<div dir="ltr">Even better, tested and working, create wither a local security, global security, or global distribution.<div><br></div><div><div> <attribute></div><div> <ref>ri:groupType</ref></div><div> <outbound></div><div> <strength>strong</strength></div><div> <source></div><div> <path>roleType</path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code></div><div><span class="" style="white-space:pre"> </span>tmpType = '-2147483646'</div><div><span class="" style="white-space:pre"> </span>switch (roleType) {</div><div><span class="" style="white-space:pre"> </span>case 'group':</div><div><span class="" style="white-space:pre"> </span>tmpType = '-2147483646'</div><div><span class="" style="white-space:pre"> </span>break</div><div><span class="" style="white-space:pre"> </span>case 'local':</div><div><span class="" style="white-space:pre"> </span>tmpType = '-2147483644'</div><div><span class="" style="white-space:pre"> </span>break</div><div><span class="" style="white-space:pre"> </span>case 'distribution':</div><div><span class="" style="white-space:pre"> </span>tmpType = '8'</div><div><span class="" style="white-space:pre"> </span>break</div><div><span class="" style="white-space:pre"> </span>default:</div><div><span class="" style="white-space:pre"> </span>tmpType = '-2147483646'</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>return tmpType</div><div><span class="" style="white-space:pre"> </span></code></div><div> </script></div><div> </expression></div><div> </outbound></div><div> </attribute></div></div><div><br></div><div>Yay!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 1, 2014 at 1:06 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Awesome, it works just by using either of these values in the roleType field, 2, 4, 8, -<a href="tel:2147483646" value="+12147483646" target="_blank">2147483646</a>, -<a href="tel:2147483644" value="+12147483644" target="_blank">2147483644</a>, or -<a href="tel:2147483640" value="+12147483640" target="_blank">2147483640</a><div><br></div><div><div> <attribute></div><div> <ref>ri:groupType</ref></div><div> <outbound></div><div> <strength>strong</strength></div><div> <source></div><div> <path>roleType</path></div><div> </source></div><div> </outbound></div><div> <inbound></div><div> <strength>strong</strength></div><div> <target></div><div> <path>$focus/roleType</path></div><div> </target></div><div> </inbound></div><div> </attribute></div></div><div><br></div><div>So now I am going to do some mappings and auto input those fields when creating a role based on conditions!</div><div><br></div><div>This is great that it works!</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>JASON</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 1, 2014 at 11:11 AM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
I would suggest looking at <a href="http://msdn.microsoft.com/en-us/library/cc223142.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/cc223142.aspx</a>.<br>
<br>
Then e.g. Security + Global group would be 0x80000002, i.e.
decimally either <a href="tel:2147483650" value="+12147483650" target="_blank">2147483650</a> or -<a href="tel:2147483646" value="+12147483646" target="_blank">2147483646</a>, depending on whether
the connector expects the value as unsigned int32/64 or signed
int32. I have not used that yet; so please try them both and see
what works for you.<br>
<br>
Best regards,<br>
Pavol<div><div><br>
<br>
On 1. 12. 2014 17:58, Jason Everling wrote:<br>
</div></div></div><div><div>
<blockquote type="cite">
<div dir="ltr">Yeah I was going to try to set the grouptType
attribute which controls what group type it is but it is a
integer and not a string, if not then no big deal, was just
wondering.
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 1, 2014 at 10:22 AM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
<br>
I don't have AD right now handy, so this one is a
meta-answer:<br>
<br>
- Try to lookup some other-than-global/security groups in
your AD, and see their attributes right in AD.<br>
- Then try to see if those attributes are managable by the
connector (in schema, CustomGroupObjectClass AFAIK).<br>
- Then you can try to set corresponding values.<br>
<br>
In my projects, I've only needed Security and standard
groups, I didn't set the other attribute/values, so they
were pretty much filled by AD or the connector itself.<br>
<br>
I'm sure Pavol can give you more precise answer regarding
the support of this; and I may have some time later today
or tomorrow to explore this myself.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 12/01/2014 05:12 PM, Jason Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I think that would be a bit much,
more than likely, I will move all groups that
would be sync'd to Midpoint into its own container
in AD and move all our other groups to another
container and use the <protected> to filter
them out so they are not sync'd.
<div><br>
</div>
<div>Is there a way to build a specific group type
instead of just Global | Security, maybe Domain
Local or Universal or is it hard coded to Global
Security?<br>
<div><br>
</div>
<div>Thanks!</div>
<div>JASON</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Dec 1, 2014 at
4:12 AM, Radovan Semancik <span dir="ltr"><<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi Jason,<br>
<br>
This is slightly different. The condition
tells whether to apply the specific
<objectSynchronization> block or on.
The primary use of the condition is to
sort objects of the same object class to
"intents" (see <a href="https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass" target="_blank">https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>).
The primary meaning of this is to
synchronize group object with a role
object (or org object). But it does not
synchronize account-group association
(i.e. group membership) with a user-role
assignment.<br>
<br>
With a bit of trickery it could
theoretically work for your case. But I
doubt that it will be practical. You will
need one <objectSynchronization>
block for each group that you are trying
to synchronize.<span><font color="#888888"><br>
<br>
<pre cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span>
<div>
<div> <br>
<br>
On 11/29/2014 05:21 PM, Jason Everling
wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Is what I was asking,
in the wiki it says you can add a
condition to the synchronization
policy, under <a href="https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration</a>
<div><br>
</div>
<ul style="margin:10px 0px 0px;color:rgb(51,51,51);font-family:Arial,sans-serif;font-size:14px;line-height:20px">
<li><strong>condition</strong> is
an expression which has to
evaluate to true for the policy
to be used. It can be used for a
very fine-grain selection of
applicable policies.</li>
</ul>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">I
found a sample, kind of here, <a href="https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml</a></span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">I
am just a little confused on
the condition statement, I was
thinking it would look
something like,</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px">
<div><condition></div>
<div> <script></div>
<div> <code></div>
<div> declare default
namespace "<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>";</div>
<div>
basic.getAttributeValue(account,
'<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>',
'info') = replicated</div>
<div> </code></div>
<div> </script></div>
<div></condition></div>
</span></font></div>
<div><br>
</div>
<div><br>
</div>
<div>JASON</div>
<div><font color="#333333" face="Arial, sans-serif"><span style="font-size:14px;line-height:20px"><br>
</span></font></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Nov
29, 2014 at 2:47 AM, Pavol Mederly
<span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
although I don't understand
what you would like to
achieve, a quick answer
though:<br>
<br>
If you would apply a
condition to a mapping
(incoming or outgoing, it
does not matter), you can
use <condition>
subelement directly under
<incoming> or
<outgoing> one.<br>
However, take this only as a
quick hint. I haven't done
that, nor I'm sure it's
implemented. Please try it.<br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
On 28. 11. 2014 22:46,
Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">So I have
the roleType syncing
to the AD attribute,
info, the info or
roleType. I want any
group that contains
this roleType or info
attribute sync'd, any
other s will not be
sync'd.
<div><br>
</div>
<div>I know how to do
this in
objectTemplate but
how in the resource
so that it only
syncs those groups
and not all groups.</div>
<div><br>
</div>
<div>Where do I put in
the condition
statement in the
resource definition?
I searched through
what I could in the
samples but couldn't
find anything like
this.</div>
<div><br>
</div>
<div>JASON</div>
</div>
<br>
</div>
</div>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with
any attachments is
proprietary and
confidential; intended for
only the recipient(s)
named above and may
contain information that
is privileged. You should
not retain, copy or use
this e-mail or any
attachments for any
purpose, or disclose all
or any part of the
contents to any person.
Any views or opinions
expressed in this e-mail
are those of the author
and do not represent those
of the Baptist School of
Health Professions. If you
have received this e-mail
in error, or are not the
named recipient(s), you
are hereby notified that
any review, dissemination,
distribution or copying of
this communication is
prohibited by the sender
and to do so might
constitute a violation of
the Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may
contain information that is
privileged. You should not retain,
copy or use this e-mail or any
attachments for any purpose, or
disclose all or any part of the
contents to any person. Any views or
opinions expressed in this e-mail
are those of the author and do not
represent those of the Baptist
School of Health Professions. If you
have received this e-mail in error,
or are not the named recipient(s),
you are hereby notified that any
review, dissemination, distribution
or copying of this communication is
prohibited by the sender and to do
so might constitute a violation of
the Electronic Communications
Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify
the sender and delete this e-mail
and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
<span><font color="#888888">
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>