[midPoint] direct outbound group association on resource level
Yakov Revyakin
yrevyakin at gmail.com
Fri Aug 29 10:20:13 CEST 2025
Hi everyone,
I'm trying to migrate my AD resource using 4.9 associationType concept.
For now I can't understand how to migrate the following part:
An account objectType includes static group association which looks like:
<association>
<ref>ri:group</ref>
<tolerant>false</tolerant>
<kind>entitlement</kind>
<intent>computer-app</intent>
<outbound>
<expression>
<associationTargetSearch>
<filter>
<q:equal>
<q:path>attributes/ri:cn</q:path>
<q:value>all_computers</q:value>
</q:equal>
</filter>
<searchStrategy>onResourceIfNeeded</searchStrategy>
</associationTargetSearch>
</expression>
</outbound>
....
</association>
This association results in association of this specific group with an AD
account if it's appearing under user's projections. There are no roles,
assignments, inducements to get this kind of association. This account can
be imported and linked only. Create capability for it is denied.
It is not clear how to make this kind of association with the new 4.9
association types. I defined appropriate associationType but I can't see
how to create this association not involving assignment/inducement
approach.
If someone has an idea or experience please help.
Yakov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250829/0671f13d/attachment.htm>
More information about the midPoint
mailing list