Chat now with support
Chat mit Support

Identity Manager 8.1.3 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

Troubleshooting

Synchronization Editor helps you to analyze and eliminate synchronization errors.

  • Simulating synchronization

    The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.

  • Analyzing synchronization

    You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.

  • Logging messages

    One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.

  • Reset start information

    If synchronization was terminated unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.

For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

Basic configuration data

To manage an LDAP environment in One Identity Manager, the following data is relevant.

  • Configuration parameters

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.

    For more information, see Configuration parameters for managing an LDAP environment.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for LDAP user accounts.

  • Password policies

    One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

    Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

    For more information, see Password policies for LDAP user accounts.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.

    For more information, see Post-processing outstanding objects.

  • Servers

    In order to handle -specific processes in One Identity Manager, the synchronization server and its server functions must be declared.

    For more information, see Job server for LDAP-specific process handling.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign the employees who are authorized to edit all domains in One Identity Manager to this application role.

    Define additional application roles if you want to limit the edit permissions for target system managers to individual domains. The application roles must be added under the default application role.

    For more information, see Target system managers.

Account definitions for LDAP user accounts

One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:

  • Default user account that inherits all properties from the employee.
  • Administrative user account that is associated to an employee but should not inherit the properties from the employee.

For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

  • Creating account definitions

  • Configuring manage levels

  • Creating the formatting rules for IT operating data

  • Collecting IT operating data

  • Assigning account definitions to employees and target systems

Detailed information about this topic

Creating an account definition

To create a new account definition

  1. In the Manager, select the LDAP | Basic configuration data | Account definitions | Account definitions category.

  2. Select an account definition in the result list. Select the Change master data task.

    -OR-

    Click in the result list.

  3. Enter the account definition's master data.
  4. Save the changes.
Detailed information about this topic
Verwandte Dokumente