<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi Pavol,<br>
great work! Many thanks!<br>
<br>
There is a little error in group sync definition
(objectSynchronization section in resource definition) on <a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO">https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO</a>:<br>
<br>
The account schema has attrib named "sAMAccountName" attribute,
but group schema has attrib named "samAccountName" atribute
(different lower/upper chars). Probably bug in ICF connector... :)<br>
Then group correlation will be:<br>
<correlation><br>
<q:equal><br>
<q:path>c:name</q:path><br>
<expression><br>
<path>$shadow/attributes/<b>samAccountName</b></path><br>
</expression><br>
</q:equal><br>
</correlation><br>
<br>
<br>
Many thanks!<br>
Regards<br>
Roman Pudil
<div class="moz-signature">
<title></title>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<p> </p>
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial, sans-serif;
font-size:11px; color:#000000; vertical-align:bottom;">
<p> <span style="font-size:14px; font-weight:bold;">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif; font-size:11px;
color:#000000; vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a href="http://www.ami.cz">www.ami.cz</a> </p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif; font-size:11px;
color:#000000;">
<p> <img src="cid:part4.02090602.00020209@ami.cz"
alt="AMI Praha a.s." title="AMI Praha a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part5.02010009.06080102@ami.cz" alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial, sans-serif;
font-size:11px; color:#808080;"> <br>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani
neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena,
musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
Dne 25.6.2014 17:45, Pavol Mederly napsal(a):<br>
</div>
<blockquote cite="mid:53AAEE9F.5060900@evolveum.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
I've rewritten the last mail related to group sync to a HOW-TO. It
is available at<br>
<br>
<a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO">https://wiki.evolveum.com/display/midPoint/Active+Directory+Group+Synchronization+HOWTO</a><br>
<br>
...and I would like to thank Tim for providing the AD resource
sample which I've used (besides Org Sync Story Test) to construct
the tutorial. :)<br>
<br>
Regards,<br>
Pavol<br>
<br>
<blockquote cite="mid:53AAAA0C.8030709@evolveum.com" type="cite">
<div class="moz-cite-prefix"> <br>
On 23. 6. 2014 21:24, Roman Pudil - AMI Praha a.s. wrote:<br>
</div>
<blockquote cite="mid:53A87ED8.1050705@ami.cz" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hello Pavol,<br>
<br>
how about the reconciliation groups sample in Active
Directory? Have You any simple example?<br>
<br>
Thanks!<br>
Regards<br>
Roman
<div class="moz-signature">
<title></title>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<p> </p>
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial,
sans-serif; font-size:11px; color:#000000;
vertical-align:bottom;">
<p> <span style="font-size:14px;
font-weight:bold;">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;
vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz">www.ami.cz</a> </p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;">
<p> <img
src="cid:part10.08070605.06020706@ami.cz"
alt="AMI Praha a.s." title="AMI Praha a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part11.09000904.00050302@ami.cz"
alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial,
sans-serif; font-size:11px; color:#808080;"> <br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
Dne 12.6.2014 23:35, Pavol Mederly napsal(a):<br>
</div>
<blockquote cite="mid:539A1D1A.7050205@evolveum.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hello Roman,<br>
<br>
both Ivan and me are planning to prepare such a sample for
group synchronization in next few days.<br>
<br>
Unfortunately, both of us have some critical tasks to be
done immediately, so it could take maybe<br>
a week until we'll be able to prepare the sample.<br>
<br>
Best regards,<br>
Pavol Mederly<br>
<br>
</div>
<blockquote cite="mid:539A133B.7060906@ami.cz" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Radovan,<br>
thanks for inspiration.<br>
I tried 3 days to find right combination of AD group
schema definition, schema handling etc. - with no
success.<br>
Somebody tried it with success?<br>
<br>
Thanks!<br>
Roman Pudil<br>
<br>
<div class="moz-signature">
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial,
sans-serif; font-size:11px; color:#000000;
vertical-align:bottom;">
<p><span style="font-size:14px;
font-weight:bold;">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;
vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz">www.ami.cz</a> </p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;">
<p> <img
src="cid:part15.09050105.01060305@ami.cz"
alt="AMI Praha a.s." title="AMI Praha
a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part16.05000801.07060108@ami.cz"
alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial,
sans-serif; font-size:11px; color:#808080;"> <br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI Praha
a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
Dne 9.6.2014 18:08, Radovan Semancik napsal(a):<br>
</div>
<blockquote cite="mid:5395DC03.6030300@evolveum.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Roman,<br>
<br>
We haven't tried group synchronization in AD yet. But
we have done it is LDAP and the principle is the same.
Perhaps the best place for inspiration is our
"OrgSync" story test. This test synchronized orgunits
and groups in the LDAP server. The configuration files
are here:<br>
<br>
<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources/orgsync">https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources/orgsync</a><br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 06/05/2014 01:03 PM, Roman Pudil - AMI Praha a.s.
wrote:<br>
</div>
<blockquote cite="mid:53904E89.7060508@ami.cz"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hi,<br>
I need synchronize/reconcile AD Groups into midPoint
as Entitlements (Roles). Any simple example about
this?<br>
Importing groups over midpoint webservices is also
acceptable solution, but when I tried Your example in
\samples\model-client-sample\ it getting error in 3.0
version.<br>
<br>
Thanks!<br>
R. Pudil<br>
<div class="moz-signature">-- <br>
<title></title>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<p> </p>
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial,
sans-serif; font-size:11px; color:#000000;
vertical-align:bottom;">
<p> <span style="font-size:14px;
font-weight:bold;">Roman Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;
vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz">www.ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;">
<p> <img
src="cid:part21.09090503.01000508@ami.cz"
alt="AMI Praha a.s." title="AMI Praha
a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part22.00070500.03000505@ami.cz" alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial,
sans-serif; font-size:11px; color:#808080;">
<br>
Textem tohoto e-mailu podepisující neslibuje
uzavřít ani neuzavírá za společnost AMI
Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně písemnou
formu.</td>
</tr>
</tbody>
</table>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>