<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Cameron,<br>
<br>
OK, so for this you should be able to find a lot of samples.<br>
For example the object template
samples/objects/object-template-user.xml contains a mapping called
"basic role" (the last one) which is exactly what I wrote earlier.<br>
Just create a role, reference it in the template by oid, set the
template as default in system config and you should be ok. Maybe you
would like to add a condition to not add the role to some users
(like administrator).<br>
<br>
To test it you can first edit any user, check "reconcile" checkbox
and save. It should process the template, assign the role and
provision user to LDAP. If this works, create and run recomputation
task in Server Tasks/New task.<br>
<br>
If there are problems with outbounds in schema handling, it's far
better to know after modifying one user than to wait for
recomputation task to finish and see millions of errors :)<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 02/12/2016 12:56 AM, Cameron Miller
wrote:<br>
</div>
<blockquote
cite="mid:HK2PR06MB091567B91A0E6CE021CF90D8C0A80@HK2PR06MB0915.apcprd06.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi Ivan,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thank you for
your response. That sounds like what I’m trying to achieve.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Cameron<o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:EN-AU"
lang="EN-US">From:</span></b><span
style="color:windowtext;mso-fareast-language:EN-AU"
lang="EN-US"> midPoint
[<a class="moz-txt-link-freetext" href="mailto:midpoint-bounces@lists.evolveum.com">mailto:midpoint-bounces@lists.evolveum.com</a>]
<b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Friday, 12 February 2016 10:17 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Subject:</b> Re: [midPoint] Synchronization of
accounts created in midpoint<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Cameron,<br>
<br>
not sure if I understand. But if I had many users in midPoint
and wished to provision them to LDAP, probably I'd do
something like this:<br>
<br>
- create role with construction to create account on LDAP<br>
- create user template which will assign the role to provision
account to LDAP server. Alternatively you can assign just the
account (if you can't create role)<br>
- the mapping in the user template can have condition if you
don't want to assign the role to all users<br>
- set the user template as global in System Configuration<br>
- go to Server Tasks and create Recomputation task and let it
run for all UserType objects (clickable/selectable in the task
GUI)<br>
<br>
This should process all the users in midPoint and provision
LDAP accounts for them by automatic assignment of the role in
the user template.<br>
Of course you need to set at least the mandatory attributes in
LDAP resource schema handling (outbound).<br>
<br>
Regards,<br>
Ivan<span style="font-size:12.0pt;mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 02/11/2016 09:21 PM, Cameron Miller
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve got a heap of accounts that have
been created in midPoint and need to sync them to an LDAP
server. Adding projections or resource account assignments
to the accounts doesn’t seem to work – although I don’t have
inbound/outbound mappings set up. Is it possible to do this
or do the accounts need to be created in LDAP first.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Cameron Miller<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-AU"><br>
<br>
<i>This email, and any attachment, is confidential and
also privileged. If you have received it in error,
please notify me immediately and delete it from your
system along with any attachments. You should not copy
or use it for any purpose, nor disclose its contents to
any other person. </i><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-AU"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre> Ing. Ivan Noris<o:p></o:p></pre>
<pre> Senior Identity Management Engineer & IDM Architect<o:p></o:p></pre>
<pre> evolveum.com evolveum.com/blog/<o:p></o:p></pre>
<pre> ___________________________________________________<o:p></o:p></pre>
<pre> "Semper Id(e)M Vix."<o:p></o:p></pre>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif;mso-fareast-language:EN-AU"><br>
<br>
<i>This email, and any attachment, is confidential and also
privileged. If you have received it in error, please
notify me immediately and delete it from your system along
with any attachments. You should not copy or use it for
any purpose, nor disclose its contents to any other
person. </i><o:p></o:p></span></p>
</div>
<br>
<br>
<i>This email, and any attachment, is confidential and also
privileged. If you have received it in error, please notify me
immediately and delete it from your system along with any
attachments. You should not copy or use it for any purpose, nor
disclose its contents to any other person. </i>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>