[midPoint] Synchronization of users and groups

Martin Lízner - AMI Praha a.s. martin.lizner at ami.cz
Tue Nov 7 12:47:57 CET 2017


Hi Jan, to create AD groups based on midPoint's role you need to either add
assignment or projection to the role. Im not sure if GUI currently supports
having those with kind=entitlement. Its possible that it defaults to
kind=account which makes role trying to create user account. Anyway you
could do that on XML level (Repository Objects).

MidPoint works with namespaces, sometimes its automated but in some places
you have to state namespace explicitly. So for dn, you should probably use
ri:dn and declare xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"

Martin

Martin Lízner
solution architect

gsm: [+420] 737 745 571
e-mail: martin.lizner at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz



[image: AMI Praha a.s.] <http://www.skyidentity.com/>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.


2017-11-03 21:07 GMT+01:00 Jan Kaspar <Caspi at seznam.cz>:

> Hi All,
>
> i am new to midPoint and I would like to test it. I have installed 1
> domain controller and midPoint server on CentOS machine.
>
> After few hours i have created user sync. Using import task i got all
> users to midPoint. Using Live syng i am able to perform changes to
> AD from midPoint.
>
> Hell came with trying of creating roles for management AD groups members.
> I am totaly lost. If i try to create Role, it is creating USER account in
> AD.
>
> If i have created groups in AD i am able to import them as a role. Coul;d
> someone helped me with initial setup? I am using midPoint 3.6.1 and it
> looks like
> documentation is not complete.
>
> Also i am getting error :
>
> No namespace in reference to attribute or association 'dn' in schema
> handling for 'AD Group (kind: ENTITLEMENT, intent: group)
>
> Is this root cause of all troubles?
>
> Thanks
>
> Honza
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171107/1d7d2e55/attachment.htm>


More information about the midPoint mailing list