User Access Manager Help >> Operation Guide >> User Access Policy >> LDAP Service >> Sync Policy

Sync Policy

LDAP synchronization allows you to synchronize accounts on an LDAP server to the INC. The LDAP user information will be synchronized every morning (INC server time) during the periodic LDAP synchronization. You can also click the Synchronize link for the LDAP synchronization policy to immediately synchronize the LDAP user information. To view the synchronization result, click Synchronization Result.

LDAP synchronization involves a category of very important data - services associated with users. There are two methods to synchronize service-user associations: manual assignment and AD group-based synchronization.

1. Manual assignment: You can manually specify different services for different users, or specify the same set of services for all users. As an LDAP server may be maintaining thousands of users and different users may need different services, this manual way is inefficient and tedious.
2. AD group-based synchronization: Considering that users belong to LDAP groups, the AD group-based synchronization method allows you to associate a service with an LDAP group, that is, to request the service for all users in the LDAP group. This method can reduce your workload dramatically.

   The system provides the following methods to synchronize service-user associations:

3. Manually specify: You must manually specify a user group and assign synchronized users to this user group.
4. Synchronized by OUs: The system automatically assigns users synchronized from different OUs to different user groups corresponding to the OUs.
5. The Apply for Service by User Group feature becomes invalid if the synchronization policy uses an LDAP server whose Service Sync Type is set to Based On Active Directory Group. Users synchronized by the policy use the services assigned to the AD group to which they belong.
6. UAM cannot authenticate an LDAP user being synchronized based on the LDAP synchronization policy. To authenticate the user, wait a few minutes after the LDAP synchronization is complete. The wait time depends on the number of synchronized users and the server performance. The more the users and the poorer the server performance, the longer the wait time.

Precautions

• As a best practice, include only English letters in the usernames on the LDAP server. If letters in other languages are included, the synchronization of LDAP users might fail.
• An LDAP synchronization policy that synchronizes by OU cannot be queried by the synchronized user groups.

Functions

• Query LDAP Sync Policies
• Add/Modify Sync Policy
• Delete Sync Policy
• LDAP User
• Validating On-Demand Synchronization Policies