You can automatically adopt groups from an external user configuration into your company's central user management. To do this, use verified and stored connection settings and use these as a command when they are opened.
Saving Connection Settings for Automatic Synchronization
Prerequisites
You can make changes to the connection settings for adopting groups from the LDAP server and check these by loading the groups. Import takes groups that have been entered in the server, at the branch and that are shown by filter expression into consideration as long as these are out of date in the current user management. Selection of groups using activated check boxes is not taken into consideration.
Context
Groups can automatically be adopted into your company's central user management from an external user configuration using a parameterized command line call for the administration program. To do this, use verified and stored connection settings and use these as a command when they are opened.
LDAP groups are imported including all users assigned in the LDAP. If these users already exist, then only the group assignment is changed. If they do not already exist, then they are created as new.
If users were removed from a group, then their group membership is deleted in the central user management. These users still remain in the central user management with the rules set for them and need to be manually removed.
If users should have been removed from the LDAP directory but still remain in the repository with the rules set for them, then they need to be manually removed.
During LDAP synchronization, the user is queried directly about user assignment to groups via the "MemberOf" field. If no users are found here, then an attempt is made to determine the members of a group using the "UniqueMember" for the group.
How to proceed
-
Make all necessary connection settings and check them by loading them.
Import takes groups that have been entered in the server, at the branch and that are shown by filter expression into consideration as long as these are out of date in the current user management.
-
Click on Connection Save.
The connection information is stored locally and is used for local command line call of the automatic synchronization.
Setting Up Automatic Synchronization
Prerequisites
Checked and stored connection settings.
Context
A command line call can be used for automatic synchronization of the central user management in the license server using an LDAP.
The administration program can be called for synchronizing with an LDAP with:
<Innovator program directory>\InnoAdministration.exe MID.Innovator.sync=true [MID.Innovator.inohost=<INOHOST>]
Call arguments are:
-
MID.Innovator.inohost=<INOHOST>
Set the main license server to be used.
-
MID.Innovator.sync=true
Synchronization is carried out without user entries.
A inoldapsync.<INOHOST>.log log file is updated in a temporary directory upon synchronization (info is attached).
How to proceed
-
Set up an automatic batch call or something similar with the command line above if you want to synchronize using the stored connection settings.
Import takes groups that have been entered in the server, at the branch and that are shown by filter expression into consideration as long as these are out of date in the current user management.
Related Topics
