<div dir="ltr">Hi Ivan <div><br></div><div>Thanks for the quick reply.</div><div><br></div><div>Yes, I have this configuration in place and I cannot see Associations in GUI.</div><div><br></div><div>I am using current version(3.1) of midpoint. I have attached my resource xml with the mail just for your reference.</div><div><br></div><div>Regards</div><div>Dharmendra</div><div><br></div><div><br><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 16, 2015 at 12:52 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
please check if you have the following configuration:<br>
you need to configure entitlement representing the groups and
account to group associations in resource, and then you can see
"Associations" container when editing user. Can you see the
Associations in GUI?<br>
<br>
This is from our sample opendj-resource-genericsync.xml:<br>
<br>
In the account schema handling:<br>
...<br>
<association><br>
<ref>ri:group</ref><br>
<displayName>LDAP Group
Membership</displayName><br>
<kind><b>entitlement</b></kind><br>
<intent><b>ldapGroup</b></intent><br>
<direction>objectToSubject</direction><br>
<associationAttribute>ri:uniqueMember</associationAttribute><br>
<valueAttribute>icfs:name</valueAttribute><br>
</association><br>
...<br>
</objectType><br>
<objectType><br>
<kind><b>entitlement</b></kind><br>
<intent><b>ldapGroup</b></intent><br>
<displayName>LDAP Group</displayName><br>
<objectClass>ri:GroupObjectClass</objectClass><br>
. . .<br>
<br>
</objectType><br>
<br>
This should be sufficient. Of course your objectClass or
associationAttribute may differ; this is our configuration for
OpenDJ.<br>
<br>
Please see also
<a href="https://wiki.evolveum.com/display/midPoint/Entitlements" target="_blank">https://wiki.evolveum.com/display/midPoint/Entitlements</a><br>
<br>
What midPoint version are you using?<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 02/16/2015 05:22 AM, Dharmendra
Parakh wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi
<div><br>
</div>
<div>We have a ldap resource that is configured with group
provisioning and association. Our resource is provisioning
ldap group membership to user properly but the assigned groups
cannot be seen in GUI (expanding the provisioned account in
Accounts panel).</div>
<div><br>
</div>
<div>Are we missing any configuration or is it an issue, please
provide some pointers on it.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks & regards</div>
<div>Dharmendra</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
midPoint-dev mailing list
<a href="mailto:midPoint-dev@lists.evolveum.com" target="_blank">midPoint-dev@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint-dev mailing list<br>
<a href="mailto:midPoint-dev@lists.evolveum.com">midPoint-dev@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><br>
<br></blockquote></div><br></div>