<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mv="http://macVmlSchemaUri" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1031"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-GB" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Ivan,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Yes the assignments are setup to add users to groups. We have multiple AD Domains and the groups reside on each domain. The below is the metarole we have associated with each role within Midpoint itself
that has the logic to map it to all resources where relevant.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> oid="aef77645-a406-4598-be2e-6c7217944fe1"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> version="76"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <name>Metarole for groups</name><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <createTimestamp>2016-10-14T06:52:38.197Z</createTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <creatorRef oid="a507b312-69a5-422a-852a-3d1d5f1f02b9" type="c:UserType"><!-- admin.dm --></creatorRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa" type="c:ResourceType"><!-- Active Directory eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != "system"</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa" type="c:ResourceType"><!-- Active Directory eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees Delft' || organizationalUnit.toString() == 'Employees Milton Keynes' || organizationalUnit.toString() == 'Employees Maarssen' || organizationalUnit.toString()
== 'Employees Borlange' || organizationalUnit.toString() == 'Contractors EXLRT' || organizationalUnit.toString() == 'Contractors EU' || organizationalUnit.toString() == 'Customers EU'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="4"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff" type="c:ResourceType"><!-- Active Directory NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees DC' || organizationalUnit.toString() == 'Employees Richmond' || organizationalUnit.toString() == 'Contractors USEast' || organizationalUnit.toString()
== 'Customers USEast'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="6"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f" type="c:ResourceType"><!-- Active Directory NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees Seattle' || organizationalUnit.toString() == 'Contractors USWest' || organizationalUnit.toString() == 'Customers USWest'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="3"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff" type="c:ResourceType"><!-- Active Directory NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="5"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f" type="c:ResourceType"><!-- Active Directory NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;white-space:normal;"><br /><table cellpadding="0" cellspacing="0" border="0" style="background-color:#FFFFFF;border-collapse:collapse;font-size:0;line-height:16.88px;"><tr><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="border-top:none;border-right:solid 2px #124A7D;border-bottom:none;border-left:none;padding:0 10px 0 0;vertical-align:middle;line-height:normal;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image681000.png@BD8F0D86.C47D6E4A" width="96" height="51" border="0" alt="" style="min-width:96px;font-size:0;" /></a></td><td align="left" style="padding:10px 0 10px 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:13.5px;color:#606060;font-style:normal;font-weight:bold;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Martin Herbert</td></tr><tr style="font-size:12px;color:#808080;line-height:15px;"><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Hosting Manager / Head of IT & Hosting Services</td></tr></table></td></tr><tr style="line-height:15px;white-space:nowrap;"><td align="left" style="padding:5px 0 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">M: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="tel:+44%207862%20993%20003" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">+44 7862 993 003</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">E: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="mailto:martinh@tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">martinh@tahzoo.com</strong></a></td><td align="left" style="vertical-align:top;text-align:left;color:#808080;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"> | </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">W: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">www.tahzoo.com</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">A: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=!3m1!4b1!4m5!3m4!1s0x4877aa98b50bb921:0xef39de0bd21f30c6!8m2!3d52.0414531!4d-0.7648179" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">399 Silbury Blvd, Milton Keynes, MK9 2AH, </strong></a></td></tr></table></td></tr></table></td></tr><tr style="line-height:normal;"><td align="left" style="vertical-align:top;"><map id="map_810b3c0f-3ac4-40b1-bf51-68da198480f7" name="map_810b3c0f-3ac4-40b1-bf51-68da198480f7"><area shape="rect" coords="0,0,16,16" href="https://www.linkedin.com/company/tahzoo" alt="LinkedIn" title="LinkedIn" target="_blank" /><area shape="rect" coords="19,0,35,16" href="skype:live:mherbert84?chat" alt="Skype" title="Skype" target="_blank" /><area shape="rect" coords="38,0,54,16" href="http://www.twitter.com/Tahzoo" alt="Twitter" title="Twitter" target="_blank" /></map><img usemap="#map_810b3c0f-3ac4-40b1-bf51-68da198480f7" src="cid:image773001.png@4ACEDAFB.4CA3654D" width="57" height="16" border="0" alt="" style="min-width:57px;font-size:0;" /></td></tr></table></td></tr></table></td></tr></table><br /></div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">midPoint <midpoint-bounces@lists.evolveum.com> on behalf of Ivan Noris <ivan.noris@evolveum.com><br>
<b>Organization: </b>Evolveum, s.r.o.<br>
<b>Reply-To: </b>midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Date: </b>Wednesday, 2 November 2016 at 11:36<br>
<b>To: </b>midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Subject: </b>Re: [midPoint] Midpoint 3.4.1 Performance Issues UI and REST</span><span style="color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
<p>Hi Martin,<o:p></o:p></p>
<p>are those 42 assignments using associationTargetSearch to put accounts to e.g. groups?<o:p></o:p></p>
<p>If so, can you paste an example how are you using it?<o:p></o:p></p>
<p>Best regards,<o:p></o:p></p>
<p>Ivan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 11/02/2016 11:53 AM, Martin Herbert wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Guys,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We’ve constantly been suffering with performance issues on our Midpoint environment. The setup includes a cluster of 2 servers with around 10,000 objects. Although user account modifications are fairly quick
when it comes to a small number of assignments (1 or 2 maximum), there is a significant performance issue with a larger amount of assignments. Testing my own account during reconciliation which has 42 assignments and 2 projections to different AD resources
which can take up to 5 minutes before completion.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">From an integration standpoint for these two projections, one of the AD servers utilises the .Net Connector which is still slow, but much quicker than the OpenICF integration on the other projection.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We also have a password tool that integrates with the REST services for Midpoint, the same issue also applies here. The more assignments that are on an account, the longer it takes for a password change to
occur. And in a number of cases even timeouts for a given account.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The major pain point is the password changes, is there no way password changes can be done without removing and re-adding all assignments for each given account?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Overall performance also seems to be an issue in some browsers as well (Firefox for example). Is there a list of supported browsers available?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thanks </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman";mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="border:none;border-right:solid #124A7D 1.5pt;padding:0in 7.5pt 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt;font-family:"Times New Roman";mso-fareast-language:EN-GB"><a href="http://www.tahzoo.com" target="_blank"><span style="text-decoration:none"><img border="0" width="96" height="51" id="_x0000_i1025" src="cid:image001.png@01D234FF.1BBFB8A0"></span></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:7.5pt 0in 7.5pt 7.5pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Century Gothic";color:#606060;mso-fareast-language:EN-GB">Martin Herbert<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="line-height:11.25pt;mso-line-height-rule:exactly"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:gray;mso-fareast-language:EN-GB">Hosting Manager / Head of IT & Hosting Services<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:3.75pt 0in 7.5pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB">M: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a href="tel:+44%207862%20993%20003" target="_blank"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">+44 7862 993 003</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB">E: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a href="mailto:martinh@tahzoo.com" target="_blank"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">martinh@tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:gray;mso-fareast-language:EN-GB"> | <o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB">W: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a href="http://www.tahzoo.com" target="_blank"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">www.tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB">A: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D;mso-fareast-language:EN-GB"><a href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=%213m1%214b1%214m5%213m4%211s0x4877aa98b50bb921:0xef39de0bd21f30c6%218m2%213d52.0414531%214d-0.7648179" target="_blank"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">399 Silbury Blvd, Milton Keynes, MK9 2AH, </span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt;font-family:"Times New Roman";mso-fareast-language:EN-GB"><map name="MicrosoftOfficeMap0"><area shape="Rect" coords="-1, 0, 15, 16" href="https://www.linkedin.com/company/tahzoo" target="_blank" title="LinkedIn"><area shape="Rect" coords="18, 0, 34, 16" href="skype:live:mherbert84?chat" target="_blank" title="Skype"><area shape="Rect" coords="37, 0, 53, 16" href="http://www.twitter.com/Tahzoo" target="_blank" title="Twitter"></map><img border="0" width="57" height="16" id="_x0000_i1026" src="cid:image002.png@01D234FF.1BBFB8A0" usemap="#MicrosoftOfficeMap0"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-family:"Times New Roman";mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Times New Roman";mso-fareast-language:EN-GB"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-family:"Times New Roman";mso-fareast-language:EN-GB"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Ivan Noris<o:p></o:p></pre>
<pre>Senior Identity Engineer<o:p></o:p></pre>
<pre>evolveum.com<o:p></o:p></pre>
</div>
</body>
</html>