<div dir="ltr">Hello everybody,<br><br>I'm trying and failing to connect midpoint to a multi-domain active directory forrest for read/write operations using the Ldap AD Connector.<br><br>My account import task imports accounts from the parent/root domain, but not from subdomains.<br><br>My test setup has a parent domain and a single subdomain. As recommended here - <a href="https://wiki.evolveum.com/display/midPoint/Active+Directory+Multi-Domain">https://wiki.evolveum.com/display/midPoint/Active+Directory+Multi-Domain</a> - <br>i've setup the following configuration (simplified).<br><br> <configurationProperties><br> <host><a href="http://root.com">root.com</a></host><br> ...<br> <baseContext>DC=root,DC=com</baseContext><br> <referralStrategy>ignore</referralStrategy><br><div><div> <globalCatalogStrategy>resolve</globalCatalogStrategy><br></div><div> <globalCatalogServers>host=<a href="http://root.com">root.com</a>; port=3268</globalCatalogServers><br></div><div> <servers>host=<a href="http://sub.root.com">sub.root.com</a>; baseContext=DC=sub,DC=root,DC=com</servers></div><div> </configurationProperties><br></div><br></div><div>Importing accounts from this resource results in <a href="http://root.com">root.com</a> shadow objects only, no <a href="http://sub.root.com">sub.root.com</a>. The global catalog is up to date and contains all objects in the forrest.</div><div><br></div><div>Should I "bootstrap" the shadows from the global catalog and then switch to the above configuration manually? Or should i just check the sources?</div><div><br></div><div>Thanks for any advice!</div><div><br></div><div>arnost<br><br>--<br><br>Arnošt Starosta<br>solution architect<br><br>gsm: [+420] 603 794 932<br>e-mail: <a href="mailto:arnost.starosta@ami.cz">arnost.starosta@ami.cz</a><br><br> <br><br>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz">www.ami.cz</a><br><br> <br><br><br><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><table style="font-family:verdana,arial,helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px;border-style:solid;width:482px"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray"><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray"><br></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px"><br></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray"><br></td><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray"><br></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;border-width:0px 1px 0px 0px;border-style:solid;border-color:gray rgb(204,204,204) gray gray;padding:0px"><br></td><td style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray"><br></td><td style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px solid gray"><br></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray"><td colspan="7" style="color:rgb(0,0,0);font-family:verdana,arial,helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray"><br></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray"><td colspan="7" style="color:rgb(128,128,128);font-family:arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray"><br></td></tr></tbody></table></div></div></div></div>
</div></div>