- This topic has 5 replies, 3 voices, and was last updated 1 year, 1 month ago by Anonymous.
May 21, 2020 at 9:44 pm #1353Alex RasmussenParticipant
OpenIAM version: 4.1.11 Community Edition
Active Directory Domain Functional Level: Windows Server 2016
FreeIPA version: 4.6.6
I am trying to make provisioning integration from OpenIAM to MS Active Directory and FreeIPA (Redhat IDM).
OpenIAM is set up by following YouTube tutorial: https://www.youtube.com/watch?v=odU5qyXVf-c
I have followed this guide: http://docs.openiam.com/docs419/html/connectors/ldap-ad.htm and also this guide: http://docs.openiam.com/docs419/html/connectors/ad-powershell.htm. I also tried the PowerShell method: https://www.youtube.com/watch?v=OL3oHyYYYnw. But none of them will succeed.
I have tried to make both LDAP and LDAPS integration against the MS Active Directory, but the test connection output is always the same: “Test Synchronization failed. Can’t connect to target system“. I have tried to create some test users in OpenIAM, but these are not created/provisioned in either MS Active Directory or FreeIPA.
I am experiencing exactly the same error message when trying to integrate against FreeIPA (Redhat IDM).
I have tested the network connectivity between the servers with Ping and DNS name lookup. Firewalls and SELINUX are disabled on the servers.
Does anyone know any other guide/screenshots I can try to follow?
Any help would be appreciated.
Thank you.May 22, 2020 at 2:41 am #1355Ameet ShahKeymaster
Can you try to establish a connection first to AD? Use the docs at: http://docs.openiam.com/docs4111/html/docs.htm#Getting%20Started/provisioning-rpm.htm to help you get started.
If you are still getting connection errors, can you paste your managed system configuration and here and any errors that you see in the idm-esb.logs?
We are in the process of updating our docs
Once we get this resolved, we can help you with the IPA integrationJune 10, 2020 at 8:23 pm #1393Anonymous
Thanks for your answer.
I have now followed the guide (docs) to install and setup LDAP Connector in OpenIAM. I am now connected to my Microsoft ActiveDirectory, but it still does not provisioning anything in my AD.
Is it a license limitation in the Community Edition?
It seems that according to the feature comparison chart for on-premise: https://www.openiam.com/products/identity-governance/ce-vs-ee-feature-comparison/
Any help would be appreciated.
Thank you.June 11, 2020 at 2:40 am #1395Ameet ShahKeymaster
No there is no license limitation that will prevent you from provision to AD. Can you share
a) If you see a valid connection with AD in the managed system list?
b) Did you create a role that is entitled to AD?
Can you share the steps you are taking to trigger provisioning? This will help us help you .June 11, 2020 at 6:08 am #1397Anonymous
a) I attached a screenshot of the Managed System Dashboard from my OpenIAM installation.
b) Yes, I created a group and set the managed system to: AD Managed System. Then I entitled the role: “Manager” to “AD Managed System”.June 11, 2020 at 6:09 am #1402Anonymous
To trigger a provisioning, I create a new user in the Webconsole and set the manged system to “AD Managed System” and then select role: “Manager”. Then I set the group to “AD Managed System” with desired AD group. Please see the attached screenshots.
I uncheck the following checkboxes in the creation form:
- Notify User of the credentials via e-mail. Requires an email address
- Notify Supervisor of the credentials for the new user via e-mail. Requires a supervisor to be selected
- Delay user provisioning till start date
I hope the attached screenshots can help you see my configuration.
- You must be logged in to reply to this topic.