[midPoint] Manager

[Wim Beck]

Hello,

I have not actually done this yet, but I am guessing you need to look into the association/relationhip configuration. I do have it working for AD group memberships. Since the manager property is just another type of relationship between two AD object, I am guessing you should be able to make it work by configuring the relationship and the corresponding source and target ref attributes.

Kind regards,
Wim Beck | Identity Expert @ IS4U

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of mikhail.nikolaenko via midPoint
Sent: Wednesday, 17 December 2025 10:26
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: mikhail.nikolaenko <mikhail.nikolaenko at proton.me>
Subject: [midPoint] Manager

Hello midPoint Community,

I need some advice for one feature I am currently implementing.

The requirement: every external employee should have a manager, and this should be provisioned into the AD manager attribute.

What I’ve done so far:

  *   Added a custom attribute managerRef in the schema (object reference type).
  *   On the UI I can select any object (will later try to restrict to users).

Where I’m stuck:

  *   How to provision this into AD? Since managerRef is stored as an object reference, I assume I need to resolve it to the DN of the shadow object, or maybe reuse the DN calculation logic from the resource adapter.
  *   How to reconcile the AD manager attribute back into midPoint? I guess I need to search for the user in the midpoint based on a naming attribute from the manager's DN.

Has anyone implemented something similar? I have feeling that this could be done in more smarter way... Any tips, examples, or best practices would be really helpful.
With best regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20251217/2510fa9a/attachment.htm>