<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; } @font-face { font-family: "Cambria Math"; } @font-face { font-family: Calibri; } @font-face { font-family: Tahoma; } @font-face { font-family: Ubuntu; } p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; } .MsoChpDefault { font-size: 10pt; } @page WordSection1 { margin: 1in; } div.WordSection1 { }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi, <br>
</p>
<p><br>
</p>
<p>I think you will need to synchronize this AD Groups and membership with Midpoint Roles, then you can associate manage authorizations to this roles.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px"><font size="3"><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(31,73,125)">Paulo Fernandes de Souza Júnior</span></b><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(23,54,93)"></span></b><span style="font-family:Times New Roman">
</span><br style="font-family:Times New Roman">
<b style="font-family:Times New Roman"><span style="font-size:8pt; color:rgb(31,73,125)">NQPPPS<br>
</span></b><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Senado Federal -
</span></font><font size="3"><span style="font-size:8pt; font-family:Times New Roman; color:rgb(31,73,125)">PRODASEN<br>
</span><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Fone: 61 3303.3924</span></font><span style="color:rgb(31,73,125)"></span>
<br>
<br>
<p class="MsoNormal"><br>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>De:</b> midPoint <midpoint-bounces@lists.evolveum.com> em nome de Konstantin Tikhonov <Konstantin.Tikhonov@veeam.com><br>
<b>Enviado:</b> quarta-feira, 8 de abril de 2020 08:18<br>
<b>Para:</b> midPoint General Discussion<br>
<b>Assunto:</b> Re: [midPoint] Active Directory Authentication in midPoint</font>
<div> </div>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">Hi Guys.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">Let me share our results.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">We installed 4.0.2 version and AD auth started working. It was 4.1.0 version before and it looks this functionality doesn’t work there.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">But we noticed the following issue – we have to create the same user as we have in AD in midPoint and only after it authentication in AD works for this user. And it looks it
isn’t possible to manage rights in midPoint via AD groups.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">--</span></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">Best Regards,</span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black"> </span></b></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">Konstantin.</span></b><span lang="RU" style=""></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Konstantin Tikhonov <br>
<b>Sent:</b> Monday, April 6, 2020 5:24 PM<br>
<b>To:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Subject:</b> RE: [midPoint] Active Directory Authentication in midPoint</p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">Hello Guys,</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif">Thanks a lot for help. We’ll try and I’ll get to you with feedback about results.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">--</span></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">Best Regards,</span></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black"> </span></b></p>
<p class="MsoNormal"><b><span style="font-size:9.0pt; font-family:"Tahoma",sans-serif; color:black">Konstantin.</span></b><span lang="RU" style=""></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Tahoma",sans-serif"> </span></p>
</div>
</div>
</div>
</body>
</html>