[midPoint] AD groups reconciliation
Pavol Mederly
mederly at evolveum.com
Fri Jun 27 11:20:16 CEST 2014
Hello Roman,
thanks for pointing out to that. I'll fix it.
Best regards,
Pavol
On 26. 6. 2014 17:30, Roman Pudil - AMI Praha a.s. wrote:
> Hi Pavol,
> great work! Many thanks!
>
> There is a little error in group sync definition
> (objectSynchronization section in resource definition) on
> https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO:
>
> The account schema has attrib named "sAMAccountName" attribute, but
> group schema has attrib named "samAccountName" atribute (different
> lower/upper chars). Probably bug in ICF connector... :)
> Then group correlation will be:
> <correlation>
> <q:equal>
> <q:path>c:name</q:path>
> <expression>
>
> <path>$shadow/attributes/*samAccountName*</path>
> </expression>
> </q:equal>
> </correlation>
>
>
> Many thanks!
> Regards
> Roman Pudil
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>
>
>
> AMI Praha a.s.
> Plánic(kova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz>
>
>
>
> AMI Praha a.s.
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavr(ít ani neuzavírá za
> spolec(nost AMI Praha a.s.
> jakoukoliv smlouvu. Kaz(dá smlouva, pokud bude uzavr(ena, musí mít
> výhradne( písemnou formu.
>
> Dne 25.6.2014 17:45, Pavol Mederly napsal(a):
>> I've rewritten the last mail related to group sync to a HOW-TO. It is
>> available at
>>
>> https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO
>>
>> ...and I would like to thank Tim for providing the AD resource sample
>> which I've used (besides Org Sync Story Test) to construct the
>> tutorial. :)
>>
>> Regards,
>> Pavol
>>
>>>
>>> On 23. 6. 2014 21:24, Roman Pudil - AMI Praha a.s. wrote:
>>>> Hello Pavol,
>>>>
>>>> how about the reconciliation groups sample in Active Directory?
>>>> Have You any simple example?
>>>>
>>>> Thanks!
>>>> Regards
>>>> Roman
>>>>
>>>> Roman Pudil
>>>> solution architect
>>>>
>>>> gsm: [+420] 775 663 666
>>>> e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>>>>
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Plánic(kova 11
>>>> 162 00 Praha 6
>>>> tel./fax: [+420] 274 783 239
>>>> web: www.ami.cz <http://www.ami.cz>
>>>>
>>>>
>>>>
>>>> AMI Praha a.s.
>>>>
>>>>
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavr(ít ani neuzavírá
>>>> za spolec(nost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Kaz(dá smlouva, pokud bude uzavr(ena, musí mít
>>>> výhradne( písemnou formu.
>>>>
>>>> Dne 12.6.2014 23:35, Pavol Mederly napsal(a):
>>>>> Hello Roman,
>>>>>
>>>>> both Ivan and me are planning to prepare such a sample for group
>>>>> synchronization in next few days.
>>>>>
>>>>> Unfortunately, both of us have some critical tasks to be done
>>>>> immediately, so it could take maybe
>>>>> a week until we'll be able to prepare the sample.
>>>>>
>>>>> Best regards,
>>>>> Pavol Mederly
>>>>>
>>>>>> Hi Radovan,
>>>>>> thanks for inspiration.
>>>>>> I tried 3 days to find right combination of AD group schema
>>>>>> definition, schema handling etc. - with no success.
>>>>>> Somebody tried it with success?
>>>>>>
>>>>>> Thanks!
>>>>>> Roman Pudil
>>>>>>
>>>>>> Roman Pudil
>>>>>> solution architect
>>>>>>
>>>>>> gsm: [+420] 775 663 666
>>>>>> e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>>>>>>
>>>>>>
>>>>>>
>>>>>> AMI Praha a.s.
>>>>>> Plánic(kova 11
>>>>>> 162 00 Praha 6
>>>>>> tel./fax: [+420] 274 783 239
>>>>>> web: www.ami.cz <http://www.ami.cz>
>>>>>>
>>>>>>
>>>>>>
>>>>>> AMI Praha a.s.
>>>>>>
>>>>>>
>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>
>>>>>>
>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavr(ít ani
>>>>>> neuzavírá za spolec(nost AMI Praha a.s.
>>>>>> jakoukoliv smlouvu. Kaz(dá smlouva, pokud bude uzavr(ena, musí
>>>>>> mít výhradne( písemnou formu.
>>>>>>
>>>>>> Dne 9.6.2014 18:08, Radovan Semancik napsal(a):
>>>>>>> Hi Roman,
>>>>>>>
>>>>>>> We haven't tried group synchronization in AD yet. But we have
>>>>>>> done it is LDAP and the principle is the same. Perhaps the best
>>>>>>> place for inspiration is our "OrgSync" story test. This test
>>>>>>> synchronized orgunits and groups in the LDAP server. The
>>>>>>> configuration files are here:
>>>>>>>
>>>>>>> https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources/orgsync
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Radovan Semancik
>>>>>>> Software Architect
>>>>>>> evolveum.com
>>>>>>>
>>>>>>>
>>>>>>> On 06/05/2014 01:03 PM, Roman Pudil - AMI Praha a.s. wrote:
>>>>>>>> Hi,
>>>>>>>> I need synchronize/reconcile AD Groups into midPoint as
>>>>>>>> Entitlements (Roles). Any simple example about this?
>>>>>>>> Importing groups over midpoint webservices is also acceptable
>>>>>>>> solution, but when I tried Your example in
>>>>>>>> \samples\model-client-sample\ it getting error in 3.0 version.
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>> R. Pudil
>>>>>>>> --
>>>>>>>>
>>>>>>>> Roman Pudil
>>>>>>>> solution architect
>>>>>>>>
>>>>>>>> gsm: [+420] 775 663 666
>>>>>>>> e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> AMI Praha a.s.
>>>>>>>> Plánic(kova 11
>>>>>>>> 162 00 Praha 6
>>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>>> web: www.ami.cz <http://www.ami.cz>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> AMI Praha a.s.
>>>>>>>>
>>>>>>>>
>>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>>
>>>>>>>>
>>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavr(ít ani
>>>>>>>> neuzavírá za spolec(nost AMI Praha a.s.
>>>>>>>> jakoukoliv smlouvu. Kaz(dá smlouva, pokud bude uzavr(ena, musí
>>>>>>>> mít výhradne( písemnou formu.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2895 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 21628 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2895 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 21628 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2895 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 21628 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2895 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 21628 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140627/8db00bf4/attachment-0003.png>
More information about the midPoint
mailing list