[midPoint] Syncing only specific groups
Jason Everling
jeverling at bshp.edu
Mon Dec 1 17:12:46 CET 2014
I think that would be a bit much, more than likely, I will move all groups
that would be sync'd to Midpoint into its own container in AD and move all
our other groups to another container and use the <protected> to filter
them out so they are not sync'd.
Is there a way to build a specific group type instead of just Global |
Security, maybe Domain Local or Universal or is it hard coded to Global
Security?
Thanks!
JASON
On Mon, Dec 1, 2014 at 4:12 AM, Radovan Semancik <
radovan.semancik at evolveum.com> wrote:
> Hi Jason,
>
> This is slightly different. The condition tells whether to apply the
> specific <objectSynchronization> block or on. The primary use of the
> condition is to sort objects of the same object class to "intents" (see
> https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass).
> The primary meaning of this is to synchronize group object with a role
> object (or org object). But it does not synchronize account-group
> association (i.e. group membership) with a user-role assignment.
>
> With a bit of trickery it could theoretically work for your case. But I
> doubt that it will be practical. You will need one <objectSynchronization>
> block for each group that you are trying to synchronize.
>
> --
>
> Radovan Semancik
> Software Architect
> evolveum.com
>
>
>
> On 11/29/2014 05:21 PM, Jason Everling wrote:
>
> Is what I was asking, in the wiki it says you can add a condition to the
> synchronization policy, under
> https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration
>
>
> - *condition* is an expression which has to evaluate to true for the
> policy to be used. It can be used for a very fine-grain selection of
> applicable policies.
>
>
> I found a sample, kind of here,
> https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml
>
> I am just a little confused on the condition statement, I was thinking
> it would look something like,
>
> <condition>
> <script>
> <code>
> declare default namespace "
> http://midpoint.evolveum.com/xml/ns/public/common/common-3";
> basic.getAttributeValue(account, '
> http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'info') =
> replicated
> </code>
> </script>
> </condition>
>
>
> JASON
>
>
> On Sat, Nov 29, 2014 at 2:47 AM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Jason,
>>
>> although I don't understand what you would like to achieve, a quick
>> answer though:
>>
>> If you would apply a condition to a mapping (incoming or outgoing, it
>> does not matter), you can use <condition> subelement directly under
>> <incoming> or <outgoing> one.
>> However, take this only as a quick hint. I haven't done that, nor I'm
>> sure it's implemented. Please try it.
>>
>> Best regards,
>> Pavol
>>
>>
>> On 28. 11. 2014 22:46, Jason Everling wrote:
>>
>> So I have the roleType syncing to the AD attribute, info, the info or
>> roleType. I want any group that contains this roleType or info attribute
>> sync'd, any other s will not be sync'd.
>>
>> I know how to do this in objectTemplate but how in the resource so that
>> it only syncs those groups and not all groups.
>>
>> Where do I put in the condition statement in the resource definition? I
>> searched through what I could in the samples but couldn't find anything
>> like this.
>>
>> JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141201/3f4d98bf/attachment.htm>
More information about the midPoint
mailing list