Synchronization Rules
This topic provides details on how the user synchronization works between the Microsoft Active Directory (LDAP for short) and the Automation Engine via LDAP Sync.
Notes:
-
The following concepts will help you better understand the synchronization rules:
- The concepts of user and user group exist in both the AE and LDAP.
- Users can be assigned to user groups.
- One or more user groups in the AE can be mapped to one or more user groups in LDAP. If an AE user group is not mapped to an LDAP user group, no synchronization occurs.
- Users in the AE can be tagged as existing users in LDAP.
- You must administer AE user groups manually in the (Undefined variable: UIElements.Administration) perspective.
- In addition to synchronization to AE, LDAP Sync also manages CDA user entities.
This page includes the following:
Scenarios Where no Synchronization Occurs
If at least one of the following cases is true, no synchronization occurs:
-
The AE user group to which the user belongs is not mapped to an LDAP user group.
-
The AE user is not tagged as LDAP user (the "LDAP connection" checkbox is cleared).
Note: Manual update of users and user groups is required.
Scenario I: One AE User Group is Mapped to One LDAP User Group
The following statements are true:
- The user group in the AE is mapped to the user group in LDAP.
- You have created one user in the AE. The user is tagged as an LDAP user in the AE (the "LDAP connection" checkbox is checked).
Rules
Important! In all other cases, no synchronization takes place.
Scenario II: Two User Groups in AE and LDAP: Both AE User Groups are Mapped to the Corresponding LDAP User Groups (1:1 Relation)
The following statements are true:
- The AE user group "GrpAE" is mapped to the LDAP group "GrpLDAP"
- The AE user group "GrpAE_B" is mapped to LDAP group "GrpLDAP_B"
- The user is tagged as LDAP user (the "LDAP connection" checkbox is checked).
Rules
The basic rules of Scenario I apply.
Additionally:
Scenario III: Two User Groups in AE and LDAP - Only One AE User Group is Mapped to the Corresponding LDAP User Group
The following statements are true:
- The AE user group "GrpAE" is mapped to the LDAP group "GrpLDAP".
- The AE user group "GrpAE_B" is not mapped to LDAP group "GrpLDAP_B" (but can contain relevant users).
- The user is tagged as LDAP user (the "LDAP connection" checkbox is checked).
Rules
The basic rules of Scenario I apply.
Additionally:
Scenario IV: Two User Groups in AE and one in LDAP - Two AE User Groups are Mapped to a Single LDAP User Group
The following statements are true:
- The AE user group "GrpAE" is mapped to the LDAP group "GrpLDAP"
- The AE user group "GrpAE_B" is mapped to the same LDAP group "GrpLDAP"
- The user is tagged as LDAP user (the "LDAP connection" checkbox is checked).
Rules
The basic rules of Scenario I apply.
Additionally:
Scenario V: Two User Groups in LDAP and One in AE - Two LDAP User Groups are Mapped to a Single AE User Group
This scenario is not supported by LDAP Sync.