[midPoint] LDAP group sync

mceylan mrveceylan at gmail.com
Thu Mar 5 19:44:37 CET 2020 

Hi Jason,

I'm struggling with midPoint, but I'm having a hard time working with
metarole for the first time. Well I have 2 questions on my mind.

1. When I get the groups in AD, where do I print them? Or do I have to
print? What kind of inbound should I do in the source?

2. I will use the metal to create groups in Ldap, but what role should I
create and assign it to the metarole?

can you show an example with xml?

Thanks,

Jason Everling <jeverling at bshp.edu>, 5 Mar 2020 Per, 18:36 tarihinde şunu
yazdı:

> You only want to run the import task really 1 time, after that you want to
> use a live sync task which runs constantly. The live sync task picks up the
> changes in real-time, any changes to AD are then made in midpoint.
>
>
>
> Like I had mentioned, I think it would be wise to fully read the book and
> if you can go through a midpoint training class because these topics,
> metaroles, livesync and such are basics for any resource
>
>
>
>
>
> Training:
>
> https://evolveum.com/services/training-and-certification/
>
>
>
> The Book:
>
> https://docs.evolveum.com/book/
>
>
>
>
>
> *From: *mceylan <mrveceylan at gmail.com>
> *Sent: *Thursday, March 5, 2020 2:54 AM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP group sync
>
>
>
> Hi,
>
>
>
> I have one more question. How will midpoint automatically detect the group
> created in AD?
>
>
>
> Thanks,
>
>
>
> mceylan <mrveceylan at gmail.com>, 5 Mar 2020 Per, 10:41 tarihinde şunu
> yazdı:
>
> Hi Jason,
>
>
>
> Hello, thanks for your answer.
> I just want to ask this. I am running user import task while importing
> user from AD. And when I want to add a role to the user, I assigment.
> There's no problem with that. How will it come in when I just add this
> metarolla? Will I run a task again to shoot groups? How will the assignment
> of the metarol be? I did not understand this topic.
>
>
>
> Thanks,
>
>
>
> Jason Everling <jeverling at bshp.edu>, 4 Mar 2020 Çar, 17:48 tarihinde şunu
> yazdı:
>
> Yes,
>
>
>
> AD inbound sync to midpoint, midpoint detects changes, creates role, adds
> members, then midpoint outbound sync to openldap creates group and members.
> It also works the other direction if you also have inbound sync from
> openldap.
>
>
>
> For this question, I think you have to take a step back and first read up
> on metaroles,
>
> *“How will it happen when I add the metarole? What task will I run?”*
>
>
>
> The midpoint book is a good place and covers most of it,
>
> https://docs.evolveum.com/book/
>
>
>
>
>
> *From: *mceylan <mrveceylan at gmail.com>
> *Sent: *Wednesday, March 4, 2020 1:36 AM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP group sync
>
>
>
> Jason, thanks for your answer
> So I added this role in the same way, how will the scenario be?
>
> 1. AD and LDAP connected to midpoint as source
> 2. AD is a reliable source and the user added there occurs in midpoint and
> LDAP.
> 3. Create manual group and add user in AD. The same group should occur
> automatically in midpoint and LDAP. How will it happen when I add the
> metarole? What task will I run?
>
>
>
> Thanks,
>
>
>
> Jason Everling <jeverling at bshp.edu>, 3 Mar 2020 Sal, 18:17 tarihinde şunu
> yazdı:
>
> Yes, since you have midpoint setup to sync Active Directory and OpenLDAP
> then when you create a group in Active directory it gets created via live
> sync in midpoint which in turn then gets created in openldap because you
> have a metarole that says it should. We do this currently.
>
>
>
> See attached metarole, you must have inbound group sync working for booth
> AD and OpenLDAP.
>
>
>
>
>
>
>
> *From: *mceylan <mrveceylan at gmail.com>
> *Sent: *Tuesday, March 3, 2020 8:50 AM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP group sync
>
>
>
> Hi,
>
>
>
> No, When I open the group manually in Active Directory, I want to
> automatically create the same group in openldap and synchronize the users
> within the groups. So both group synchronization and user.
>
>
> We can assign a group to the user via midpoint with the role, but that's
> not what I want.
>
>
>
> Thanks,
>
>
>
> Gómez Martínez, Elsa <egomezm at minsait.com>, 3 Mar 2020 Sal, 14:22
> tarihinde şunu yazdı:
>
> Hi!
>
>
>
> Could you explain with more detail?
>
> Did you mean the next flow:
>
> Users in AD à MidPoint à Ldap?
>
>
>
> Elsa
>
>
>
> *De:* midPoint <midpoint-bounces at lists.evolveum.com> *En nombre de *Jason
> Everling
> *Enviado el:* lunes, 2 de marzo de 2020 20:26
> *Para:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Asunto:* Re: [midPoint] LDAP group sync
>
>
>
> You just add both constructions/inducements to the metarole that creates
> the group and members, you could have as many different ldap servers as
> possible
>
>
>
>
>
>
>
>
>
> On Mon, Mar 2, 2020 at 9:51 AM mceylan <mrveceylan at gmail.com> wrote:
>
> Hi,
>
>
>
> I am trying to synchronize groups between AD and ldap.
> I want it to automatically create the group created in AD over midpoint in
> ldap. Can you help with this?
>
>
>
> Thanks,
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
> Merve CEYLAN
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
> Merve CEYLAN
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
> Merve CEYLAN
>
>
>
>
> --
>
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200305/b6b2a2ba/attachment.htm>

More information about the midPoint mailing list