<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Ubuntu;
panose-1:2 11 5 4 3 6 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.DefaultFontHxMailStyle
{mso-style-name:"Default Font HxMail Style";
font-family:"Ubuntu",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.gmail-m-3716955822923281709defaultfonthxmailstyle
{mso-style-name:gmail-m_-3716955822923281709defaultfonthxmailstyle;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span class=DefaultFontHxMailStyle>Yes,<o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle>AD inbound sync to midpoint, midpoint detects changes, creates role, adds members, then midpoint outbound sync to openldap creates group and members. It also works the other direction if you also have inbound sync from openldap.<o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle>For this question, I think you have to take a step back and first read up on metaroles,<o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><i><span style='font-size:10.0pt'>“</span></i></span><i><span style='font-size:10.0pt'>How will it happen when I add the metarole? What task will I run?”<o:p></o:p></span></i></p><p class=MsoNormal><i><span style='font-size:10.0pt'><o:p> </o:p></span></i></p><p class=MsoNormal><span style='font-family:"Ubuntu",sans-serif'>The midpoint book is a good place and covers most of it,<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Ubuntu",sans-serif'><a href="https://docs.evolveum.com/book/">https://docs.evolveum.com/book/</a><o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:mrveceylan@gmail.com">mceylan</a><br><b>Sent: </b>Wednesday, March 4, 2020 1:36 AM<br><b>To: </b><a href="mailto:midpoint@lists.evolveum.com">midPoint General Discussion</a><br><b>Subject: </b>Re: [midPoint] LDAP group sync</p></div><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><div><p class=MsoNormal>Jason, thanks for your answer<br>So I added this role in the same way, how will the scenario be?<br><br>1. AD and LDAP connected to midpoint as source<br>2. AD is a reliable source and the user added there occurs in midpoint and LDAP.<br>3. Create manual group and add user in AD. The same group should occur automatically in midpoint and LDAP. How will it happen when I add the metarole? What task will I run?</p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks,</p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Jason Everling <<a href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a>>, 3 Mar 2020 Sal, 18:17 tarihinde şunu yazdı:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle>Yes, since you have midpoint setup to sync Active Directory and OpenLDAP then when you create a group in Active directory it gets created via live sync in midpoint which in turn then gets created in openldap because you have a metarole that says it should. We do this currently.</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle>See attached metarole, you must have inbound group sync working for booth AD and OpenLDAP.</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>From: </b><a href="mailto:mrveceylan@gmail.com" target="_blank">mceylan</a><br><b>Sent: </b>Tuesday, March 3, 2020 8:50 AM<br><b>To: </b><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midPoint General Discussion</a><br><b>Subject: </b>Re: [midPoint] LDAP group sync</p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi,</p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>No, When I open the group manually in Active Directory, I want to automatically create the same group in openldap and synchronize the users within the groups. So both group synchronization and user.</p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>We can assign a group to the user via midpoint with the role, but that's not what I want.</p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks,</p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Gómez Martínez, Elsa <<a href="mailto:egomezm@minsait.com" target="_blank">egomezm@minsait.com</a>>, 3 Mar 2020 Sal, 14:22 tarihinde şunu yazdı:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES style='color:#1F497D'>Hi!</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES style='color:#1F497D'> </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Could you explain with more detail? </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Did you mean the next flow: </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Users in AD </span><span style='font-family:Wingdings;color:#1F497D'>à</span><span style='color:#1F497D'> MidPoint </span><span style='font-family:Wingdings;color:#1F497D'>à</span><span style='color:#1F497D'> Ldap?</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'> </span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#1F497D'>Elsa</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span lang=ES>De:</span></b><span lang=ES> midPoint <<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists.evolveum.com</a>> <b>En nombre de </b>Jason Everling<br><b>Enviado el:</b> lunes, 2 de marzo de 2020 20:26<br><b>Para:</b> midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Asunto:</b> Re: [midPoint] LDAP group sync</span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>You just add both constructions/inducements to the metarole that creates the group and members, you could have as many different ldap servers as possible</span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p></div><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>On Mon, Mar 2, 2020 at 9:51 AM mceylan <<a href="mailto:mrveceylan@gmail.com" target="_blank">mrveceylan@gmail.com</a>> wrote:</span></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>Hi,</span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>I am trying to synchronize groups between AD and ldap.<br>I want it to automatically create the group created in AD over midpoint in ldap. Can you help with this?<br clear=all></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES> </span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>Thanks,</span></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=ES>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></span></p></blockquote></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br clear=all></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> </p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- </p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Merve CEYLAN</p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span class=gmail-m-3716955822923281709defaultfonthxmailstyle> </span></p></div></div><p class=MsoNormal>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p></blockquote></div><p class=MsoNormal><br clear=all></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>-- </p><p class=MsoNormal>Merve CEYLAN</p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p></div></body></html>