Master data for LDAP computers
Enter the following data for a computer.
Table 42: Computer master data
| Device |
The computer is connected to this device. Specify a new device using the  button next to the menu. For more detailed information about devices, see the One Identity Manager Identity Management Base Module Administration Guide |
| Name |
Computer identifier |
| Domain |
Domain in which to create the computer. |
| Container |
Container in which to create the computer. The distinguished name of the computer is determined by a template when the container is selected. |
| Structural object class |
Structural object class representing the object type. |
|
Object class |
List of classes defining the attributes for this object. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services. |
Assigning LDAP computers directly to LDAP groups
Groups can be assigned directly or indirectly to a computer. Indirect assignment is carried out by allocating the device with which a computer is connected and groups to company structures, like departments, cost centers, locations, or business roles.
To react quickly to special requests, you can assign groups directly to a computer.
NOTE: Computers cannot be manually added to dynamic groups. Memberships in a dynamic group are determined through the condition of the dynamic group.
To assign a computer directly to groups
-
In the Manager, select the LDAP | Computers category.
-
Select the computer in the result list.
-
Select the Assign groups task.
-
In the Add assignments pane, assign groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.
To remove an assignment
- Select the group and double-click
.
- Save the changes.
Related topics
Reports about LDAP objects
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for LDAP.
NOTE: Other sections may be available depending on the which modules are installed.
Table 43: Reports for the target system
|
Overview of all assignments (domain) |
This report find all roles containing employees with at least one user account in the selected domain. |
|
Overview of all assignments (container) |
This report finds all roles containing employees with at least one user account in the selected container. |
|
Overview of all assignments (group) |
This report finds all roles containing employees with the selected group. |
|
Show orphaned user accounts |
This report shows all user accounts in the domain that are not assigned to an employee. The report contains group memberships and risk assessment. |
|
Show employees with multiple user accounts |
This report shows all employees with more than one user account in the domain. The report contains a risk assessment. |
|
Show unused user accounts |
This report shows all user accounts in the domain that have not been used in the last few months. The report contains group memberships and risk assessment. |
|
Show entitlement drifts |
This report shows all groups in the domain that are the result of manual operations in the target system rather than provisioned by One Identity Manager. |
|
Show user accounts with an above average number of system entitlements |
This report contains all user accounts in the domain with an above average number of group memberships. |
|
LDAP user account and group administration |
This report contains a summary of user account and group distribution in all domains. You can find this report in the My One Identity Manager category. |
|
Data quality summary for LDAP user accounts |
This report contains different evaluations of user account data quality in all domains. You can find this report in the My One Identity Manager category. |
Related topics
Overview of all assignments
The Overview of all assignments report is displayed for some objects, such as authorizations, compliance rules, or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles, and IT Shop structures in which there are employees who own the selected base object. In this case, direct as well as indirect base object assignments are included.
Examples
- If the report is created for a resource, all roles are determined in which there are employees with this resource.
- If the report is created for a group or another system entitlement, all roles are determined in which there are employees with this group or system entitlement.
- If the report is created for a compliance rule, all roles are determined in which there are employees who violate this compliance rule.
- If the report is created for a department, all roles are determined in which employees of the selected department are also members.
- If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.
To display detailed information about assignments
Figure 3: Toolbar of the Overview of all assignments report.
Table 44: Meaning of icons in the report toolbar
|
|
Show the legend with the meaning of the report control elements |
|
|
Saves the current report view as a graphic. |
|
|
Selects the role class used to generate the report. |
|
|
Displays all roles or only the affected roles. |
button in a role's control, you display all employees in the role with the base object.