Synchronization Editor helps you to analyze and eliminate synchronization errors.
-
Simulating synchronization
The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.
-
Analyzing synchronization
You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.
-
Logging messages
One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.
-
Reset start information
If synchronization was terminated unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.
For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.
Related topics
To manage an LDAP environment in One Identity Manager, the following data is relevant.
-
Configuration parameters
Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.
Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.
For more information, see Configuration parameters for managing an LDAP environment.
-
Account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
For more information, see Account definitions for LDAP user accounts.
-
Password policies
provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.
Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.
For more information, see Password policies for LDAP user accounts.
-
Target system types
Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.
For more information, see Post-processing outstanding objects.
-
Servers
In order to handle -specific processes in One Identity Manager, the synchronization server and its server functions must be declared.
For more information, see Job server for LDAP-specific process handling.
-
Target system managers
A default application role exists for the target system manager in One Identity Manager. Assign the employees who are authorized to edit all domains in One Identity Manager to this application role.
Define additional application roles if you want to limit the edit permissions for target system managers to individual domains. The application roles must be added under the default application role.
For more information, see Target system managers.
One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:
- Default user account that inherits all properties from the employee.
- Administrative user account that is associated to an employee but should not inherit the properties from the employee.
For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition:
-
Creating account definitions
-
Configuring manage levels
-
Creating the formatting rules for IT operating data
-
Collecting IT operating data
-
Assigning account definitions to employees and target systems
Detailed information about this topic
To create a new account definition
-
In the Manager, select the LDAP | Basic configuration data | Account definitions | Account definitions category.
- Select an account definition in the result list. Select the Change master data task.
-OR-
Click 
in the result list.
- Enter the account definition's master data.
- Save the changes.
Detailed information about this topic
