Need Help with LDAP Reconcilliation
Hello All,
Need some urgent help.
I am running LDAP reconcilliation and resoruce has around 70000 records. The recon process runs for 10-15 hours and fails. i want to run this on a less data.
Need to know if anybody has tried to use a LDAP Group(ou=Group) to give less number of user accounts for recon. I do not know if we can specify a LDAP group in base context and get the user data unders (ou=people).
Regards,
Bhush5
[460 byte] By [
bhush5] at [2007-11-26 10:40:08]
# 1
Are all the users in LDAP present in the same node. If users are present in different hierarchy then configure the DN which has less users.
What is the reason for failure of recon. Is it because of timelimit exceeds. If that is the case then try to either increase the time limit or configure it for unlimited just for testing purpose.
# 2
Hello IDMGuru,
The reconcilliation runs for a long time(it ran for 30 hrs and just was able to reconcile 40000 recs) and the process does not get completed due to schedule server shutdowns periodically. This was with trace on for reconTaks. First my intention is to run this for a smaller set of data.
I am not an LDAP expert but in LDAP we have a ou=Groups and ou=people. For example for a specific group(ex . Staff), i have 2000 uniquemembers which are actually residing under ou=people, i dont know how to relate the Group uniquemember to the actual person account. Can you help me with any example base context which will give me all the people under a group?
Thanks and Regards,
Bhush5
# 3
If your LDAP has different hierarchy for different set of users then put the node which has less users.
for example in the below hierarchy you can set the base context as ou=users,l=mexico,dc=abc,dc=com if this node has less users.
dc=abc,dc=com
|_ou=users
|_l=america
||__ou=users
|_l=mexico
|_ou=users
# 4
Hello IDMGuru,
Thanks. I tried to set the context the way you suggested but i can see that in my LDAP, all the 70-80K users are set under one node and that is ou="people". Under any other node there are no persons. There are around 10 gropus defined which in turn refers these people for grouping as uniquemembers.
I also tried to set the l="mygroupname" but that does not give me any results. I am looking for something which will give me poeple under group by reference.
Thanks and Regards,
Bhush5
