[midPoint] Some questions to midPoint 3.3

Pavol Mederly mederly at evolveum.com
Mon Mar 21 17:46:05 CET 2016 

Hello Philippe and Fabian,

here are some answers (or, more precisely, pointers to relevant 
information) to your questions:

> - How can you adjust some attribute in a connector? We tried to rename 
> some attribute names in the XML file but if we try to create a new 
> user with the new attribute names the connector says the attribute is 
> unknown? 
I don't understand this question. What exactly you'd like to adjust? 
Please be more specific what you'd like to achieve, and preferably give 
us an example.

> - If you create a role, how can you give this role authorities? From 
> the start on, there is for example just the role end user and super 
> user with authorities.
What do you mean by "authorities"? From what you say I understand you'd 
like to attach some authorizations to a role - i.e. saying like "holder 
of this role can see all other users' details". Is it so? If yes, please 
have a look at 
https://wiki.evolveum.com/display/midPoint/Authorization+Configuration. 
It is a very elaborate and powerful mechanism, allowing to specify 
authorizations in very, very flexible and detailed manner.

> - Is it possible to filter Users just through attributes? for example 
> show every user with the name Thomas? Or is it just possible to filter 
> users with organisations? 
I'm not sure how it is in midPoint 3.3, but in 3.4-snapshot it is 
possible to filter users by name, given name (e.g. Thomas), family name, 
full name, additional name(s), administrative status, cost center. If 
you need more, you can use e.g. Bulk actions 
(https://wiki.evolveum.com/display/midPoint/Bulk+actions) to extract 
users you need (but that's not very interactive). Or you can use 
reports. Or export all users and write a custom script to filter what 
you need.

> - Is there an option to prevent that users dont get authorities that 
> they should never have? for example a customer user should never be 
> able to get the role of a super user?
I'm not sure about this; maybe someone other on this list would respond.
For general prevention of unwanted authorizations and role assignments 
midPoint provides:
- certifications 
(https://evolveum.com/blog/access-certification-in-midpoint/)
- approvals (https://wiki.evolveum.com/display/midPoint/Workflows).

> - Is it possible to set attributes from a user through a role assignment?
Certainly. See e.g. 
https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC

> - How can you change the password policy in midpoint and synchronizise 
> them with Active Directory and Exchange?
You specify password policy like this: 
https://wiki.evolveum.com/display/midPoint/Password+Policy
Not sure what you mean by synchronization of the policy with 
AD/Exchange; if you want to have compatible policies in midPoint and 
AD/Exchange (i.e. so that if a user's password is accepted by midPoint 
it will be accepted by AD/Exchange and vice versa), you have to obtain 
current password policy from AD/Exchange and manually create equivalent 
policy in midPoint. (Or the way around, take a policy from midPoint and 
create equivalent one in AD/Exchange.)

> - How can an employee request authorities? And how can his boss 
> authorize this request?
Please see the wiki page on workflows mentioned above.
In 3.3, the request is done simply by trying to assign specific role to 
himself/herself. After saving it, the workflow is started automatically 
(if role approver or approver expression or approval schema is defined).
In 3.4 there will be a special tab for requesting roles (see 3.4-snapshot).

> - Is it possible to create a hierarchy? If yes, how?
A hierarchy of what? E.g. for organizations (that could be basically 
anything from traditional organizations to projects to e.g. study 
programmes or even individual lectures), it certainly is possible and 
well supported. Please have a look around our wiki.

> - How can you generate reports? are there already basic templates for 
> reports? and how can you export them in different formats like .xls 
> .csv .pdf ? 
Very simply. You just need to use "Reports" menu. Please try it; and 
have a look at 
https://wiki.evolveum.com/display/midPoint/Report+Configuration.

> - How can we transfer a currently existing active directory structure 
> as easily as possible in midpoint? We got an XML-data for example and 
> want to implement this user in midpoint as well. 
Please be more specific. Or, even better, please have a look at the 
following:
- https://wiki.evolveum.com/display/midPoint/OrgSync+Story+Test (this 
one is not specific to AD but the general idea is the same)
- 
https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO
- 
https://evolveum.com/blog/practical-organization-structure-in-active-directory/
...and then think again and try to formulate your question more precisely.

Hope this helps,
Pavol


On 19.03.2016 20:57, Fabian Mirz wrote:
> Hello all,
>
> we are a group of students who are currently testing MidPoint 3.3 as 
> an Identity Manager System for a big company.
> We have build up recently our test environment with 2 servers. On the 
> first one, we installed midPoint and on the second one we configurated 
> Active Directory and installed Exchange.
> The basic functions are already running, we are for example able to 
> create a user in midpoint, assign him with the exchange connector and 
> midpoint creates this user also on the other server with a mailbox.
> Sadly we still have some issues and we hope you can help us.
>
> We are new to this topic, so please be forgiving if there are some 
> "stupid" questions.
>
> - How can you adjust some attribute in a connector? We tried to rename 
> some attribute names in the XML file but if we try to create a new 
> user with the new attribute names the connector says the attribute is 
> unknown?
> - If you create a role, how can you give this role authorities? From 
> the start on, there is for example just the role end user and super 
> user with authorities.
> - Is it possible to filter Users just through attributes? for example 
> show every user with the name Thomas? Or is it just possible to filter 
> users with organisations?
> - Is there an option to prevent that users dont get authorities that 
> they should never have? for example a customer user should never be 
> able to get the role of a super user?
> - Is it possible to set attributes from a user through a role assignment?
> - How can you change the password policy in midpoint and synchronizise 
> them with Active Directory and Exchange?
> - How can an employee request authorities? And how can his boss 
> authorize this request?
> - Is it possible to create a hierarchy? If yes, how?
> - How can you generate reports? are there already basic templates for 
> reports? and how can you export them in different formats like .xls 
> .csv .pdf ?
>
> And the last but most import question:
> - How can we transfer a currently existing active directory structure 
> as easily as possible in midpoint? We got an XML-data for example and 
> want to implement this user in midpoint as well.
>
>
> Best regards
>
> Philippe Büdinger & Fabian Mirz
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list