<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
MidPoint has strong and quite convenient way how to manage group
membership in the outbound direction. Which means that midPoint is
the source of the membership information (e.g. defined by roles or
orgs) and that information is propagated to the resources.<br>
<br>
The inbound direction is also possible. But currently it is not
very convenient and you have to use a lot of tricks. The reason
that this is not so convenient is simple: the existing use-cases
of midPoint subscribers and sponsors focused on the outbound
direction. None of the midPoint subscribers or sponsors indicated
the inbound direction as a priority. Maybe my colleagues may
provide some hints how to work around this. But it might be a bit
scary.<br>
<br>
Implementing a convenient way also for the inbound direction is
something that I would really love to do. Currently this is one of
the missing pieces in the puzzle. But, as usual, this is a
question of funding. And, as usual, see here:
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature">https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</a><br>
<br>
However, if I remember correctly, I have seen this question
several times during last couple of months. So maybe if there are
several people willing to donate a small sum to have this feature
implemented then together it can be enough to fund the development
of this feature? Are there any midPoint subscribers that would
like to endorse this feature as a priority? Or any non-subscribers
willing to partially sponsor this feature?<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 05/19/2016 11:33 AM, Dick Muller wrote:<br>
</div>
<blockquote
cite="mid:68EAE941-945A-462A-BB6B-9A24D2B4A8CF@tahzoo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:Calibri;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I already
saw some mails about importing AD Group membership with Aivo
Kuhlberg , but I still have problems to get this running.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Users and
Groups created in Midpoint are successfully synced to the AD
domain, including group membership.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">But I have a
resource domain with a lot of groups and users that I want
to import including the group membership. That is working,
with exception for the group membership.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">That is not
configured during import.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">If I
understand correctly I need to change the User Template.
That is what I did, I modified the User template that has a
reference with the AD resource and added a mapping for Group
membership. I used the object-template in the SAP story as
example.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">But still I
have no group membership.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Is there
somebody that can help me on this?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Kind
regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Dick<o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>