[midPoint] LDAP (389ds) - Accounts, groups <-> Users, roles

[Pavol Mederly]

Hello Wojciech,

I don't know if someone answered this mail, but it seems to me that you 
quite often compose your messages as replies to other - unrelated - ones.

Like this one: it is

"In-Reply-To: <1480068706129.75463 at datactica.fi>"

Which means that e.g. my mail client shows it as a part of unrelated 
message thread; which causes confusion and effectively may hide your 
message.

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 25.11.2016 14:46, Wojciech Staszewski wrote:
> Hi all!
>
> Basing on the 389ds resource example I finaly configured the resource,
> imported accounts and groups.
>
> Accounts appeared as users in MidPoint and groups as Roles. This is ok.
>
> But when I open a role imported from LDAP group, the role has no
> members. And vice versa - when open user imported from LDAP he has no
> role assigned.
>
> 1. What and where I need to configure to assign proper roles to users
> according to LDAP group membership? I also want as a default to assign
> "End user" role to every existing and newly created account.
>
> 2. I made a very simple organization structure. I have 5 organizations,
> so I created 5 different trees. I need to assign users to proper
> organization based on LDAP "o" attribute, and to correct branch of this
> tree based on "departmentnumber". Departmentnumber is an integer value
> and branches of organization tree have names. Is this doable? Any tips?
>
> Thanks a lot and sorry for such beginners questions. I tried to analyze
> XMLs from MidPoint examples and to read the documentation, but there is
> so much of it and I actually don't know what I need to search...
>
> WS
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint