<div dir="ltr">Hello community!<div><br></div><div>I have an AD resource configured. I need to import AD groups into MidPoint as roles. I have specified the following configuration:</div><div>```<br><i><objectType id="2"><br> <kind>entitlement</kind><br> <intent>group</intent><br> <displayName>AD Group</displayName><br> <default>true</default><br> <objectClass>ri:group</objectClass><br> <focus><br> <type>c:RoleType</type><br> </focus><br> <attribute id="22"><br> <ref>ri:dn</ref><br> <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br> <outbound><br> <source><br> <path>$focus/name</path><br> </source><br> <expression><br> <script><br> <code><br> 'CN=' + name + ',CN=Users,DC=idm,DC=ru'<br> </code><br> </script><br> </expression><br> </outbound><br> </attribute><br> <attribute id="23"><br> <ref>ri:name</ref><br> <outbound><br> <source><br> <path>$focus/name</path><br> </source><br> </outbound><br> <inbound id="26"><br> <target><br> <path>name</path><br> </target><br> </inbound><br> </attribute><br> <attribute id="24"><br> <ref>ri:description</ref><br> <outbound><br> <strength>strong</strength><br> <source><br> <path>description</path><br> </source><br> </outbound><br> <inbound id="27"><br> <target><br> <path>description</path><br> </target><br> </inbound><br> </attribute><br> <correlation><br> <correlators><br> <items id="157"><br> <item id="158"><br> <ref>name</ref><br> </item><br> </items><br> </correlators><br> </correlation><br> <synchronization><br> <reaction id="159"><br> <situation>unmatched</situation><br> <actions><br> <addFocus id="160"/><br> </actions><br> </reaction><br> </synchronization><br> </objectType></i><br>```</div><div>I also configured the task to import groups from AD. The trick is that of all existing groups, only half are added in the form of roles; for the remaining roles, MidPoint throws the following error:<br><br></div><div><font face="arial, sans-serif" style="" color="#000000"><i style="background-color:rgb(255,255,255)">Error processing focus(role:null(Operators Server)): constraint violation: Found conflicting existing object with property name = PP({.../common/common-3}name):[PPV(PolyString:</i></font>
<i style="color:rgb(0,0,0);font-family:arial,sans-serif">Operators Server</i> <font face="arial, sans-serif" style="" color="#000000"><i style="background-color:rgb(255,255,255)">)]: role:471cba00-1b15-45d3-94c4-287fa0ff661e(Administrators)<br></i></font><br>In <b><correlation> </b>I added<b> matchingRule:<br><br></b></div><div><font face="arial, sans-serif"><i><span class="gmail-nt" style="box-sizing:border-box;color:rgb(0,0,128);white-space:pre;background-color:rgb(248,248,248)"><matchingRule></span><span class="gmail-nt" style="box-sizing:border-box;white-space:pre;background-color:rgb(248,248,248)"><font color="#000000">polyStringNorm</font></span><span class="gmail-nt" style="box-sizing:border-box;color:rgb(0,0,128);white-space:pre;background-color:rgb(248,248,248)"></matchingRule></span></i></font></div><div><font face="arial, sans-serif"><i><span class="gmail-nt" style="box-sizing:border-box;color:rgb(0,0,128);white-space:pre;background-color:rgb(248,248,248)"><br></span></i></font></div><div><font face="arial, sans-serif">This fixed the bugs - the task of adding groups now completes without them. But this did not solve the problem that, as before, of all groups, exactly half are added as roles, the rest are simply ignored.</font></div><div><font face="arial, sans-serif"><br>Tell me how this can be fixed?<i><span class="gmail-nt" style="box-sizing:border-box;color:rgb(0,0,128);white-space:pre;background-color:rgb(248,248,248)">
</span></i></font><br></div><div><font face="arial, sans-serif" style="" color="#000000"><i style="background-color:rgb(255,255,255)"><br></i></font></div><div><font face="arial, sans-serif" style="" color="#000000"><i style="background-color:rgb(255,255,255)"><br></i></font></div></div>