[midPoint] Configuring synchronisation of resource account to user

Thu Apr 20 09:06:01 CEST 2017

Hi Tommy,

On 04/20/2017 08:41 AM, Tommy Montegu wrote:
>
> Hello,
>
>  
>
> I have some difficulties (because I’m French) to understand how to
> synchronize two resource to a user.
>
>  
>
> This is my situation :
>
>  
>
> I have imported my midPoint user from my AD. So I have my AD
> configured as a resource, and I have my users which have one
> projections : my AD resource.
>
>  
>
> I have configured my Zimbra mail server as a resource, thanks to LDAP.
> My resource is UP, and I saw all zimbraAccounts in my resource > Accounts.
>
>  
>
> So my question is : Is it possible to take the zimbraAccount which the
> fullName or DN (or every other attributes) match the DN (or everything
> else) in my midpoint user, and to synchronize them ?
>

Yes of course; just like you did your synchronization for the AD
(initial import or whatever), you need to setup the synchronization for
Zimbra (LDAP). You need to specify which Zimbra account attribute will
be used to search for midPoint users and how. Typically I can imagine
that you take "uid" from Zimbra and search midPoint users with the same
name attribute. Or you can take DN, parse the uid from there, and use
that to search midPoint users with the same name attribute.

>  
>
> I would like to add the account in zimbra as a projection, to the
> existent midpoint user. But I have more zimbraAccount (because of
> galsync, etc..) than user. And I would like to know if there are a way
> (by configuring some synchronization with reaction) to add
> automatically the mail account to the user in the midpoint.
>

If you configure the synchronization in resource, you can then run
Reconciliation and it will match and link the users. Of course first try
with "dry run" setting in the reconciliation task.

>  
>
> I hope my explanation are clear. I read a lot about projections and
> generic synchronization in the wiki, but I don’t understand some
> point. I hope someone can help me to configure, or just explain me,
> what I have to do to add the corresponding mail account, from my
> zimbra resource, to the corresponding users in midPoint.
>

For now I think you don't need generic synchronization. If you are
synchronizing just accounts and users, things are much easier to do.
Please try to lookup some samples for our LDAP resources, e.g. for
openldap. BTW I have just realized there is actually Zimbra resource
sample (but without synchronization) in
https://github.com/Evolveum/midpoint/blob/master/samples/resources/zimbra/ldap-zimbra.xml

Regards,
Ivan

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170420/0e180f07/attachment.htm>