[midPoint] Import from LDAP connector for a subset of OUs

Carl Waldbieser waldbiec at lafayette.edu
Tue Aug 21 15:10:53 CEST 2018


I am attempting to determine how to integrate Midpoint into existing business processes at my institution.  Our current process for onboarding employees has an intake form that stores account data in a relational database, and then a series of scheduled jobs create the enterprise account in our OpenLDAP directory information tree.

I have Midpoint set up to synchronize users from the RDBMS resource.  I also set up a connector to the OpenLDAP resource to provision accounts from Midpoint.  The accounts are created in a single container, "ou=people,o=lafayette".

This works great for new accounts.  Existing accounts, however, may exist in various containers that have been created in the DIT over the years.  To let Midpoint know where these entries actually live in the DIT, I can run an import task from the OpenLDAP resource to link the accounts.  So far so good.

The issue I am facing is that our OpenLDAP DIT contains many different cohorts besides employees-- we also have students and alumni which outnumber employee accounts by quite a bit, and they do not exist in the employee onboarding database.

All the employee accounts are scattered throughout about 50 different OUs.  Is there a way that I can import/link the accounts from my OpenLDAP resource without having to process all the student and alumni accounts as well?

Thanks,
Carl Waldbieser
ITS Identity Management
Lafayette College



More information about the midPoint mailing list