Sync'ing groups from AD to DJ via IDM

This topic has 2 replies, 3 voices, and was last updated 5 years, 9 months ago by opsteam.

  • Author
    Posts
  • #14147
     pier
    Participant

    Hi,

    I am trying to achieve the following, and I am a bit lost, I could really need advices fro this :

    We have an AD, that is our source dataset (because of office365 and so on), on this AD we have all our users and they are spanned over different groups, usual setup.

    From this AD we are already sync’ing users to a DJ server (that we use for actual authentication on multiple linux servers) via a IDM instance.

    The sync from AD to DJ via IDM is working flawlessly, including password sync…

    As we are using the DJ to authenticate users connection to linux server I’d like to give a $home value for each users according to its AD group membership, so every users connecting to a linux server would be located in a “department related” $home.

    I have some ideas about how to achieve that but I really want to do it following best practices (if any), so feel free to give professional advices :)

    • This topic was modified 5 years, 9 months ago by pier.
    #14230
     Jake Feasel
    Moderator

    You should be able to declare a property mapping entry which is based on AD’s account memberOf attribute (containing references to group membership) that translates into an attribute in DJ that is meaningful for Linux. You’ll need to write a bit of JavaScript or Groovy to represent that transformation logic; see this section in the docs for how to do so: https://forgerock.org/openidm/doc/bootstrap/integrators-guide/#mapping-transforming-attributes

    #14247
     opsteam
    Participant

    Thanks @jake-feasel,

    I’ll try that, for now I’ve been updating the DJ schema manually (as we only need to apply this to few users, mainly admin), but in near future we may have to do this massively, in which case your input will become very helpful !

    Thanks aganin for the help Jake.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?