Category:Group as Group Sync
Last Updated:2011-08-17
Generate Destination Groups/Membership based on a source ldap single or multi-valued attribute.
1) Create a standard ldap to ldap sync connection.
2) Specify the following parameters in your raw config.txt:
a) Field-Group parameter identifies the source attribute on which to base the dynamic Groups. (You may only specify a one attribute, but it may be single valued or multi valued. If it is multi valued, all values will generate a destination Group.)
field-group=CustomGroupAttrib
b) dyn-group-context parameter is used to stamp structure on the dynamically generated Group record in the ldif.txt. (The DN specified must be a valid struture appearing within the scope of Selection DN. Or if no Selection DN, then a valid structure anywhere on the source).
dyn-group-context=ou=source,dc=domain,dc=com
3) On the Source tab, if Source Objects Type 'Groups' is not already selected, enable it now.
NOTE: Groups must be selected in order to sync a dynamically generated Group. However, this will also sync Source Groups that are within the scope of the sync. If you do not want other Groups synced, add the following Source Tab Group Filter to avoid pulling any Source Groups:
(Displayname=NeverPullGroups)
Because the above filter will always be false, no groups will be synced from the source.
4) Enable Discovery and Simulation, then run the Connection.
Review the resulting LDIF.txt file. The end of the ldif.txt should contain the dynamically generated Group object(s).
5) Enable Discovery and sync, then run the connection.
The Sync phase should Add the desired Group(s) with all applicable membership.