[midPoint] Sync only AD accounts which are members of one AD group
Brad Firestone
bhotrock at gmail.com
Tue May 9 21:13:33 CEST 2017
I changed the subject line since I THINK I've learned more about how to
do this. I don't need to sync the actual "groups", but want to sync
only the accounts that are members of a certain group. After lots of
reading and searching, I realized that I probably need to do this using
a condition script in the <synchronization> section.
I have it working correctly if I'm looking for an single-valued
attribute value using the following code:
<condition>
<script>
<code>
surname = basic.getAttributeValue(shadow, 'sn');
return (surname == 'Testuser')
</code>
</script>
</condition>
The problem is trying to get this to work for all members of a
Distribution Group. Many of the things I've tried to do give an error of:
com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
com.evolveum.midpoint.util.exception.SchemaException: Attempt to get
single value from multi-valued attribute
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}memberOf
(new) condition in object synchronization Account sync
Does anyone have any ideas of how to sync only accounts that are members
of a Distribution Group?
Thanks!
Brad Firestone wrote:
> Hi All,
>
> I am setting up Active Directory as an authoritative source resource.
> But I only want to sync in users who are members of a certain
> Distribution Group:
> CN=Primary Users,OU=Distribution Groups,OU=Groups,DC=example,DC=com
>
> I'm guessing that I can put this filter into the resource, probably in
> the resultsHandlerConfiguration section, using the
> enableFilteredResultsHandler. I found this page in the Wiki, but it's
> still a work To Do:
> https://wiki.evolveum.com/display/midPoint/ICF+Configuration+Tips+and+Tricks
>
> Does anyone have any examples of how I might filter my results to just
> include users in this Distribution Group?
>
> Thanks!
> Brad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170509/f52a2177/attachment.htm>
More information about the midPoint
mailing list