[midPoint] Mapping Org to Active Directory Groups

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Wed Oct 25 12:33:53 CEST 2017


Hi Chen,

I suggest mapping this as an association.
https://wiki.evolveum.com/display/midPoint/Entitlements#Entitlements-AssociationDefinitionExamples
. Association can handle both direction of membership (members in group or
groups in user). So for example if you assign parrent org to user or other
org midpoint also modifies group represented by parrent org. Hope it makes
sense. :-)

Association works with assignments. If properly assigned child orgs should
have parrent org in one of assignments and also in parrentOrgRef element.

Best Regards
Oskar Butovič

2017-10-25 12:23 GMT+02:00 Ian Chen <ianchen.op at gmail.com>:

> Hi List,
>
> I'm new here are trying to solve mapping Org to AD groups as
> https://evolveum.com/blog/practical-organization-
> structure-in-active-directory/. I'm stuck at setting member for group.
>
> It seems AD group can only have member (children), while in midpoint Org
> is assigned upwards (parent). As I cannot find children Org in outbound
> mapping, I added an extension attribute to hold parentID of parent Org. My
> plan is when outbound mapping, searching for any Org with parentID set to
> current Org ID, but I cannot find how. Please help!
>
> Also if there is better/simpler method to do this, please let me know.
>
> Thanks!
> Ian
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171025/a54ae19f/attachment.htm>


More information about the midPoint mailing list