[midPoint] Import AD group membership

Radovan Semancik radovan.semancik at evolveum.com
Thu May 19 12:16:53 CEST 2016 

Hi,

MidPoint has strong and quite convenient way how to manage group 
membership in the outbound direction. Which means that midPoint is the 
source of the membership information (e.g. defined by roles or orgs) and 
that information is propagated to the resources.

The inbound direction is also possible. But currently it is not very 
convenient and you have to use a lot of tricks. The reason that this is 
not so convenient is simple: the existing use-cases of midPoint 
subscribers and sponsors focused on the outbound direction. None of the 
midPoint subscribers or sponsors indicated the inbound direction as a 
priority. Maybe my colleagues may provide some hints how to work around 
this. But it might be a bit scary.

Implementing a convenient way also for the inbound direction is 
something that I would really love to do. Currently this is one of the 
missing pieces in the puzzle. But, as usual, this is a question of 
funding. And, as usual, see here: 
https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature

However, if I remember correctly, I have seen this question several 
times during last couple of months. So maybe if there are several people 
willing to donate a small sum to have this feature implemented then 
together it can be enough to fund the development of this feature? Are 
there any midPoint subscribers that would like to endorse this feature 
as a priority? Or any non-subscribers willing to partially sponsor this 
feature?

-- 
Radovan Semancik
Software Architect
evolveum.com



On 05/19/2016 11:33 AM, Dick Muller wrote:
>
> Hi,
>
> I already saw some mails about importing AD Group membership with Aivo 
> Kuhlberg , but I still have problems to get this running.
>
> Users and Groups created in Midpoint are successfully synced to the AD 
> domain, including group membership.
>
> But I have a resource domain with a lot of groups and users that I 
> want to import including the group membership. That is working, with 
> exception for the group membership.
>
> That is not configured during import.
>
> If I understand correctly I need to change the User Template. That is 
> what I did, I modified the User template that has a reference with the 
> AD resource and added a mapping for Group membership. I used the 
> object-template in the SAP story as example.
>
> But still I have no group membership.
>
> Is there somebody that can help me on this?
>
> Kind regards,
>
> Dick
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160519/0af23a05/attachment.htm>

More information about the midPoint mailing list