[midPoint] Synchronization of accounts created in midpoint

Ivan Noris ivan.noris at evolveum.com
Fri Feb 12 08:15:45 CET 2016 

Hi Cameron,

OK, so for this you should be able to find a lot of samples.
For example the object template samples/objects/object-template-user.xml
contains a mapping called "basic role" (the last one) which is exactly
what I wrote earlier.
Just create a role, reference it in the template by oid, set the
template as default in system config and you should be ok. Maybe you
would like to add a condition to not add the role to some users (like
administrator).

To test it you can first edit any user, check "reconcile" checkbox and
save. It should process the template, assign the role and provision user
to LDAP. If this works, create and run recomputation task in Server
Tasks/New task.

If there are problems with outbounds in schema handling, it's far better
to know after modifying one user than to wait for recomputation task to
finish and see millions of errors :)

Regards,
Ivan

On 02/12/2016 12:56 AM, Cameron Miller wrote:
>
> Hi Ivan,
>
>  
>
> Thank you for your response. That sounds like what I’m trying to achieve.
>
>  
>
> Regards,
>
>  
>
> Cameron
>
>  
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
> Behalf Of *Ivan Noris
> *Sent:* Friday, 12 February 2016 10:17 AM
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] Synchronization of accounts created in midpoint
>
>  
>
> Hi Cameron,
>
> not sure if I understand. But if I had many users in midPoint and
> wished to provision them to LDAP, probably I'd do something like this:
>
> - create role with construction to create account on LDAP
> - create user template which will assign the role to provision account
> to LDAP server. Alternatively you can assign just the account (if you
> can't create role)
>   - the mapping in the user template can have condition if you don't
> want to assign the role to all users
> - set the user template as global in System Configuration
> - go to Server Tasks and create Recomputation task and let it run for
> all UserType objects (clickable/selectable in the task GUI)
>
> This should process all the users in midPoint and provision LDAP
> accounts for them by automatic assignment of the role in the user
> template.
> Of course you need to set at least the mandatory attributes in LDAP
> resource schema handling (outbound).
>
> Regards,
> Ivan
>
> On 02/11/2016 09:21 PM, Cameron Miller wrote:
>
>     Hi,
>
>      
>
>     I’ve got a heap of accounts that have been created in midPoint and
>     need to sync them to an LDAP server. Adding projections or
>     resource account assignments to the accounts doesn’t seem to work
>     – although I don’t have inbound/outbound mappings set up. Is it
>     possible to do this or do the accounts need to be created in LDAP
>     first.
>
>      
>
>     Regards,
>
>      
>
>     Cameron Miller
>
>
>
>     /This email, and any attachment, is confidential and also
>     privileged. If you have received it in error, please notify me
>     immediately and delete it from your system along with any
>     attachments. You should not copy or use it for any purpose, nor
>     disclose its contents to any other person. /
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper Id(e)M Vix."
>
>
>
> /This email, and any attachment, is confidential and also privileged.
> If you have received it in error, please notify me immediately and
> delete it from your system along with any attachments. You should not
> copy or use it for any purpose, nor disclose its contents to any other
> person. /
>
>
>
> /This email, and any attachment, is confidential and also privileged.
> If you have received it in error, please notify me immediately and
> delete it from your system along with any attachments. You should not
> copy or use it for any purpose, nor disclose its contents to any other
> person. /
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160212/f359bfbb/attachment.htm>

More information about the midPoint mailing list