[midPoint] Bulk import from midpoint to AD

Dilek Gider dilek.gider at basistek.com
Thu May 11 09:21:13 CEST 2017 

And yes, schema mapping is working, manually user can be added as
projection.


On Thu, May 11, 2017 at 10:17 AM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Hi Ivan,
>
> Thank you very much for your detailed answer.
> I had a user template, i have added and tried many things on template,
> <assignmenttargetsearch>", "<accountconstruction>", "<inducement>",
> "<construction><kind><account>"...... But none of them worked.
>
> Now I will try what you suggested step by step, i will inform you, thank
> you again.
>
> user template:
>
> <mapping>
>       <description>AD Resource Create</description>
>       <strength>strong</strength>
>       <source>
>          <c:path>name</c:path>
>       </source>
>       <expression>
>          <value>
>             <construction>
>                <resourceRef oid="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2"
> type="c:ResourceType"/>
>             </construction>
>          </value>
>       </expression>
>       <target>
>          <c:path>assignment</c:path>
>       </target>
>       <condition>
>          <script>
>             <code>name != null</code>
>          </script>
>       </condition>
>    </mapping>
>
> On Wed, May 10, 2017 at 5:23 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Dilek,
>>
>> not sure if I understand, so I try to explain what I think you want.
>>
>> If you want to get your midPoint users to AD, the term "bulk import" does
>> not quite correspond to it. To me it seems you want to provision your
>> midpoint users to AD.
>>
>> LiveSync and Reconciliation evaluate situations/changes in resource and
>> are able to import the accounts to midPoint and link or create users.
>>
>> To provision users to AD resource, you need:
>>
>> 1) outbound mappings in your resource. That is probably OK, as you can
>> manually add AD account to (specific) users
>>
>> 2) role with construction to AD resource
>>
>> 3) default object template which will assign role from 2) to (all or
>> specific) users in midPoint
>>
>> Example of such template is: https://github.com/Evolveum/mi
>> dpoint/blob/v3.5.1/samples/objects/object-template-user.xml
>>
>> See the mapping named "basic role". The "oid" referenced in
>> assignmentTargetSearch is the oid of your role (with construction for AD
>> account). In real life, there should be a condition so that the role is not
>> assigned to all users, but e.g. to employees only.
>>
>> The template must be configured as default in Configuration - System for
>> UserType objects.
>>
>> After that, you only need to edit any existing user and check "Reconcile"
>> checkbox and save. The account will be created according to the role and AD
>> schema handling mappings.
>>
>> To populate all users, you would need to run Recompute task. That would
>> do exactly the same as "Reconcile" checkbox for all users.
>>
>> Regards,
>>
>> Ivan
>>
>> On 05/10/2017 11:52 AM, Dilek Gider wrote:
>>
>> Hi All,
>>
>> I have a resource with ADLDAPConnector. I want to add  all of midpoint
>> users to AD.
>> I have a resource xml, it works by manually adding user to AD account.
>> But when I run recon job task or live synch task, it only evaluates AD
>> users, doesn't evaluate midpoint users. Is there any other method to create
>> midpoint users in any resource?
>>
>> Thank you very much.
>>
>> Dilek
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170511/2642c137/attachment.htm>

More information about the midPoint mailing list