Be sure to follow these recommendations to avoid future troubles during an LDAP incident or synchronization.

Security options on user account deletion (-dl) Command line option 

In batch mode we recommend you check the synchronized data and leave the last command line commented (REM) until you have verified that the synchronized data is correct:
Example of 4th line (synchronization)

REM java -cp% WKG_DIR% \ Iwds.jar com.inwebo.Iwds -b% WKG_DIR% \ -dl 10 -C <path to your cert> / <your cert> .p12 -p <yourcompetition> -w% WKG_DIR % \ ConsoleAdmin.wsdl sync

Commenting this last line ensures that the script will query the inWebo user database, read your LDAP and create the diff files but will not synchronize these changes to your inWebo account.

  • The diff files are in XML format, they are located in the working directory's /out directory and are called (diff.xml and diff_grp.xml).
    Be sure to examine these files to ensure their content is correct before launching the synchronization operation.

  • The -dl 10 option will stop synchronizations if more than 10 user delete operations are listed.

MaxValRange value for Microsoft Active Directory

The MaxValRange value, limits the maximum number of values ​​Active Directory can answer to a request, in our case, this refers to the number of logins. (Default is set to 1500).

  • It is recommended you verify this value when synchronizing above 1000 users, you can verify and change this value using NTDSUTIL.

  • It may be necessary to modify this value with the command NTDSUTIL and to increase it to 5000.

Steps during Active Directory / LDAP migration or change

When changing the structure of your LDAP we recommend momentarily stopping IWDS synchronization.
During the migration or change of your LDAP groups/UO/Forest it is preferable to use the inWebo administration console for user provisioning.
When restarting the synchronization be careful not to operate it immediately and verify that the users won't be deleted as a result of a faulty LDAP configuration.

if IWDS can't access your LDAP or if the synchronized security group has been moved or emptied, IWDS will consider theses users removed and will delete the corresponding accounts from the inWebo platform.

Mail creation and blacklisting

Before creating a user, and sending the activation email, please be sure to have created the user mail address. Facing an unknown address, this email will be blacklisted for 30 days by our SMTP/mail service provider