[midPoint] Resource connection automation

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Thu Sep 13 11:43:14 CEST 2018


Thank you very much! This is exactly what I was looking for.

Best regards,
WS

W dniu 12.09.2018 o 23:10, Andrew Morgan pisze:
> On Wed, 12 Sep 2018, Wojciech Staszewski wrote:
> 
>> Hello All!
>>
>> This question is for those, who have some experience in midPoint deployment.
>>
>> Simple case:
>> - You need to connect already working system as a resource to midPoint,
>> - This system contains a few thousands of user accounts with different
>> privileges (for simplicity - user groups), and tens of user groups.
>> - midPoint already has some of these users taken from elsewhere (let's
>> say from HR system), but some of them are archival, disabled or forgotten.
>> - Resource user groups are imported as midPoint roles.
>>
>> The tasks to do:
>> - map the resource accounts to midPoint users (this is quite easy:
>> "unliked->link" synchronization action),
>> - reflect the resource account privileges (group membership) by
>> assigning adequate role or roles to the midPoint users.
>>
>> I wonder if you have any kind of worked out automation (scripts? bulk
>> actions?) for the second task?
>> Or maybe you're assigning proper roles to the thousands of users just by
>> clicking it out one by one using midPoint GUI?
> 
> We wrote scripts to assign roles (and do other things) via midPoint's REST API.
> 
> I have attached the Perl library we wrote.  You don't have to use Perl. You can use the code as a reference for how to make the API calls.
> 
> Let me know if you have any questions about it.
> 
> Thanks,
> Andy Morgan
> Systems Administrator, Identity & Access Management
> Information Services | Oregon State University
> 541-737-8877 | is.oregonstate.edu
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>



More information about the midPoint mailing list