[Midpoint-dev] Ldap Group membership not visible in GUI
Dharmendra Parakh
dharmendra at confluxsys.com
Mon Feb 16 13:00:16 CET 2015
HI
Here is the ldif:
dn: cn=svn_access,ou=groups,dc=confluxsys,dc=com
objectClass: top
objectClass: posixGroup
cn: svn_access
gidNumber: 230
memberUid: pdharm1
Our groups belongs to posixGroup object class and group member attribute is
memberUid.
Thanks!
On Mon, Feb 16, 2015 at 4:21 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi,
>
> can you please send example, how the group looks like in ldap?
> I'm especially interested in the memberUid attribute in the group.
>
> Thank you,
> Ivan
>
>
> On 02/16/2015 09:11 AM, Dharmendra Parakh wrote:
>
> Hi Ivan
>
> Thanks for the quick reply.
>
> Yes, I have this configuration in place and I cannot see Associations in
> GUI.
>
> I am using current version(3.1) of midpoint. I have attached my resource
> xml with the mail just for your reference.
>
> Regards
> Dharmendra
>
>
>
>
>
> On Mon, Feb 16, 2015 at 12:52 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi,
>>
>> please check if you have the following configuration:
>> you need to configure entitlement representing the groups and account to
>> group associations in resource, and then you can see "Associations"
>> container when editing user. Can you see the Associations in GUI?
>>
>> This is from our sample opendj-resource-genericsync.xml:
>>
>> In the account schema handling:
>> ...
>> <association>
>> <ref>ri:group</ref>
>> <displayName>LDAP Group Membership</displayName>
>> <kind>*entitlement*</kind>
>> <intent>*ldapGroup*</intent>
>> <direction>objectToSubject</direction>
>>
>> <associationAttribute>ri:uniqueMember</associationAttribute>
>> <valueAttribute>icfs:name</valueAttribute>
>> </association>
>> ...
>> </objectType>
>> <objectType>
>> <kind>*entitlement*</kind>
>> <intent>*ldapGroup*</intent>
>> <displayName>LDAP Group</displayName>
>> <objectClass>ri:GroupObjectClass</objectClass>
>> . . .
>>
>> </objectType>
>>
>> This should be sufficient. Of course your objectClass or
>> associationAttribute may differ; this is our configuration for OpenDJ.
>>
>> Please see also https://wiki.evolveum.com/display/midPoint/Entitlements
>>
>> What midPoint version are you using?
>>
>> Regards,
>> Ivan
>>
>>
>> On 02/16/2015 05:22 AM, Dharmendra Parakh wrote:
>>
>> Hi
>>
>> We have a ldap resource that is configured with group provisioning and
>> association. Our resource is provisioning ldap group membership to user
>> properly but the assigned groups cannot be seen in GUI (expanding the
>> provisioned account in Accounts panel).
>>
>> Are we missing any configuration or is it an issue, please provide some
>> pointers on it.
>>
>>
>> Thanks & regards
>> Dharmendra
>>
>>
>> _______________________________________________
>> midPoint-dev mailing listmidPoint-dev at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer & IDM Architect
>> evolveum.com evolveum.com/blog/
>> ___________________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint-dev mailing list
>> midPoint-dev at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper Id(e)M Vix."
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150216/86a0159c/attachment.html>
More information about the midPoint-dev
mailing list