<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Glad to hear that it worked :-)<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 12/01/2014 08:06 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY7vONevuxtUMsPUJDmQLN-WmE-za9eeVW93MuEeaPUSVw@mail.gmail.com"
type="cite">
<div dir="ltr">Awesome, it works just by using either of these
values in the roleType field, 2, 4, 8, -2147483646, -2147483644,
or -2147483640
<div><br>
</div>
<div>
<div> <attribute></div>
<div> <ref>ri:groupType</ref></div>
<div> <outbound></div>
<div>
<strength>strong</strength></div>
<div> <source></div>
<div>
<path>roleType</path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div>
<strength>strong</strength></div>
<div> <target></div>
<div>
<path>$focus/roleType</path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div>So now I am going to do some mappings and auto input those
fields when creating a role based on conditions!</div>
<div><br>
</div>
<div>This is great that it works!</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 1, 2014 at 11:11 AM, Pavol
Mederly <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
I would suggest looking at <a moz-do-not-send="true"
href="http://msdn.microsoft.com/en-us/library/cc223142.aspx"
target="_blank">http://msdn.microsoft.com/en-us/library/cc223142.aspx</a>.<br>
<br>
Then e.g. Security + Global group would be 0x80000002,
i.e. decimally either <a moz-do-not-send="true"
href="tel:2147483650" value="+12147483650"
target="_blank">2147483650</a> or -<a
moz-do-not-send="true" href="tel:2147483646"
value="+12147483646" target="_blank">2147483646</a>,
depending on whether the connector expects the value as
unsigned int32/64 or signed int32. I have not used that
yet; so please try them both and see what works for you.<br>
<br>
Best regards,<br>
Pavol
<div>
<div class="h5"><br>
<br>
On 1. 12. 2014 17:58, Jason Everling wrote:<br>
</div>
</div>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div dir="ltr">Yeah I was going to try to set the
grouptType attribute which controls what group
type it is but it is a integer and not a string,
if not then no big deal, was just wondering.
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 1, 2014 at
10:22 AM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi
Jason,<br>
<br>
I don't have AD right now handy, so this one
is a meta-answer:<br>
<br>
- Try to lookup some
other-than-global/security groups in your
AD, and see their attributes right in AD.<br>
- Then try to see if those attributes are
managable by the connector (in schema,
CustomGroupObjectClass AFAIK).<br>
- Then you can try to set corresponding
values.<br>
<br>
In my projects, I've only needed Security
and standard groups, I didn't set the other
attribute/values, so they were pretty much
filled by AD or the connector itself.<br>
<br>
I'm sure Pavol can give you more precise
answer regarding the support of this; and I
may have some time later today or tomorrow
to explore this myself.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 12/01/2014 05:12 PM, Jason
Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I think that would be a
bit much, more than likely, I will
move all groups that would be sync'd
to Midpoint into its own container
in AD and move all our other groups
to another container and use the
<protected> to filter them out
so they are not sync'd.
<div><br>
</div>
<div>Is there a way to build a
specific group type instead of
just Global | Security, maybe
Domain Local or Universal or is it
hard coded to Global Security?<br>
<div><br>
</div>
<div>Thanks!</div>
<div>JASON</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec
1, 2014 at 4:12 AM, Radovan
Semancik <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:radovan.semancik@evolveum.com"
target="_blank">radovan.semancik@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<div>Hi Jason,<br>
<br>
This is slightly different.
The condition tells whether
to apply the specific
<objectSynchronization>
block or on. The primary use
of the condition is to sort
objects of the same object
class to "intents" (see <a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass"
target="_blank">https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>).
The primary meaning of this
is to synchronize group
object with a role object
(or org object). But it does
not synchronize
account-group association
(i.e. group membership) with
a user-role assignment.<br>
<br>
With a bit of trickery it
could theoretically work for
your case. But I doubt that
it will be practical. You
will need one
<objectSynchronization>
block for each group that
you are trying to
synchronize.<span><font
color="#888888"><br>
<br>
<pre cols="72">--
Radovan Semancik
Software Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span>
<div>
<div> <br>
<br>
On 11/29/2014 05:21 PM,
Jason Everling wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Is what I
was asking, in the
wiki it says you can
add a condition to the
synchronization
policy, under <a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration"
target="_blank">https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration</a>
<div><br>
</div>
<ul style="margin:10px
0px
0px;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px">
<li><strong>condition</strong> is
an expression
which has to
evaluate to true
for the policy to
be used. It can be
used for a very
fine-grain
selection of
applicable
policies.</li>
</ul>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px">I found a sample, kind of here, <a
moz-do-not-send="true"
href="https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml"
target="_blank">https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml</a></span></font></div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px">I am just a little confused on
the condition
statement, I was
thinking it
would look
something like,</span></font></div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px">
<div><condition></div>
<div>
<script></div>
<div>
<code></div>
<div>
declare
default
namespace "<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>";</div>
<div>
basic.getAttributeValue(account,
'<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>',
'info') =
replicated</div>
<div>
</code></div>
<div>
</script></div>
<div></condition></div>
</span></font></div>
<div><br>
</div>
<div><br>
</div>
<div>JASON</div>
<div><font
color="#333333"
face="Arial,
sans-serif"><span
style="font-size:14px;line-height:20px"><br>
</span></font></div>
</div>
<div class="gmail_extra"><br>
<div
class="gmail_quote">On
Sat, Nov 29, 2014 at
2:47 AM, Pavol
Mederly <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0
0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div
bgcolor="#FFFFFF"
text="#000000">
<div>Hello
Jason,<br>
<br>
although I
don't
understand
what you would
like to
achieve, a
quick answer
though:<br>
<br>
If you would
apply a
condition to a
mapping
(incoming or
outgoing, it
does not
matter), you
can use
<condition>
subelement
directly under
<incoming>
or
<outgoing>
one.<br>
However, take
this only as a
quick hint. I
haven't done
that, nor I'm
sure it's
implemented.
Please try it.<br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
On 28. 11.
2014 22:46,
Jason Everling
wrote:<br>
</div>
</div>
</div>
<blockquote
type="cite">
<div>
<div>
<div dir="ltr">So
I have the
roleType
syncing to the
AD attribute,
info, the info
or roleType. I
want any group
that contains
this roleType
or info
attribute
sync'd, any
other s will
not be sync'd.
<div><br>
</div>
<div>I know
how to do this
in
objectTemplate
but how in the
resource so
that it only
syncs those
groups and not
all groups.</div>
<div><br>
</div>
<div>Where do
I put in the
condition
statement in
the resource
definition? I
searched
through what I
could in the
samples but
couldn't find
anything like
this.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY
NOTICE:<br>
This e-mail
together with
any
attachments is
proprietary
and
confidential;
intended for
only the
recipient(s)
named above
and may
contain
information
that is
privileged.
You should not
retain, copy
or use this
e-mail or any
attachments
for any
purpose, or
disclose all
or any part of
the contents
to any person.
Any views or
opinions
expressed in
this e-mail
are those of
the author and
do not
represent
those of the
Baptist School
of Health
Professions.
If you have
received this
e-mail in
error, or are
not the named
recipient(s),
you are hereby
notified that
any review,
dissemination,
distribution
or copying of
this
communication
is prohibited
by the sender
and to do so
might
constitute a
violation of
the Electronic
Communications
Privacy Act,
18 U.S.C.
section
2510-2521.
Please
immediately
notify the
sender and
delete this
e-mail and any
attachments
from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing
list<br>
<a
moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a
moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY
NOTICE:<br>
This e-mail together
with any attachments
is proprietary and
confidential; intended
for only the
recipient(s) named
above and may contain
information that is
privileged. You should
not retain, copy or
use this e-mail or any
attachments for any
purpose, or disclose
all or any part of the
contents to any
person. Any views or
opinions expressed in
this e-mail are those
of the author and do
not represent those of
the Baptist School of
Health Professions. If
you have received this
e-mail in error, or
are not the named
recipient(s), you are
hereby notified that
any review,
dissemination,
distribution or
copying of this
communication is
prohibited by the
sender and to do so
might constitute a
violation of the
Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any
attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may
contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views or
opinions expressed in this e-mail
are those of the author and do not
represent those of the Baptist
School of Health Professions. If you
have received this e-mail in error,
or are not the named recipient(s),
you are hereby notified that any
review, dissemination, distribution
or copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify
the sender and delete this e-mail
and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
<span><font color="#888888">
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com evolveum.com/blog/
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>