[midPoint] Sync Virtual Identities and AD Groups using roles
Marco Benucci
m.benucci at nsr.it
Tue Dec 20 19:30:57 CET 2016
Hi, I was using the old ad connector because we are on midpoint 3.3.1...
Moreover, I have only tested it during a reconciliation, because from now we are managing ad groups with midpoint....but I think it should work during livesync. Have you got troubles?
Inviato da BlueMail
Il giorno 20 dic 2016, 15:44, alle ore 15:44, Jason Everling <jeverling at bshp.edu> ha scritto:
>Quick question, I am assuming you are using the AD-LDAP connector
>(ri:memberOf), does inbound work during live sync or just during
>reconcile?
>
>Thanks!
>JASON
>
>
>
>On Tue, Dec 20, 2016 at 4:10 AM, Marco Benucci <m.benucci at nsr.it>
>wrote:
>
>> I have successfully aligned AD entitlement on midpoint users using a
>2
>> step approach.
>>
>>
>> Firstly I have made an inbound mapping of the attribute memberOf in
>an
>> extension and multivalue attribute.
>>
>> Then, with an object template I have used the assignmentTargetSearch
>to
>> assign midpoint roles (my AD entitlement) to the user based on the
>> attribute mentioned above. I thought it could be possible to use the
>> assignmentTargetSearch even in inbound mapping on the resource, but I
>did
>> not tested it.
>>
>> Thank you,
>> Marco
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>midPoint mailing list
>midPoint at lists.evolveum.com
>http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161220/54af2bf5/attachment.htm>
More information about the midPoint
mailing list