[midPoint] Importing AD groups as roles
Al Lilianstrom
lilstrom at fnal.gov
Thu Jan 7 18:29:39 CET 2021
Still struggling with this. Given up on importing the existing groups as roles for now. Using
https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO as a guide I verified that my configuration for the AD resource matched the guide. I then created the task for syncing groups
<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
<name>Synchronization: Active Directory Groups</name>
<extension>
<mext:kind xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3">entitlement</mext:kind>
</extension>
<executionStatus>runnable</executionStatus>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/live-sync/handler-3</handlerUri>
<objectRef oid="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2" type="c:ResourceType"/>
<recurrence>recurring</recurrence>
<binding>tight</binding>
<schedule>
<interval>5</interval>
</schedule>
</task>
Task runs without errors.
I then created a group. The task picked up the group and added it as a shadow.
>From this line in the document "When new group is created, it appears in midPoint as a new entitlement shadow and a role." I expected a role to be created.
Am I misunderstanding the document or missing something in the task?
--
Al Lilianstrom
Authentication Services
Fermi National Accelerator Laboratory
www.fnal.gov
lilstrom at fnal.gov
More information about the midPoint
mailing list