[midPoint] Bulk import from midpoint to AD

Dilek Gider dilek.gider at basistek.com
Thu May 11 09:17:06 CEST 2017 

Hi Ivan,

Thank you very much for your detailed answer.
I had a user template, i have added and tried many things on template,
<assignmenttargetsearch>", "<accountconstruction>", "<inducement>",
"<construction><kind><account>"...... But none of them worked.

Now I will try what you suggested step by step, i will inform you, thank
you again.

user template:

<mapping>
      <description>AD Resource Create</description>
      <strength>strong</strength>
      <source>
         <c:path>name</c:path>
      </source>
      <expression>
         <value>
            <construction>
               <resourceRef oid="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2"
type="c:ResourceType"/>
            </construction>
         </value>
      </expression>
      <target>
         <c:path>assignment</c:path>
      </target>
      <condition>
         <script>
            <code>name != null</code>
         </script>
      </condition>
   </mapping>

On Wed, May 10, 2017 at 5:23 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi Dilek,
>
> not sure if I understand, so I try to explain what I think you want.
>
> If you want to get your midPoint users to AD, the term "bulk import" does
> not quite correspond to it. To me it seems you want to provision your
> midpoint users to AD.
>
> LiveSync and Reconciliation evaluate situations/changes in resource and
> are able to import the accounts to midPoint and link or create users.
>
> To provision users to AD resource, you need:
>
> 1) outbound mappings in your resource. That is probably OK, as you can
> manually add AD account to (specific) users
>
> 2) role with construction to AD resource
>
> 3) default object template which will assign role from 2) to (all or
> specific) users in midPoint
>
> Example of such template is: https://github.com/Evolveum/
> midpoint/blob/v3.5.1/samples/objects/object-template-user.xml
>
> See the mapping named "basic role". The "oid" referenced in
> assignmentTargetSearch is the oid of your role (with construction for AD
> account). In real life, there should be a condition so that the role is not
> assigned to all users, but e.g. to employees only.
>
> The template must be configured as default in Configuration - System for
> UserType objects.
>
> After that, you only need to edit any existing user and check "Reconcile"
> checkbox and save. The account will be created according to the role and AD
> schema handling mappings.
>
> To populate all users, you would need to run Recompute task. That would do
> exactly the same as "Reconcile" checkbox for all users.
>
> Regards,
>
> Ivan
>
> On 05/10/2017 11:52 AM, Dilek Gider wrote:
>
> Hi All,
>
> I have a resource with ADLDAPConnector. I want to add  all of midpoint
> users to AD.
> I have a resource xml, it works by manually adding user to AD account. But
> when I run recon job task or live synch task, it only evaluates AD users,
> doesn't evaluate midpoint users. Is there any other method to create
> midpoint users in any resource?
>
> Thank you very much.
>
> Dilek
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170511/07485170/attachment.htm>

More information about the midPoint mailing list