Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2020/02/27 16:32] kotynekv [Connector configuration] vlv sort attribute warning |
tutorial:adm:manage_ad [2020/08/13 11:22] apeterova special characters |
||
---|---|---|---|
Line 96: | Line 96: | ||
* **Base contexts for user entry searches** - usually the same as "Root suffixes" | * **Base contexts for user entry searches** - usually the same as "Root suffixes" | ||
* **Group members reference attribute** - usually " | * **Group members reference attribute** - usually " | ||
- | * **pageSize** - this option is only available if you use connector that is customizes by BCV Solutions. | + | * **pageSize** - this option is only available if you use connector that is customizes by BCV Solutions. |
* **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | * **Uid Attribute** - this is one of the most important option. It defines the primary key/UID of the account. Attribute values will be stored in CzechIdM for each account. Must be unique and should not change. **It is strongly advised to use " | ||
* **Object classes to synchronize** - usually the same as "Entry object classes" | * **Object classes to synchronize** - usually the same as "Entry object classes" | ||
Line 208: | Line 208: | ||
Thus every user that has the role assigned is added to the group with provided DN via ldapGroups attribute. | Thus every user that has the role assigned is added to the group with provided DN via ldapGroups attribute. | ||
+ | |||
+ | For managing group membership in multi domain AD environment follow [[tutorial: | ||
<note important> | <note important> | ||
Line 240: | Line 242: | ||
the likely cause is that some groups have many members. AD has a property MaxPageSize which is probably set to lower than necessary (default is 1000). Increasing the value to an arbitrary large number (30000) helped in our case but only AD admin can change this. | the likely cause is that some groups have many members. AD has a property MaxPageSize which is probably set to lower than necessary (default is 1000). Increasing the value to an arbitrary large number (30000) helped in our case but only AD admin can change this. | ||
+ | |||
+ | ===== SvcErr: DSID-031007E5 - unsupported special characters in DN ===== | ||
+ | |||
+ | The AD connector doesn' | ||
+ | < | ||
+ | javax.naming.NamingException: | ||
+ | </ | ||
+ | |||
+ | Please rename your containers so they don't contain special characters. | ||
+ | |||
+ | See more about this known issue here: https:// | ||
===== Failover ===== | ===== Failover ===== |