[midPoint] LDAP group sync

mceylan mrveceylan at gmail.com
Thu Mar 5 09:54:38 CET 2020 

Hi,

I have one more question. How will midpoint automatically detect the group
created in AD?

Thanks,

mceylan <mrveceylan at gmail.com>, 5 Mar 2020 Per, 10:41 tarihinde şunu yazdı:

> Hi Jason,
>
> Hello, thanks for your answer.
> I just want to ask this. I am running user import task while importing
> user from AD. And when I want to add a role to the user, I assigment.
> There's no problem with that. How will it come in when I just add this
> metarolla? Will I run a task again to shoot groups? How will the assignment
> of the metarol be? I did not understand this topic.
>
> Thanks,
>
> Jason Everling <jeverling at bshp.edu>, 4 Mar 2020 Çar, 17:48 tarihinde şunu
> yazdı:
>
>> Yes,
>>
>>
>>
>> AD inbound sync to midpoint, midpoint detects changes, creates role, adds
>> members, then midpoint outbound sync to openldap creates group and members.
>> It also works the other direction if you also have inbound sync from
>> openldap.
>>
>>
>>
>> For this question, I think you have to take a step back and first read up
>> on metaroles,
>>
>> *“**How will it happen when I add the metarole? What task will I run?”*
>>
>>
>>
>> The midpoint book is a good place and covers most of it,
>>
>> https://docs.evolveum.com/book/
>>
>>
>>
>>
>>
>> *From: *mceylan <mrveceylan at gmail.com>
>> *Sent: *Wednesday, March 4, 2020 1:36 AM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP group sync
>>
>>
>>
>> Jason, thanks for your answer
>> So I added this role in the same way, how will the scenario be?
>>
>> 1. AD and LDAP connected to midpoint as source
>> 2. AD is a reliable source and the user added there occurs in midpoint
>> and LDAP.
>> 3. Create manual group and add user in AD. The same group should occur
>> automatically in midpoint and LDAP. How will it happen when I add the
>> metarole? What task will I run?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jason Everling <jeverling at bshp.edu>, 3 Mar 2020 Sal, 18:17 tarihinde
>> şunu yazdı:
>>
>> Yes, since you have midpoint setup to sync Active Directory and OpenLDAP
>> then when you create a group in Active directory it gets created via live
>> sync in midpoint which in turn then gets created in openldap because you
>> have a metarole that says it should. We do this currently.
>>
>>
>>
>> See attached metarole, you must have inbound group sync working for booth
>> AD and OpenLDAP.
>>
>>
>>
>>
>>
>>
>>
>> *From: *mceylan <mrveceylan at gmail.com>
>> *Sent: *Tuesday, March 3, 2020 8:50 AM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP group sync
>>
>>
>>
>> Hi,
>>
>>
>>
>> No, When I open the group manually in Active Directory, I want to
>> automatically create the same group in openldap and synchronize the users
>> within the groups. So both group synchronization and user.
>>
>>
>> We can assign a group to the user via midpoint with the role, but that's
>> not what I want.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Gómez Martínez, Elsa <egomezm at minsait.com>, 3 Mar 2020 Sal, 14:22
>> tarihinde şunu yazdı:
>>
>> Hi!
>>
>>
>>
>> Could you explain with more detail?
>>
>> Did you mean the next flow:
>>
>> Users in AD à MidPoint à Ldap?
>>
>>
>>
>> Elsa
>>
>>
>>
>> *De:* midPoint <midpoint-bounces at lists.evolveum.com> *En nombre de *Jason
>> Everling
>> *Enviado el:* lunes, 2 de marzo de 2020 20:26
>> *Para:* midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Asunto:* Re: [midPoint] LDAP group sync
>>
>>
>>
>> You just add both constructions/inducements to the metarole that creates
>> the group and members, you could have as many different ldap servers as
>> possible
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Mar 2, 2020 at 9:51 AM mceylan <mrveceylan at gmail.com> wrote:
>>
>> Hi,
>>
>>
>>
>> I am trying to synchronize groups between AD and ldap.
>> I want it to automatically create the group created in AD over midpoint
>> in ldap. Can you help with this?
>>
>>
>>
>> Thanks,
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Merve CEYLAN
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200305/f3e5bcfa/attachment.htm>

More information about the midPoint mailing list