[midPoint] create LDAP group

Steklac Michal Michal_Steklac at datalan.sk
Thu Sep 17 13:47:55 CEST 2015 

Hi,

I have LDAP resource, where I create ldap group for user from midpoint. When is group in LDAP created, then is user added to this group in LDAP. Next users is added to LDAP groups in LDAP.
It is possible remove all uniquemenbers in LDAP when user is disabled in midPoint? This is example
...
<attribute>
<ref>ri:uniqueMember</ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>weak</strength>
<source>
<path>$focus/name</path>
</source>
<source>
<path>$user/activation/administrativeStatus</path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;

if(ActivationStatusType.DISABLED == administrativeStatus){
return ''; // REMOVE ALL UNIQUEMEMBE
} else {
def suffix = ',ou=people,dc=bla,dc=sk'
def prefix = 'uid=';
dn =  prefix + name + suffix;
return dn;
}
</code>
</script>
</expression>
</outbound>
</attribute>
...

Thanks & regard
MiSo

On St, 2015-08-19 at 11:16 +0000, Steklac Michal wrote:
Hi Ivan,

Thank you, I try it.
Sorry. I wrote again, because I don't received response. In the period from 07/22/2015 to 08/17/2015 I don't received any emails in this mailing list. Now I receive mail.

Thanks & regard
MiSo

On St, 2015-08-19 at 12:31 +0200, Ivan Noris wrote:
Hi MiSo,

I believe we have already discussed this here http://lists.evolveum.com/pipermail/midpoint/2015-July/001285.html

Regards,
Ivan

On 08/18/2015 08:19 PM, Steklac Michal wrote:

Hi,

I have configuration where AD is authoritative source for users. When is user create in AD then is create user in LDAP (in midpoint terminology account). It is possible create group in different ldap subtree with same name? What is best way?
Example:
AD - cn=Janko Hrasko,ou=midpoint,dc=sk (with sAMAccountName=jhrasko)
LDAP user - uid=jhrasko,ou=people,ou=midpoint,dc=sk
LDAP group - cn=jhrasko,ou=group,ou=midpoint,dc=sk

Thanks & Best regards
MiSo







_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150917/46f3351b/attachment.htm>

More information about the midPoint mailing list