On the System Manager web console, click Users > Directory Synchronization.
In the navigation pane, click Sync Users.
On the User Synchronization page, click the Synchronization Datasources tab.
Click New.
On the New User Synchronization Datasource page, complete the fields in the Directory Parameters section.
Click Test Connection.
If the connection fails, the system displays an external directory error message.
If the connection is successful, the system displays the status icon. Click the status icon to view the message. Continue with the next step to map attributes in System Manager to LDAP attributes.
The system displays five mandatory attributes of System Manager that are read-only values.
To add more attributes, click Add Mapping.
You can use an appropriate LDAP attribute to synchronize in System Manager. If the LDAP attributes that you select are invalid, the synchronization fails.
To add the user provisioning rule attribute, perform the following:
Click Add Mapping, and select User Provisioning Rule from System Manager.
You cannot add the User Provisioning Rule attribute more than one time. After you select User Provisioning Rule, the system displays the User Provisioning Rule attribute as read-only.
Select an LDAP attribute that you map to the user provisioning rule.
To add more than one LDAP attribute, click plus (+).
You can map more than one LDAP attribute to the user provisioning rule attribute. When you map more than one attribute, the system appends the second and third attributes to the first LDAP attribute. For example, asia_pune_maint.
Click Save.
Note:
For bidirectional synchronization of data in the LDAP directory with System Manager, select the two-way arrow icon in the Attribute Parameters section.
The user provisioning rule data synchronization is unidirectional from the LDAP directory server to System Manager.
In System Manager, you cannot create a user in Active Directory. With bidirectional synchronization, you can only edit the existing user in Active Directory.
The New button for adding a synchronization data source is enabled if users have Create Data Source permission within Directory Synchronization or have logged in as an administrator. If users do not have these permissions, the New button is disabled.
During attribute mapping, the right arrow indicates that the system synchronizes from the LDAP server to System Manager. The left arrow indicates that the system synchronizes from System Manager to the LDAP server.
