(AD) Synchronizer Improvements

Wht do you mean bu the VPN section. It's not in the template already?

Regards

Hi David,

I hope I understand you right - In the options from the synchronizer(s) is no VPN section:



Regards,
Min

Thank you for the details.

Regards

Hello Min,

A "Make expired" entry mismatch option will be available starting from the next beta of RDM. The VPN tab is still on our TODO list for now.

Regards,

Great news! Thanks Michaël! ;)

Regards,
Min

Hello Min,

The VPN/SSH/Gateway tab should be available in the properties of a synchronizer entry starting from the beta of RDM 14.

Regards,

Hello,

is it possible to debug and get logs of the synchronisation process? The sync does work most of the time but now it doesn't work as expected.

Regarding the "Action on mismatch" feature (in our case we use Mark expired) we noticed that also folder were gonna marked as expired. In some interesting scenarios the expired folder also contains non expired entries.
If you want to set the state of this folder back to default, all child entries will be also set to default (without notification). In case if a custom status message was set, this setting are also lost.
So, because at the moment its not possible to set the status just only for the parent folder, the synchronizer should never touch (mark as expired or delete) the parent folder. Or it should only touch the folder if all child entries are expired or deleted.

Maybe an additional improvment - granular selection of the AD OU's - something like this:

Thanks!

Regards,
Min

Hello Min,

For logs of the sync process, you can open the profiler (Help > Profiler), and go in the 'debug only' tab and set the value to 1. Then, execute the sync. There should be logs from it.

For the 'mark as expired', I also think it shouldn't mark the folders themselves as expired. This is an issue, so I'll open a ticket for that.

And for the granular selection of OUs, I was under the impression you could use the "OU" field in the AD synchronizer to write which OUs you wanted to synchronize. Does this not work?

Regards,

Hello Hubert,

thanks - I'll have a look and try to find the reason of the current sync issue.

I really appreciate the "Action on mismatch" feature - but as mentioned - the actions on folder level should only executed from the synchronizer when all child entries are also marked as expird or they are deleted. If this can be can be guaranteed the feature is very useful on folder level as well. But at the moment it looks like that this doesn't work as expected.
Additonally I guess it should be possible to set a status for a the folder - without inheritance. The inheritance is of course very useful, but in some scenarios it's required to change the status for the folder only.

Yes this would work, but as I understand the help topic, it is required to set up an own synchronizer for every OU that you want to sync, because you its not possible to enter more than one OU. Or am I wrong? The goal would be to create one synchronizer session and select there the OUs.

Thanks!

Regards,
Min

Hello Min,

At the moment it's the normal behavior that when you set the status on a folder, it sets the status to every child entry.
For mismatch actions specifically, they should only apply on 'sessions' it synchronizes, not to the groups it contains, so the status of the group shouldn't be touched. This is what we'll aim to fix for now.

You're right for the OU setting, at the moment it seems like it's not possible to synchronize multiple specific OUs at the same time. We'll open a different ticket for this improvement. For now the workaround is to make a synchronizer entry per OU you want to synchronize.

Regards,