<div dir="ltr">I think that would be a bit much, more than likely, I will move all groups that would be sync'd to Midpoint into its own container in AD and move all our other groups to another container and use the <protected> to filter them out so they are not sync'd.<div><br></div><div>Is there a way to build a specific group type instead of just Global | Security, maybe Domain Local or Universal or is it hard coded to Global Security?<br><div><br></div><div>Thanks!</div><div>JASON</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 1, 2014 at 4:12 AM, Radovan Semancik <span dir="ltr"><<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Jason,<br>
<br>
This is slightly different. The condition tells whether to apply
the specific <objectSynchronization> block or on. The
primary use of the condition is to sort objects of the same object
class to "intents" (see
<a href="https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass" target="_blank">https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>).
The primary meaning of this is to synchronize group object with a
role object (or org object). But it does not synchronize
account-group association (i.e. group membership) with a user-role
assignment.<br>
<br>
With a bit of trickery it could theoretically work for your case.
But I doubt that it will be practical. You will need one
<objectSynchronization> block for each group that you are
trying to synchronize.<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre></font></span><div><div class="h5">
<br>
<br>
On 11/29/2014 05:21 PM, Jason Everling wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Is what I was asking, in the wiki it says you can
add a condition to the synchronization policy, under <a href="https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration</a>
<div><br>
</div>
<ul style="margin:10px 0px 0px;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px">
<li><strong>condition</strong> is an expression which
has to evaluate to true for the policy to be used. It can be
used for a very fine-grain selection of applicable policies.</li>
</ul>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">I found a sample,
kind of here, <a href="https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml</a></span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">I am just a little
confused on the condition statement, I was thinking it
would look something like,</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">
<div><condition></div>
<div> <script></div>
<div> <code></div>
<div> declare default namespace "<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>";</div>
<div> basic.getAttributeValue(account, '<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>',
'info') = replicated</div>
<div> </code></div>
<div> </script></div>
<div></condition></div>
</span></font></div>
<div><br>
</div>
<div><br>
</div>
<div>JASON</div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Nov 29, 2014 at 2:47 AM, Pavol
Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
although I don't understand what you would like to
achieve, a quick answer though:<br>
<br>
If you would apply a condition to a mapping (incoming or
outgoing, it does not matter), you can use
<condition> subelement directly under
<incoming> or <outgoing> one.<br>
However, take this only as a quick hint. I haven't done
that, nor I'm sure it's implemented. Please try it.<br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
On 28. 11. 2014 22:46, Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So I have the roleType syncing to the
AD attribute, info, the info or roleType. I want
any group that contains this roleType or info
attribute sync'd, any other s will not be sync'd.
<div><br>
</div>
<div>I know how to do this in objectTemplate but
how in the resource so that it only syncs those
groups and not all groups.</div>
<div><br>
</div>
<div>Where do I put in the condition statement in
the resource definition? I searched through what
I could in the samples but couldn't find
anything like this.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use
this e-mail or any attachments for any purpose, or
disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail
are those of the author and do not represent those of
the Baptist School of Health Professions. If you have
received this e-mail in error, or are not the named
recipient(s), you are hereby notified that any review,
dissemination, distribution or copying of this
communication is prohibited by the sender and to do so
might constitute a violation of the Electronic
Communications Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify the sender and
delete this e-mail and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>