Synchronize External Users and Groups in the Vault with the External Directory
The following parameters in DBParm.ini determine the way External Users and Groups in the Vault will be synchronized with the External Directory.
Synchronization schedule
To specify the synchronization schedule between the External users and groups in the Vault with the External Directory, add the following parameter:
|
Parameter |
Description |
|---|---|
|
AutoSyncExternalObjects |
Determines if and when the Vault’s External users and groups will be synchronized with the External Directory. It specifies four parameters, as follows:
|
The default parameter value specifies that the Vault’s External users and groups will be synchronized with the External Directory once in a 24-hour cycle between the hours of 1 and 5, as shown below:
AutoSyncExternalObjects=Yes,24,1,5 |
Update user details
To update details of the Vault’s External users and groups with the External Directory, add the following parameter:
|
Parameter |
Description |
|---|---|
|
ExternalObjectsUpdatePolicy |
Whether or not the synchronization process between the Vault’s External users and groups and the External Directory will update the Vault’s External users and groups. |
The default parameter value specifies that External users and groups will be updated with any changes in the External Directory, as shown below:
ExternalObjectsUpdatePolicy=UpdateAll |
Delete users
To delete External users or groups in the Vault if they do not exist in the External Directory or if they do not match any Directory Map in the Vault, add the following parameter:
|
Parameter |
Description |
|---|---|
|
ExternalObjectsDeletionPolicy |
The deletion policy to use during synchronization with the External Directory. The optional values for this parameter specify that External users and groups in the Vault will be deleted under the following conditions:
|
Specify one of the following acceptable values:
|
Value |
Description |
||
|---|---|---|---|
|
DeleteNone |
No external objects are deleted during the synchronization process. |
||
|
DeleteNonExisitng |
External objects that were not found in the external directory will be deleted during the synchronization process. |
||
|
DeleteNonMatched |
External objects that do not match an external directory map in the Vault will be deleted during the synchronization process. |
||
|
DeleteAll |
External objects that were not found in the external directory as well as external objects that do not match an external directory map in the Vault will be deleted during the synchronization process. This is the default value.
|
The following scenarios list the result generated by each value.
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Delete | Delete | Delete | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Delete | Not Deleted | Delete | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Not Deleted | Not Deleted | Not Deleted | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Not Deleted | Not Deleted | Not Deleted | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Delete | Not Deleted | Delete | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Sync error | Sync error | Sync error | Sync error |
For example, directory ini file was removed, directory name setting in this file was changed.
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Delete | Not Deleted | Delete | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Delete | Not Deleted | Delete | Not Deleted |
| DeleteAll | DeleteNonExisting | DeleteNonMatched | DeleteNone |
|---|---|---|---|
| Sync error | Sync error | Sync error | Sync error |
