[midPoint] New to midPoint - AD integration

Gus Lou gugalou38 at gmail.com
Thu Dec 17 17:39:42 CET 2020 

I also continue to research and try to resolve issues. Any news I'll share.

Regards

Gus

Em qui., 17 de dez. de 2020 às 13:24, Al Lilianstrom via midPoint <
midpoint at lists.evolveum.com> escreveu:

> Hi Gus,
>
> I have not had any success in getting groups to import and automatically
> becomes roles. I thought I pulled the configuration straight out of the
> how-to guide. I'm going to check that as soon as time permits.
>
>   al
>
>
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov
> lilstrom at fnal.gov
>
>
> ________________________________________
> From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Gus Lou
> via midPoint <midpoint at lists.evolveum.com>
> Sent: Wednesday, December 16, 2020 12:59 PM
> To: midPoint General Discussion
> Cc: Gus Lou
> Subject: Re: [midPoint] New to midPoint - AD integration
>
> Hi Al Lilianstrom
>
> In your tests, were you able to import accounts and groups from AD through
> Tasks and users and roles were created automatically in Midpoint? I also
> keep trying to get that result.
>
> Regards
>
> Gus
>
> Em sex., 4 de dez. de 2020 às 10:12, Al Lilianstrom via midPoint <
> midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> escreveu:
> Thanks Jason.  I'll take a look at that. I was reading on filters in the
> wiki last night so it looks like I'm on the right path.
>
>   al
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> www.fnal.gov<http://www.fnal.gov>
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>
>
>
> ________________________________________
> From: Jason Everling <jeverling at bshp.edu<mailto:jeverling at bshp.edu>>
> Sent: Thursday, December 3, 2020 9:56 AM
> To: midPoint General Discussion
> Cc: Al Lilianstrom
> Subject: RE: [midPoint] New to midPoint - AD integration
>
> You could also use a condition on the objectSynchronization instead of
> changing base conext, like below, midpoint will still see all your ad
> objects but will not import, sync, or create, etc.. unless they match the
> sync filter
>
>             <condition>
>                 <script>
>                     <code>
>                         obj = basic.getAttributeValue(shadow, '
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3<
> https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_resource_instance-2D3&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=6coBQ_2Rde6d0ATdFdRM6LORZqfPK-Fea9vxQMejIBY&s=vtqO4dLsOJIIW8uIV8pgqITlym_7nx3to5zX_0bgPGs&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_resource_instance-2D3&d=DwQFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=zObqO0mO8lciEpAauzdu0RiHLAezgpZgOd7pZW1Bg_w&s=4eszi7VD8TaOMC-bSoeB2FXJDxmV3o3AdI8HNl6FUo4&e=>',
> 'dn');
>                         return (obj.contains('OU=Example'));
>                     </code>
>                 </script>
>             </condition>
>
>
>
> From: Al Lilianstrom via midPoint<mailto:midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> Sent: Wednesday, December 2, 2020 7:59 AM
> To: midPoint General Discussion<mailto:midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>>
> Cc: Al Lilianstrom<mailto:lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>>
> Subject: Re: [midPoint] New to midPoint - AD integration
>
> Hi Javier,
>
> That seems to work for restricting the import but the usersync task breaks
> as the DirSync call now goes to the OU rather than the entire directory.
>
> I'm certain I'm missing something when it comes to the AD connector.
>
> OTOH the accounts that I had in midPoint from CSV linked up to the AD
> accounts that were pulled in and I could manage them so that is a step
> forward.
>
>   al
> --
> Al Lilianstrom
> Authentication Services
>
> Fermi National Accelerator Laboratory
> http://www.fnal.gov
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>
>
>
> ________________________________________
> From: Laza, Javier <Javier.Laza at ingrammicro.com<mailto:
> Javier.Laza at ingrammicro.com>>
> Sent: Wednesday, December 2, 2020 2:51 AM
> To: midPoint General Discussion
> Cc: Al Lilianstrom
> Subject: RE: New to midPoint - AD integration
>
> You can use the 'Base Context' parameter in the AD connector, configure
> your OU there
>
>
>
> [cid:image001.png at 01D6C890.BFBC68D0]
>
>
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:
> midpoint-bounces at lists.evolveum.com>> On Behalf Of Al Lilianstrom via
> midPoint
> Sent: martes, 1 de diciembre de 2020 21:44
> To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:
> midpoint at lists.evolveum.com>>
> Cc: Al Lilianstrom <lilstrom at fnal.gov<mailto:lilstrom at fnal.gov>>
> Subject: [midPoint] New to midPoint - AD integration
>
>
>
> Still working my way through the book.
>
>
>
> Running midPoint 4.2. CSV creating accounts in midPoint
>
>
>
> Connected one of my test Active Directories using the
> ad-ldap-medusa-medium.xml sample file.  The accounts in the CSV exist in a
> test OU in AD so I'm working on linking them. I think I understand that
> process.
>
>
>
> What I'm trying to get a grasp on is how to limit what I the AD connector
> pulls in to midPoint. I have 30,000+ user objects in the AD and I don't
> want to pull them all in just yet. I just want to pull the objects in my
> test OU and go from there.
>
>
>
> Any pointers would be greatly appreciated.
>
>
>
>   thanks, al
>
>
>
> --
>
> Al Lilianstrom
>
> Authentication Services
>
>
>
> Fermi National Accelerator Laboratory
>
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.fnal.gov&d=DwIGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=Qr2V91d2Ip57WGd7ValnTgSil2wzkdfhEuP9wIvUDE0&s=evX712InlwqkzPVPmkNpUuUH5XHsAUOZobBSkhQFW1Q&e=
>
> lilstrom at fnal.gov<mailto:lilstrom at fnal.gov><mailto:lilstrom at fnal.gov
> <mailto:lilstrom at fnal.gov>>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com><mailto:
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>>
>
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=Qr2V91d2Ip57WGd7ValnTgSil2wzkdfhEuP9wIvUDE0&s=WsiUzjGpk_tQ20qzCHWz9P33zdiHZp14N2ET9IJ2ebs&e=
>
> La información contenida en este mensaje es confidencial. En caso de que
> reciba este mensaje por error le rogamos lo comunique a la mayor brevedad
> al emisor y proceda a su eliminación definitiva, absteniéndose de copiar,
> almacenar o difundir su contenido. De acuerdo con lo establecido en la Ley
> Orgánica 15/1999, de Protección de Datos de Carácter Personal y en el
> Reglamento de Desarrollo 1720/2007, los datos personales que facilite a
> través de la dirección de correo indicada serán incorporados a un fichero
> titularidad de INGRAM MICRO, S.L.U., con domicilio en C/ Antonio Machado,
> 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans). Mediante el envío de
> sus datos, Ud. otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para
> el tratamiento de sus datos, con la finalidad de atender a su consulta y/o
> mantener la relación profesional, comercial, y/o contractual que en su caso
> establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus derechos de acceso,
> rectificación, cancelación y oposición notificándolo por escrito a la
> dirección del remitente, o a la siguiente dirección de correo
> nuevascuentas at ingrammicro.es<mailto:nuevascuentas at ingrammicro.es>. De
> acuerdo con la Ley 34/2002, de Servicios de la Sociedad de la Información y
> de Comercio Electrónico, Vd. podrá oponerse en cualquier momento al
> tratamiento de sus datos con fines promocionales notificándonoslo por
> escrito a la dirección de correo mencionada.
>
> ..............................................................................................................................................................................................................................................
> The information contained in this message is confidential. If you receive
> this message by error please notify it as soon as possible to the sender
> and proceed to their final elimination by not copy, store or distribute its
> content. In accordance of what is stated in the Law 15/1999, of Data
> Personal Protection and Regulation Rule 1720/2007, the personal data
> provided through the email address you entered will be included in a file
> owned by INGRAM MICRO, SLU, located at C/ Antonio Machado, 78-80 1ª y 2ª
> pl. Business Park ( 08840-Viladecans). By submitting your data, you
> expressly give your consent to INGRAM MICRO, SLU, to the treatment of your
> data, in order to answer to your questions and / or keep the professional,
> commercial relationship  and / or contractual set with INGRAM MICRO, SLU
> You can exercise your rights of access, rectification, cancellation and
> opposition by giving written notification to the sender address or to  the
> following email:  nuevascuentas at ingrammicro.es<mailto:
> nuevascuentas at ingrammicro.es>. According to Law 34/2002, of the
> Information Society and Electronic Commerce, you may object at any time to
> your data treatment for promotional purposes by notifying us in writing to
> the email address above.
> [Ingram_2818e5de]
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=6coBQ_2Rde6d0ATdFdRM6LORZqfPK-Fea9vxQMejIBY&s=-p-OEEd2W9tAWBk8mZwVymJ2frk0Xcpb3yHx-vQ74D8&e=
> ><
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwQFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=zObqO0mO8lciEpAauzdu0RiHLAezgpZgOd7pZW1Bg_w&s=3CNjenvKco27VDCn4prn409jTYJA04syDa-yCleQ5gE&e=
> >
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=Ccoy53oEM8wW3-vUAuZFE1kez-3vbV9LOfLVoaEsm3A&m=6coBQ_2Rde6d0ATdFdRM6LORZqfPK-Fea9vxQMejIBY&s=-p-OEEd2W9tAWBk8mZwVymJ2frk0Xcpb3yHx-vQ74D8&e=
> >
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201217/6097c931/attachment-0001.htm>

More information about the midPoint mailing list