[midPoint] AD group synchronization
Tom Seeley
midpoint at tomseeley.co.uk
Mon May 11 17:49:41 CEST 2020
Hi,
I've been reading through (the excellent) practical midpoint book for
my PoC, and I've got to the point where I want my AD groups membership
to be reflected in midpoint (or at least I think I do). I've created
the groups sync, mapping and correlation and my test AD group is
automatically created as a role in midpoint.
However the 1 test user (synchronized from AD) is not a member of the
role in midpoint (the role that is the result of a group in AD), even
though that AD account is a member of that AD group. Having been
through this
(https://wiki.evolveum.com/display/midPoint/Entitlements), I _think_
this is by design, since the group membership seems to be reflected in
the account and role shadow (if I'm understanding the docs correctly),
which is all I should expect at this point.
https://wiki.evolveum.com/display/midPoint/Entitlements points the
user in the direction of inducements and object templates to 'fix'
this problem, and
https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO gives more explicate examples. However that AD specific page references examples that are now 'legacy' according to the github repo, so I'm a little worried that I'm going to be heading down a
dead-end.
Is
https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO still valid? are the examples on the page still correct for
4.1?
Thanks,
Tom.
More information about the midPoint
mailing list