[midPoint] Mapping Org to Active Directory Groups

Ian Chen ianchen.op at gmail.com
Tue Oct 31 07:55:49 CET 2017 

Hi Oskar,

I mapped all org to Entitlement as AD groups.
But I cannot find how to map parent org of assignment, could you share some
details?
Thanks.

Regards,
Ian

On Wed, Oct 25, 2017 at 6:33 PM, Oskar Butovič - AMI Praha a.s. <
oskar.butovic at ami.cz> wrote:

> Hi Chen,
>
> I suggest mapping this as an association. https://wiki.
> evolveum.com/display/midPoint/Entitlements#Entitlements-
> AssociationDefinitionExamples . Association can handle both direction of
> membership (members in group or groups in user). So for example if you
> assign parrent org to user or other org midpoint also modifies
> group represented by parrent org. Hope it makes sense. :-)
>
> Association works with assignments. If properly assigned child orgs should
> have parrent org in one of assignments and also in parrentOrgRef element.
>
> Best Regards
> Oskar Butovič
>
> 2017-10-25 12:23 GMT+02:00 Ian Chen <ianchen.op at gmail.com>:
>
>> Hi List,
>>
>> I'm new here are trying to solve mapping Org to AD groups as
>> https://evolveum.com/blog/practical-organization-structure-
>> in-active-directory/. I'm stuck at setting member for group.
>>
>> It seems AD group can only have member (children), while in midpoint Org
>> is assigned upwards (parent). As I cannot find children Org in outbound
>> mapping, I added an extension attribute to hold parentID of parent Org. My
>> plan is when outbound mapping, searching for any Org with parentID set to
>> current Org ID, but I cannot find how. Please help!
>>
>> Also if there is better/simpler method to do this, please let me know.
>>
>> Thanks!
>> Ian
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171031/2f08dcd6/attachment.htm>

More information about the midPoint mailing list