3 Replies Latest reply: Mar 20, 2017 2:00 AM by Simon Pinnow RSS

    User sync fails  - Generic LDAP

    Patric Amatulli

      Hi,

       

      we have tried to synch our user from the AD through a Generic LDAP connector, but we are encountering the following issue, that only groups are synchronized not the users, as we can read from the .log files.

       

      Attached the .log files.

       

      Someone can support us?

       

      Log Messages says:

      Database done with 0 users and 234 groups in user directory (MYDOMAIN, b6bbe7e4-3fa7-4cf5-bb23-77d96e94dc36)

       

      Following filter was applied:

      (memberOf=cn=DSR-CS-CH-FFFF_ReadOnly_UAT,DC=ch,DC=ad,DC=dehani,DC=net)

       

      What is going on?

       

      Thanks and regards,

       

      Patric

        • Re: User sync fails  - Generic LDAP
          Jan Lancé

          Hi,

           

          did you solve this issue?

          I have the exact same problem.

           

          Regards

          Jan

          • Re: User sync fails  - Generic LDAP
            Simon Pinnow

            Hi Patric,

             

            we solved the problem and in our enviroment the Generic LDAP works fine. Now we have different values in DisplayName and User-ID. While using the Windows AD connector we had the same value in both fields because we load Windows AD not as standard.

             

            Solution:

            We had to modify two entries in "Directory Entry Attributes" section.

            • The first one is the field "User identification". Here you have to enter the value of the Windows-AD field "objectclass" which identifies a user in your Windows-AD. The defaut value is "inetOrgPerson" which is a class of Domino LDAP.

              In our case users are identified by "user". After changing this value sync worked fine.

              In other words: The Generic LDAP connector compares the values of the fields "User identification" and "Group identification" in the Windows-AD field "type" (which could be configured and is in default objectclass).

            • To change the DisplayName we changed the value of the field "Display Name".

             

            If you are not sure which values you have to use, download a free Windows-AD explorer and search for your account...

             

            I hope this helps!

            Best regards

            Simon