[midPoint] Use Role assigning entitlements
Pavol Mederly
mederly at evolveum.com
Wed Sep 21 11:42:39 CEST 2016
Daniel,
this is actually part of what Mariano is trying to achieve. :-)
The inducement should look like this:
<inducement>
<description>LDAP resource with implied group membership</description>
<construction>
<resourceRef oid="ebd0bf7b-7e80-4175-ba5e-4fd5de2ecd62"
type="ResourceType"/>
<association>
<ref>ri:groups</ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>group</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
</inducement>
But you need to use correct resource OID, association name (ri:groups?),
and intent (group). You can have a look at the full example e.g. in
samples\demo-generic
synchronization\role-meta-responsibility-GenSync.xml. Best regards,
Pavol Mederly
Software developer
evolveum.com
On 06.09.2016 15:31, Daniel.Sommer at itconcepts.net wrote:
> Hello,
> i am able to assign an account in a resource. I can assign it using a
> role.
> I have also been able to establish synchronization of an entitlement
> as a group in the same resource.
> Now i want to associate the entitlement with a role, too.
> I found an example where an inducement within a role was configured
> like this:
> <inducement id="1">
> <construction>
> <resourceRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2"
> type="c:ResourceType"><!-- LDAP... --></resourceRef>
> <kind>entitlement</kind>
> <intent>group</intent>
> </construction>
> </inducement>
> Therefor i have manually added the kind and intent tag. If i try to
> assign i get an error like: missing oid attribute.
> Of course i can perfectly reproduce its problem - we need to specify
> which entitlement to assign by this role.
> Am i right until now? How/where can i specify the groups/entitlements
> oid?
> Best regards.
>
> Daniel Sommer Office: +49 228 908733 0 | Fax: +49 228 908733 1| Mobil:
> +49 176 162086 79
>
> ITConcepts Professional GmbH - In den Dauen 6 - DE 53117 Bonn
>
> Website www.itconcepts.net <http://www.itconcepts.net>
> <http://www.itconcepts.net/>
> <http://www.itconcepts.net/index.php/about-cognitum> Besuchen Sie uns
> auch auf
> <http://www.xing.com/companies/itconceptsprofessionalgmbh/updates>
> <http://www.linkedin.com/company/itconcepts>
>
> Events mit ITConcepts 10.-12. Oktober: SailPoint Navigate in Berlin.
> Mehr Infos hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/86-sailpoint-navigate>.
> 13. Oktober: Ping IDENTIFY in Frankfurt. Mehr Infos hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/89-ping-identify>.
> 17. Oktober: Internationaler Automobil Kongress in Wolfsburg. Mehr
> Infos hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/88-internationaler-automobil-kongress>.
> 18.- 20. Oktober: it-sa, IT Security Messe in Nürnberg, Mehr Infos
> hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/84-it-sa-2016>.
> 18.- 20. Oktober: IZB in Wolfsburg, Mehr Infos hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/87-izb-internationale-zuliefererboerse>.
> 16.- 17. November: BMC Exchange in Mainz .Mehr Infos hier
> <http://www.itconcepts.de/index.php/veranstaltungen/details/53-bmc-exchange-2016>.
>
> Trainings von ITConcepts 17. -21. Oktober: Öffentliches Training Dell
> One Identity Manager 6.x - Basisschulung (Kursinhalt
> <http://tp://www.itconcepts.de/index.php/iam/dell-one-identity-manager-basisschulung>)
> ITConcepts Professional GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB
> 12947 - Ust-Id Nr: DE211482933 ITConcepts Automotive GmbH Gf.: Sven
> Moog, Sitz Wolfsburg, AG Braunschweig HRB 204188 - Ust-Id Nr:
> DE223888748 ITConcepts Operations GmbH Gf.: Sven Moog, Sitz Bonn, AG
> Bonn HRB 15454 - St.-Nr: 205/5726/0602
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese
> E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
> die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.
>
> This e-mail may contain confidential and/or privileged information. If
> you are not the intended recipient (or have received this e-mail in
> error) please notify the sender immediately and destroy this e-mail.
> Any unauthorised copying, disclosure or distribution of the material
> in this e-mail is strictly forbidden.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/fbfb933b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2977 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/fbfb933b/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 501 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/fbfb933b/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1009 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/fbfb933b/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1026 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/fbfb933b/attachment-0003.gif>
More information about the midPoint
mailing list