Synchronized Users and Groups

Users

The following table describes how users in IIJ ID Service are updated by Directory Sync requests.

OpenLDAP (Trigger)	IIJ ID Service Before an Update	IIJ ID Service After Directory Sync Update
Create and enable new user	User does not exist	User is created and enabled
Create new user without being enabled	User does not exist	User is created without being enabled
Update user	User exists	User is updated
Delete user	User exists	User is updated as pending deletion
Disable user	User exists	User is disabled
Enable user	User exists	User is enabled
Stop synchronizing user	User exists	User is updated as pending deletion
Start synchronizing user again	User exists and is pending deletion	User is restored per OpenLDAP information (1, 2)
Recreate user	User exists and is pending deletion	Error (no processing is performed) (1, 3)

*1 The "ID" and the "External ID" for the user must match in OpenLDAP and in the IIJ ID Service. A mismatch of this information will result in an error.

*2 When a user is restored, user attributes in the IIJ ID Service are overwritten by the OpenLDAP values retrieved by Directory Sync.

*3 Before synchronizing a user recreated via OpenLDAP, make sure to access the IIJ ID Service management screen and delete the user from "Users Pending for Deletion Management."

Groups

The following table describes how groups in IIJ ID Service are updated by Directory Sync requests.

OpenLDAP (Trigger)	IIJ ID Service Before an Update	IIJ ID Service After Directory Sync Update
Create new group	Group does not exist	Group is created
Update group members (1, 2)	Group exists	Group members are updated
Delete group	Group exists	Group is deleted

*1 Child groups within a parent group are not synchronized by Directory Sync.

*2 Users registered as members in child groups within a parent group are not registered as members of the parent group.

List of published manuals

List of manuals for contractors