There are 2 Java Job that comes with Clarity aims for LDAP synchronization.
First is "LDAP - Synchronize New and Changed Users" use to add/update user profile.
Second "LDAP - Synchronize Obsolete Users" use to inactivate user profile if the user already removed from the LDAP server.
"Search Filter" field in the NSA security settings define the condition to filter the list of users to be synchronized for both jobs.
The syntax of the Search Filter is compliant to the LDAP query syntax that you issue to the LDAP server.
For example, assuming your LDAP server has an attribute named "SamAccountName" (Clearly, my example is on AD) and you would like to obtain only the user that has "Eddy" in the attribute value, you can define such a filter like below
SamAccountName=*Eddy*
This will bring over users and inactivate users that meet the above criteria.
If you need to define multiple criteria, then you need to use a syntax similar to below:
&(SamAccountName=*Eddy*)(Email=*@hotmail.com)
The filter will then only filter on users that has "Eddy" in their account name and email ends with @hotmail.com. the & symbol indicate "AND" logical operator.
Note: The attributes in your LDAP server might not be the same like mine.
Note: You need to restart Clarity services to make the Search Filter effective
Warning:
To test your LDAP synchronization, you might need to remove the records from CMN_DIRECTORY_SERVERS table manually to reset the Last Synchronization Date.
2 comments:
Good to see a blog on Clarity finally.
Are there any forums for Clarity that you are aware of?
Hi Life, I totally understand that sense of "loneliness". LOL
Clarity users are kinda introvert, they seldom appears in other clique beside their own.
The best reference forum is the Clarity Support site but that would requires you to have a login.
Post a Comment