<div dir="ltr">Yeah I was going to try to set the grouptType attribute which controls what group type it is but it is a integer and not a string, if not then no big deal, was just wondering.<div><br></div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 1, 2014 at 10:22 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
I don't have AD right now handy, so this one is a meta-answer:<br>
<br>
- Try to lookup some other-than-global/security groups in your AD,
and see their attributes right in AD.<br>
- Then try to see if those attributes are managable by the connector
(in schema, CustomGroupObjectClass AFAIK).<br>
- Then you can try to set corresponding values.<br>
<br>
In my projects, I've only needed Security and standard groups, I
didn't set the other attribute/values, so they were pretty much
filled by AD or the connector itself.<br>
<br>
I'm sure Pavol can give you more precise answer regarding the
support of this; and I may have some time later today or tomorrow to
explore this myself.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 12/01/2014 05:12 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I think that would be a bit much, more than likely,
I will move all groups that would be sync'd to Midpoint into its
own container in AD and move all our other groups to another
container and use the <protected> to filter them out so
they are not sync'd.
<div><br>
</div>
<div>Is there a way to build a specific group type instead of
just Global | Security, maybe Domain Local or Universal or is
it hard coded to Global Security?<br>
<div><br>
</div>
<div>Thanks!</div>
<div>JASON</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 1, 2014 at 4:12 AM, Radovan
Semancik <span dir="ltr"><<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Jason,<br>
<br>
This is slightly different. The condition tells whether
to apply the specific <objectSynchronization>
block or on. The primary use of the condition is to sort
objects of the same object class to "intents" (see <a href="https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass" target="_blank">https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>).
The primary meaning of this is to synchronize group
object with a role object (or org object). But it does
not synchronize account-group association (i.e. group
membership) with a user-role assignment.<br>
<br>
With a bit of trickery it could theoretically work for
your case. But I doubt that it will be practical. You
will need one <objectSynchronization> block for
each group that you are trying to synchronize.<span><font color="#888888"><br>
<br>
<pre cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span>
<div>
<div> <br>
<br>
On 11/29/2014 05:21 PM, Jason Everling wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Is what I was asking, in the wiki it
says you can add a condition to the
synchronization policy, under <a href="https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration</a>
<div><br>
</div>
<ul style="margin:10px 0px 0px;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px">
<li><strong>condition</strong> is an expression
which has to evaluate to true for the policy
to be used. It can be used for a very
fine-grain selection of applicable policies.</li>
</ul>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px">I
found a sample, kind of here, <a href="https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml</a></span></font></div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px">I am
just a little confused on the condition
statement, I was thinking it would look
something like,</span></font></div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px">
<div><condition></div>
<div> <script></div>
<div> <code></div>
<div> declare default namespace "<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>";</div>
<div>
basic.getAttributeValue(account, '<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>',
'info') = replicated</div>
<div> </code></div>
<div> </script></div>
<div></condition></div>
</span></font></div>
<div><br>
</div>
<div><br>
</div>
<div>JASON</div>
<div><font color="#333333" face="Arial,
sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Nov 29, 2014 at
2:47 AM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
although I don't understand what you would
like to achieve, a quick answer though:<br>
<br>
If you would apply a condition to a
mapping (incoming or outgoing, it does not
matter), you can use <condition>
subelement directly under <incoming>
or <outgoing> one.<br>
However, take this only as a quick hint. I
haven't done that, nor I'm sure it's
implemented. Please try it.<br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
On 28. 11. 2014 22:46, Jason Everling
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So I have the roleType
syncing to the AD attribute, info,
the info or roleType. I want any
group that contains this roleType or
info attribute sync'd, any other s
will not be sync'd.
<div><br>
</div>
<div>I know how to do this in
objectTemplate but how in the
resource so that it only syncs
those groups and not all groups.</div>
<div><br>
</div>
<div>Where do I put in the condition
statement in the resource
definition? I searched through
what I could in the samples but
couldn't find anything like this.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may contain
information that is privileged. You
should not retain, copy or use this
e-mail or any attachments for any
purpose, or disclose all or any part of
the contents to any person. Any views or
opinions expressed in this e-mail are
those of the author and do not represent
those of the Baptist School of Health
Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified
that any review, dissemination,
distribution or copying of this
communication is prohibited by the
sender and to do so might constitute a
violation of the Electronic
Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately
notify the sender and delete this e-mail
and any attachments from your computer.
</font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div><span class="HOEnZb"><font color="#888888"><pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>