hello,
is there a way to disable the ldap synchronisation for some parameters (email for example) ?
my problematic is that we have some users with many groups...and today we cannont "select" one security group, to manage what we are seeing. As we have 2 way of authentification (azure + ldap), I wanted to remove the email from ldap so each user can have 2 account. But because of the synchronisation of ldap email, they get a message saying 2 users with same email were found
Hello,
there is no way to exclude attributes from an LDAP sync as all groups that currently exist in the DMS are requested from the LDAP service and the current members are then compared and synced to the DMS, as with all domain-type users in DataMiner, the directory is taken as the sole source of truth in this relationship, Domain users are not meant to be changed on DataMiner itself.
Combining 2 types of user management is also very much discouraged (Entra/azure AD & SAML docs: https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.html)
If you need 2 separate accounts for the same user I would recommend to replace the second with Local users as that has the lowest possibility of conflicts (but it requires more manual work)