[midPoint] Sync Virtual Identities and AD Groups using roles

Jason Everling jeverling at bshp.edu
Tue Dec 20 20:11:20 CET 2016 

hmm... so, I am guessing then you added memberOf to the .net xml? I am
using icfs:groups and that maybe could be why then it doesn't work on
livesync, I didn't think to just add the virtual attribute,

So did you use the below?

            <AttributeInfo name="memberOf" type="String">
                <AttributeInfoFlag value="MULTIVALUED"/>
            </AttributeInfo>

JASON

On Tue, Dec 20, 2016 at 12:30 PM, Marco Benucci <m.benucci at nsr.it> wrote:

> Hi, I was using the old ad connector because we are on midpoint 3.3.1...
>
> Moreover, I have only tested it during a reconciliation, because from now
> we are managing ad groups with midpoint....but I think it should work
> during livesync. Have you got troubles?
>
> Inviato da BlueMail <http://www.bluemail.me/r>
> Il giorno 20 dic 2016, alle ore 15:44, Jason Everling <jeverling at bshp.edu>
> ha scritto:
>>
>> Quick question, I am assuming you are using the AD-LDAP connector
>> (ri:memberOf), does inbound work during live sync or just during reconcile?
>>
>> Thanks!
>> JASON
>>
>>
>>
>> On Tue, Dec 20, 2016 at 4:10 AM, Marco Benucci <m.benucci at nsr.it> wrote:
>>
>>> I have successfully aligned AD entitlement on midpoint users using a 2
>>> step approach.
>>>
>>>
>>> Firstly I have made an inbound mapping of the attribute memberOf in an
>>> extension and multivalue attribute.
>>>
>>> Then, with an object template I have used the assignmentTargetSearch to
>>> assign midpoint roles (my AD entitlement) to the user based on the
>>> attribute mentioned above. I thought it could be possible to use the
>>> assignmentTargetSearch even in inbound mapping on the resource, but I
>>> did not tested it.
>>>
>>> Thank you,
>>> Marco
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>> ------------------------------
>>
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161220/ea13e97b/attachment.htm>

More information about the midPoint mailing list