[midPoint] Connecting multi-domain active directory forrest

Arnošt Starosta - AMI Praha a.s. arnost.starosta at ami.cz
Mon Feb 20 22:59:11 CET 2017


Hello everybody,

I'm trying and failing to connect midpoint to a multi-domain active
directory forrest for read/write operations using the Ldap AD Connector.

My account import task imports accounts from the parent/root domain, but
not from subdomains.

My test setup has a parent domain and a single subdomain. As recommended
here -
https://wiki.evolveum.com/display/midPoint/Active+Directory+Multi-Domain -
i've setup the following configuration (simplified).

         <configurationProperties>
            <host>root.com</host>
            ...
            <baseContext>DC=root,DC=com</baseContext>
            <referralStrategy>ignore</referralStrategy>
            <globalCatalogStrategy>resolve</globalCatalogStrategy>
            <globalCatalogServers>host=root.com;
port=3268</globalCatalogServers>
            <servers>host=sub.root.com;
baseContext=DC=sub,DC=root,DC=com</servers>
         </configurationProperties>

Importing accounts from this resource results in root.com shadow objects
only, no sub.root.com. The global catalog is up to date and contains all
objects in the forrest.

Should I "bootstrap" the shadows from the global catalog and then switch to
the above configuration manually? Or should i just check the sources?

Thanks for any advice!

arnost

--

Arnošt Starosta
solution architect

gsm: [+420] 603 794 932
e-mail: arnost.starosta at ami.cz



AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz





Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170220/aae8dbac/attachment.htm>


More information about the midPoint mailing list