[midPoint] Assign Roles from Account Entitlements
pdbogen at cernu.us
pdbogen at cernu.us
Tue Aug 30 01:09:19 CEST 2016
Howdy!
I have MidPoint set up to create users and roles from the inetOrgPersons and
groupOfMembers in OpenLDAP, respectively.
GroupOfMembers are created using a template that assigns a meta-role that
induces a 2nd order assignment of the correct entitlement- so in other words,
assigning the role in midpoint correctly associates the entitlement, and
changes LDAP properly.
My concern right now is the other direction- maybe just for initial import,
maybe ongoing; I'd like new associations from LDAP to add the role to the
affected account.
I.e., if cn=patrick is added to role cn=midpoint.admin in LDAP, the
corresponding 'patrick' user in MidPoint should be assigned the
'midpoint.admin' role.
I think they may be a concept I'm missing to implement this, so I'm not sure
if anything is 'wrong' at this stage.
Thoughts? What information can I provide to help figure this out?
Thanks!
--
.
Patrick Bogen .
...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160829/960d28cc/attachment.sig>
More information about the midPoint
mailing list