[midPoint] Having trouble with LDAP connector

[Keith LeValley]

I am creating a demo to show off Midpoint to some other IT members and I
really would like to show how roles map to LDAP groups.  I am not sure if
I'm taking the right approach (if not please let me know).

I started by copying much of the live demo site, where it has a CSV file
that is used to import users into Midpoint and then an ldap server that
does a live sync with users.  This works well, but I really want to also
live sync groups.

So I created an org chart with some basic orgs and gave those orgs
inducements to roles.  This allows me to group several roles into an org,
for instance (yes I am a big nerd) my user cbarton ("Hawkeye") has both
roles "shield agent" and "Avenger".  This is working well, but the last
piece that I cannot seem to get to work is how to map those roles to ldap
groups.

So I have created a schema handling that scripts the dn of the group, but I
do not know what attribute to use for the source when mapping the member
field in ldap (what attribute in Midpoint defines the members in a role).
I apologize if this is a really long email asking for a very simple answer,
but I wanted to explain my approach in-case this is not how I should be
doing this.

-- 
Keith LeValley
Identity Services Architect, Davenport University
klevalley2 at davenport.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190729/020d9b10/attachment.htm>