Especially with LDAP, it often happens that customers have two LDAP systems hosting the same domain. This causes problems when running the domain template because the Distinguishedname attribute value is used to identify the LDAP domain in Identity Manager (1IM).
An enhancement request (#33513) has been created.
WORKAROUND
1. Use the Synchonization Editor to create a new synchronization project using the connection wizard to setup the LDAP Domain.
2. Invalidate the Distinguishedname (DN) via SQL:
update LDPDomain
set Distinguishedname = Distinguishedname+'@'+UID_LDPDomain
where Distinguishedname = 'DC=Domain,DC=tld'
3. Do not execute any import at this stage.
4. Sync Editor | Variables | upper panel | click "+" to create a new variable. Name it "CP_DomainIdentifier" and provide the value of LDPDomain.Ident_Domain which is a free text field. Use the Identity Manager tools to see the attribute and change it.
5. Sync Editor | One Identity Manager Connection | Scope | click on LDPDomain | change the SQL condition to:
(upper(Ident_Domain) = upper('$CP_DomainIdentifier$'))
6. Sync Editor | One Identity Manager Connection | Browser: check if the LDPDomain object appears.
7. Repeat steps 1 to 5 for all other LDAP domains. There is no need to start work on these projects immediately, the important thing is to get the Sync project created and stored into the database.
8. Finally revert the DN change (the correct DN is required because it is referenced in value templates on LDAPAccount.Distinguishedname, LDAPGroup...):
update LDPDomain
set Distinguishedname = SubString(Distinguishedname, 1, PatIndex('%@'+UID_LDPDomain+'%', Distinguishedname)-1)
where Distinguishedname like 'DC=Domain,DC=tld' +'@%'+UID_LDPDomain
Now synchronization projects may be managed.
STATUS
The product team will evaluate the request and this feature may become available in a future release of the product.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center