[midPoint] exclude account from synchronizaton
Marco Benucci
m.benucci at nsr.it
Thu Feb 15 11:33:16 CET 2018
Hi all,
I'm running midpoint 3.6 and I'm configuring an Active Directory
resource using the ADLdap connector (1.5.1).
Now, whenever an account is considered "unmatched" i need to create an
user and link the user to that account, but in this AD there are also
many "Computer" object that, at least for now, I do not want in.
The main problem, I think, is that Computers, in AD, have also the
objectClasses "top", "person", "organizationalPerson" and "user", just
like Users, so the workaround
<generationConstraints>
<generateObjectClass>ri:user</generateObjectClass>
<generateObjectClass>ri:group</generateObjectClass>
</generationConstraints>
does not work because Computers shares all their classes with Users,
exept "computer" objectClass.
Is there a smart way to exclude them during synchronization?I do not
want that an unmatched account for a computer create an user...
Thank you,
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180215/f00997c8/attachment.htm>
More information about the midPoint
mailing list