Chat now with support
Chat mit Support

Identity Manager 8.1.3 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

Configuring synchronization in LDAP domains

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the master system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing LDAP domains

  1. Open the synchronization project in the Synchronization Editor.

  2. Check whether existing mappings can be used for synchronizing the target system. Create new maps if required.
  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its synchronization direction.

  4. Create a new start up configuration. Use the new workflow to do this.
  5. Save the changes.
  6. Run a consistency check.

Related topics

Configuring synchronization of several LDAP domains

In some circumstances, it is possible to use a synchronization project to synchronize different LDAP domains.

Prerequisites
  • The target system schema of both domains are identical.

  • All virtual schema properties used in the mapping must exist in the extended schema of both domains.

To customize a synchronization project for synchronizing another domain

  1. Prepare a user account with sufficient permissions for synchronizing in the other domain.

  2. Open the synchronization project in the Synchronization Editor.

  1. Create a new base object for the other domains. Use the wizard to attach a base object.

    • In the wizard, select the LDAP connector and declare the connection parameters. The connection parameters are saved in a special variable set.

      A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.
  4. Run a consistency check.

Related topics

Changing settings of LDAP domain system connections

When you set up synchronization for the first time, the system connection properties are set to default values that you can modify. There are two ways to do this:

  1. Specify a specialized variable set and change the values of the affected variables.

    The default values remain untouched in the default variable set. The variables can be reset to the default values at any time. (Recommended action).

  2. Edit the target system connection with the system connection wizard and change the effected values.

    The system connection wizard supplies additional explanations of the settings. The default values can only be restored under particular conditions.

Detailed information about this topic

Editing connection parameters in the variable set

The connection parameters were saved as variables in the default variable set when synchronization was set up. You can change the values in these variables to suit you requirements and assign the variable set to a start up configuration and a base object. This means that you always have the option to use default values from the default variable set.

NOTE: To guarantee data consistency in the connected target system, ensure that the start-up configuration for synchronization and the base object for provisioning use the same variable set. This especially applies if a synchronization project for synchronization uses different LDAP domains.

To customize connection parameters in a specialized variable set

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Configuration | Target system category.

  3. Open the Connection parameters view.

    Some connection parameters can be converted to variables here. For other parameters, variables are already created.

  4. Select a parameter and click Convert.

  5. Select the Configuration | Variables category.

    All specialized variable sets are shown in the lower part of the document view.

  6. Select a specialized variable set or click on in the variable set view's toolbar.

    • To rename the variable set, select the variable set and click the variable set view in the toolbar . Enter a name for the variable set.

  7. Select the previously added variable and enter a new value.

  8. Select the Configuration | Start up configurations category.

  9. Select a start up configuration and click Edit.

  10. Select the General tab.

  11. Select the specialized variable set in the Variable set menu.

  12. Select the Configuration | Base objects category.

  13. Select the base object and click .

    - OR -

    To add a new base object, click .

  14. In the Variable set menu, select the specialized variable set.

  15. Save the changes.

For detailed information about using variables and variable sets, or restoring default values and adding base objects, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics
Verwandte Dokumente