<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
can you please send example, how the group looks like in ldap?<br>
I'm especially interested in the memberUid attribute in the group.<br>
<br>
Thank you,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 02/16/2015 09:11 AM, Dharmendra
Parakh wrote:<br>
</div>
<blockquote
cite="mid:CAJG9dDs33G1f+ZMDC9umM9ZgevsGrnfC=ZBJg_VEK16XrgbGFQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ivan
<div><br>
</div>
<div>Thanks for the quick reply.</div>
<div><br>
</div>
<div>Yes, I have this configuration in place and I cannot see
Associations in GUI.</div>
<div><br>
</div>
<div>I am using current version(3.1) of midpoint. I have
attached my resource xml with the mail just for your
reference.</div>
<div><br>
</div>
<div>Regards</div>
<div>Dharmendra</div>
<div><br>
</div>
<div><br>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Feb 16, 2015 at 12:52 PM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi,<br>
<br>
please check if you have the following configuration:<br>
you need to configure entitlement representing the groups
and account to group associations in resource, and then
you can see "Associations" container when editing user.
Can you see the Associations in GUI?<br>
<br>
This is from our sample opendj-resource-genericsync.xml:<br>
<br>
In the account schema handling:<br>
...<br>
<association><br>
<ref>ri:group</ref><br>
<displayName>LDAP Group
Membership</displayName><br>
<kind><b>entitlement</b></kind><br>
<intent><b>ldapGroup</b></intent><br>
<direction>objectToSubject</direction><br>
<associationAttribute>ri:uniqueMember</associationAttribute><br>
<valueAttribute>icfs:name</valueAttribute><br>
</association><br>
...<br>
</objectType><br>
<objectType><br>
<kind><b>entitlement</b></kind><br>
<intent><b>ldapGroup</b></intent><br>
<displayName>LDAP
Group</displayName><br>
<objectClass>ri:GroupObjectClass</objectClass><br>
. . .<br>
<br>
</objectType><br>
<br>
This should be sufficient. Of course your objectClass or
associationAttribute may differ; this is our configuration
for OpenDJ.<br>
<br>
Please see also <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Entitlements"
target="_blank">https://wiki.evolveum.com/display/midPoint/Entitlements</a><br>
<br>
What midPoint version are you using?<br>
<br>
Regards,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 02/16/2015 05:22 AM, Dharmendra Parakh wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi
<div><br>
</div>
<div>We have a ldap resource that is configured
with group provisioning and association. Our
resource is provisioning ldap group membership
to user properly but the assigned groups cannot
be seen in GUI (expanding the provisioned
account in Accounts panel).</div>
<div><br>
</div>
<div>Are we missing any configuration or is it an
issue, please provide some pointers on it.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks & regards</div>
<div>Dharmendra</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint-dev mailing list
<a moz-do-not-send="true" href="mailto:midPoint-dev@lists.evolveum.com" target="_blank">midPoint-dev@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><span class="HOEnZb"><font color="#888888">
</font></span></pre>
<span class="HOEnZb"><font color="#888888"> </font></span></blockquote>
<span class="HOEnZb"><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint-dev@lists.evolveum.com">midPoint-dev@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>