Reporting Configuration: Change LDAP/AD
Revision as of 03:05, 28 July 2010 by Wadegong
Change the current LDAP (Active Directory) to a different one
|Problem Summary||To Change the current LDAP/AD to a different one causes a number of issues:|
|Error Message||Warning: You have changed the LDAP server configuration which will impact user logons, access to reports, dashboards, collections and other objects created by users not in the new LDAP server and may affect users synchronization. Are you sure you want to make the change?|
|Possible Cause|| When CUIC changes its LDAP parameters, it will change the CUIC user authentication provider. The following issues may affect the CUIC server:
1) All domain users which were authenticated by the old LDAP/AD server will not be able to log in any more. 2) All the CUIC objects created/owned by those domain users will become orphans. i.e. The objects' original owners cannot modify or delete them since they cannot log in. 3) If originally UCCE user synchronization is enabled and the old LDAP server is the one used by the original UCCE supervisors, the new LDAP server will be out of sync with the original UCCE. And all users and collections created through UCCE synchronization will be orphans as well.
|Recommended Action|| 1) Make sure the change of LDAP server is necessary. If so, click "OK" otherwise, click "Cancel".
2) Once the LDAP server change is made, CUIC security admin user should "clean" up the orphan objects. Please follow this order when deleting these objects: a) All the dashboards created by those orphan users. b) All the dashboard categories created by those orphan users.
|Associated CDETS #||CSCth62535|