[Midpoint-dev] Ldap Group membership not visible in GUI
Ivan Noris
ivan.noris at evolveum.com
Mon Feb 16 11:51:44 CET 2015
Hi,
can you please send example, how the group looks like in ldap?
I'm especially interested in the memberUid attribute in the group.
Thank you,
Ivan
On 02/16/2015 09:11 AM, Dharmendra Parakh wrote:
> Hi Ivan
>
> Thanks for the quick reply.
>
> Yes, I have this configuration in place and I cannot see Associations
> in GUI.
>
> I am using current version(3.1) of midpoint. I have attached my
> resource xml with the mail just for your reference.
>
> Regards
> Dharmendra
>
>
>
>
>
> On Mon, Feb 16, 2015 at 12:52 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi,
>
> please check if you have the following configuration:
> you need to configure entitlement representing the groups and
> account to group associations in resource, and then you can see
> "Associations" container when editing user. Can you see the
> Associations in GUI?
>
> This is from our sample opendj-resource-genericsync.xml:
>
> In the account schema handling:
> ...
> <association>
> <ref>ri:group</ref>
> <displayName>LDAP Group Membership</displayName>
> <kind>*entitlement*</kind>
> <intent>*ldapGroup*</intent>
> <direction>objectToSubject</direction>
>
> <associationAttribute>ri:uniqueMember</associationAttribute>
> <valueAttribute>icfs:name</valueAttribute>
> </association>
> ...
> </objectType>
> <objectType>
> <kind>*entitlement*</kind>
> <intent>*ldapGroup*</intent>
> <displayName>LDAP Group</displayName>
> <objectClass>ri:GroupObjectClass</objectClass>
> . . .
>
> </objectType>
>
> This should be sufficient. Of course your objectClass or
> associationAttribute may differ; this is our configuration for OpenDJ.
>
> Please see also
> https://wiki.evolveum.com/display/midPoint/Entitlements
>
> What midPoint version are you using?
>
> Regards,
> Ivan
>
>
> On 02/16/2015 05:22 AM, Dharmendra Parakh wrote:
>> Hi
>>
>> We have a ldap resource that is configured with group
>> provisioning and association. Our resource is provisioning ldap
>> group membership to user properly but the assigned groups cannot
>> be seen in GUI (expanding the provisioned account in Accounts panel).
>>
>> Are we missing any configuration or is it an issue, please
>> provide some pointers on it.
>>
>>
>> Thanks & regards
>> Dharmendra
>>
>>
>> _______________________________________________
>> midPoint-dev mailing list
>> midPoint-dev at lists.evolveum.com <mailto:midPoint-dev at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> ___________________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint-dev mailing list
> midPoint-dev at lists.evolveum.com
> <mailto:midPoint-dev at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>
>
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150216/5299e139/attachment.html>
More information about the midPoint-dev
mailing list