[midPoint] Bulk import from midpoint to AD

Ivan Noris ivan.noris at evolveum.com
Wed May 10 16:23:38 CEST 2017 

Hi Dilek,

not sure if I understand, so I try to explain what I think you want.

If you want to get your midPoint users to AD, the term "bulk import"
does not quite correspond to it. To me it seems you want to provision
your midpoint users to AD.

LiveSync and Reconciliation evaluate situations/changes in resource and
are able to import the accounts to midPoint and link or create users.

To provision users to AD resource, you need:

1) outbound mappings in your resource. That is probably OK, as you can
manually add AD account to (specific) users

2) role with construction to AD resource

3) default object template which will assign role from 2) to (all or
specific) users in midPoint

Example of such template is:
https://github.com/Evolveum/midpoint/blob/v3.5.1/samples/objects/object-template-user.xml

See the mapping named "basic role". The "oid" referenced in
assignmentTargetSearch is the oid of your role (with construction for AD
account). In real life, there should be a condition so that the role is
not assigned to all users, but e.g. to employees only.

The template must be configured as default in Configuration - System for
UserType objects.

After that, you only need to edit any existing user and check
"Reconcile" checkbox and save. The account will be created according to
the role and AD schema handling mappings.

To populate all users, you would need to run Recompute task. That would
do exactly the same as "Reconcile" checkbox for all users.

Regards,

Ivan


On 05/10/2017 11:52 AM, Dilek Gider wrote:
> Hi All,
>
> I have a resource with ADLDAPConnector. I want to add  all of midpoint
> users to AD.
> I have a resource xml, it works by manually adding user to AD account.
> But when I run recon job task or live synch task, it only evaluates AD
> users, doesn't evaluate midpoint users. Is there any other method to
> create midpoint users in any resource?
>
> Thank you very much.
>
> Dilek
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170510/7d7a583f/attachment.htm>

More information about the midPoint mailing list