[midPoint] Provision inherited roles in LDAP

[IDM]

Hello.

We  have problems to provision and deprovision entitlements, especially
with the inherited ones.

We have an inducement of a Role,   that inherits the entire hierarchy of an
organization defined in this way:


<inducement> [...]
  <role [...] >

  <orderConstraint>
  <orderMin> 1 </ orderMin>
  <orderMax> unbounded </ orderMax>
  </ orderConstraint>

</ inducement>


*Orgs:*

Org1 (Inducement)  -> These members have role MembershipRef and provision
the entitlement in LDAP

  |-> Org2                ->  have role MembershipRef in user.xml   but
  *NOT* provision the entitlement in LDAP
        |-> Org4                ->  have role MembershipRef in user.xml
 but      *NOT* provision the entitlement in LDAP
        |-> Org5                ->  have role MembershipRef in user.xml
 but      *NOT* provision the entitlement in LDAP
  |-> Org3                ->  have role MembershipRef in user.xml   but
  *NOT* provision the entitlement in LDAP


With this we get   the role in  midpoint (roleMembershipRef), but we can
not give it the LDAP group. We only give the entitlement to the first level
of the organization.

Is there some configuration parameter to force me to provision this
membership in LDAP?

Thanks in advance.

-- 
 

Segun el Articulo 5 de la L.O.P.D, le informamos que sus datos constan en 
un fichero titularidad de CORE NETWORKS, S.L., cuya finalidad es la gestion 
administrativa. Podra ejercer su derecho de acceso, rectificacion, 
cancelacion y oposicion mediante correo postal a C/ Serrano Galvache, 56, 
Edificio Olmo, 1 Planta - C.P. 28033 (MADRID), o enviando un correo 
electrónico a info at corenetworks.es.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171113/3c6afc8a/attachment.htm>