[midPoint] Roles managing groups in Active Directory

Al Lilianstrom lilstrom at fnal.gov
Thu Dec 10 17:49:43 CET 2020 

Hi Gus,

I had not. I'll take a look at that link.

  thanks, al


--
Al Lilianstrom
Authentication Services

Fermi National Accelerator Laboratory
www.fnal.gov
lilstrom at fnal.gov


________________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Gus Lou via midPoint <midpoint at lists.evolveum.com>
Sent: Thursday, December 10, 2020 9:45 AM
To: midPoint General Discussion
Cc: Gus Lou
Subject: Re: [midPoint] Roles managing groups in Active Directory

Hi Al Lilianstrom

Did you use the metarole concept in your settings?

I achieved the goal mentioned by you, using the approach of the link below:

https://evolveum.com/simplifying-ldap-group-management-using-midpoint/<https://urldefense.proofpoint.com/v2/url?u=https-3A__evolveum.com_simplifying-2Dldap-2Dgroup-2Dmanagement-2Dusing-2Dmidpoint_&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=ai4UrhAfezp5bsFBvkSFUfGjgyhldn-Qgs5EXzTzjXI&s=qmymtOrQU_cER7IRzlhzWwtrX6utxA9oReTCz100o-c&e=>

Regards

Gus

Em qui., 10 de dez. de 2020 às 11:45, Al Lilianstrom via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> escreveu:
Still exploring midPoint.

I've been able to create a role and map it to an existing AD group. I've also been able to add a role and have it create the AD group in the OU I wanted it.

What I've not been able to do is

1) have existing members of the group show up as having the role in midPoint
2) Add the role to a user in midPoint and have the users AD account added to the group

I've been going through the wiki articles on AD groups and I just seem to be missing something.

Any suggestions?

  al

--
Al Lilianstrom
Authentication Services

Fermi National Accelerator Laboratory
www.fnal.gov<http://www.fnal.gov>
lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=ai4UrhAfezp5bsFBvkSFUfGjgyhldn-Qgs5EXzTzjXI&s=uc4XuM5helSPA5x8KE6EQ7yRatrPQmcUUAJYoVTWnlQ&e=>

More information about the midPoint mailing list