<div dir="ltr">Hi Jan, to create AD groups based on midPoint's role you need to either add assignment or projection to the role. Im not sure if GUI currently supports having those with kind=entitlement. Its possible that it defaults to kind=account which makes role trying to create user account. Anyway you could do that on XML level (Repository Objects).<div><br></div><div>MidPoint works with namespaces, sometimes its automated but in some places you have to state namespace explicitly. So for dn, you should probably use ri:dn and declare xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"</div><div><br></div><div>Martin</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: [+420] 737 745 571<br>e-mail: <a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">2017-11-03 21:07 GMT+01:00 Jan Kaspar <span dir="ltr"><<a href="mailto:Caspi@seznam.cz" target="_blank">Caspi@seznam.cz</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Hi All,</span><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">i am new to midPoint and I would like to test it. I have installed 1 domain controller and midPoint server on CentOS machine.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">After few hours i have created user sync. Using import task i got all users to midPoint. Using Live syng i am able to perform changes to</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">AD from midPoint.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Hell came with trying of creating roles for management AD groups members. I am totaly lost. If i try to create Role, it is creating USER account in AD.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">If i have created groups in AD i am able to import them as a role. Coul;d someone helped me with initial setup? I am using midPoint 3.6.1 and it looks like</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">documentation is not complete.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Also i am getting error :</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span style="color:rgb(51,51,51);font-size:14px">No namespace in reference to attribute or association 'dn' in schema handling for 'AD Group (kind: ENTITLEMENT, intent: group)</span><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span style="color:rgb(51,51,51);font-size:14px"><br></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span style="color:rgb(51,51,51);font-size:14px">Is this root cause of all troubles? </span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span style="color:rgb(51,51,51);font-size:14px"><br></span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span style="color:rgb(51,51,51);font-size:14px">Thanks</span></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div><br>Honza</div></div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>