<div dir="ltr">Can you provide a little detail on what was the issue, just for other readers' information?</div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 5, 2018 at 2:57 AM LECOMTE ANTOINE <<a href="mailto:antoine.lecomte@univ-lyon1.fr">antoine.lecomte@univ-lyon1.fr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="FR" link="#0563C1" vlink="#954F72">
<div class="m_8352894353470291664WordSection1">
<p class="MsoNormal"><span style="color:#1f497d">Hi again,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">I self-resolve my problem with the correct use of Metarole :
<a href="https://wiki.evolveum.com/display/midPoint/Roles,+Metaroles+and+Generic+Synchronization" target="_blank">
https://wiki.evolveum.com/display/midPoint/Roles,+Metaroles+and+Generic+Synchronization</a><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">Antoine.<u></u><u></u></span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span>De :</span></b><span> midPoint [mailto:<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists.evolveum.com</a>]
<b>De la part de</b> LECOMTE ANTOINE<br>
<b>Envoyé :</b> Tuesday, December 4, 2018 2:37 PM<br>
<b>À :</b> <a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
<b>Objet :</b> [midPoint] OpenLDAP groups/users association (Midpoint 3.9)<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Hello,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">I am testing the management of identities and groups to populate an Active Directory and an openLDAP from a database.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">In Midpoint, users are created and assigned to organizations.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">In the AD resource, I achieve to create them as well and replicate the assignments with association.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">But I need some help to parameter the association in the resource to openLDAP.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Users and groups (with a dummy account in member parameter) are created correctly.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The relation in openLDAP is not made : the association do not replicate the assignments between users and organizations.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">How can I parameter the association to replicate this link ?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">It seems as the resource is not using the association at all.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">You can see below each objectType minus all the attributes.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><objectType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <kind>account</kind><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <displayName>Normal Account</displayName><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <default>true</default><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <objectClass>ri:inetOrgPerson</objectClass><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span><auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass><u></u><u></u></p>
<p class="MsoNormal"> <auxiliaryObjectClass>ri:supannPerson</auxiliaryObjectClass><u></u><u></u></p>
<p class="MsoNormal"> <span lang="EN-US"><auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <association><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <ref>ri:group</ref><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <displayName>LDAP Group Membership</displayName><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <kind>entitlement</kind><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <intent>ldapGroup</intent><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span><direction>objectToSubject</direction><u></u><u></u></p>
<p class="MsoNormal"> <associationAttribute>ri:member</associationAttribute><u></u><u></u></p>
<p class="MsoNormal"> <valueAttribute>ri:dn</valueAttribute><u></u><u></u></p>
<p class="MsoNormal"> <span lang="EN-US"></association><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><objectType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><objectType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <kind>entitlement</kind><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <intent>ldapGroup</intent><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <displayName>LDAP Group</displayName><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <objectClass>ri:groupOfNames</objectClass><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <baseContext><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <objectClass>ri:organizationalUnit</objectClass><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <filter><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <q:equal><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <q:path>attributes/dn</q:path><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <q:value>ou=groups,dc=univ-lyon1,dc=fr</q:value><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </q:equal><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </filter><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </baseContext><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><objectType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Case 1 : I specify a dummy user into the attribute member of the entitlement objectType. The group is created but with only the dummy member.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><attribute><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <ref>ri:member</ref><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <fetchStrategy>minimal</fetchStrategy><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <outbound><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <strength>weak</strength><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <expression><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> <value>cn=fake,dc=evolveum,dc=net</value><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </expression><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"> </outbound><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"></attribute><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Case 2 : no member attribute. The group cannot be created because member is needed for the creation.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Antoine.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Devin Rosenbauer<br>Principal Consultant<br>Identity Works LLC<br>+1 585 210 3201<br></div></div>