Home Forums Installation Import Users and groups from AD

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #2468
    Ben Cold
    Participant

    Hi, how can I import Groups and Users from Active Directory. I use AD Powershell CONNECTOR.

    I’ve been going through the documentation but that part is blank:
    https://docs.openiam.com/docs-4.2.0.8/developerguide/9-synchronization/2-import/2-ad

    Thanks!

    #2469
    Neil Herbert
    Participant

    Looking at some of the older documentation might be a good starting point

    https://docs.openiam.com/docs-4.1.14/html/Getting%20Started/Import%20Existing%20Users%20and%20Groups.htm

    #2470
    Ben Cold
    Participant

    Yes, I had already done it and tried it but it does not sync the groups / users from AD to OpenIAM.
    It said : Nothing has been found in target system.
    You manage to synchronize correctly?
    Thanks for help!

    • This reply was modified 3 weeks, 4 days ago by Ben Cold.
    #2472
    Neil Herbert
    Participant

    It would be worth you posting the configuration of your AD managed system and more info such as what version you are running and what your OpenIAM environment is such as docker swarm, rpm, etc.

    #2473
    Ben Cold
    Participant

    Yes, I did a rpm installation on centos 7.
    OpenIAM Version: 4.2.0.8.bc9e84a2, Build: 2021/08/05 17:59 +0000, Last commit 2021/08/05 13:01 +0000

    Thanks!

    Attachments:
    You must be logged in to view attached files.
    #2477
    Neil Herbert
    Participant

    It looks like you have the same issue as a couple of previous posts. Your search filters are ldap filters, these can’t be used with the Powershell Connector.

    Your user search filter should be something like

    get-aduser ? -Properties *

    instead of

    (objectClass=user)

    The same would go for your group search filters.

    Luckily Suneet has shared this link with a previous post that seems to be the same issue – https://docs.openiam.com/docs-4.2.0.8/connectorconfig/microsoft/4-adpowershell – hopefully that will give you enough to get going!

    #2478
    Ben Cold
    Participant

    Hi, thanks a lot!
    I’ve already tried that setting but still having trouble syncing :

    I attach screenshots of the new configuration and log output

    Attachments:
    You must be logged in to view attached files.
    #2481
    Ben Cold
    Participant

    I have been trying various configurations with no success. Could I be setting something wrong? Or could it be a bug?

    #2482
    suneet_shah
    Keymaster

    Hi Ben,

    Neil is correct that you might be mixing up configuration between the AD powershell connector and the ldap connector.

    Can you post the configuration for your managed system first?

    Do you have an active connection on the dashboard? Lets resolve that first and then we can move to the synch

    #2483
    Ben Cold
    Participant

    Hi, this is my configuration for the managed system and the dashboard.
    Thanks!

    Attachments:
    You must be logged in to view attached files.
    #2486
    Ben Cold
    Participant

    Sorry, this is my configuration for the managed system :

    Attachments:
    You must be logged in to view attached files.
    #2488
    Ben Cold
    Participant

    HI, I managed to get it to process the sync without giving any errors but now it detects “SYNCHRONIZATION_ORPHAN” in the users in the AD and there are not in the IAM, but it does not create them in the IAM. What could it be due to?
    Thanks.

    Attachments:
    You must be logged in to view attached files.
Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.