Sync only user without specific groups

Tagged: , ,

This topic has 2 replies, 2 voices, and was last updated 5 years, 9 months ago by fdevarennes.

  • Author
    Posts
  • #15963
     fdevarennes
    Participant

    Hi,

    I would like to synchronize user accounts only if they are member of certain group in certain OU. The OU and group are dynamic. I know that a ldap search of memberOf are not searchable with wildcards, so how would you do that?

    FirstOU
    |
    — SubSecondOU
    |
    —– GroupOne

    So if the user is a member of GroupOne in that exact structure, then synchronize that user from Active Directory to the AD LDS.

    thanks

    #15967
     Jake Feasel
    Moderator

    The simplest suggestion I can offer at the moment is to use a validSource script to check the contents of the source.memberOf, looking for the group name that you are interested in. Unfortunately, you won’t be able to rely on livesync on the ldap account for group membership changes, since those are maintained by the group object, not the account. For that reason, I suggest using a regular recon schedule on the accounts – not as fast as livesync, but it will consistently reflect the state of the group membership.

    #15968
     fdevarennes
    Participant

    Hi,

    i will try that. Thanks

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?