Chat now with support
Chat mit Support

Identity Manager 8.1.3 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

LDAP group inheritance based on categories

In One Identity Manager, groups can be selectively inherited by user accounts. For this purpose, the groups and the user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The template contains two tables; the user account table and the group table. Use the user account table to specify categories for target system dependent user accounts. In the group table enter your categories for the target system-dependent groups. Each table contains the Position 1 to Position 31 category positions.

Every user account can be assigned to one or more categories. Each group can also be assigned to one or more categories. The group is inherited by the user account when at least one user account category items matches an assigned group. The group is also inherited by the user account if the group or the user account is not put into categories.

NOTE: Inheritance through categories is only taken into account when groups are assigned indirectly through hierarchical roles. Categories are not taken into account when groups are directly assigned to user accounts.
Table 38: Category examples
Category item Categories for user accounts Categories for groups
1 Default user Default permissions
2 System users System user permissions
3 System administrator System administrator permissions

Figure 2: Example of inheriting through categories.

To use inheritance through categories

  • In the Manager, define categories in the domain.

  • Assign categories to user accounts and contacts through their master data.

  • Assign categories to groups through their master data.

Related topics

Assigning extended properties to LDAP groups

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a group

  1. In the Manager, select the LDAP | Groups category.

  2. Select the group in the result list.

  3. Select the Assign extended properties task.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .
  5. Save the changes.

For more detailed information about setting up extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Deleting LDAP groups

To delete a group

  1. In the Manager, select the LDAP | Groups category.

  2. Select the group in the result list.

  3. Delete the group using .

  4. Confirm the security prompt with Yes.

The group is deleted completely from the One Identity Manager database and from LDAP.

LDAP container structures

LDAP containers are represented by a hierarchical tree structure. Containers are often used to display organizational units such as branch offices or departments, to organize LDAP directory objects such as users, groups, and computers logically, and therefore to ease the burden of object administration. LDAP directory containers are loaded by synchronization with the One Identity Manager database.

To edit container master data

  1. In the Manager, select the LDAP | Contacts category.

  2. Select the container in the result list and run the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the container's master data.

  4. Save the changes.
Detailed information about this topic
Verwandte Dokumente