<html><head></head><body><div>Oh, I'm very sorry... <br>Theese days I'm working with 2 ldap and I frequently refer to ad groups using the ldap memberof... <br><!-- tmjah_g_1299s -->So, I have done what I have described previously using the icfs:groups from the ad connector. <!-- tmjah_g_1299e --><br><br></div>
<div><!-- tmjah_g_1299s -->For a quick and dirty work, you could use an inbound mapping on the employeeType attribute without have to restart the application. I have used a simple inbound mapping, no expression. <!-- tmjah_g_1299e --><br><br></div>
<div><!-- tmjah_g_1299s -->Inviato da <!-- tmjah_g_1299e --><!-- tmjah_g_1299s --><a href="http://www.bluemail.me/r">BlueMail</a><!-- tmjah_g_1299e --><!-- tmjah_g_1299s --> <!-- tmjah_g_1299e --></div>
<div class="gmail_quote" >Il giorno 20 dic 2016, alle ore 20:17, Jason Everling <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>> ha scritto:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div dir="ltr">hmm... so, I am guessing then you added memberOf to the .net xml? I am using icfs:groups and that maybe could be why then it doesn't work on livesync, I didn't think to just add the virtual attribute,<div><br></div><div>So did you use the below?</div><div><br></div><div><div> <AttributeInfo name="memberOf" type="String"></div><div> <AttributeInfoFlag value="MULTIVALUED"/></div><div> </AttributeInfo></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Tue, Dec 20, 2016 at 12:30 PM, Marco Benucci <span dir="ltr"><<a href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>Hi, I was using the old ad connector because we are on midpoint 3.3.1... <br><br></div>
<div>Moreover, I have only tested it during a reconciliation, because from now we are managing ad groups with midpoint....but I think it should work during livesync. Have you got troubles? <br><br></div>
<div>Inviato da <a href="http://www.bluemail.me/r" target="_blank">BlueMail</a> </div><div><div class="h5">
<div class="gmail_quote">Il giorno 20 dic 2016, alle ore 15:44, Jason Everling <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>> ha scritto:<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Quick question, I am assuming you are using the AD-LDAP connector (ri:memberOf), does inbound work during live sync or just during reconcile?<div><br></div><div>Thanks!</div><div>JASON </div><div class="gmail_extra"><br clear="all"><div><div class="m_-4781951504066596772gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><br></div></div></div>
<br><div class="gmail_quote">On Tue, Dec 20, 2016 at 4:10 AM, Marco Benucci <span dir="ltr"><<a href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><font face="DejaVu Sans">I have successfully aligned AD
entitlement on midpoint users using a 2 step approach.<br>
<br>
<br>
Firstly I have made an inbound mapping of the attribute memberOf
in an extension and multivalue attribute.<br>
<br>
Then, with an object template I have used the
assignmentTargetSearch to assign midpoint roles (my AD
entitlement) to the user based on the attribute mentioned above.
I thought it could be possible to use the assignmentTargetSearch
even in inbound mapping on the resource, but </font>I did not
tested it.<br>
<br>
Thank you,<br>
Marco<br>
</p>
</div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div>
<pre class="m_-4781951504066596772blue"><hr><br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br></pre></blockquote></div></div></div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<pre class="blue"><hr><br>midPoint mailing list<br>midPoint@lists.evolveum.com<br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></pre></blockquote></div></body></html>