[Midpoint-dev] Ldap Group membership not visible in GUI

Dharmendra Parakh dharmendra at confluxsys.com
Mon Feb 16 09:11:34 CET 2015 

Hi Ivan

Thanks for the quick reply.

Yes, I have this configuration in place and I cannot see Associations in
GUI.

I am using current version(3.1) of midpoint. I have attached my resource
xml with the mail just for your reference.

Regards
Dharmendra





On Mon, Feb 16, 2015 at 12:52 PM, Ivan Noris <ivan.noris at evolveum.com>
wrote:

>  Hi,
>
> please check if you have the following configuration:
> you need to configure entitlement representing the groups and account to
> group associations in resource, and then you can see "Associations"
> container when editing user. Can you see the Associations in GUI?
>
> This is from our sample opendj-resource-genericsync.xml:
>
> In the account schema handling:
> ...
>            <association>
>                 <ref>ri:group</ref>
>                 <displayName>LDAP Group Membership</displayName>
>                 <kind>*entitlement*</kind>
>                 <intent>*ldapGroup*</intent>
>                 <direction>objectToSubject</direction>
>
> <associationAttribute>ri:uniqueMember</associationAttribute>
>                 <valueAttribute>icfs:name</valueAttribute>
>             </association>
> ...
> </objectType>
>         <objectType>
>                 <kind>*entitlement*</kind>
>             <intent>*ldapGroup*</intent>
>             <displayName>LDAP Group</displayName>
>             <objectClass>ri:GroupObjectClass</objectClass>
> . . .
>
> </objectType>
>
> This should be sufficient. Of course your objectClass or
> associationAttribute may differ; this is our configuration for OpenDJ.
>
> Please see also https://wiki.evolveum.com/display/midPoint/Entitlements
>
> What midPoint version are you using?
>
> Regards,
> Ivan
>
>
> On 02/16/2015 05:22 AM, Dharmendra Parakh wrote:
>
> Hi
>
>  We have a ldap resource that is configured with group provisioning and
> association. Our resource is provisioning ldap group membership to user
> properly but the assigned groups cannot be seen in GUI (expanding the
> provisioned account in Accounts panel).
>
>  Are we missing any configuration or is it an issue, please provide some
> pointers on it.
>
>
>  Thanks & regards
> Dharmendra
>
>
> _______________________________________________
> midPoint-dev mailing listmidPoint-dev at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint-dev
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint-dev mailing list
> midPoint-dev at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150216/ffa77c54/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LdapResource.xml
Type: text/xml
Size: 260334 bytes
Desc: not available
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150216/ffa77c54/attachment-0001.xml>

More information about the midPoint-dev mailing list