[midPoint] LDAP group sync

Thu Mar 5 08:41:35 CET 2020

Hi Jason,

Hello, thanks for your answer.
I just want to ask this. I am running user import task while importing user
from AD. And when I want to add a role to the user, I assigment. There's no
problem with that. How will it come in when I just add this metarolla? Will
I run a task again to shoot groups? How will the assignment of the metarol
be? I did not understand this topic.

Thanks,

Jason Everling <jeverling at bshp.edu>, 4 Mar 2020 Çar, 17:48 tarihinde şunu
yazdı:

> Yes,
>
>
>
> AD inbound sync to midpoint, midpoint detects changes, creates role, adds
> members, then midpoint outbound sync to openldap creates group and members.
> It also works the other direction if you also have inbound sync from
> openldap.
>
>
>
> For this question, I think you have to take a step back and first read up
> on metaroles,
>
> *“**How will it happen when I add the metarole? What task will I run?”*
>
>
>
> The midpoint book is a good place and covers most of it,
>
> https://docs.evolveum.com/book/
>
>
>
>
>
> *From: *mceylan <mrveceylan at gmail.com>
> *Sent: *Wednesday, March 4, 2020 1:36 AM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP group sync
>
>
>
> Jason, thanks for your answer
> So I added this role in the same way, how will the scenario be?
>
> 1. AD and LDAP connected to midpoint as source
> 2. AD is a reliable source and the user added there occurs in midpoint and
> LDAP.
> 3. Create manual group and add user in AD. The same group should occur
> automatically in midpoint and LDAP. How will it happen when I add the
> metarole? What task will I run?
>
>
>
> Thanks,
>
>
>
> Jason Everling <jeverling at bshp.edu>, 3 Mar 2020 Sal, 18:17 tarihinde şunu
> yazdı:
>
> Yes, since you have midpoint setup to sync Active Directory and OpenLDAP
> then when you create a group in Active directory it gets created via live
> sync in midpoint which in turn then gets created in openldap because you
> have a metarole that says it should. We do this currently.
>
>
>
> See attached metarole, you must have inbound group sync working for booth
> AD and OpenLDAP.
>
>
>
>
>
>
>
> *From: *mceylan <mrveceylan at gmail.com>
> *Sent: *Tuesday, March 3, 2020 8:50 AM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP group sync
>
>
>
> Hi,
>
>
>
> No, When I open the group manually in Active Directory, I want to
> automatically create the same group in openldap and synchronize the users
> within the groups. So both group synchronization and user.
>
>
> We can assign a group to the user via midpoint with the role, but that's
> not what I want.
>
>
>
> Thanks,
>
>
>
> Gómez Martínez, Elsa <egomezm at minsait.com>, 3 Mar 2020 Sal, 14:22
> tarihinde şunu yazdı:
>
> Hi!
>
>
>
> Could you explain with more detail?
>
> Did you mean the next flow:
>
> Users in AD à MidPoint à Ldap?
>
>
>
> Elsa
>
>
>
> *De:* midPoint <midpoint-bounces at lists.evolveum.com> *En nombre de *Jason
> Everling
> *Enviado el:* lunes, 2 de marzo de 2020 20:26
> *Para:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Asunto:* Re: [midPoint] LDAP group sync
>
>
>
> You just add both constructions/inducements to the metarole that creates
> the group and members, you could have as many different ldap servers as
> possible
>
>
>
>
>
>
>
>
>
> On Mon, Mar 2, 2020 at 9:51 AM mceylan <mrveceylan at gmail.com> wrote:
>
> Hi,
>
>
>
> I am trying to synchronize groups between AD and ldap.
> I want it to automatically create the group created in AD over midpoint in
> ldap. Can you help with this?
>
>
>
> Thanks,
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
> Merve CEYLAN
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>

-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200305/a10cce76/attachment.htm>