[midPoint] MIDPOINT 4.8 - IN ACTIVE DIRECTORY, SYNC ONLY WORKS WITH DEFAULT KIND FOR ONE OBJECTCLASS

Pavol Mederly mederly at evolveum.com
Tue Mar 26 15:34:41 CET 2024 

Hi Carlos,

it's a matter of correct setup of your object types.

In particular, the /resource object type delineation /is what drives the 
classification process.

https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation

It seems that even our demo is not quite finished with this regard. It 
really treats all "groupOfNames" objects as entitlement/group object type.

Best regards,

-- 
Pavol Mederly
Software developer
evolveum.com

On 26/03/2024 12:59, Carlos Ferreira via midPoint wrote:
> Hello, everyone,
>
>
> I have an Active Directory resource that has 2 complex types. One - 
> configured with kind=generic, intent=listAD - estabilishes a link 
> between an AD group and a Midpoint OU. The other one - configured with 
> kind=entitlement, intent=GroupAD - should connect and AD group with a 
> Midpoint role.
>
> The first one is marked as "default".
>
> In the wizard, when a select
>
> "Resource objects", select objectclass "group" and try to import a 
> group as a role, the shadow object is always set up with 
> "kind=generic, intent=listAD".
>
> In Midpoint 4.1, for example, when importing any object from a 
> resource, we were able to select what "intent" we were referring to 
> and the process worked very fine.
>
> But now - in Midpoint 4.8 - we can select only the object class - 
> "user" or "group" (in case of AD), so the link is always related to 
> the default intent.
>
> If anyone wants to simulate a similar situation, you can use the 
> MIDPOINT DEMO repository (https://demo.evolveum.com/):
>
> 1. select "repository"->"all objects" from the main menu;
> 2. select "shadow" -> "ldap server" and "P0002" as name;
> 3. verify that     <kind>entitlement</kind> and 
> <intent>ldapProject</intent>;
> 4. delete that shadow;
> 5. select the "ldap server" resource;
> 6. select "resource objects";
> 7. try to import "cn=P0002,ou=Projects,dc=example,dc=com";
> 8. see that the new "shadow" created for 
> "'cn=P0002,ou=Projects,dc=example,dc=com" has
>     <kind>entitlement</kind>
>     <intent>group</intent>
>    and the object itself  is not linked to anything.
>
> Is this the expected behaviour or did I miss anything?
>
> Thks,
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240326/679a5d2b/attachment.htm>

More information about the midPoint mailing list