List of published manuals

List of manuals for contractors

IIJ ID Service Directory Sync Manual [Linux OpenLDAP]

Synchronized Users and Groups

Users

The following table describes how users in IIJ ID Service are updated by Directory Sync requests.

OpenLDAP (Trigger)IIJ ID Service Before an UpdateIIJ ID Service After Directory Sync Update
Create and enable new userUser does not existUser is created and enabled
Create new user without being enabledUser does not existUser is created without being enabled
Update userUser existsUser is updated
Delete userUser existsUser is updated as pending deletion
Disable userUser existsUser is disabled
Enable userUser existsUser is enabled
Stop synchronizing userUser existsUser is updated as pending deletion
Start synchronizing user againUser exists and is pending deletionUser is restored per OpenLDAP information (*1, *2)
Recreate userUser exists and is pending deletionError (no processing is performed) (*1, *3)

*1 The "ID" and the "External ID" for the user must match in OpenLDAP and in the IIJ ID Service. A mismatch of this information will result in an error.

*2 When a user is restored, user attributes in the IIJ ID Service are overwritten by the OpenLDAP values retrieved by Directory Sync.

*3 Before synchronizing a user recreated via OpenLDAP, make sure to access the IIJ ID Service management screen and delete the user from "Users Pending for Deletion Management."

Groups

The following table describes how groups in IIJ ID Service are updated by Directory Sync requests.

OpenLDAP (Trigger)IIJ ID Service Before an UpdateIIJ ID Service After Directory Sync Update
Create new groupGroup does not existGroup is created
Update group members (*1, *2)Group existsGroup members are updated
Delete groupGroup existsGroup is deleted

*1 Child groups within a parent group are not synchronized by Directory Sync.

*2 Users registered as members in child groups within a parent group are not registered as members of the parent group.