Chat now with support
Chat mit Support

Identity Manager 8.1.3 - Administration Guide for Connecting to LDAP

Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Customizing the synchronization configuration Executing synchronization Tasks after a synchronization Troubleshooting
Basic configuration data LDAP domains LDAP user accounts LDAP groups LDAP container structures LDAP computers Reports about LDAP objects Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings

Starting synchronization

When setting up the initial synchronization project using the Launchpad, a default schedule for regular synchronizations is created and assigned. To execute regular synchronizations, activate this schedule.

To synchronize on a regular basis

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Configuration | Start up configurations category.
  3. Select a start up configuration in the document view and click Edit schedule.
  4. Edit the schedule properties.
  5. To enable the schedule, click Activate.
  6. Click OK.

You can also start synchronization manually if there is no active schedule.

To start initial synchronization manually

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Configuration | Start up configurations category.

  3. Select a start up configuration in the document view and click Execute.

  4. Confirm the security prompt with Yes.

IMPORTANT: As long as a synchronization process is running, you must not start another synchronization process for the same target system. This especially applies, if the same synchronization objects would be processed.

  • If another synchronization process is started with the same start up configuration, the process is stopped and is assigned Frozen status. An error message is written to the One Identity Manager Service log file.

    • Ensure that start up configurations that are used in start up sequences are not started individually at the same time. Assign start up sequences and start up configurations different schedules.

  • Starting another synchronization process with different start up configuration that addresses same target system may lead to synchronization errors or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration.

    • Use the schedule to ensure that the start up configurations are run in sequence.

    • Group start up configurations with the same start up behavior.

Displaying synchronization results

Synchronization results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Logs category.

  3. Click in the navigation view toolbar.

    Logs for all completed synchronization runs are displayed in the navigation view.

  4. Select a log by double-clicking it.

    An analysis of the synchronization is shown as a report. You can save the report.

To display a provisioning log

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Logs category.

  3. Click in the navigation view toolbar.

    Logs for all completed provisioning processes are displayed in the navigation view.

  4. Select a log by double-clicking it.

    An analysis of the provisioning is shown as a report. You can save the report.

The log is marked in color in the navigation view. This mark shows you the status of the synchronization/provisioning.

TIP: The logs are also displayed in the Manager under the <target system> | synchronization log category.

Related topics

Deactivating synchronization

Regular synchronization cannot be started until the synchronization project and the schedule are active.

To prevent regular synchronization

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the start up configuration and deactivate the configured schedule.

    Now you can only start synchronization manually.

An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.

Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).

To deactivate the synchronization project

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the General view on the start page.

  3. Click Deactivate project.

Detailed information about this topic

Synchronizing single objects

Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a member list is belongs to one of these properties, then the entries in the assignment table will also be updated.

NOTE: If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

To synchronize a single object

  1. Select the object type in the navigation view.

  2. In the result list, select the object that you want to synchronize.

  3. Select the Synchronize this object task.

    A process for reading this object is entered in the job queue.

Detailed information about this topic
Verwandte Dokumente