<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
recently my coleague wrote a post here with subject: [midPoint] AD
membership to midPoint role assignment<br>
<br>
(<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/pipermail/midpoint/2016-April/001796.html">http://lists.evolveum.com/pipermail/midpoint/2016-April/001796.html</a>)<br>
<br>
There is a way, roughly:<br>
<br>
1) you need to create the roles in midPoint manually or import them
somehow from AD - thus synchronize (some) AD groups into midPoint
roles<br>
2) you need to synchronize users from AD to midPoint, and copy the
list of their AD groups to some extension attribute. Probably you
would filter the groups if you know how to distinguish them, to
store only the relevant to extension attribute<br>
3) object template in midPoint will assign the roles based on that
user extension attribute<br>
<br>
Please see the email referenced above and the samples for SAP
connector referenced there.<br>
<br>
This can also be enhanced in future midPoint releases. FYI:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature">https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</a><br>
<br>
Best regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 05/13/2016 01:12 PM, Rijndaal Ramiji
wrote:<br>
</div>
<blockquote
cite="mid:AM3PR06MB12976837483B6A1EAB5DD270B7740@AM3PR06MB1297.eurprd06.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">I need to assign some
roles to all the users having specifics groups in AD.<br>
<br>
for example, every user that has assigned the group
“HISOrgUnit_DIR” has to have the role “OUADMIN” assigned.<br>
<br>
The main problem is that my AD account has many roles,
sometimes over 10…<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>