[Midpoint-dev] Ldap Group membership not visible in GUI

Ivan Noris ivan.noris at evolveum.com
Mon Feb 16 08:22:45 CET 2015 

Hi,

please check if you have the following configuration:
you need to configure entitlement representing the groups and account to
group associations in resource, and then you can see "Associations"
container when editing user. Can you see the Associations in GUI?

This is from our sample opendj-resource-genericsync.xml:

In the account schema handling:
...
           <association>
                <ref>ri:group</ref>
                <displayName>LDAP Group Membership</displayName>
                <kind>*entitlement*</kind>
                <intent>*ldapGroup*</intent>
                <direction>objectToSubject</direction>
                <associationAttribute>ri:uniqueMember</associationAttribute>
                <valueAttribute>icfs:name</valueAttribute>
            </association>
...
</objectType>
        <objectType>
                <kind>*entitlement*</kind>
            <intent>*ldapGroup*</intent>
            <displayName>LDAP Group</displayName>
            <objectClass>ri:GroupObjectClass</objectClass>
. . .

</objectType>

This should be sufficient. Of course your objectClass or
associationAttribute may differ; this is our configuration for OpenDJ.

Please see also https://wiki.evolveum.com/display/midPoint/Entitlements

What midPoint version are you using?

Regards,
Ivan

On 02/16/2015 05:22 AM, Dharmendra Parakh wrote:
> Hi
>
> We have a ldap resource that is configured with group provisioning and
> association. Our resource is provisioning ldap group membership to
> user properly but the assigned groups cannot be seen in GUI (expanding
> the provisioned account in Accounts panel).
>
> Are we missing any configuration or is it an issue, please provide
> some pointers on it.
>
>
> Thanks & regards
> Dharmendra
>
>
> _______________________________________________
> midPoint-dev mailing list
> midPoint-dev at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint-dev

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150216/03ad0229/attachment.html>

More information about the midPoint-dev mailing list