Synchronization is the process of updating Archer user accounts and groups from the LDAP directory. You can run LDAP synchronization manually or automatically by a set schedule. In most cases, the synchronization process runs automatically so that Archer user accounts and groups are updated regularly.
On this page
Set the LDAP synchronization schedule
- From the menu, click
> Access Control > LDAP Configurations. - Select the LDAP Configuration for which you want to schedule synchronization.
- Go to the Data Sync tab.
-
In the Sync Schedule section, set the schedule for synchronizing user accounts and groups.
The following table describes the fields. Field
Description
Time
Time of day to run the LDAP synchronization process.
Recurring
How often you want to run the LDAP synchronization process.
Time Zone
Time zone of the user.
-
Click Save or Save and Close.
- To apply the changes and continue working, click Save.
- To save and exit, click Save and Close.
Run the LDAP synchronization now
You can bypass the LDAP synchronization schedule and run the synchronization now.
Note: If you have made changes to your LDAP configuration, you must save those changes before requesting an immediate data synchronization. Otherwise, the last saved LDAP configuration is used.
- From the menu, click > Access Control > LDAP Configurations.
- Locate the LDAP configuration you want to synchronize now.
- Under the Actions column, click
and select Sync Now.
Note: To cancel the synchronization request, click and select Cancel.
Auto-Provisioning
The Auto-Provisioning feature enables LDAP synchronizations to create user accounts and groups automatically without creating those accounts beforehand. Account creation and synchronization occur if the system administrator has configured the user account to meet the following conditions:
- An LDAP synchronization can create user accounts.
- A valid user of the domain, BaseDN, and Filter matching the LDAP Synchronization attempts to log into Archer.
- The user account does not currently exist in Archer.
- Available user licenses exist.
Troubleshooting Synchronization
If Archer cannot access the LDAP directory at the scheduled time, it automatically tries to connect with the directory ten times over a 1 hour period, before logging an error record and stopping the synchronization process. If the synchronization fails, the sync status is set to inactive.
Note: Archer only supports standard implementations of LDAP in the directory services. The users and groups in the Active Directory must have distinguished names.
If there are records that are not updated during the synchronization, you can view a text file that details the date, time, and specific records that failed to synchronize. While the sync status is inactive, Archer suspends further synchronization attempts until you manually correct the problems with the connection and set the status to active.
