APS unlike ACS does not provide a immediate action that can be used to trigger a synchronization of users/groups.
APS needs a method without having to incur a application restart, for example: either in the IDM or via REST API, for an Administrator user to be able to manually trigger ldap/ad full or differential synchronization action.
Currently in APS, the following steps is how a customer has to manually trigger an LDAP sync in APS:
- Modify the full or differential sync cron trigger to a time in the near future.
- Restart APS.
- Wait for the sync to be triggered by the new cron schedule.
- Modify the full or differential sync back to the original value.
- Restart APS again.
This need of a second restart is the reason for the request of the ability to trigger an LDAP sync on demand in APS like you currently can do in ACS.
If a customer were to make a change to their LDAP search base or queries in APS and wanted to confirm the changes are correct by triggering a sync, the customer would also have to modify the sync cron triggers to trigger a sync. The current method will shut down application causing down time to the end users. The current method does not allow immediate action for deactivating users that have been removed from access.
ACS (unlike APS) provides this feature in the Alfresco admin and jmx console via exposed JMX operation that will trigger an LDAP sync.