[midPoint] Integrating existing LDAP

Markus Calmius markus.calmius at proton.ch
Thu Sep 14 16:23:21 CEST 2023 

Hi again,

not quite working.
Creating a role in midPoint creates the corresponding group in LDAP.
Actually, it's not LDAP, but FreeIPA, so I'm using https://github.com/artinsolutions/midpoint-connector-freeipa/tree/master.

Assigning the role to a user, creates and/or updates FreeIPA with the membership.
So the "next step" is working fine.

But before I get there, it's the reverse I would like to do:

- create roles for all freeipa groups: done

- I am also assigning an archetype to differentiate them from other roles

- assign the midPoint role(s) to all users that are member of the group

- this is not working, I'm probably missing something, but when I read everything and check the xml-files all I see is outbound. And I guess I need something inbound. And, since it's related to the user, would it mean a user object template that could do this?

Thanks in advance

Markus Calmius
Proton AG

------- Original Message -------
On Monday, September 11th, 2023 at 14:34, Markus Calmius <markus.calmius at proton.ch> wrote:

> Thank you Fabian and David for the information.
> I will read the pages you've linked to and see if I can figure it out .
>
> Markus Calmius
> Proton AG
>
> ------- Original Message -------
> On Monday, September 11th, 2023 at 09:46, Markus Calmius <markus.calmius at proton.ch> wrote:
>
>> Hi,
>>
>> I'm trying to figure out how to best integrate an existing LDAP server that contains users and groups. The users is not a difficult problem to solve, but the groups and mainly the group-membership eats up quite some time for me.
>>
>> To be fair, I am quite new to midPoint (although I have taken the fundamentals training), and I am still wrapping my head around everything.
>>
>> What I want to achieve, in the long run, is for midPoint to be the authoritative source for the LDAP directory, but before getting there, I need to import everything.
>> Using various pages from the mailing-list and docs.evovleum.com I have managed to import all groups as roles. Which is the first step I guess, but since the midPoint Role doesn't contains "members" I got a bit stuck. The problem with searching things online is that there isn't a "best before" note on the information you find. So sometimes the information is old and dated.
>>
>> So, I basically have two questions:
>>
>> - is there a better way to do this?
>> - if not, how do I also get the midPoint roles to include the ldap group membership
>>
>> If you can point me in the right direction I will much appreciate it.
>>
>> Thanks in advance!
>> Markus Calmius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230914/bd1765c7/attachment.htm>

More information about the midPoint mailing list