[midPoint] Question about group membership management in midpoint
David Coutadeur
david.coutadeur at gmail.com
Mon Aug 28 16:13:43 CEST 2023
Hello,
I am working on an Openldap integration with midpoint.
It starts working, but I have two questions:
1/ I have imported OpenLDAP groups into midpoint roles. But I can't
figure out how to manage role membership. I'd like to be able to
read/write role members in midpoint so that they keep synchronized in LDAP.
You can see my openldap-resource definition attached.
Please notice that LDAP group membership is already visible in midpoint
users. If I look at account shadows, I can observe shadow group
membership. But I can't manage the membership from here.
Does anyone know how to do this? Is there a better approach for managing
group membership in midpoint?
2/ some LDAP users are not imported in midpoint when their names are too
close to existing users. For example when their name contain a dash.
I have understood that this is due to the comparison rule based on
PolyString type. I have tried multiple rules:
<q:path>name</q:path>
<q:matching>polyStringOrig</q:matching>
but I can't find any one that compares directly the strings, without
normalization. Do you know what I have missed?
Also, the openldap-resource I am working on is more complete that those
in the docs. Would you be interrested to include it? Do you accept
contributions?
Thanks in advance for your help!
Regards,
--
David Coutadeur | IAM integrator
david.coutadeur at worteks.com
+33 7 88 46 85 34
16 avenue Hoche, Paris 75008
Worteks | https://www.worteks.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: resource-openldap.xml
Type: text/xml
Size: 25459 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230828/75ad4af7/attachment-0001.xml>
More information about the midPoint
mailing list