Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to LDAP

About this guide Managing LDAP environments Synchronizing LDAP directories
Setting up initial LDAP directory synchronization Adjusting the synchronization configuration for LDAP environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing LDAP user accounts and identities Managing memberships in LDAP groups Login credentials for LDAP user accounts Mapping LDAP objects in One Identity Manager Handling of LDAP objects in the Web Portal Basic data for managing an LDAP environment Troubleshooting Configuration parameters for managing an LDAP environment Default project template for LDAP LDAP connector V2 settings

Configuring the synchronization log

All the information, tips, warnings, and errors that occur during synchronization are recorded in the synchronization log. You can configure the type of information to record separately for each system connection and synchronization workflow.

To configure the content of the synchronization log for a system connection

  1. To configure the synchronization log for target system connection, in the Synchronization Editor, select the Configuration > Target system category.

    - OR -

    To configure the synchronization log for the database connection, in the Synchronization Editor, select the Configuration > One Identity Manager connection category.

  2. In the General section, click Setup.

  3. In the Synchronization log section, set Create synchronization log.

  4. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  5. Click OK.

To configure the content of the synchronization log for a synchronization workflow

  1. In the Synchronization Editor, select the Workflows category.

  2. Select a workflow in the navigation view.

  3. In the General section, click Edit.

  4. Select the Synchronization log tab.

  5. Enable the data to be logged.

    NOTE: Some content generates a particularly large volume of log data. The synchronization log should only contain data required for error analysis and other analyzes.

  6. Click OK.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

  • In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Related topics

Adjusting the synchronization configuration for LDAP environments

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of an LDAP domain, you can use the synchronization project to load LDAP objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the LDAP environment.

You must customize the synchronization configuration to be able to regularly compare the database with the LDAP environment and to synchronize changes.

  • To use One Identity Manager as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.

  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.

  • To specify which LDAP objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.

  • Use variables to set up a synchronization project for synchronizing different domains. Store a connection parameter as a variable for logging in to the domain.

  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

  • To synchronize additional schema properties, update the schema in the synchronization project. Include the schema extensions in the mapping.

For more information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Configuring synchronization in LDAP domains

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing LDAP domains

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.
  6. Run a consistency check.

Related topics

Configuring synchronization of several LDAP domains

In some circumstances, it is possible to use a synchronization project to synchronize different LDAP domains.

Prerequisites
  • The target system schema of the domains are identical.

  • All virtual schema properties used in the mapping must exist in the extended schema of the domains.

To customize a synchronization project for synchronizing another domain

  1. Prepare a user account with sufficient permissions for synchronizing in the other domain.

  2. In the Synchronization Editor, open the synchronization project.

  1. Create a new base object for every other domain.

    • Use the wizard to attach a base object.

    • In the wizard, select the LDAP connector.

    • Declare the connection parameters. The connection parameters are saved in a special variable set.

    A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.
  4. Run a consistency check.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating