<div dir="ltr">Hi,<div><br></div><div>After too much time searching back and forth between sources and the HOWTOs; and a lot of trial and error, I finally managed to get AD to sync with group membership entitlements working. </div>
<div>I have been able to create roles that have "inducements" that create an active directory account that includes group membership. Removing membership from the group in AD will show as removed under the AD account in midPoint. (I did set the Default AD GPO to no restrictions on passwords and have not tested anything to do with passwords at this point.)</div>
<div><br></div><div>Below I am including the XML in the hope that it will save someone else some time, if anyone finds any bugs or improvements please let me know.</div><div><br></div><div>Cheers,</div><div><br></div><div>
Tim T.</div><div><br></div><div><div><font face="courier new, monospace" size="1"><?xml version="1.0" encoding="UTF-8"?></font></div><div><font face="courier new, monospace" size="1"><!--</font></div>
<div><font face="courier new, monospace" size="1"> ~ Copyright (c) 2010-2013 Evolveum</font></div><div><font face="courier new, monospace" size="1"> ~</font></div><div><font face="courier new, monospace" size="1"> ~ Licensed under the Apache License, Version 2.0 (the "License");</font></div>
<div><font face="courier new, monospace" size="1"> ~ you may not use this file except in compliance with the License.</font></div><div><font face="courier new, monospace" size="1"> ~ You may obtain a copy of the License at</font></div>
<div><font face="courier new, monospace" size="1"> ~</font></div><div><font face="courier new, monospace" size="1"> ~ <a href="http://www.apache.org/licenses/LICENSE-2.0">http://www.apache.org/licenses/LICENSE-2.0</a></font></div>
<div><font face="courier new, monospace" size="1"> ~</font></div><div><font face="courier new, monospace" size="1"> ~ Unless required by applicable law or agreed to in writing, software</font></div><div><font face="courier new, monospace" size="1"> ~ distributed under the License is distributed on an "AS IS" BASIS,</font></div>
<div><font face="courier new, monospace" size="1"> ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</font></div><div><font face="courier new, monospace" size="1"> ~ See the License for the specific language governing permissions and</font></div>
<div><font face="courier new, monospace" size="1"> ~ limitations under the License.</font></div><div><font face="courier new, monospace" size="1"> --></font></div><div><font face="courier new, monospace" size="1"><br>
</font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><!--</font></div><div><font face="courier new, monospace" size="1"><br></font></div><div>
<font face="courier new, monospace" size="1">This file is an example of Resource definition. It defines an AD resource</font></div><div><font face="courier new, monospace" size="1">using an Identity Connector Framework AD connector and Connector Server.</font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1">This resource definition contains only the very basic definitions for midPoint to work.</font></div><div>
<font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1">--></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><objects </font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3">http://prism.evolveum.com/xml/ns/public/query-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"</font></div>
<div><font face="courier new, monospace" size="1"> xmlns:xsd="<a href="http://www.w3.org/2001/XMLSchema">http://www.w3.org/2001/XMLSchema</a>"</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"> xmlns:icfc="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"> xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:func="<a href="http://midpoint.evolveum.com/xml/ns/public/function/basic-3">http://midpoint.evolveum.com/xml/ns/public/function/basic-3</a>"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>xmlns:my="<a href="http://myself.me/schemas/whatever">http://myself.me/schemas/whatever</a>"</font></div><div><font face="courier new, monospace" size="1"> xsi:schemaLocation="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a> ../../infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd"></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><resource oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef"></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Resource name. It will be displayed in GUI. --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><name>Active Directory Advanced Sync</name></font></div><div><font face="courier new, monospace" size="1"><br></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Reference to the ICF AD connector. OID is "virtual" for now. --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><connectorRef type="ConnectorType"></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><filter></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:equal></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:path>c:connectorType</q:path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:value>Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</q:value></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></q:equal></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></filter></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></connectorRef></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Configuration section contains configuration of the connector,</font></div>
<div><font face="courier new, monospace" size="1"> such as hostnames and passwords --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><connectorConfiguration></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Configuration specific for the Active Directory connector --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfc:configurationProperties</font></div><div><font face="courier new, monospace" size="1"> xmlns:icfcad="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</a>"></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:DirectoryAdminName>ADMINISTRATOR</icfcad:DirectoryAdminName></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:DirectoryAdminPassword><clearValue>PASSWORD</clearValue></icfcad:DirectoryAdminPassword></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:ObjectClass>User</icfcad:ObjectClass></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:Container>ou=accounts,dc=test,dc=local</icfcad:Container></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:CreateHomeDirectory>true</icfcad:CreateHomeDirectory></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:LDAPHostName>HOSTNAME</icfcad:LDAPHostName><!-- This is the hostname of AD server as seen from the ConnectorServer instance! --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:SearchChildDomains>false</icfcad:SearchChildDomains></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:DomainName>test.local</icfcad:DomainName></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:SyncGlobalCatalogServer>HOSTNAME</icfcad:SyncGlobalCatalogServer><!-- hostname of DC to look up for changes when synchronizing --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfcad:SyncDomainController>HOSTNAME</icfcad:SyncDomainController><!-- hostname of DC to look up for changes when synchronizing --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></icfc:configurationProperties></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div>
<font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfc:resultsHandlerConfiguration> <!-- currently this requires latest Evolveum version of .net connector server --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfc:enableCaseInsensitiveFilter>true</icfc:enableCaseInsensitiveFilter></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></icfc:resultsHandlerConfiguration></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></connectorConfiguration></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Resource schema definition.</font></div><div><font face="courier new, monospace" size="1"> It defines all the object classes that are available to midPoint</font></div>
<div><font face="courier new, monospace" size="1"> (accounts, groups, ...).</font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"> This should be direct mapping of ICF schema (and therefore also</font></div>
<div><font face="courier new, monospace" size="1"> LDAP schema). This is not supposed to be customized during deployment.</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> </font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> The <schema> element is missing. That tells midPoint to generate it from</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> the resource on the first use of this resource definition.</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> --></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Resource Schema Handling definition.</font></div>
<div><font face="courier new, monospace" size="1"> This part defines how the schema defined above will be used by</font></div><div><font face="courier new, monospace" size="1"> midPoint. It defines expressions and limitations for individual</font></div>
<div><font face="courier new, monospace" size="1"> schema attributes.</font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"> The expressions that describe both inbound and outbound flow of</font></div>
<div><font face="courier new, monospace" size="1"> the attributes are defined in this section.</font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"> This is the part where most of the customization takes place.</font></div>
<div><font face="courier new, monospace" size="1"> </font></div><div><font face="courier new, monospace" size="1"> --></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div>
<font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><schemaHandling></font></div><div><span class="" style="white-space:pre"><font face="courier new, monospace" size="1"> </font></span></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectType> <kind>account</kind> <displayName>Default Account</displayName></font></div><div>
<font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><default>true</default></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectClass>ri:AccountObjectClass</objectClass></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:givenName</ref></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- required attribute on AD --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><displayName>Given Name</displayName></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/givenName</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/givenName</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:sn</ref></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><displayName>Surname</displayName></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/familyName</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/familyName</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:sAMAccountName</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- required attribute on AD --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><displayName>Login name</displayName></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/name</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/name</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:mail</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/emailAddress</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/emailAddress</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute><!-- This attribute must be set to</font></div><div><font face="courier new, monospace" size="1">other than "false". We will set it to "true" to expire the password</font></div>
<div><font face="courier new, monospace" size="1">immediately (after create). Note there is no "initial" attribute, because the</font></div><div><font face="courier new, monospace" size="1">current implementation of forms would set the __PASSWORD_EXPIRED__ = false by</font></div>
<div><font face="courier new, monospace" size="1">default, which is not what we want. But it works, because it is set to "true"</font></div><div><font face="courier new, monospace" size="1">on the create, and on the update of other attributes, this attribute is not</font></div>
<div><font face="courier new, monospace" size="1">changed, so this outbound will not be processed.</font></div><div><font face="courier new, monospace" size="1">Please note that AD itself does not support changing the _PASSWORD_EXPIRED__</font></div>
<div><font face="courier new, monospace" size="1">to "false". The only way of resetting the flag is to change user's password.</font></div><div><font face="courier new, monospace" size="1">--></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>icfs:passwordExpired</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><value>true</value></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>icfs:name</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><displayName>Distinguished Name</displayName></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><limitations></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><minOccurs>0</minOccurs></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><access></font></div><div><font face="courier new, monospace" size="1"> <read>true</read></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><add>true</add></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></access></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></limitations></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/givenName</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/familyName</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>'cn='+givenName+' '+familyName+iterationToken+',ou=accounts,dc=test,dc=local'</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><iteration></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><maxIterations>5</maxIterations></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></iteration></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><protected></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><icfs:name>cn=Administrator,cn=Users,dc=test,dc=local</icfs:name></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></protected></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><activation></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><administrativeStatus></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></administrativeStatus></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></activation></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><credentials></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><password></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound/></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></password></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></credentials> </font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><association></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:group</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><displayName>AD Group Membership</displayName></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><kind>entitlement</kind></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><intent>group</intent></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><direction>objectToSubject</direction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><associationAttribute>ri:member</associationAttribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><valueAttribute>icfs:name</valueAttribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></association><span class="" style="white-space:pre"> </span></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></objectType></font></div><div><span class="" style="white-space:pre"><font face="courier new, monospace" size="1"> </font></span></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectType> <kind>entitlement</kind> <displayName>AD Group</displayName></font></div><div><span class="" style="white-space:pre"><font face="courier new, monospace" size="1"> </font></span></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><intent>group</intent></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectClass>ri:CustomGroupObjectClass</objectClass></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> </font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>icfs:name</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><matchingRule>mr:stringIgnoreCase</matchingRule></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Name cannot be weak. Changes in name trigger object rename. --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:cn</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><matchingRule>mr:stringIgnoreCase</matchingRule></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- This MUST be weak in case of OpenDJ. If DN (name) is changed then the uid will be changed</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> as a side-effect as it is a naming attribute. --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><attribute></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ref>ri:description</ref></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><outbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>strong</strength></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>description</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></outbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><inbound></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/description</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></inbound></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></attribute></font></div>
<div><font face="courier new, monospace" size="1"> </objectType></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectType></font></div><div>
<font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><kind>generic</kind></font></div><div><font face="courier new, monospace" size="1"> <intent>ou</intent></font></div>
<div><font face="courier new, monospace" size="1"> <displayName>Organizational Unit</displayName></font></div><div><font face="courier new, monospace" size="1"> <objectClass>ri:CustomorganizationalUnitObjectClass</objectClass></font></div>
<div><font face="courier new, monospace" size="1"> <attribute></font></div><div><font face="courier new, monospace" size="1"> <ref>icfs:name</ref></font></div><div><font face="courier new, monospace" size="1"> <matchingRule>mr:stringIgnoreCase</matchingRule></font></div>
<div><font face="courier new, monospace" size="1"> <outbound></font></div><div><font face="courier new, monospace" size="1"> <!-- Name cannot be weak. Changes in name trigger object rename. --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$focus/extension/ext:orgpath</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"> <expression></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> <code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> <span class="" style="white-space:pre"> </span>import javax.naming.ldap.Rdn</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> <span class="" style="white-space:pre"> </span>import javax.naming.ldap.LdapName</font></div><div><font face="courier new, monospace" size="1"><br>
</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> <span class="" style="white-space:pre"> </span>dn = new LdapName('dc=test,dc=local')</font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span>orgpath.tokenize('/').reverse().each { ouname -> dn.add(new Rdn('ou',ouname)) }</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> <span class="" style="white-space:pre"> </span>return dn.toString()</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> </code></font></div>
<div><font face="courier new, monospace" size="1"> </script></font></div><div><font face="courier new, monospace" size="1"> </expression></font></div><div><font face="courier new, monospace" size="1"> </outbound></font></div>
<div><font face="courier new, monospace" size="1"> </attribute></font></div><div><font face="courier new, monospace" size="1"> <attribute></font></div><div><font face="courier new, monospace" size="1"> <ref>ri:ou</ref></font></div>
<div><font face="courier new, monospace" size="1"> <matchingRule>mr:stringIgnoreCase</matchingRule></font></div><div><font face="courier new, monospace" size="1"> <outbound></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><!-- This MUST be weak in case of OpenDJ. If DN (name) is changed then the uid will be changed</font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span> as a side-effect as it is a naming attribute. --></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"> </outbound></font></div>
<div><font face="courier new, monospace" size="1"> <inbound></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><target></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><path>$focus/name</path></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span></target></font></div><div><font face="courier new, monospace" size="1"> </inbound></font></div>
<div><font face="courier new, monospace" size="1"> </attribute></font></div><div><font face="courier new, monospace" size="1"> <attribute></font></div><div><font face="courier new, monospace" size="1"> <ref>ri:description</ref></font></div>
<div><font face="courier new, monospace" size="1"> <outbound></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span><path>description</path></font></div><div><font face="courier new, monospace" size="1"> <span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"> </outbound></font></div><div><font face="courier new, monospace" size="1"> </attribute></font></div><div><font face="courier new, monospace" size="1"> </objectType></font></div>
<div><span class="" style="white-space:pre"><font face="courier new, monospace" size="1"> </font></span></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></schemaHandling></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!--</font></div><div><font face="courier new, monospace" size="1"> <capabilities xmlns:cap="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3</a>"></font></div>
<div><font face="courier new, monospace" size="1"> <cap:credentials></font></div><div><font face="courier new, monospace" size="1"> <cap:password/></font></div><div><font face="courier new, monospace" size="1"> </cap:credentials></font></div>
<div><font face="courier new, monospace" size="1"> <cap:liveSync/></font></div><div><font face="courier new, monospace" size="1"> <cap:testConnection/></font></div><div><font face="courier new, monospace" size="1"> </capabilities></font></div>
<div><font face="courier new, monospace" size="1"> --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><scripts></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><host>resource</host></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><language>Shell</language></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><argument></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><value>jbond</value></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><name>HOMEDIR</name></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></argument></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><code></font></div><div><font face="courier new, monospace" size="1"> echo "after modify," >> C:\a.txt</font></div>
<div><font face="courier new, monospace" size="1"> exit</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><operation>modify</operation></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><order>after</order></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!--</font></div><div><font face="courier new, monospace" size="1"> <script></font></div><div><font face="courier new, monospace" size="1"> <operation>modify</operation></font></div>
<div><font face="courier new, monospace" size="1"> <order>before</order></font></div><div><font face="courier new, monospace" size="1"> <language>Shell</language></font></div><div><font face="courier new, monospace" size="1"> <host>resource</host></font></div>
<div><font face="courier new, monospace" size="1"> <argument></font></div><div><font face="courier new, monospace" size="1"> <value>jbond</value></font></div><div><font face="courier new, monospace" size="1"> <name>HOMEDIR</name></font></div>
<div><font face="courier new, monospace" size="1"> </argument></font></div><div><font face="courier new, monospace" size="1"> <code></font></div><div><font face="courier new, monospace" size="1"> echo "before modify," >> C:\a.txt</font></div>
<div><font face="courier new, monospace" size="1"> exit</font></div><div><font face="courier new, monospace" size="1"> </code></font></div><div><font face="courier new, monospace" size="1"> </script></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"> <script></font></div><div><font face="courier new, monospace" size="1"> <operation>add</operation></font></div>
<div><font face="courier new, monospace" size="1"> <order>after</order></font></div><div><font face="courier new, monospace" size="1"> <language>Shell</language></font></div><div><font face="courier new, monospace" size="1"> <host>resource</host></font></div>
<div><font face="courier new, monospace" size="1"> <argument></font></div><div><font face="courier new, monospace" size="1"> <value>jbond</value></font></div><div><font face="courier new, monospace" size="1"> <name>HOMEDIR</name></font></div>
<div><font face="courier new, monospace" size="1"> </argument></font></div><div><font face="courier new, monospace" size="1"> <code></font></div><div><font face="courier new, monospace" size="1"> echo "after create," >> C:\a.txt</font></div>
<div><font face="courier new, monospace" size="1"> exit</font></div><div><font face="courier new, monospace" size="1"> </code></font></div><div><font face="courier new, monospace" size="1"> </script></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"> <script></font></div><div><font face="courier new, monospace" size="1"> <operation>add</operation></font></div>
<div><font face="courier new, monospace" size="1"> <order>before</order></font></div><div><font face="courier new, monospace" size="1"> <language>Shell</language></font></div><div><font face="courier new, monospace" size="1"> <host>resource</host></font></div>
<div><font face="courier new, monospace" size="1"> <argument></font></div><div><font face="courier new, monospace" size="1"> <value>jbond</value></font></div><div><font face="courier new, monospace" size="1"> <name>HOMEDIR</name></font></div>
<div><font face="courier new, monospace" size="1"> </argument></font></div><div><font face="courier new, monospace" size="1"> <code></font></div><div><font face="courier new, monospace" size="1"> echo "before create," >> C:\a.txt</font></div>
<div><font face="courier new, monospace" size="1"> exit</font></div><div><font face="courier new, monospace" size="1"> </code></font></div><div><font face="courier new, monospace" size="1"> </script>--></font></div>
<div><font face="courier new, monospace" size="1"></scripts></font></div><div><font face="courier new, monospace" size="1"><!--</font></div><div><font face="courier new, monospace" size="1"> Synchronization section describes the synchronization policy, timing,</font></div>
<div><font face="courier new, monospace" size="1"> reactions and similar synchronization settings.</font></div><div><font face="courier new, monospace" size="1"> --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><synchronization></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectSynchronization> <!-- USER SYNC --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!--</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>The synchronization for this resource is enabled.</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>It means that the synchronization will react to changes detected by</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>the system (live sync task, discovery or reconciliation) --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><enabled>true</enabled></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><correlation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:description></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>Correlation expression is a search query.</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>Following search queury will look for users that have "name"</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>equal to the "sAMAccountName" attribute of the account. Simply speaking,</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>it will look for match in usernames in the IDM and the resource.</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>The correlation rule always looks for users, so it will not match</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>any other object type.</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></q:description></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:equal></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:path>c:name</q:path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><expression></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><script></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><language><a href="http://www.w3.org/TR/xpath/">http://www.w3.org/TR/xpath/</a></language></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>$c:account/c:attributes/ri:sAMAccountName</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></q:equal></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></correlation></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Confirmation rule may be here, but as the search above will</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> always return at most one match, the confirmation rule is not needed. --></font></div><div><font face="courier new, monospace" size="1"><br>
</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Following section describes reactions to a situations.</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> The setting here assumes that this resource is authoritative,</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> therefore all accounts created on the resource should be</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> reflected as new users in IDM.</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> See <a href="http://wiki.evolveum.com/display/midPoint/Synchronization+Situations">http://wiki.evolveum.com/display/midPoint/Synchronization+Situations</a></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> --></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>linked</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action ref="<a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#modifyUser">http://midpoint.evolveum.com/xml/ns/public/model/action-3#modifyUser</a>"/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>deleted</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action ref="<a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlinkAccount">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlinkAccount</a>"/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>unlinked</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action ref="<a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount">http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount</a>"/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>unmatched</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!-- Reference to the User Template is here. If the user would be</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> created as a result of this action, it will be created according</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span> to this template. --></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectTemplateRef oid="c0c010c0-d34d-b33f-f00d-777222222222"/></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action ref="<a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser">http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser</a>"/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!--<span class="" style="white-space:pre"> </span> <action ref="<a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount">http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount</a>"/>--></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></objectSynchronization></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectSynchronization> <name>group sync</name></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectClass>ri:CustomGroupObjectClass</objectClass></font></div><div><font face="courier new, monospace" size="1"><br>
</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><kind>entitlement</kind></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><intent>group</intent></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><focusType>c:RoleType</focusType></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><enabled>true</enabled></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><correlation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:equal></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><q:path>c:name</q:path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><expression></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>declare namespace ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>";</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>$shadow/attributes/ri:sAMAccountName</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></q:equal></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></correlation></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>linked</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><synchronize>true</synchronize></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>deleted</situation></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><synchronize>true</synchronize></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink">http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</a></handlerUri></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></action></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>unlinked</situation></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><synchronize>true</synchronize></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link">http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</a></handlerUri></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></action></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><reaction></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><situation>unmatched</situation></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><synchronize>true</synchronize></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><action></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus">http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</a></handlerUri></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></action></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></reaction></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></objectSynchronization></font></div><div><span class="" style="white-space:pre"><font face="courier new, monospace" size="1"> </font></span></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></synchronization></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></resource></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222222"></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><name>Default User Template2</name></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><description></font></div><div><font face="courier new, monospace" size="1"> Alternative User Template Object.</font></div>
<div><font face="courier new, monospace" size="1"> This object is used when creating a new account, to set it up as needed.</font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></description></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><mapping></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><description></font></div>
<div><font face="courier new, monospace" size="1"> Property mapping.</font></div><div><font face="courier new, monospace" size="1"> Defines how properties of user object are set up.</font></div>
<div><font face="courier new, monospace" size="1"> This specific definition sets a full name as a concatenation</font></div><div><font face="courier new, monospace" size="1"> of givenName and familyName.</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></description></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><strength>weak</strength></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/givenName</path></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>$user/familyName</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></source></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><language><a href="http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy">http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</a></language></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>givenName + ' ' + familyName</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></code></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></script></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></expression></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><path>fullName</path></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></target></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></mapping></font></div><div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"></objectTemplate></font></div>
<div><font face="courier new, monospace" size="1"><br></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><task oid="91919191-76e0-59e2-86d6-444f02d3ffff"> <name>Synchronization: Active Directory</name></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><description></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span>Definition of a live synchronization task. It will poll changelog and pull in changes</font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></description></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><taskIdentifier>91919191-76e0-59e2-86d6-444f02d3ffff</taskIdentifier></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><!--ownerRef oid="00000000-0000-0000-0000-000000000002"/--></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><ownerRef oid="00000000-0000-0000-0000-000000000002"/></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><executionStatus>runnable</executionStatus></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/live-sync/handler-3">http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/live-sync/handler-3</a></handlerUri></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><objectRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef" type="c:ResourceType"/></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><recurrence>recurring</recurrence></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><binding>tight</binding></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><schedule></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span><interval>5</interval></font></div><div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></schedule></font></div>
<div><font face="courier new, monospace" size="1"><span class="" style="white-space:pre"> </span></task></font></div><div><font face="courier new, monospace" size="1"></objects></font></div></div><div><font face="courier new, monospace" size="1"><br>
</font></div><div><br></div></div>