<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>yes, it is possible, I use similar things to assign SAP groups, roles and profiles represented as Orgs in midPoint in this sample:</div><div><a href="https://github.com/Evolveum/midpoint/tree/master/samples/resources/sap/assignment" target="_blank">https://github.com/Evolveum/midpoint/tree/master/samples/resources/sap/assignment</a><br></div><div>I need a multi value user attribute to store role names from source. I use for this purpose in sample user extension sapRoles:</div><div><a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/extension-sap.xsd" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/extension-sap.xsd</a><br></div><div>and inbound attribute mapping to $user/extension/sapRoles in resource schema handling:</div><div><a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/sap-advanced.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/sap-advanced.xml</a><br></div><div><br></div><div>Next, you need to import roles to midPoint, for example over this task:</div><div><a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/task-import-roles.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/task-import-roles.xml</a><br></div><div>Import user object template and enable it over Configuration->System->Object Policies:</div><div><a href="https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/object-template-user.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/master/samples/resources/sap/assignment/object-template-user.xml</a><br></div><div>please see for example 'User - SAP Role mapping' how you can searchObjectByName and return assignment to this Org for current user.</div><div>(in your case you need not OrgType.class, but RoleType.class)</div><div><br></div><div>Now when I import user from SAP, and user have SAP role assigned, I see the same role name in extension attribute sapRoles and also an assignment to org with same name.</div><div><br></div><div>Gusto</div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">2016-04-25 10:50 GMT+02:00 Aivo Kuhlberg <span dir="ltr"><<a href="mailto:aivo.kuhlberg@rmit.ee" target="_blank">aivo.kuhlberg@rmit.ee</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div class="h5">




<div dir="ltr" style="font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Arial,Helvetica,sans-serif;background-color:rgb(255,255,255)">
<p>Is it possible to import existing AD users group memberships to midPoint role assignments? I can import groups to midPoint roles but existing AD users who belong to that group do not get assigned to corresponding role in midPoint.<br>
I am using midPoint 3.3.1 with AD connector.<br>
</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Aivo Kuhlberg<br>
</p>
<br>
<hr>
<font face="Arial" color="Gray" size="2">Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.<br>
This e-mail may contain information which is classified for official use.</font>
</div>

<br></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></blockquote></div></div></div></blockquote></div></div></div>