<div dir="ltr">If there is a way I would be interested, right now though I think there is not an easy way unless someone out here has a good way of doing it, I ad to relay this to anyone who uses AD and make sure if the group is synced to only work within midpoint.<div><br></div><div><a href="https://jira.evolveum.com/browse/MID-2103">https://jira.evolveum.com/browse/MID-2103</a><br></div><div><br></div><div><a href="https://jira.evolveum.com/browse/MID-2104">https://jira.evolveum.com/browse/MID-2104</a><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Mon, Aug 29, 2016 at 6:09 PM, <span dir="ltr"><<a href="mailto:pdbogen@cernu.us" target="_blank">pdbogen@cernu.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Howdy!<br>
<br>
I have MidPoint set up to create users and roles from the inetOrgPersons and<br>
groupOfMembers in OpenLDAP, respectively.<br>
<br>
GroupOfMembers are created using a template that assigns a meta-role that<br>
induces a 2nd order assignment of the correct entitlement- so in other words,<br>
assigning the role in midpoint correctly associates the entitlement, and<br>
changes LDAP properly.<br>
<br>
My concern right now is the other direction- maybe just for initial import,<br>
maybe ongoing; I'd like new associations from LDAP to add the role to the<br>
affected account.<br>
<br>
I.e., if cn=patrick is added to role cn=midpoint.admin in LDAP, the<br>
corresponding 'patrick' user in MidPoint should be assigned the<br>
'midpoint.admin' role.<br>
<br>
I think they may be a concept I'm missing to implement this, so I'm not sure<br>
if anything is 'wrong' at this stage.<br>
<br>
Thoughts? What information can I provide to help figure this out?<br>
<br>
Thanks!<br>
<span class="HOEnZb"><font color="#888888">--<br>
.<br>
Patrick Bogen .<br>
...<br>
</font></span><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>