[midPoint] Assign Roles from Account Entitlements

pdbogen at cernu.us pdbogen at cernu.us
Tue Aug 30 01:09:19 CEST 2016


Howdy!

I have MidPoint set up to create users and roles from the inetOrgPersons and 
groupOfMembers in OpenLDAP, respectively.

GroupOfMembers are created using a template that assigns a meta-role that 
induces a 2nd order assignment of the correct entitlement- so in other words, 
assigning the role in midpoint correctly associates the entitlement, and 
changes LDAP properly.

My concern right now is the other direction- maybe just for initial import, 
maybe ongoing; I'd like new associations from LDAP to add the role to the 
affected account.

I.e., if cn=patrick is added to role cn=midpoint.admin in LDAP, the 
corresponding 'patrick' user in MidPoint should be assigned the 
'midpoint.admin' role.

I think they may be a concept I'm missing to implement this, so I'm not sure 
if anything is 'wrong' at this stage.

Thoughts? What information can I provide to help figure this out?

Thanks!
-- 
             .
Patrick Bogen .
            ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160829/960d28cc/attachment.sig>


More information about the midPoint mailing list