[midPoint] MIDPOINT 4.8 - IN ACTIVE DIRECTORY, SYNC ONLY WORKS WITH DEFAULT KIND FOR ONE OBJECTCLASS
Carlos Ferreira
carlos18619 at gmail.com
Fri Mar 29 21:45:55 CET 2024
Thanks for the hint, Pavol. I did as you have said and it worked perfectly.
Em ter., 26 de mar. de 2024, 11:34, Pavol Mederly via midPoint <
midpoint at lists.evolveum.com> escreveu:
> Hi Carlos,
>
> it's a matter of correct setup of your object types.
>
> In particular, the *resource object type delineation *is what drives the
> classification process.
>
>
> https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation
>
> It seems that even our demo is not quite finished with this regard. It
> really treats all "groupOfNames" objects as entitlement/group object type.
>
> Best regards,
>
> --
> Pavol Mederly
> Software developerevolveum.com
>
> On 26/03/2024 12:59, Carlos Ferreira via midPoint wrote:
>
> Hello, everyone,
>
>
> I have an Active Directory resource that has 2 complex types. One -
> configured with kind=generic, intent=listAD - estabilishes a link between
> an AD group and a Midpoint OU. The other one - configured with
> kind=entitlement, intent=GroupAD - should connect and AD group with a
> Midpoint role.
>
> The first one is marked as "default".
>
> In the wizard, when a select
>
> "Resource objects", select objectclass "group" and try to import a group
> as a role, the shadow object is always set up with "kind=generic,
> intent=listAD".
>
> In Midpoint 4.1, for example, when importing any object from a resource,
> we were able to select what "intent" we were referring to and the process
> worked very fine.
>
> But now - in Midpoint 4.8 - we can select only the object class - "user"
> or "group" (in case of AD), so the link is always related to the default
> intent.
>
> If anyone wants to simulate a similar situation, you can use the MIDPOINT
> DEMO repository (https://demo.evolveum.com/):
>
> 1. select "repository"->"all objects" from the main menu;
> 2. select "shadow" -> "ldap server" and "P0002" as name;
> 3. verify that <kind>entitlement</kind> and
> <intent>ldapProject</intent>;
> 4. delete that shadow;
> 5. select the "ldap server" resource;
> 6. select "resource objects";
> 7. try to import "cn=P0002,ou=Projects,dc=example,dc=com";
> 8. see that the new "shadow" created for
> "'cn=P0002,ou=Projects,dc=example,dc=com" has
> <kind>entitlement</kind>
> <intent>group</intent>
> and the object itself is not linked to anything.
>
> Is this the expected behaviour or did I miss anything?
>
> Thks,
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240329/f496e31f/attachment-0001.htm>
More information about the midPoint
mailing list