<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Jason,<br>
      <br>
      This will not work automatically. The mappings that you use in the
      roles are *outbound* mapping. MidPoint mappings work only in one
      direction - by design. Otherwise it could get very complicated.
      However, your question gave me an idea that something actually
      could be done in this specific case. I have created a Jira issue
      for this:<br>
      <br>
      <a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-2103">https://jira.evolveum.com/browse/MID-2103</a><br>
      <br>
      I have also realized that midPoint is currently quite weak when it
      comes to inbound synchronization of entitlement associations.
      Outbound synchronization can be done by the means of
      <construction> but there is no equivalent inbound mechanism.
      There is of course a "feedback" of association information to
      check whether it matches with definitions in <construction>
      blocks during reconciliation - which is kind of synchronization
      towards midPoint. But I guess this is not what you are looking
      for. Your case is actually the very first use of midPoint which is
      using the entitlement associations as a source therefore we have
      not realized that midPoint has this shortcoming. And I would like
      to thank you a lot for pointing that out by asking this question.
      I have also created a Jira issue for this:<br>
      <br>
      <a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-2104">https://jira.evolveum.com/browse/MID-2104</a><br>
      <br>
      In the meantime I do not see any convenient mechanism to do what
      you want to do. But midPoint also has less convenient mechanisms
      how to do almost anything. The thing that you want can be achieved
      by using the scripting hooks:<br>
      <a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Scripting+Hooks">https://wiki.evolveum.com/display/midPoint/Scripting+Hooks</a><br>
      In this case you need to write a custom code that will use the
      model context
      (<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Model+Context">https://wiki.evolveum.com/display/midPoint/Model+Context</a>) to
      determine group associations and convert that to role assignments.
      It is definitely doable, however this goes quite deep into the
      midpoint core and it can be somehow complex. And you can always
      fork midPoint source code on github and hack in the solution that
      you need. In this case it actually won't even be a hack at all as
      midPoint is prepared for "hook" plug-ins so this can be done quite
      cleanly. E.g. this is how we have integrated workflow into
      midPoint. However, there is no convenient documentation about this
      yet therefore you would need to use the source code.<br>
      <br>
      Overall, you are raising an interesting question. Your ideas are
      good and we are definitely going to implement these two features.
      But right now I cannot say when exactly is that going to happen.
      MidPoint development is self-funded. Therefore we have to
      prioritize the requests from our customers/partners that are
      funding the development (by subscription or by other means). Even
      a nice-to-have request from a midPoint subscriber has a much
      higher priority than any other request from non-subscriber.
      Therefore unless one of the midPoint subscribers uses their
      influence in favour of these features I cannot promise they will
      get implemented very soon.<br>
      <br>
      <pre class="moz-signature" cols="72">-- 

                                           Radovan Semancik
                                          Software Architect
                                             evolveum.com
</pre>
      <br>
      <br>
      On 11/28/2014 06:47 PM, Jason Everling wrote:<br>
    </div>
    <blockquote
cite="mid:CAFkZXY40j1=DRnYWVwS9gYAzMz89CuLfNV2LRuvbKXjNdPY_Eg@mail.gmail.com"
      type="cite">
      <div dir="ltr">So I tested, turns out it needs the 2nd order
        inducement.
        <div><br>
        </div>
        <div>Using Midpoint Gui to add/remove users to roles also
          add/removes them from AD Group, tested, works.</div>
        <div><br>
        </div>
        <div>Using AD to add/remove users in Group, does not sync back
          to Midpoint, tested, does not sync, Should this work?</div>
        <div><br>
        </div>
        <div>JASON</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Fri, Nov 28, 2014 at 11:28 AM, Jason
          Everling <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Meant to say I commented out the 2nd order
              inducement,
              <div><br>
              </div>
              <div>JASON</div>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <div class="gmail_quote">On Fri, Nov 28, 2014 at 11:27
                    AM, Jason Everling <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div dir="ltr">Thanks for the followup, yes the
                        groups to roles are created and vice-versa but
                        users are not synced to roles or groups, I am
                        using the domain administrator account so it
                        shouldn't be an issue.
                        <div><br>
                        </div>
                        <div>One thing I changed from the original
                          samples was the Metarole, these lines for the
                          2nd order incudment. WOuld this be the reason
                          users are not synced to groups/roles? I had
                          already had a role in midpoint that has the AD
                          resource inducement so I figured it was not
                          necessary unless I misinterpreted the
                          comments.</div>
                        <div><br>
                        </div>
                        <div>
                          <pre style="margin-top:0px;margin-bottom:0px;padding:0px;font-family:Consolas,Menlo,'Liberation Mono',Courier,monospace;font-size:12px;line-height:1.4;color:rgb(51,51,51)">            <span style="color:rgb(153,153,136);font-style:italic"><!-- This inducement causes creation of AD account that is in AD group for any USER that possesses any role that possesses this metarole --></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-37" style="color:rgb(53,114,176)"></a>            <span style="color:rgb(153,153,136);font-style:italic"><!-- That's why this is called second-order inducement --></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-41" style="color:rgb(53,114,176)"></a>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-42" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">            <inducement></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-43" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                <construction></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-44" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                    <resourceRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef" type="c:ResourceType"/></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-45" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                    <kind>account</kind></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-46" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                    <intent>default</intent></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-47" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                    <association></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-48" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                        <ref>ri:group</ref></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-49" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                        <outbound></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-50" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                            <expression></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-51" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                <associationFromLink></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-52" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                    <projectionDiscriminator></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-53" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                        <kind>entitlement</kind></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-54" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                        <intent>group</intent></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-55" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                    </projectionDiscriminator></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-56" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                                </associationFromLink></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-57" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                            </expression></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-58" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                        </outbound></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-59" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                    </association></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-60" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                </construction></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-61" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">                <order>2</order></span>
<a moz-do-not-send="true" name="149f772b6a513d73_149f771c3b26d1e1_cl-62" style="color:rgb(53,114,176)"></a><span style="color:rgb(153,153,136);font-style:italic">            </inducement></span></pre>
                        </div>
                      </div>
                      <div>
                        <div>
                          <div class="gmail_extra"><br>
                            <div class="gmail_quote">On Fri, Nov 28,
                              2014 at 3:49 AM, Ivan Noris <span
                                dir="ltr"><<a moz-do-not-send="true"
                                  href="mailto:ivan.noris@evolveum.com"
                                  target="_blank">ivan.noris@evolveum.com</a>></span>
                              wrote:<br>
                              <blockquote class="gmail_quote"
                                style="margin:0 0 0 .8ex;border-left:1px
                                #ccc solid;padding-left:1ex">
                                <div bgcolor="#FFFFFF" text="#000000">
                                  Sorry for late responding - but you've
                                  already got your solution, it was the
                                  right track indeed. Not using the
                                  samAccountName attribute will cause AD
                                  to generate a random value (we were
                                  using this feature in one deployment).
                                  This is the same also for Users (and
                                  sAMAccountName attribute).<br>
                                  <br>
                                  For the future you may also want to
                                  check the schema in the resource
                                  object (Configuration - Repository
                                  objects - your AD resource) - you will
                                  see all usable attributes if you are
                                  unsure of which are supported by the
                                  connector. This works after the schema
                                  was fetched, which is the first
                                  connection to your AD (e.g. the TEST
                                  connection for the resource).<br>
                                  <br>
                                  Of course this is usable for all other
                                  connectors as well.<br>
                                  <br>
                                  One more related thing to the
                                  permissions: to add/remove AD users to
                                  the groups, your AD permissions must
                                  allow you to modify the <b>groups</b>.
                                  (As the group membership is using the
                                  members attribute of the groups.)<br>
                                  I.e. permissions just to modify Users
                                  will be not enough.<br>
                                  <br>
                                  But as you are able to create groups,
                                  this should be ok now.<br>
                                  <br>
                                  Regards,<br>
                                  Ivan
                                  <div>
                                    <div><br>
                                      <br>
                                      <div>On 11/27/2014 11:56 PM, Jason
                                        Everling wrote:<br>
                                      </div>
                                      <blockquote type="cite">
                                        <div dir="ltr">Ah so I was on
                                          the right track, it works now,
                                          I had seen that
                                          (samAccountName) in the group
                                          schema but thought maybe it
                                          was a typo so I had changed it
                                          to sAMAccountName.
                                          <div><br>
                                          </div>
                                          <div>Changed the name for a
                                            role and the attribute
                                            updated correctly now!</div>
                                          <div><br>
                                          </div>
                                          <div>JASON</div>
                                        </div>
                                        <div class="gmail_extra"><br>
                                          <div class="gmail_quote">On
                                            Thu, Nov 27, 2014 at 4:50
                                            PM, Pavol Mederly <span
                                              dir="ltr"><<a
                                                moz-do-not-send="true"
                                                href="mailto:mederly@evolveum.com"
                                                target="_blank">mederly@evolveum.com</a>></span>
                                            wrote:<br>
                                            <blockquote
                                              class="gmail_quote"
                                              style="margin:0 0 0
                                              .8ex;border-left:1px #ccc
                                              solid;padding-left:1ex">
                                              <div bgcolor="#FFFFFF"
                                                text="#000000">
                                                <div>Ah, this is a
                                                  stupidity in original
                                                  AD connector that I've
                                                  inherited.<br>
                                                  (And didn't have the
                                                  courage to fix up to
                                                  now.)<br>
                                                  Sorry for that.<br>
                                                  <br>
                                                  For groups, please use
                                                  <b>samAccountName</b>
                                                  (not sAMAccountName)
                                                  as for users.<br>
                                                  <br>
                                                  Best regards,<br>
                                                  Pavol<br>
                                                  <br>
                                                </div>
                                                <div>
                                                  <div>
                                                    <blockquote
                                                      type="cite">
                                                      <div dir="ltr">Spoke
                                                        too soon, seems
                                                        it errors when
                                                        using
                                                        sAMAccountName
                                                        under the object
                                                        type,
                                                        <div><br>
                                                        </div>
                                                        <div><span>Definition
                                                          of attribute
                                                          sAMAccountName
                                                          not found in
                                                          object class {<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7DCustomGroupObjectClass"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}CustomGroupObjectClass</a> </span></div>
                                                      </div>
                                                      <div
                                                        class="gmail_extra"><br>
                                                        <div
                                                          class="gmail_quote">On
                                                          Thu, Nov 27,
                                                          2014 at 4:40
                                                          PM, Jason
                                                          Everling <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div dir="ltr">Hah,
                                                          nevermind, I
                                                          just needed
                                                          create a
                                                          attribute for
                                                          sAMAccountName
                                                          under the
                                                          objecttype
                                                          using the
                                                          +name+
                                                          outbound,
                                                          <div><br>
                                                          </div>
                                                          <div>JASON</div>
                                                          </div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On
                                                          Thu, Nov 27,
                                                          2014 at 4:36
                                                          PM, Jason
                                                          Everling <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div dir="ltr">Not
                                                          sure why I
                                                          didn't think
                                                          about that
                                                          after looking
                                                          at it so many
                                                          times, working
                                                          now.
                                                          <div><br>
                                                          </div>
                                                          <div>One more
                                                          question, the
                                                          roles get
                                                          created in AD
                                                          as groups now
                                                          but it does
                                                          not update the
                                                          sAMAccountName,
                                                          so it created
                                                          the
                                                          cn=tester,ou=groups,dc=test,dc=local
                                                          and common
                                                          name is
                                                          testers but
                                                          the
                                                          sAMAccountName
                                                          or the Group
                                                          Name (Pre
                                                          Windows 2000)
                                                          is a random
                                                          value
                                                          like $K61000-DN631FIPKSLL</div>
                                                          <div><br>
                                                          </div>
                                                          <div>How can
                                                          that be fixed?</div>
                                                          <div><br>
                                                          </div>
                                                          <div>Thanks
                                                          Again!</div>
                                                          <span><font
                                                          color="#888888">
                                                          <div>JASON</div>
                                                          </font></span></div>
                                                          <div>
                                                          <div>
                                                          <div
                                                          class="gmail_extra"><br>
                                                          <div
                                                          class="gmail_quote">On

                                                          Thu, Nov 27,
                                                          2014 at 4:18
                                                          PM, Pavol
                                                          Mederly <span
                                                          dir="ltr"><<a
moz-do-not-send="true" href="mailto:mederly@evolveum.com"
                                                          target="_blank">mederly@evolveum.com</a>></span>
                                                          wrote:<br>
                                                          <blockquote
                                                          class="gmail_quote"
                                                          style="margin:0
                                                          0 0
                                                          .8ex;border-left:1px
                                                          #ccc
                                                          solid;padding-left:1ex">
                                                          <div
                                                          bgcolor="#FFFFFF"
                                                          text="#000000">
                                                          <div>Hello
                                                          Jason,<br>
                                                          <br>
                                                          as far as I
                                                          know, in
                                                          Active
                                                          Directory CN
                                                          is not
                                                          updateable. It
                                                          suffices to
                                                          create/update
                                                          icfs:name
                                                          attribute, and
                                                          CN is updated
                                                          automatically.<br>
                                                          <br>
                                                          So, I would
                                                          suggest to
                                                          drop outbound
                                                          mapping from
                                                          CN attribute,
                                                          i.e. this one:<br>
                                                          <br>
                                                          Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 

<outbound><br>
                                                          Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 


                                                          <source><br>
                           
<path>$focus/name</path><br>
                                                          Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 


</source><br>
                                                          Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 

</outbound><br>
                                                          <br>
                                                          Best regards,<br>
                                                          Pavol
                                                          <div>
                                                          <div><br>
                                                          <br>
                                                          On 27. 11.
                                                          2014 19:23,
                                                          Jason Everling
                                                          wrote:<br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          <blockquote
                                                          type="cite">
                                                          <div>
                                                          <div>
                                                          <div dir="ltr">I
                                                          cannot figure
                                                          this one out,
                                                          I followed the
                                                          groups sync in
                                                          the wiki and
                                                          from the
                                                          github samples
                                                          along with the
                                                          metarole and
                                                          role template.
                                                          <div><br>
                                                          </div>
                                                          <div>When
                                                          creating a
                                                          role in
                                                          Midpoint it
                                                          attempts to
                                                          create the
                                                          group in AD
                                                          but I get an
                                                          error, look at
                                                          the debug page
                                                          it has the
                                                          correct DN and
                                                          CN.</div>
                                                          <div><br>
                                                          </div>
                                                          <div><span><span>operation.com.evolveum.midpoint.model.impl.lens.ChangeExecutor.execute</span></span><span></span>
                                                          <div>
                                                          <ul
                                                          style="margin:0px;list-style:none
                                                          outside
                                                          none;padding:0px">
                                                          <li
                                                          style="padding:1px
                                                          0px;list-style:none
                                                          outside
                                                          none;margin:0px;text-overflow:ellipsis;overflow:auto"><span>Security


                                                          violation
                                                          during
                                                          processing
                                                          shadow shadow:
                                                          null
                                                          (OID:null):
                                                          Attempt to add
                                                          shadow with
                                                          non-createable
                                                          attribute {<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
                                                          <li
                                                          title="Fatal
                                                          error"
                                                          style="padding:2px
                                                          0px 1px
                                                          25px;list-style:none
                                                          outside
                                                          none;margin:5px
                                                          0px
0px;text-overflow:ellipsis;overflow:auto;background-image:url(http://10.200.0.155/midpoint/img/messages-error-icon.png);background-repeat:no-repeat"><span
style="margin-top:0px">Security violation during processing shadow
                                                          shadow: null
                                                          (OID:null):
                                                          Attempt to add
                                                          shadow with
                                                          non-createable
                                                          attribute {<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7Dcn"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}cn</a></span></li>
                                                          </ul>
                                                          </div>
                                                          </div>
                                                          <div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <table>
                                                          <tbody>
                                                          <tr>
                                                          <th
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)">Activity</th>
                                                          <th
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)">Status</th>
                                                          <th
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)">Resource



                                                          object (if
                                                          applicable)</th>
                                                          </tr>
                                                          <tr>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221)"><span>Computing


                                                          projections of
                                                          the focus
                                                          object</span></td>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221)"><span
title="SUCCESS"
style="color:rgb(70,136,71);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
                                                          </td>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221)"><span></span><br>
                                                          </td>
                                                          </tr>
                                                          <tr>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)"><span>Entitlement



                                                          (group) on
                                                          Active
                                                          Directory</span></td>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)"><span
title="FATAL_ERROR"
style="color:rgb(185,74,72);display:inline-block;font-family:FontAwesome;line-height:0.75em;font-size:1.33333333333333em;vertical-align:-15%;width:1.28571428571429em;text-align:center"></span><br>
                                                          </td>
                                                          <td
                                                          style="padding:5px;line-height:1.428571429;vertical-align:top;border:1px
                                                          solid
                                                          rgb(221,221,221);background-color:rgb(249,249,249)"><span>Add:Fatal



                                                          error ->
                                                          cn=TESTER,ou=Groups,dc=test,dc=local</span></td>
                                                          </tr>
                                                          </tbody>
                                                          </table>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>I
                                                          attached the
                                                          AD Resource,
                                                          Role Template,
                                                          and MetaRole</div>
                                                          </div>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          <font><br>
                                                          <br>
                                                          CONFIDENTIALITY

                                                          NOTICE:<br>
                                                          This e-mail
                                                          together with
                                                          any
                                                          attachments is
                                                          proprietary
                                                          and
                                                          confidential;
                                                          intended for
                                                          only the
                                                          recipient(s)
                                                          named above
                                                          and may
                                                          contain
                                                          information
                                                          that is
                                                          privileged.
                                                          You should not
                                                          retain, copy
                                                          or use this
                                                          e-mail or any
                                                          attachments
                                                          for any
                                                          purpose, or
                                                          disclose all
                                                          or any part of
                                                          the contents
                                                          to any person.
                                                          Any views or
                                                          opinions
                                                          expressed in
                                                          this e-mail
                                                          are those of
                                                          the author and
                                                          do not
                                                          represent
                                                          those of the
                                                          Baptist School
                                                          of Health
                                                          Professions.
                                                          If you have
                                                          received this
                                                          e-mail in
                                                          error, or are
                                                          not the named
                                                          recipient(s),
                                                          you are hereby
                                                          notified that
                                                          any review,
                                                          dissemination,
                                                          distribution
                                                          or copying of
                                                          this
                                                          communication
                                                          is prohibited
                                                          by the sender
                                                          and to do so
                                                          might
                                                          constitute a
                                                          violation of
                                                          the Electronic
                                                          Communications
                                                          Privacy Act,
                                                          18 U.S.C.
                                                          section
                                                          2510-2521.
                                                          Please
                                                          immediately
                                                          notify the
                                                          sender and
                                                          delete this
                                                          e-mail and any
                                                          attachments
                                                          from your
                                                          computer. </font><br>
                                                          <br>
                                                          <fieldset></fieldset>
                                                          <br>
                                                          <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                                                          </blockquote>
                                                          <br>
                                                          </div>
                                                          <br>
_______________________________________________<br>
                                                          midPoint
                                                          mailing list<br>
                                                          <a
                                                          moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                                                          <a
                                                          moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                                                          target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                                                          <br>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                          </blockquote>
                                                        </div>
                                                        <br>
                                                      </div>
                                                      <br>
                                                      <font><br>
                                                        <br>
                                                        CONFIDENTIALITY
                                                        NOTICE:<br>
                                                        This e-mail
                                                        together with
                                                        any attachments
                                                        is proprietary
                                                        and
                                                        confidential;
                                                        intended for
                                                        only the
                                                        recipient(s)
                                                        named above and
                                                        may contain
                                                        information that
                                                        is privileged.
                                                        You should not
                                                        retain, copy or
                                                        use this e-mail
                                                        or any
                                                        attachments for
                                                        any purpose, or
                                                        disclose all or
                                                        any part of the
                                                        contents to any
                                                        person. Any
                                                        views or
                                                        opinions
                                                        expressed in
                                                        this e-mail are
                                                        those of the
                                                        author and do
                                                        not represent
                                                        those of the
                                                        Baptist School
                                                        of Health
                                                        Professions. If
                                                        you have
                                                        received this
                                                        e-mail in error,
                                                        or are not the
                                                        named
                                                        recipient(s),
                                                        you are hereby
                                                        notified that
                                                        any review,
                                                        dissemination,
                                                        distribution or
                                                        copying of this
                                                        communication is
                                                        prohibited by
                                                        the sender and
                                                        to do so might
                                                        constitute a
                                                        violation of the
                                                        Electronic
                                                        Communications
                                                        Privacy Act, 18
                                                        U.S.C. section
                                                        2510-2521.
                                                        Please
                                                        immediately
                                                        notify the
                                                        sender and
                                                        delete this
                                                        e-mail and any
                                                        attachments from
                                                        your computer. </font><br>
                                                      <br>
                                                      <fieldset></fieldset>
                                                      <br>
                                                      <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                                                    </blockquote>
                                                    <br>
                                                  </div>
                                                </div>
                                              </div>
                                              <br>
_______________________________________________<br>
                                              midPoint mailing list<br>
                                              <a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                                              <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                                                target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                                              <br>
                                            </blockquote>
                                          </div>
                                          <br>
                                        </div>
                                        <br>
                                        <font><br>
                                          <br>
                                          CONFIDENTIALITY NOTICE:<br>
                                          This e-mail together with any
                                          attachments is proprietary and
                                          confidential; intended for
                                          only the recipient(s) named
                                          above and may contain
                                          information that is
                                          privileged. You should not
                                          retain, copy or use this
                                          e-mail or any attachments for
                                          any purpose, or disclose all
                                          or any part of the contents to
                                          any person. Any views or
                                          opinions expressed in this
                                          e-mail are those of the author
                                          and do not represent those of
                                          the Baptist School of Health
                                          Professions. If you have
                                          received this e-mail in error,
                                          or are not the named
                                          recipient(s), you are hereby
                                          notified that any review,
                                          dissemination, distribution or
                                          copying of this communication
                                          is prohibited by the sender
                                          and to do so might constitute
                                          a violation of the Electronic
                                          Communications Privacy Act, 18
                                          U.S.C. section 2510-2521.
                                          Please immediately notify the
                                          sender and delete this e-mail
                                          and any attachments from your
                                          computer. </font><br>
                                        <br>
                                        <fieldset></fieldset>
                                        <br>
                                        <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                                      </blockquote>
                                      <br>
                                    </div>
                                  </div>
                                  <span><font color="#888888">
                                      <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                                    </font></span></div>
                                <br>
_______________________________________________<br>
                                midPoint mailing list<br>
                                <a moz-do-not-send="true"
                                  href="mailto:midPoint@lists.evolveum.com"
                                  target="_blank">midPoint@lists.evolveum.com</a><br>
                                <a moz-do-not-send="true"
                                  href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                                  target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                                <br>
                              </blockquote>
                            </div>
                            <br>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                  <br>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <br>
  </body>
</html>