[midPoint] Connecting multi-domain active directory forrest
Arnošt Starosta - AMI Praha a.s.
arnost.starosta at ami.cz
Mon Feb 20 22:59:11 CET 2017
Hello everybody,
I'm trying and failing to connect midpoint to a multi-domain active
directory forrest for read/write operations using the Ldap AD Connector.
My account import task imports accounts from the parent/root domain, but
not from subdomains.
My test setup has a parent domain and a single subdomain. As recommended
here -
https://wiki.evolveum.com/display/midPoint/Active+Directory+Multi-Domain -
i've setup the following configuration (simplified).
<configurationProperties>
<host>root.com</host>
...
<baseContext>DC=root,DC=com</baseContext>
<referralStrategy>ignore</referralStrategy>
<globalCatalogStrategy>resolve</globalCatalogStrategy>
<globalCatalogServers>host=root.com;
port=3268</globalCatalogServers>
<servers>host=sub.root.com;
baseContext=DC=sub,DC=root,DC=com</servers>
</configurationProperties>
Importing accounts from this resource results in root.com shadow objects
only, no sub.root.com. The global catalog is up to date and contains all
objects in the forrest.
Should I "bootstrap" the shadows from the global catalog and then switch to
the above configuration manually? Or should i just check the sources?
Thanks for any advice!
arnost
--
Arnošt Starosta
solution architect
gsm: [+420] 603 794 932
e-mail: arnost.starosta at ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170220/aae8dbac/attachment.htm>
More information about the midPoint
mailing list