<div dir="ltr">Hi Ivan <div><br></div><div>Thanks for the information. I have this already configured in my LDAP resource.</div><div><br></div><div>I gone through all these documents and then i tried to implement the same synchronization techinique.</div><div><br></div><div>So I created a role MetaRole and added LDAP resource as an inducement (I did not filled any information in resource form)</div><div>Then i created another role and when i try to add that MetaRole as assignment to this role i am getting an error saying :</div><div><br></div><div><font color="#ff0000">Couldn't add object. Schema violation: Schema violation during
processing shadow: shadow: null (OID:null): Schema violation:
javax.naming.directory.SchemaViolationException([LDAP: error code 65 -
object class 'inetOrgPerson' requires attribute 'sn']<br></font></div><div><br></div><div>I am confused why it is trying to create inetOrgPerson object instead of groupOfNames.</div><div><br></div><div>Is it a configuration issue or i am doing something wrong, Can you help me figuring this out. My resource configuration is attached just for your reference, </div><div><br></div><div><br></div><div>Regards</div><div>Dharmendra</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Dec 4, 2014 at 3:07 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
you don't need new connector to create LDAP groups. Just
configuration in midPoint: new schemaHandling <objectType> and
corresponding <synchronization><objectType> parts for
kind=entitlement and intent=group.<br>
<br>
For example you may check the sample:
samples/reosurces/opendj/opendj-resource-genericsync.xml to see how
it can be configured.<br>
<br>
After you have this configured, you can create a role which will
construct the kind=entitlement,intent=group object on the LDAP
resource.<br>
<br>
Then you assign such role to either organization or role in midpoint
and it will provision corresponding group to LDAP.<br>
<br>
Please refer also to:<br>
<a href="https://wiki.evolveum.com/display/midPoint/Generic+Synchronization" target="_blank">https://wiki.evolveum.com/display/midPoint/Generic+Synchronization</a><br>
<a href="https://wiki.evolveum.com/display/midPoint/Focus+and+Projections" target="_blank">https://wiki.evolveum.com/display/midPoint/Focus+and+Projections</a><br>
<a href="https://wiki.evolveum.com/display/midPoint/Roles%2C+Metaroles+and+Generic+Synchronization" target="_blank">https://wiki.evolveum.com/display/midPoint/Roles%2C+Metaroles+and+Generic+Synchronization</a><br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 12/04/2014 10:28 AM, dharmendra
parakh wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">HI
<div><br>
</div>
<div>Is there any out of the box configuration to achieve it or
i have to write a connector?</div>
<div><br>
</div>
<div>Waiting for response..</div>
<div><br>
</div>
<div>Regards</div>
<div>Dharmendra</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Dec 3, 2014 at 7:00 PM,
dharmendra parakh <span dir="ltr"><<a href="mailto:dharm.parakh@gmail.com" target="_blank">dharm.parakh@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi
<div><br>
</div>
<div>I was playing around the ldap connector bundled witth
midpoint, It works well for creating user accounts and
user group assignment. </div>
<div><br>
</div>
<div>I want to create ldap group, Is it possible using the
same connector to provision ldap group on target ldap
resource. basically a groupOfUniqueNames or a
posixGroup.</div>
<div><br>
</div>
<div>If possible please point me to the documentation
which i can refer and configure it.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<span><font color="#888888">
<div>Dharmendra Parakh</div>
</font></span></div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>