Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 8.2.1 - Administration Guide for Connecting to LDAP

About this guide Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Adjusting the synchronization configuration for LDAP environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing LDAP user accounts and employees Managing memberships in LDAP groups Login information for LDAP user accounts Mapping LDAP objects in One Identity Manager Handling of LDAP objects in the Web Portal Basic data for managing an LDAP environment Troubleshooting Configuration parameters for managing an LDAP environment Default project template for LDAP Generic LDAP connector settings LDAP connector V2 settings

Specifying server functions

NOTE: All editing options are also available in the Designer under Base Data > Installation > Job server.

The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

NOTE: More server functions may be available depending on which modules are installed.
Table 39: Permitted server functions

Server function

Remark

CSV connector

Server on which the CSV connector for synchronization is installed.

Domain controller

The Active Directory domain controller. Servers that are not labeled as domain controllers are considered to be member servers.

Printer server

Server that acts as a print server.

Generic server

Server for generic synchronization with a custom target system.

Home server

Server for adding home directories for user accounts.

LDAP connector

Server on which the LDAP connector is installed. This server synchronizes the LDAP target system.

LDAP store

Server containing the LDAP store.

Update server

This server automatically updates the software on all the other servers. The server requires a direct connection to the database server that One Identity Manager database is installed on. It can run SQL tasks.

The server with the One Identity Manager database installed on it is labeled with this functionality during initial installation of the schema.

SQL processing server

It can run SQL tasks. The server requires a direct connection to the database server that One Identity Manager database is installed on.

Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

CSV script server

This server can process CSV files using the ScriptComponent process component.

Generic database connector

This server can connect to an ADO.Net database.

One Identity Manager database connector

Server on which the One Identity Manager connector is installed. This server synchronizes the One Identity Manager target system.

One Identity Manager Service installed

Server on which a One Identity Manager Service is installed.

Primary domain controller

Primary domain controller.

Profile server

Server for setting up profile directories for user accounts.

SAM synchronization Server

Server for running synchronization with an SMB-based target system.

SMTP host

Server from which One Identity Manager Service sends email notifications. Prerequisite for sending mails using One Identity Manager Service is SMTP host configuration.

Default report server

Server on which reports are generated.

Windows PowerShell connector

The server can run Windows PowerShell version 3.0 or later.

Related topics

Troubleshooting

Possible errors when synchronizing an OpenDJ environment

Issue

Error synchronizing an OpenDJ system if a password begins with an open curly bracket.

Cause

The LDAP server interprets a generated password of the form {<abc>}<def> as a hash value. However, the LDAP server does not allow hashed passwords to be passed.

Solution

The LDAP server can be configured so that a hashed password of the form {<algorithm>}hash can be passed.

  • On the LDAP server: Allow already hashed passwords to be passed.

  • In the synchronization project: Only pass hashed passwords. Use the script properties for mapping schema properties that contain passwords. Create the password's hash value in the script.

Errors connecting multiple LDAP systems with the same distinguished name

Issues

An error occurs when creating multiple synchronization projects for connecting an LDAP domain or when connecting instances with identical names.

The domain with the distinguished name '{0}' is already used in the synchronization project '{1}'. Only one synchronization project is allowed per domain and connector.

Cause

This problem occurs if the synchronization projects were created with an older One Identity Manager version.

The domain name (Ident_Domain) is used to search for LDAP domains in the database. In synchronization projects created with an older One Identity Manager version, LDAP domain names are formatted with <DN component 1>.

Solution

  • With newly created synchronization projects, the LDAP domain names are formed with <DN component 1> (<server from connection parameters>).

  • For existing synchronization projects created with the generic LDAP connector, apply the VPR#33513 patch. This creates a variable and value for $IdentDomain$ in all variable sets and changes the scope to DistinguishedName = '$CP_RootEntry$' and Ident_Domain='$IdentDomain$'.

    For more information about applying patches, see the One Identity Manager Target System Synchronization Reference Guide.

  • LDAP domains that are already in the database are not renamed. If necessary, manually adjust the LDAP domain names (Ident_Domain). For more information, see LDAP domains.

NOTE: Objects imported from different directory services that have the identical canonical names and distinguished names in the One Identity Manager database, could result in duplicate display values in current attestations, such as system entitlements, as well as in reports on target system objects and target system entitlements. Customizations may need to be made to attestation procedures and reports.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation