[midPoint] Assign Roles from Account Entitlements

Radovan Semancik radovan.semancik at evolveum.com
Tue Aug 30 16:19:57 CEST 2016 

Hi,

There is currently no easy way how to do this. This is one of the issues 
that are waiting for funding or contribution. Please see:
https://jira.evolveum.com/browse/MID-2104
https://jira.evolveum.com/browse/MID-2103

What you can do about it is described here: 
https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature

These features would  be really useful and they are waiting for some 
time already ...
In the meantime you can probably do some magic with scripting hooks 
(https://wiki.evolveum.com/display/midPoint/Scripting+Hooks) but that is 
not an easy approach and it definitely is not the right one. The correct 
approach would be to develop the necessary features.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 08/30/2016 01:09 AM, pdbogen at cernu.us wrote:
> Howdy!
>
> I have MidPoint set up to create users and roles from the inetOrgPersons and
> groupOfMembers in OpenLDAP, respectively.
>
> GroupOfMembers are created using a template that assigns a meta-role that
> induces a 2nd order assignment of the correct entitlement- so in other words,
> assigning the role in midpoint correctly associates the entitlement, and
> changes LDAP properly.
>
> My concern right now is the other direction- maybe just for initial import,
> maybe ongoing; I'd like new associations from LDAP to add the role to the
> affected account.
>
> I.e., if cn=patrick is added to role cn=midpoint.admin in LDAP, the
> corresponding 'patrick' user in MidPoint should be assigned the
> 'midpoint.admin' role.
>
> I think they may be a concept I'm missing to implement this, so I'm not sure
> if anything is 'wrong' at this stage.
>
> Thoughts? What information can I provide to help figure this out?
>
> Thanks!
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160830/ae719646/attachment.htm>

More information about the midPoint mailing list