<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hello Dharmendra,<br>
      <br>
      I've tried to replicate the problem in my midPoint. However, in my
      case, everything works as expected.<br>
      <br>
      What I use:<br>
      <br>
      - AD connector 1.4.1.20283 (however, I know of no changes with
      respect to your version that could cause different behavior)<br>
      - midPoint version v3.2devel-188-g409d5e1 (last commit
      409d5e117c7ddd9e35ce5c2bc4ec6c3ff51bfb8d)<br>
      - your resource configuration, with changes:<br>
      <br>
<gen70:Container>OU=ConnectorTest,DC=test,DC=***,DC=local</gen70:Container><br>
      <gen70:DomainName>test.***.local</gen70:DomainName><br>
      <br>
      (I removed <schema> section)<br>
      <br>
      - then I created a user named "testgroup", filled in some common
      attributes, selected ADD ACCOUNT, entered a value of<span
        class="description">
        CN=abc,OU=ConnectorTest,DC=test,DC=***,DC=local for</span> the
      name attribute<br>
      <br>
      The group was created on the resource, the shadow was created in
      midPoint, and when I open the user, I see the "account" created
      for it.<br>
      <br>
      Back to your situation:<br>
      - are there any errors in ConnectorServer.log (on windows side)?<br>
      - are there any errors in midpoint log?<br>
      - could you enable TRACE debug level for model and provisioning
      and retry the operation? Then could you send me the log? I can
      have a look on that.<br>
      <br>
      Best regards,<br>
      Pavol<br>
      <br>
    </div>
    <blockquote
cite="mid:CAJG9dDujrWQbNuUM7OE1uhf4THF7Y7cnCVa2C5Npf55RcRGOdA@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi
        <div><br>
        </div>
        <div>Any other suggestions?</div>
        <div><br>
        </div>
        <div>Thanks!</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Thu, Mar 5, 2015 at 8:58 PM,
          Dharmendra Parakh <span dir="ltr"><<a
              moz-do-not-send="true"
              href="mailto:dharmendra@confluxsys.com" target="_blank">dharmendra@confluxsys.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Hi Ivan
              <div><br>
              </div>
              <div>I tried both the setups but no luck. Still the group
                is getting created in AD but midpoint is not storing the
                shadow.</div>
              <div><br>
              </div>
              <div><br>
              </div>
              <div>Thanks!</div>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Thu, Mar 5, 2015 at 6:39
                    PM, Ivan Noris <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:ivan.noris@evolveum.com"
                        target="_blank">ivan.noris@evolveum.com</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div text="#000000" bgcolor="#FFFFFF"> Hi
                        Dharmendra,<br>
                        <br>
                        can you please try with this:<br>
                        <br>
                        ...<br>
                        <connectorConfiguration><br>
                        <b>                      
                          <icfc:resultsHandlerConfiguration></b><b><br>
                        </b><b>                               
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler></b><b><br>
                        </b><b>                       
                          </icfc:resultsHandlerConfiguration></b><b><br>
                        </b><br>
                                    <!-- Configuration specific for
                        the Active Directory connector --><br>
                                               
                        <icfc:configurationProperties<br>
                        ...<br>
                        <br>
                        Alternatively:<br>
                        <br>
                                               
                        <icfc:resultsHandlerConfiguration><br>
                                                       
                        <icfc:enableFilteredResultsHandler><b>true</b></icfc:enableFilteredResultsHandler><br>
                                                       
                        <icfc:enableCaseInsensitiveFilter><b>true</b></icfc:enableCaseInsensitiveFilter><br>
                                               
                        </icfc:resultsHandlerConfiguration><br>
                        <br>
                        But please start with the <b>first</b> setup.
                        The first config will switch off the result
                        handler filtering in ICF; the second will let it
                        turned on, but switch to case insensitive...<br>
                        <br>
                        Please let us know. Thanks you.<br>
                        <br>
                        Regards,<br>
                        Ivan
                        <div>
                          <div><br>
                            <br>
                            <div>On 03/05/2015 12:08 PM, Dharmendra
                              Parakh wrote:<br>
                            </div>
                            <blockquote type="cite">
                              <div dir="ltr">Hi Ivan
                                <div><br>
                                </div>
                                <div>I could not find the shadow in
                                  midpoint's repository page (xml). I
                                  think probably this is the problem
                                  that midpoint did not store the shadow
                                  somehow.</div>
                                <div><br>
                                </div>
                                <div>No attribute of this resource is
                                  dependent on user/role attributes,
                                  user is going to enter the value.</div>
                                <div><br>
                                </div>
                                <div>Thanks</div>
                              </div>
                              <div class="gmail_extra"><br>
                                <div class="gmail_quote">On Thu, Mar 5,
                                  2015 at 3:53 PM, Ivan Noris <span
                                    dir="ltr"><<a
                                      moz-do-not-send="true"
                                      href="mailto:ivan.noris@evolveum.com"
                                      target="_blank">ivan.noris@evolveum.com</a>></span>
                                  wrote:<br>
                                  <blockquote class="gmail_quote"
                                    style="margin:0 0 0
                                    .8ex;border-left:1px #ccc
                                    solid;padding-left:1ex">
                                    <div bgcolor="#FFFFFF"
                                      text="#000000"> Hi Dharmendra,<br>
                                      <br>
                                      so far I can't see any reason for
                                      not working, especially if it
                                      works in LDAP.<br>
                                      <br>
                                      Can you please check this:<br>
                                      <br>
                                      - open your user in midPoint's
                                      repository pages (XML)<br>
                                      - check the oid of the Shadow in
                                      linkRef<br>
                                      - open the shadow in midPoint's
                                      repository pages (XML)<br>
                                      - check the attributes
                                      attributes/icfs:name and
                                      attributes/icfs:uid - they should
                                      be at the bottom of the object.
                                      Are this ok?<br>
                                      <br>
                                      midPoint seems to be unable to
                                      find the object - as this is AD,
                                      it should be located by the GUID
                                      (icfs:uid).<br>
                                      I have a strange feeling that this
                                      is related to string case.<br>
                                      <br>
                                      BTW. I don't see any outbounds to
                                      generate icfs:name for that group;
                                      is this done in the role(s)? Does
                                      the name somehow depend on user
                                      attributes?<br>
                                      <br>
                                      Regards,<br>
                                      Ivan
                                      <div>
                                        <div><br>
                                          <br>
                                          <div>On 03/05/2015 10:38 AM,
                                            Dharmendra Parakh wrote:<br>
                                          </div>
                                          <blockquote type="cite">
                                            <div dir="ltr">Hi Ivan
                                              <div><br>
                                              </div>
                                              <div>Thanks for all the
                                                information.</div>
                                              <div><br>
                                              </div>
                                              <div>My requirement is
                                                just to create a AD
                                                group on the target and
                                                at this point I do not
                                                want to assign this
                                                group to any user. So
                                                basically we want to use
                                                this resource for group
                                                creation purpose only.</div>
                                              <div><br>
                                              </div>
                                              <div>I am well aware of
                                                the way you have
                                                described for group
                                                creation as entitlement
                                                (I have tried that and
                                                it works) but we want to
                                                avoid the multiple steps
                                                involved in entitlement
                                                creation and also we
                                                want to create this
                                                under a user/role as an
                                                assignment/account only
                                                because group management
                                                becomes easy for us this
                                                way. As i have mentioned
                                                we are doing the same in
                                                case of ldap resource
                                                and that is working for
                                                us. I cannot think of
                                                any reason why midpoint
                                                will behave differently
                                                for ad and ldap.</div>
                                              <div><br>
                                              </div>
                                              <div>AFAIK for connector
                                                group is just an object
                                                class like account so i
                                                think it should work
                                                logically. I think i am
                                                missing something or i
                                                have some issue in
                                                resource. I will
                                                appreciate any help on
                                                this.</div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                              <div>Thanks!</div>
                                              <div><br>
                                              </div>
                                              <div><br>
                                              </div>
                                            </div>
                                            <div class="gmail_extra"><br>
                                              <div class="gmail_quote">On
                                                Thu, Mar 5, 2015 at 2:39
                                                PM, Ivan Noris <span
                                                  dir="ltr"><<a
                                                    moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
                                                wrote:<br>
                                                <blockquote
                                                  class="gmail_quote"
                                                  style="margin:0 0 0
                                                  .8ex;border-left:1px
                                                  #ccc
                                                  solid;padding-left:1ex">
                                                  <div bgcolor="#FFFFFF"
                                                    text="#000000"> Hi
                                                    Dharmendra,<br>
                                                    <br>
                                                    I'm not sure if I
                                                    understand what you
                                                    try to achieve.<br>
                                                    <br>
                                                    Do you want to
                                                    create AD group for
                                                    given user in
                                                    midPoint? Or do you
                                                    want to create the
                                                    group through
                                                    midPoint and then
                                                    assign to user?<br>
                                                    <br>
                                                    I would definitely
                                                    not change the
                                                    default object class
                                                    for "account" to
                                                    CustomGroupObjectClass.
                                                    Just use kinds and
                                                    intents in schema
                                                    handling.<br>
                                                    <br>
                                                    In my project I have
                                                    the following setup:
                                                    I want to create
                                                    users in midPoint,
                                                    accounts for them in
                                                    AD. I also want to
                                                    create groups (and
                                                    other objects) in AD
                                                    that belong to
                                                    organizations in
                                                    midPoint (part of
                                                    org. structure
                                                    replication). And I
                                                    also want to put AD
                                                    accounts to these
                                                    groups. The
                                                    simplified example
                                                    follows:<br>
                                                    <br>
                                                    1. in resource, I
                                                    define new
                                                    kind=entitlement and
                                                    intent=group-municipality,
                                                    e.g.:<br>
                                                           
                                                    <objectType><br>
                                                               
                                                    <kind><b>entitlement</b></kind><br>
                                                               
                                                    <intent><b>group-municipality</b></intent><br>
                                                               
                                                    <displayName>Municipality
groups</displayName><br>
                                                               
                                                    <default>true</default><br>
                                                               
                                                    <objectClass>ri:<b>CustomGroupObjectClass</b></objectClass><br>
                                                               
                                                    <attribute><br>
                                                    . . .<br>
                                                    <br>
                                                    This means that I'm
                                                    able to reference
                                                    groups of this
                                                    "type" (I have
                                                    several different
                                                    types of groups) as
                                                    kind=entitlement and
intent=group-municipality.<br>
                                                    <br>
                                                    2. in resource, I
                                                    define association
                                                    for <b>accounts</b>
                                                    with this kind of
                                                    groups:<br>
                                                                           
                                                    <objectType><br>
                                                                           
                                                    <kind><b>account</b></kind><br>
                                                                                   

                                                    <intent><b>default</b></intent><br>
                                                                                   

                                                    <displayName>Default
                                                    Account -
                                                    Municipality
                                                    users</displayName><br>
                                                                                   

<default>true</default><br>
                                                                                   

<objectClass>ri:<b>AccountObjectClass</b></objectClass><br>
                                                    . . .<br>
                                                               
                                                    <association><br>
                                                                   
                                                    <ref>ri:adGroups</ref><br>
                                                                   
                                                    <tolerant>true</tolerant><br>
                                                                   
                                                    <matchingRule>mr:stringIgnoreCase</matchingRule><br>
                                                                   
                                                    <kind><b>entitlement</b></kind><br>
                                                                   
                                                    <intent><b>group-municipality</b></intent><br>
                                                                   
                                                    <direction>objectToSubject</direction><br>
                                                                   
                                                    <associationAttribute>ri:member</associationAttribute><br>
                                                                   
                                                    <valueAttribute>icfs:name</valueAttribute><br>
                                                                   
<explicitReferentialIntegrity>false</explicitReferentialIntegrity><br>
                                                               
                                                    </association><br>
                                                           
                                                    </objectType><br>
                                                    <br>
                                                    This means midPoint
                                                    is able to associate
                                                    AD accounts with
                                                    this type of groups
                                                    and will show the
                                                    "Association" part
                                                    in GUI when editing
                                                    user - list of
                                                    groups for that
                                                    account.<br>
                                                    <br>
                                                    3. to <b>assign AD
                                                      account to any
                                                      existing AD group</b>
                                                    (EmailAllUsers in
                                                    this example), I
                                                    have a role in
                                                    midPoint:<br>
                                                    <br>
                                                    <role xmlns=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
                                                            xmlns:c=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
                                                            xmlns:icfs=<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a><br>
                                                            xmlns:q=<a
                                                      moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/query-3"</a><br>
                                                            xmlns:ri=<a
moz-do-not-send="true"
                                                      href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a><br>
                                                           
                                                    oid="b4b5059a-5cdc-4a2c-a184-bb6e0c67e064"><br>
                                                      
                                                    <name>E-Mail</name><br>
                                                       
                                                    <inducement><br>
                                                           
                                                    <construction><br>
                                                                   
                                                    <!-- The c:
                                                    prefix in type must
                                                    be there due to a
                                                    JAXB bug --><br>
                                                                   
                                                    <resourceRef
                                                    oid="00000000-0000-0000-0001-100000000002"
type="c:ResourceType"/><br>
                                                           
                                                    <association><br>
                                                               
                                                    <ref>ri:adGroups</ref><br>
                                                               
                                                    <outbound><br>
<strength>strong</strength><br>
                                                                   
                                                    <expression><br>
                                                                       
<associationTargetSearch><br>
                                                                           
                                                    <filter><br>
                                                                               
                                                    <q:equal><br>
                                                                                   

                                                    <q:path><br>
                                                                                           

                                                    declare namespace
                                                    icfs=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a>;<br>
                                                                                           

                                                    declare namespace
                                                    ri=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a>;<br>
                                                                                           

attributes/ri:samAccountName<br>
                                                                                   

                                                    </q:path><br>
                                                                                   

                                                    <expression><br>
                                                                                       

                                                    <script><br>
                                                                                           

                                                    <code><br>
                                                    return '<b>EmailAllUsers</b>'
                                                    <!-- group's
                                                    sAMAccountName in AD
                                                    --><br>
                                                    </code><br>
                                                                                       

                                                    </script><br>
                                                                                   

                                                    </expression><br>
                                                                               
                                                    </q:equal><br>
                                                                           
                                                    </filter><br>
                                                                       
<searchOnResource>true</searchOnResource><br>
                                                                       
</associationTargetSearch><br>
                                                                   
                                                    </expression><br>
                                                               
                                                    </outbound><br>
                                                           
                                                    </association><br>
</construction><br>
                                                    </inducement><br>
                                                    </role><br>
                                                    <br>
                                                    If this role is
                                                    assigned to user in
                                                    midPoint, it will
                                                    create AD account
                                                    (if it does not
                                                    exist yet) it will
                                                    search for a group
                                                    named
                                                    "EmailAllUsers" (by
                                                    sAMAccountName) and
                                                    add user to that
                                                    group if such group
                                                    exists.<br>
                                                    <br>
                                                    4. if you want to <b>create
                                                      groups</b> in AD
                                                    from midPoint, they
                                                    must be regarded as
                                                    a projection of
                                                    either User,
                                                    Organization or Role
                                                    in midPoint. In my
                                                    scenario, for some
                                                    Organization I
                                                    create the type of
                                                    groups I referred to
                                                    above by assignin a
                                                    role to an <b>organization</b>,
                                                    e.g.:<br>
                                                    <br>
                                                    <role
                                                    oid="00000000-0000-0000-0004-000000000010"<br>
                                                            xmlns=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
                                                            xmlns:c=<a
                                                      moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                                      target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
                                                            xmlns:t=<a
                                                      moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/types-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/types-3"</a>><br>
                                                       
                                                    <name>Meta-role
                                                    for organizational
                                                    structure
                                                    replication to
                                                    AD</name><br>
                                                       
                                                    <inducement><br>
                                                           
                                                    <construction><br>
                                                                   
                                                    <!-- AD resource
                                                    --><br>
                                                                   
                                                    <resourceRef
                                                    oid="00000000-0000-0000-0001-100000000002"
type="c:ResourceType"/><br>
                                                     <b>              
                                                      <kind>entitlement</kind></b><b><br>
                                                    </b><b>               

<intent>group-municipality</intent></b><br>
                                                           
                                                    </construction><br>
                                                       
                                                    </inducement><br>
                                                    ...<br>
                                                    </role><br>
                                                    <br>
                                                    This means that
                                                    midPoint will create
                                                    a group of that type
                                                    for the organization
                                                    in midPoint. Of
                                                    course, in
                                                    schemaHandling for
                                                    AD resource, in the
                                                    kind=entitlement and
                                                    intent=group-municipality
                                                    part, you have to
                                                    define proper
                                                    outbound mappings
                                                    (icfs:name = DN;
                                                    sAMAccountName and
                                                    possibly other
                                                    attributes) to
                                                    actually create the
                                                    group.<br>
                                                    <br>
                                                    And that's all, so
                                                    simple.<br>
                                                    <br>
                                                    Some examples can be
                                                    also seen in our
                                                    OrgSync scenario
                                                    wiki page: <a
                                                      moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/OrgSync+Story+Test"
                                                      target="_blank">https://wiki.evolveum.com/display/midPoint/OrgSync+Story+Test</a>
                                                    (it is different
                                                    scenario as I've
                                                    described in my
                                                    example, but it's
                                                    very usable for
                                                    concept
                                                    understanding).<br>
                                                    <br>
                                                    Hope this helps.<br>
                                                    Regards,<br>
                                                    Ivan
                                                    <div>
                                                      <div><br>
                                                        <br>
                                                        <div>On
                                                          03/05/2015
                                                          09:44 AM,
                                                          Dharmendra
                                                          Parakh wrote:<br>
                                                        </div>
                                                      </div>
                                                    </div>
                                                    <blockquote
                                                      type="cite">
                                                      <div>
                                                        <div>
                                                          <div dir="ltr">Hi

                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          been playing
                                                          around with AD
                                                          Connector and
                                                          i am facing an
                                                          issue where i
                                                          was trying to
                                                          create an AD
                                                          group using
                                                          the AD
                                                          Connector.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I have a
                                                          resource
                                                          configured
                                                          where the
                                                          default object
                                                          class is my AD
                                                          Group object
                                                          class and kind
                                                          is set to
                                                          account.</div>
                                                          <div>When i
                                                          try to create
                                                          the group by
                                                          creating a
                                                          account of
                                                          this resource
                                                          i see the<b>
                                                          group is
                                                          created on
                                                          Active
                                                          Directory</b>
                                                          but same does
                                                          not show up in
                                                          the midpoint
                                                          UI under
                                                          User's
                                                          accounts
                                                          panel.<br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>I can see
                                                          the linkRef in
                                                          user's xml but
                                                          it is not
                                                          getting loaded
                                                          in UI and also
                                                          when i open
                                                          the user xml i
                                                          see an error: </div>
                                                          <div><br>
                                                          </div>
                                                          <blockquote
                                                          style="margin:0
                                                          0 0
                                                          40px;border:none;padding:0px">
                                                          <div>
                                                          <div><font
                                                          color="#000000"
                                                          size="1">[RA({.../connector/icf-1/resource-schema-3}uid):[PPV(String:<guid=b611c389eb74224ba3cae9b9738ba1a6>)]],



                                                          objectclass={.../resource/instance-3}CustomGroupObjectClass:



                                                          Object
                                                          identified by
                                                          [RA({.../connector/icf-1/resource-schema-3}uid):[PPV(String:<guid=b611c389eb74224ba3cae9b9738ba1a6>)]]



                                                          was not found
                                                          by
                                                          connector:1529887f-2adc-4a76-99fd-75d34c865332(ICF
                                                          Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector



                                                          v1.4.1.20257
                                                          @ConnectorServer27:22:8759)</font></div>
                                                          </div>
                                                          <div>
                                                          <div><font
                                                          color="#000000"
                                                          size="1">com.evolveum.midpoint.util.exception.ObjectNotFoundException:



                                                          Object not
                                                          found.
                                                          identifiers=[RA({.../connector/icf-1/resource-schema-3}uid):[PPV(String:<guid=b611c389eb74224ba3cae9b9738ba1a6>)]],



                                                          objectclass={.../resource/instance-3}CustomGroupObjectClass:



                                                          Object
                                                          identified by
                                                          [RA({.../connector/icf-1/resource-schema-3}uid):[PPV(String:<guid=b611c389eb74224ba3cae9b9738ba1a6>)]]



                                                          was not found
                                                          by
                                                          connector:1529887f-2adc-4a76-99fd-75d34c865332(ICF
                                                          Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector



                                                          v1.4.1.20257
                                                          @ConnectorServer27:22:8759)</font></div>
                                                          </div>
                                                          <div>
                                                          <div><font
                                                          color="#000000"
                                                          size="1"><span
style="white-space:pre-wrap"> </span>at
com.evolveum.midpoint.provisioning.consistency.impl.ObjectNotFoundHandler.handleError(ObjectNotFoundHandler.java:268)~[provisioning-impl-3.2-SNAPSHOT.jar:na]</font></div>
                                                          </div>
                                                          <div>
                                                          <div><font
                                                          color="#000000"
                                                          size="1"><span
style="white-space:pre-wrap"> </span>at
com.evolveum.midpoint.provisioning.impl.ShadowCache.handleError(ShadowCache.java:683)~[provisioning-impl-3.2-SNAPSHOT.jar:na]</font></div>
                                                          </div>
                                                          </blockquote>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>We have
                                                          similar setup
                                                          for ldap group
                                                          provisioning
                                                          and that works
                                                          very fine.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>I have
                                                          attached my
                                                          resource xml
                                                          with the
                                                          email, please
                                                          have a look
                                                          and let me
                                                          know if i am
                                                          doing anything
                                                          wrong here.</div>
                                                          <div><br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>Regards</div>
                                                          <div>Dharmendra</div>
                                                          </div>
                                                          <br>
                                                          <fieldset></fieldset>
                                                          <br>
                                                        </div>
                                                      </div>
                                                      <pre>_______________________________________________
midPoint-dev mailing list
<a moz-do-not-send="true" href="mailto:midPoint-dev@lists.evolveum.com" target="_blank">midPoint-dev@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><span><font color="#888888">
</font></span></pre>
                                                      <span><font
                                                          color="#888888">
                                                        </font></span></blockquote>
                                                    <span><font
                                                        color="#888888">
                                                        <br>
                                                        <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                                                      </font></span></div>
                                                  <br>
_______________________________________________<br>
                                                  midPoint-dev mailing
                                                  list<br>
                                                  <a
                                                    moz-do-not-send="true"
href="mailto:midPoint-dev@lists.evolveum.com" target="_blank">midPoint-dev@lists.evolveum.com</a><br>
                                                  <a
                                                    moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev"
                                                    target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><br>
                                                  <br>
                                                </blockquote>
                                              </div>
                                              <br>
                                            </div>
                                          </blockquote>
                                          <br>
                                          <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                                        </div>
                                      </div>
                                    </div>
                                  </blockquote>
                                </div>
                                <br>
                              </div>
                            </blockquote>
                            <br>
                            <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint-dev@lists.evolveum.com">midPoint-dev@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>