hello,
is there a way to disable the ldap synchronisation for some parameters (email for example) ?
my problematic is that we have some users with many groups...and today we cannont "select" one security group, to manage what we are seeing. As we have 2 way of authentification (azure + ldap), I wanted to remove the email from ldap so each user can have 2 account. But because of the synchronisation of ldap email, they get a message saying 2 users with same email were found
Hello, I don't really understand your answer as this architecture has been validated by Skyline : we have some DMA running with saml, and some with ldap, depending on the connection (from internet for low code app through gateway (azure) or not (ldap)).
Local users are not validated by security team.
Is there a way to filter in the console specifying a security group?
Hello,
there is no way to exclude attributes from an LDAP sync as all groups that currently exist in the DMS are requested from the LDAP service and the current members are then compared and synced to the DMS, as with all domain-type users in DataMiner, the directory is taken as the sole source of truth in this relationship, Domain users are not meant to be changed on DataMiner itself.
Combining 2 types of user management is also very much discouraged (Entra/azure AD & SAML docs: https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.html)
If you need 2 separate accounts for the same user I would recommend to replace the second with Local users as that has the lowest possibility of conflicts (but it requires more manual work)
Hi, I'm not sure what you mean with the filtering groups in the console but the problem here is that DataMiner doesn't support having the same user from 2 different sources.
If you can't work with local users the only way to solve this issue is creating a second user per person on the domain with a completely separate e-mail address