[midPoint] Sync Virtual Identities and AD Groups using roles
Jason Everling
jeverling at bshp.edu
Tue Dec 20 15:35:31 CET 2016
Quick question, I am assuming you are using the AD-LDAP connector
(ri:memberOf), does inbound work during live sync or just during reconcile?
Thanks!
JASON
On Tue, Dec 20, 2016 at 4:10 AM, Marco Benucci <m.benucci at nsr.it> wrote:
> I have successfully aligned AD entitlement on midpoint users using a 2
> step approach.
>
>
> Firstly I have made an inbound mapping of the attribute memberOf in an
> extension and multivalue attribute.
>
> Then, with an object template I have used the assignmentTargetSearch to
> assign midpoint roles (my AD entitlement) to the user based on the
> attribute mentioned above. I thought it could be possible to use the
> assignmentTargetSearch even in inbound mapping on the resource, but I did
> not tested it.
>
> Thank you,
> Marco
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161220/1456930c/attachment.htm>
More information about the midPoint
mailing list