<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi Jason,<br>
    <br>
    I don't have AD right now handy, so this one is a meta-answer:<br>
    <br>
    - Try to lookup some other-than-global/security groups in your AD,
    and see their attributes right in AD.<br>
    - Then try to see if those attributes are managable by the connector
    (in schema, CustomGroupObjectClass AFAIK).<br>
    - Then you can try to set corresponding values.<br>
    <br>
    In my projects, I've only needed Security and standard groups, I
    didn't set the other attribute/values, so they were pretty much
    filled by AD or the connector itself.<br>
    <br>
    I'm sure Pavol can give you more precise answer regarding the
    support of this; and I may have some time later today or tomorrow to
    explore this myself.<br>
    <br>
    Regards,<br>
    Ivan<br>
    <br>
    <div class="moz-cite-prefix">On 12/01/2014 05:12 PM, Jason Everling
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAFkZXY5xjrOM9McDPLAORDMTqdBbrDxbWTwcy1VfDbg9QP8X7w@mail.gmail.com"
      type="cite">
      <div dir="ltr">I think that would be a bit much, more than likely,
        I will move all groups that would be sync'd to Midpoint into its
        own container in AD and move all our other groups to another
        container and use the <protected> to filter them out so
        they are not sync'd.
        <div><br>
        </div>
        <div>Is there a way to build a specific group type instead of
          just Global | Security, maybe Domain Local or Universal or is
          it hard coded to Global Security?<br>
          <div><br>
          </div>
          <div>Thanks!</div>
          <div>JASON</div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Dec 1, 2014 at 4:12 AM, Radovan
          Semancik <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:radovan.semancik@evolveum.com"
              target="_blank">radovan.semancik@evolveum.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>Hi Jason,<br>
                <br>
                This is slightly different. The condition tells whether
                to apply the specific <objectSynchronization>
                block or on. The primary use of the condition is to sort
                objects of the same object class to "intents" (see <a
                  moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass"
                  target="_blank">https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>).

                The primary meaning of this is to synchronize group
                object with a role object (or org object). But it does
                not synchronize account-group association (i.e. group
                membership) with a user-role assignment.<br>
                <br>
                With a bit of trickery it could theoretically work for
                your case. But I doubt that it will be practical. You
                will need one <objectSynchronization> block for
                each group that you are trying to synchronize.<span
                  class="HOEnZb"><font color="#888888"><br>
                    <br>
                    <pre cols="72">-- 

                                           Radovan Semancik
                                          Software Architect
                                             <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
                  </font></span>
                <div>
                  <div class="h5"> <br>
                    <br>
                    On 11/29/2014 05:21 PM, Jason Everling wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">Is what I was asking, in the wiki it
                      says you can add a condition to the
                      synchronization policy, under <a
                        moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration"
                        target="_blank">https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration</a>
                      <div><br>
                      </div>
                      <ul style="margin:10px 0px
0px;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px">
                        <li><strong>condition</strong> is an expression
                          which has to evaluate to true for the policy
                          to be used. It can be used for a very
                          fine-grain selection of applicable policies.</li>
                      </ul>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px"><br>
                          </span></font></div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px">I
                            found a sample, kind of here, <a
                              moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml"
                              target="_blank">https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml</a></span></font></div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px"><br>
                          </span></font></div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px">I am
                            just a little confused on the condition
                            statement, I was thinking it would look
                            something like,</span></font></div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px"><br>
                          </span></font></div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px">
                            <div><condition></div>
                            <div>   <script></div>
                            <div>     <code></div>
                            <div>        declare default namespace "<a
                                moz-do-not-send="true"
                                href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>";</div>
                            <div>       
                              basic.getAttributeValue(account, '<a
                                moz-do-not-send="true"
                                href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                                target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>',

                              'info') = replicated</div>
                            <div>     </code></div>
                            <div>  </script></div>
                            <div></condition></div>
                          </span></font></div>
                      <div><br>
                      </div>
                      <div><br>
                      </div>
                      <div>JASON</div>
                      <div><font color="#333333" face="Arial,
                          sans-serif"><span
                            style="font-size:14px;line-height:20px"><br>
                          </span></font></div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Sat, Nov 29, 2014 at
                        2:47 AM, Pavol Mederly <span dir="ltr"><<a
                            moz-do-not-send="true"
                            href="mailto:mederly@evolveum.com"
                            target="_blank">mederly@evolveum.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000">
                            <div>Hello Jason,<br>
                              <br>
                              although I don't understand what you would
                              like to achieve, a quick answer though:<br>
                              <br>
                              If you would apply a condition to a
                              mapping (incoming or outgoing, it does not
                              matter), you can use <condition>
                              subelement directly under <incoming>
                              or <outgoing> one.<br>
                              However, take this only as a quick hint. I
                              haven't done that, nor I'm sure it's
                              implemented. Please try it.<br>
                              <br>
                              Best regards,<br>
                              Pavol
                              <div>
                                <div><br>
                                  <br>
                                  On 28. 11. 2014 22:46, Jason Everling
                                  wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">So I have the roleType
                                    syncing to the AD attribute, info,
                                    the info or roleType. I want any
                                    group that contains this roleType or
                                    info attribute sync'd, any other s
                                    will not be sync'd.
                                    <div><br>
                                    </div>
                                    <div>I know how to do this in
                                      objectTemplate but how in the
                                      resource so that it only syncs
                                      those groups and not all groups.</div>
                                    <div><br>
                                    </div>
                                    <div>Where do I put in the condition
                                      statement in the resource
                                      definition? I searched through
                                      what I could in the samples but
                                      couldn't find anything like this.</div>
                                    <div><br>
                                    </div>
                                    <div>JASON</div>
                                  </div>
                                  <br>
                                </div>
                              </div>
                              <font><br>
                                <br>
                                CONFIDENTIALITY NOTICE:<br>
                                This e-mail together with any
                                attachments is proprietary and
                                confidential; intended for only the
                                recipient(s) named above and may contain
                                information that is privileged. You
                                should not retain, copy or use this
                                e-mail or any attachments for any
                                purpose, or disclose all or any part of
                                the contents to any person. Any views or
                                opinions expressed in this e-mail are
                                those of the author and do not represent
                                those of the Baptist School of Health
                                Professions. If you have received this
                                e-mail in error, or are not the named
                                recipient(s), you are hereby notified
                                that any review, dissemination,
                                distribution or copying of this
                                communication is prohibited by the
                                sender and to do so might constitute a
                                violation of the Electronic
                                Communications Privacy Act, 18 U.S.C.
                                section 2510-2521. Please immediately
                                notify the sender and delete this e-mail
                                and any attachments from your computer.
                              </font><br>
                              <br>
                              <fieldset></fieldset>
                              <br>
                              <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                            </blockquote>
                            <br>
                          </div>
                          <br>
_______________________________________________<br>
                          midPoint mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:midPoint@lists.evolveum.com"
                            target="_blank">midPoint@lists.evolveum.com</a><br>
                          <a moz-do-not-send="true"
                            href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                            target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <font><br>
                      <br>
                      CONFIDENTIALITY NOTICE:<br>
                      This e-mail together with any attachments is
                      proprietary and confidential; intended for only
                      the recipient(s) named above and may contain
                      information that is privileged. You should not
                      retain, copy or use this e-mail or any attachments
                      for any purpose, or disclose all or any part of
                      the contents to any person. Any views or opinions
                      expressed in this e-mail are those of the author
                      and do not represent those of the Baptist School
                      of Health Professions. If you have received this
                      e-mail in error, or are not the named
                      recipient(s), you are hereby notified that any
                      review, dissemination, distribution or copying of
                      this communication is prohibited by the sender and
                      to do so might constitute a violation of the
                      Electronic Communications Privacy Act, 18 U.S.C.
                      section 2510-2521. Please immediately notify the
                      sender and delete this e-mail and any attachments
                      from your computer. </font><br>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                  </blockquote>
                  <br>
                  <br>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            midPoint mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
            <a moz-do-not-send="true"
              href="http://lists.evolveum.com/mailman/listinfo/midpoint"
              target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
  </body>
</html>