Home Forums Identity Governance OpenIAM Provisioning Connectors does not work for ActiveDirectory and FreeIPA

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #1353
    Alex Rasmussen

    Hi everyone,

    OpenIAM version: 4.1.11 Community Edition
    Active Directory Domain Functional Level: Windows Server 2016
    FreeIPA version: 4.6.6

    I am trying to make provisioning integration from OpenIAM to MS Active Directory and FreeIPA (Redhat IDM).

    OpenIAM is set up by following YouTube tutorial: https://www.youtube.com/watch?v=odU5qyXVf-c

    I have followed this guide: http://docs.openiam.com/docs419/html/connectors/ldap-ad.htm and also this guide: http://docs.openiam.com/docs419/html/connectors/ad-powershell.htm. I also tried the PowerShell method: https://www.youtube.com/watch?v=OL3oHyYYYnw. But none of them will succeed.

    I have tried to make both LDAP and LDAPS integration against the MS Active Directory, but the test connection output is always the same: “Test Synchronization failed. Can’t connect to target system“. I have tried to create some test users in OpenIAM, but these are not created/provisioned in either MS Active Directory or FreeIPA.

    I am experiencing exactly the same error message when trying to integrate against FreeIPA (Redhat IDM).

    I have tested the network connectivity between the servers with Ping and DNS name lookup. Firewalls and SELINUX are disabled on the servers.

    Does anyone know any other guide/screenshots I can try to follow?

    Any help would be appreciated.

    Thank you.

    Ameet Shah

    Hi Alex
    Can you try to establish a connection first to AD? Use the docs at: http://docs.openiam.com/docs4111/html/docs.htm#Getting%20Started/provisioning-rpm.htm to help you get started.

    If you are still getting connection errors, can you paste your managed system configuration and here and any errors that you see in the idm-esb.logs?

    We are in the process of updating our docs

    Once we get this resolved, we can help you with the IPA integration


    Hi again

    Thanks for your answer.

    I have now followed the guide (docs) to install and setup LDAP Connector in OpenIAM. I am now connected to my Microsoft ActiveDirectory, but it still does not provisioning anything in my AD.

    Is it a license limitation in the Community Edition?

    It seems that according to the feature comparison chart for on-premise: https://www.openiam.com/products/identity-governance/ce-vs-ee-feature-comparison/

    Any help would be appreciated.

    Thank you.

    Ameet Shah

    No there is no license limitation that will prevent you from provision to AD. Can you share
    a) If you see a valid connection with AD in the managed system list?
    b) Did you create a role that is entitled to AD?

    Can you share the steps you are taking to trigger provisioning? This will help us help you .


    Hi again

    a) I attached a screenshot of the Managed System Dashboard from my OpenIAM installation.
    b) Yes, I created a group and set the managed system to: AD Managed System. Then I entitled the role: “Manager” to “AD Managed System”.


    To trigger a provisioning, I create a new user in the Webconsole and set the manged system to “AD Managed System” and then select role: “Manager”. Then I set the group to “AD Managed System” with desired AD group. Please see the attached screenshots.

    I uncheck the following checkboxes in the creation form:

    • Notify User of the credentials via e-mail. Requires an email address
    • Notify Supervisor of the credentials for the new user via e-mail. Requires a supervisor to be selected
    • Delay user provisioning till start date

    I hope the attached screenshots can help you see my configuration.

    Thank you.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.