[midPoint] MIDPOINT 4.8 - IN ACTIVE DIRECTORY, SYNC ONLY WORKS WITH DEFAULT KIND FOR ONE OBJECTCLASS

[Carlos Ferreira]

Hello, everyone,


I have an Active Directory resource that has 2 complex types. One -
configured with kind=generic, intent=listAD - estabilishes a link between
an AD group and a Midpoint OU. The other one - configured with
kind=entitlement, intent=GroupAD - should connect and AD group with a
Midpoint role.

The first one is marked as "default".

In the wizard, when a select

"Resource objects", select objectclass "group" and try to import a group as
a role, the shadow object is always set up with "kind=generic,
intent=listAD".

In Midpoint 4.1, for example, when importing any object from a resource, we
were able to select what "intent" we were referring to and the process
worked very fine.

But now - in Midpoint 4.8 - we can select only the object class - "user" or
"group" (in case of AD), so the link is always related to the default
intent.

If anyone wants to simulate a similar situation, you can use the MIDPOINT
DEMO repository (https://demo.evolveum.com/):

1. select "repository"->"all objects" from the main menu;
2. select "shadow" -> "ldap server" and "P0002" as name;
3. verify that     <kind>entitlement</kind> and
<intent>ldapProject</intent>;
4. delete that shadow;
5. select the "ldap server" resource;
6. select "resource objects";
7. try to import "cn=P0002,ou=Projects,dc=example,dc=com";
8. see that the new "shadow" created for
"'cn=P0002,ou=Projects,dc=example,dc=com" has
    <kind>entitlement</kind>
    <intent>group</intent>
   and the object itself  is not linked to anything.

Is this the expected behaviour or did I miss anything?

Thks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240326/4f9e08db/attachment.htm>