[midPoint] LDAP group sync

mceylan mrveceylan at gmail.com
Fri Mar 6 09:17:28 CET 2020 

Hi,

Hello, which source example should I use to pull groups from AD? Wiki says
to use samples / resources / ad / ad-resource-groups-basic.xml but it's
old. I am currently using the Ad-ldap source. Can I pull groups with it?

Thanks,

mceylan <mrveceylan at gmail.com>, 5 Mar 2020 Per, 21:44 tarihinde şunu yazdı:

> Hi Jason,
>
> I'm struggling with midPoint, but I'm having a hard time working with
> metarole for the first time. Well I have 2 questions on my mind.
>
> 1. When I get the groups in AD, where do I print them? Or do I have to
> print? What kind of inbound should I do in the source?
>
> 2. I will use the metal to create groups in Ldap, but what role should I
> create and assign it to the metarole?
>
> can you show an example with xml?
>
> Thanks,
>
> Jason Everling <jeverling at bshp.edu>, 5 Mar 2020 Per, 18:36 tarihinde şunu
> yazdı:
>
>> You only want to run the import task really 1 time, after that you want
>> to use a live sync task which runs constantly. The live sync task picks up
>> the changes in real-time, any changes to AD are then made in midpoint.
>>
>>
>>
>> Like I had mentioned, I think it would be wise to fully read the book and
>> if you can go through a midpoint training class because these topics,
>> metaroles, livesync and such are basics for any resource
>>
>>
>>
>>
>>
>> Training:
>>
>> https://evolveum.com/services/training-and-certification/
>>
>>
>>
>> The Book:
>>
>> https://docs.evolveum.com/book/
>>
>>
>>
>>
>>
>> *From: *mceylan <mrveceylan at gmail.com>
>> *Sent: *Thursday, March 5, 2020 2:54 AM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP group sync
>>
>>
>>
>> Hi,
>>
>>
>>
>> I have one more question. How will midpoint automatically detect the
>> group created in AD?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> mceylan <mrveceylan at gmail.com>, 5 Mar 2020 Per, 10:41 tarihinde şunu
>> yazdı:
>>
>> Hi Jason,
>>
>>
>>
>> Hello, thanks for your answer.
>> I just want to ask this. I am running user import task while importing
>> user from AD. And when I want to add a role to the user, I assigment.
>> There's no problem with that. How will it come in when I just add this
>> metarolla? Will I run a task again to shoot groups? How will the assignment
>> of the metarol be? I did not understand this topic.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jason Everling <jeverling at bshp.edu>, 4 Mar 2020 Çar, 17:48 tarihinde
>> şunu yazdı:
>>
>> Yes,
>>
>>
>>
>> AD inbound sync to midpoint, midpoint detects changes, creates role, adds
>> members, then midpoint outbound sync to openldap creates group and members.
>> It also works the other direction if you also have inbound sync from
>> openldap.
>>
>>
>>
>> For this question, I think you have to take a step back and first read up
>> on metaroles,
>>
>> *“How will it happen when I add the metarole? What task will I run?”*
>>
>>
>>
>> The midpoint book is a good place and covers most of it,
>>
>> https://docs.evolveum.com/book/
>>
>>
>>
>>
>>
>> *From: *mceylan <mrveceylan at gmail.com>
>> *Sent: *Wednesday, March 4, 2020 1:36 AM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP group sync
>>
>>
>>
>> Jason, thanks for your answer
>> So I added this role in the same way, how will the scenario be?
>>
>> 1. AD and LDAP connected to midpoint as source
>> 2. AD is a reliable source and the user added there occurs in midpoint
>> and LDAP.
>> 3. Create manual group and add user in AD. The same group should occur
>> automatically in midpoint and LDAP. How will it happen when I add the
>> metarole? What task will I run?
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Jason Everling <jeverling at bshp.edu>, 3 Mar 2020 Sal, 18:17 tarihinde
>> şunu yazdı:
>>
>> Yes, since you have midpoint setup to sync Active Directory and OpenLDAP
>> then when you create a group in Active directory it gets created via live
>> sync in midpoint which in turn then gets created in openldap because you
>> have a metarole that says it should. We do this currently.
>>
>>
>>
>> See attached metarole, you must have inbound group sync working for booth
>> AD and OpenLDAP.
>>
>>
>>
>>
>>
>>
>>
>> *From: *mceylan <mrveceylan at gmail.com>
>> *Sent: *Tuesday, March 3, 2020 8:50 AM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP group sync
>>
>>
>>
>> Hi,
>>
>>
>>
>> No, When I open the group manually in Active Directory, I want to
>> automatically create the same group in openldap and synchronize the users
>> within the groups. So both group synchronization and user.
>>
>>
>> We can assign a group to the user via midpoint with the role, but that's
>> not what I want.
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Gómez Martínez, Elsa <egomezm at minsait.com>, 3 Mar 2020 Sal, 14:22
>> tarihinde şunu yazdı:
>>
>> Hi!
>>
>>
>>
>> Could you explain with more detail?
>>
>> Did you mean the next flow:
>>
>> Users in AD à MidPoint à Ldap?
>>
>>
>>
>> Elsa
>>
>>
>>
>> *De:* midPoint <midpoint-bounces at lists.evolveum.com> *En nombre de *Jason
>> Everling
>> *Enviado el:* lunes, 2 de marzo de 2020 20:26
>> *Para:* midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Asunto:* Re: [midPoint] LDAP group sync
>>
>>
>>
>> You just add both constructions/inducements to the metarole that creates
>> the group and members, you could have as many different ldap servers as
>> possible
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Mar 2, 2020 at 9:51 AM mceylan <mrveceylan at gmail.com> wrote:
>>
>> Hi,
>>
>>
>>
>> I am trying to synchronize groups between AD and ldap.
>> I want it to automatically create the group created in AD over midpoint
>> in ldap. Can you help with this?
>>
>>
>>
>> Thanks,
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>>
>>
>> --
>>
>> Merve CEYLAN
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Merve CEYLAN
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200306/0f2b1e54/attachment.htm>

More information about the midPoint mailing list