[midPoint] AD membership to midPoint role assignment

Pálos Gustáv gustav.palos at evolveum.com
Mon Apr 25 13:38:07 CEST 2016 

>
> Hi,
>
> yes, it is possible, I use similar things to assign SAP groups, roles and
> profiles represented as Orgs in midPoint in this sample:
>
> https://github.com/Evolveum/midpoint/tree/master/samples/resources/sap/assignment
> I need a multi value user attribute to store role names from source. I use
> for this purpose in sample user extension sapRoles:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/extension-sap.xsd
> and inbound attribute mapping to $user/extension/sapRoles in resource
> schema handling:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/sap-advanced.xml
>
> Next, you need to import roles to midPoint, for example over this task:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/task-import-roles.xml
> Import user object template and enable it over
> Configuration->System->Object Policies:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/object-template-user.xml
> please see for example 'User - SAP Role mapping' how you can
> searchObjectByName and return assignment to this Org for current user.
> (in your case you need not OrgType.class, but RoleType.class)
>
> Now when I import user from SAP, and user have SAP role assigned, I see
> the same role name in extension attribute sapRoles and also an assignment
> to org with same name.
>
> Gusto
>
>
> 2016-04-25 10:50 GMT+02:00 Aivo Kuhlberg <aivo.kuhlberg at rmit.ee>:
>
>> Is it possible to import existing AD users group memberships to midPoint
>> role assignments? I can import groups to midPoint roles but existing AD
>> users who belong to that group do not get assigned to corresponding role in
>> midPoint.
>> I am using midPoint 3.3.1 with AD connector.
>>
>>
>> Thanks,
>>
>> Aivo Kuhlberg
>>
>> ------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud
>> teavet.
>> This e-mail may contain information which is classified for official use.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160425/05bd5ad0/attachment.htm>

More information about the midPoint mailing list