSortAttribute** must be set (recommended option - 'sAMAccountName'). **DO NOT** use **CN**, **distinguishedName** or any other unindexed attribute or you'll end up with "[LDAP: error code 12 - 0000217A: SvcErr: DSID-03140414, problem 5010 (UNAVAIL_EXTENSION), data 0
+];" error</note>
 <note important>Since connector version 1.3.4.25 we support change of **sAMAccount** name, even if it is used as identifier (in provisioning mapping use sAMAccountName instead of \_\_Uid\_\_)</note>
@@ Line 207: / Line 208: @@
 Thus every user that has the role assigned is added to the group with provided DN via ldapGroups attribute.
+For managing group membership in multi domain AD environment follow [[tutorial:adm:systems_-_manage_groups_membership_in_multi_domain_cross_domain_ad_environment|this tutorial]]
 <note important>Merge was fixed in connector version 1.3.4.25. Before Merge behaved like Authoritative Merge</note>