<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Emoji";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Roboto;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1806123446;
mso-list-type:hybrid;
mso-list-template-ids:1273517076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">Your solution would work, BUT, i said confluence as an example, I will have hundreds of roles so hardcoding this in the code would make the XML very big and hard to maintain. But it
would work I guess<o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l0 level1 lfo1">I have actually accomplished this using the association explained here
<a href="https://wiki.evolveum.com/display/midPoint/Inbound+Mapping#InboundMapping-Association">
https://wiki.evolveum.com/display/midPoint/Inbound+Mapping#InboundMapping-Association</a><span style="color:black"> in the Example “</span><b>Modified inbound example for associations (since 3.9)"<br>
</b>But this will only work for mappings of “1 midpoint role” <-> “1 ad role”<b><o:p></o:p></b></li></ul>
<p class="MsoListParagraph"><b><o:p> </o:p></b></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="color:#4472C4;margin-left:0cm;mso-list:l0 level1 lfo1">
<span style="color:windowtext">I also tried another approach, using a Bulk Action (code below), I am able to find all the accounts in a certain resource which has a certain AD group assigned, but as the role is assigned to a user, not to an account, I don’t
know to continue. I guess there will be a way to find the owner of the Shadow Account… I would appreciate someone’s help about this, as I think this is the best solution, as I could create a bulk action per role, and also map more than one AD role to one midpoint
role<br>
</span><span style="color:red"><br>
</span><s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> xmlns:xsd="http://www.w3.org/2001/XMLSchema"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <s:type>ShadowType</s:type><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <s:searchFilter><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <and xmlns="http://prism.evolveum.com/xml/ns/public/query-3"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <ref><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <path>resourceRef</path><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <value xsi:type="c:ObjectReferenceType" oid="cccccccc-0000-0000-0001-000000000001"/><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </ref><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <equal><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <path>kind</path><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <value xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/10000000-0000-0000-0000-000000000004">account</value><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </equal><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <equal><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <path>attributes/memberOf</path><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <value>CN=Confluence...</value><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </equal><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </and><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </s:searchFilter><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><b><span style="color:black"> </span>
</b><b><span style="font-family:Wingdings;color:black">ß</span><span style="color:black"> I would change this action to the assign role action, but right now I am using the LOG action so I can see the results in the midpoint.log file
</span></b><b><span style="font-family:Wingdings;color:black">à</span><span style="color:black"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <s:action><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> <s:type>log</s:type><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"> </s:action><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:36.0pt"><span style="color:#4472C4"></s:search><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Javier Laza<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#262626">Cloud Security Operations
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#262626">(o) +34 942.247.600 EXT: 2100
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#404040">Plaza de Manuel Llano, Santander, Spain, 39011<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#404040"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10.0pt;font-family:"Arial",sans-serif"><img border="0" width="144" height="31" style="width:1.5in;height:.3229in" id="Picture_x0020_7" src="cid:image007.jpg@01D6B817.12839460"></span><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><a href="http://bit.ly/IngramTwitter"><span style="color:blue">Twitter</span></a> | <a href="http://bit.ly/IngramLinkedIN"><span style="color:blue">LinkedIn</span></a> |</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#18376A"> <a href="http://bit.ly/IngramFacebook"><span style="color:blue">Facebook</span></a> </span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">|</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#18376A"> <a href="http://bit.ly/IngramYouTube"><span style="color:blue">YouTube</span></a> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#404040">This email may contain material that is confidential, and proprietary to Ingram Micro and subsidiaries, for the sole use of the intended recipient. Any review,
reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> Loïc SCHAMBER <lschamber@positivethinking.tech>
<br>
<b>Sent:</b> martes, 10 de noviembre de 2020 14:33<br>
<b>To:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Cc:</b> Laza, Javier <Javier.Laza@ingrammicro.com><br>
<b>Subject:</b> RE: Midpoint Role based on AD Group<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="FR-CH">Hi Javier,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR-CH"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">As you don’t use midpoint for provisioning purposes I think you could use inbound mapping in your AD resource to achieve your goal.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">In your memberOf attribute you could have such mapping<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:35.4pt;text-indent:35.4pt;line-height:12.0pt;background:#FFFFFE">
<span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">inbound</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">expression</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">assignmentTargetSearch</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xmlns:xsi</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xmlns:c</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xsi:type</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"c:AssignmentTargetSearchExpressionEvaluatorType"></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">targetType</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">RoleType</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">targetType</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">oid</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">your-oid</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">oid</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">assignmentTargetSearch</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">expression</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">condition</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">script</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xmlns:xsi</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xmlns:c</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:red">xsi:type</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">=</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">"c:ScriptExpressionEvaluatorType"></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">code</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> // Check if input == CN=Confluence…</span><span lang="EN-GB" style="color:black">
</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">code</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">script</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">condition</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">target</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"><</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">c:path</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black">assignment</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">c:path</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">target</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:#FFFFFE"><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"> </span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue"></</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:maroon">inbound</span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:blue">></span><span lang="EN-GB" style="font-size:9.0pt;font-family:Consolas;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I’m not sure about data structure inside input but you should retrieve the memberOf values. I let you check logs on script expression for it
</span><span lang="EN-GB" style="font-family:"Segoe UI Emoji",sans-serif">😉</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="188" style="width:141.0pt;border:none;border-right:solid #FF0044 2.25pt;padding:0cm 7.5pt 0cm 0cm">
<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right">
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.positivethinking.tech_&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=BcNa4VjmQrGO_PcIPxx8wfVEqQZuy73IBhVRVNF-0-E&e="><span style="color:blue;text-decoration:none"><img border="0" width="170" height="79" style="width:1.7708in;height:.8229in" id="Picture_x0020_1" src="cid:image008.png@01D6B817.12839460" alt="logo"></span></a><o:p></o:p></p>
</td>
<td width="10" style="width:7.5pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"> <o:p></o:p></p>
</td>
<td width="497" valign="top" style="width:372.75pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#FF0044">Loïc Schamber</span></b><span lang="EN-GB" style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777">
</span><span lang="EN-GB" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#777777"> | IT Consultant<br>
</span><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><a href="mailto:lschamber@positivethinking.tech"><span lang="EN-GB" style="color:#FF0044">lschamber@positivethinking.tech</span></a></span><span lang="EN-GB" style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><br>
Tel. </span><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><a href="tel:+41%2022%20721%2007%2077"><span style="color:#FF0044">+41 22 721 07 77</span></a> | Direct.
<a href="tel:+41%2022%20555%2027%2069"><span style="color:#FF0044">+41 22 555 27 69</span></a>
<br>
<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="border:none;border-right:solid #FF0044 2.25pt;padding:0cm 7.5pt 0cm 0cm">
<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right">
<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.linkedin.com_company_the-2Dpositive-2Dthinking-2Dcompany_&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=Nr13knzBKQl3zEjVel2Nuv9MllJh4P3DID6vxJVnpn0&e=" target="_blank"><span style="color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="Picture_x0020_2" src="cid:image009.png@01D6B817.12839460" alt="LinkedIn"></span></a>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.instagram.com_positivethinkingcompany_&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=yJ1FfKWgIIzTXlsYz9OZsi3eyS-9ljfag8VMETjAK5M&e=" target="_blank">
<span style="color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="Picture_x0020_3" src="cid:image010.png@01D6B817.12839460" alt="Instagram"></span></a>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_PTC-5FTech&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=DH0eC8p3MWkvgvp2IzqJ6ZRtbCpHCAYL_blgNfH7hbI&e=" target="_blank">
<span style="color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="Picture_x0020_4" src="cid:image011.png@01D6B817.12839460" alt="Vimeo"></span></a>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__youtube.com_channel_UCfaImWa6r0IoZoUYLhbiF7w&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=H3Pbf-gsEwRauD7KZlJNstGXgv5F8yNYOQKa0mD4KXE&e=" target="_blank">
<span style="color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="Picture_x0020_5" src="cid:image012.png@01D6B817.12839460" alt="Vimeo"></span></a><o:p></o:p></p>
</td>
<td valign="bottom" style="padding:0cm 0cm 0cm 0cm"></td>
<td valign="bottom" style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777">Chemin du Pré-Fleuri 5 – CH 1228 Plan-les-Ouates</span><span style="font-size:3.5pt;font-family:"Tahoma",sans-serif;color:#777777"> </span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:black"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__positivethinking.tech_&d=DwMGaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=luACZ0EY0uRzPR37-IsowD1wg3JKCvPsNeFS0eLA0NA&s=vgW1xBF0zZLUz1YsFw2njVxwYFoKfmv2SjcpiSdzOJc&e="><span lang="FR-CH" style="color:blue;text-decoration:none"><img border="0" width="500" height="204" style="width:5.2083in;height:2.125in" id="Picture_x0020_6" src="cid:image013.png@01D6B817.12839460" alt="logo"></span></a></span><span lang="FR-CH"><o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="FR-CH">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><b><span lang="EN-GB" style="font-size:8.0pt;font-family:Roboto;color:#FF0044">Help save paper, do you really need to print this email?</span></b><span lang="EN-GB" style="font-size:8.0pt;font-family:Roboto;color:#FF0044">
</span><span lang="EN-GB"><br>
</span><i><span lang="EN-GB" style="font-size:8.0pt;font-family:Roboto;color:#777777">The content of this email and any attachments are confidential and are intended solely for the person and/or company to whom they are addressed. The information may also be
legally privileged. No employee or agent is authorized to conclude any binding agreement on behalf of Positive Thinking Company with another party by email without express written confirmation. If you have received this email in error, any use, reproduction
or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by return E-mail and delete this message, its attachments and all copies from your system. Internet communications cannot
be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
</span></i><i><span lang="FR-CH" style="font-size:8.0pt;font-family:Roboto;color:#777777">Thank you for your cooperation.
<br>
</span></i><span lang="FR-CH"><o:p></o:p></span></p>
</div>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> midPoint <<a href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>>
<b>On Behalf Of </b>Laza, Javier via midPoint<br>
<b>Sent:</b> mardi, 10 novembre 2020 11:06<br>
<b>To:</b> midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
<b>Cc:</b> Laza, Javier <<a href="mailto:Javier.Laza@ingrammicro.com">Javier.Laza@ingrammicro.com</a>><br>
<b>Subject:</b> [midPoint] Midpoint Role based on AD Group<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span lang="FR-CH"><o:p> </o:p></span></p>
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am not using midpoint for provisioning purposes but to have a global view of all my users and its accounts.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I want to read the accounts in the resources and map roles based on that. For example, I have the following role, which based on the user’s subtype assigns the Associate role to the user. I have another role for Contrators. This approach
works, so I can go to the user’s assignments and check if he/she is a contractor or associate<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><role><o:p></o:p></p>
<p class="MsoNormal"> <name> Associate</name><o:p></o:p></p>
<p class="MsoNormal"> <description> Employee</description><o:p></o:p></p>
<p class="MsoNormal"> <displayName> Associate</displayName><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <autoassign><o:p></o:p></p>
<p class="MsoNormal"> <enabled>true</enabled><o:p></o:p></p>
<p class="MsoNormal"> <focus><o:p></o:p></p>
<p class="MsoNormal"> <selector><o:p></o:p></p>
<p class="MsoNormal"> <type>UserType</type><o:p></o:p></p>
<p class="MsoNormal"> </selector><o:p></o:p></p>
<p class="MsoNormal"> <mapping><o:p></o:p></p>
<p class="MsoNormal"> <strength>strong</strength><o:p></o:p></p>
<p class="MsoNormal"> <source><o:p></o:p></p>
<p class="MsoNormal"> <path>subtype</path><o:p></o:p></p>
<p class="MsoNormal"> </source><o:p></o:p></p>
<p class="MsoNormal"> <condition><o:p></o:p></p>
<p class="MsoNormal"> <script><o:p></o:p></p>
<p class="MsoNormal"> <code><o:p></o:p></p>
<p class="MsoNormal"> subtype == 'Associate'<o:p></o:p></p>
<p class="MsoNormal"> </code><o:p></o:p></p>
<p class="MsoNormal"> </script><o:p></o:p></p>
<p class="MsoNormal"> </condition><o:p></o:p></p>
<p class="MsoNormal"> </mapping><o:p></o:p></p>
<p class="MsoNormal"> </focus><o:p></o:p></p>
<p class="MsoNormal"> </autoassign><o:p></o:p></p>
<p class="MsoNormal"></role><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Now, I have an AD group that contains the users with access to Confluence. How could I create a role for this?<o:p></o:p></p>
<p class="MsoNormal">How could I create a role that checks whether a user has an account in certain resource, and if so, if the account’s memberOf attribute contains ‘CN=Confluence, OU=Access Groups,DC=example,DC=com’?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
<p><span style="font-size:7.5pt"><br>
La información contenida en este mensaje es confidencial. En caso de que reciba este mensaje por error le rogamos lo comunique a la mayor brevedad al emisor y proceda a su eliminación definitiva, absteniéndose de copiar, almacenar o difundir su contenido. De
acuerdo con lo establecido en la Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal y en el Reglamento de Desarrollo 1720/2007, los datos personales que facilite a través de la dirección de correo indicada serán incorporados a un fichero titularidad
de INGRAM MICRO, S.L.U., con domicilio en C/ Antonio Machado, 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans). Mediante el envío de sus datos, Ud. otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para el tratamiento de sus datos, con la finalidad
de atender a su consulta y/o mantener la relación profesional, comercial, y/o contractual que en su caso establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus derechos de acceso, rectificación, cancelación y oposición notificándolo por escrito a la dirección
del remitente, o a la siguiente dirección de correo <a href="mailto:nuevascuentas@ingrammicro.es">
nuevascuentas@ingrammicro.es</a>. De acuerdo con la Ley 34/2002, de Servicios de la Sociedad de la Información y de Comercio Electrónico, Vd. podrá oponerse en cualquier momento al tratamiento de sus datos con fines promocionales notificándonoslo por escrito
a la dirección de correo mencionada.<br>
.................................................................................................................................................................................................................................................<br>
The information contained in this message is confidential. If you receive this message by error please notify it as soon as possible to the sender and proceed to their final elimination by not copy, store or distribute its content. In accordance of what is
stated in the Law 15/1999, of Data Personal Protection and Regulation Rule 1720/2007, the personal data provided through the email address you entered will be included in a file owned by INGRAM MICRO, SLU, located at C/ Antonio Machado, 78-80 1ª y 2ª pl. Business
Park ( 08840-Viladecans). By submitting your data, you expressly give your consent to INGRAM MICRO, SLU, to the treatment of your data, in order to answer to your questions and / or keep the professional, commercial relationship and / or contractual set with
INGRAM MICRO, SLU You can exercise your rights of access, rectification, cancellation and opposition by giving written notification to the sender address or to the following email:
<a href="mailto:nuevascuentas@ingrammicro.es">nuevascuentas@ingrammicro.es</a>. According to Law 34/2002, of the Information Society and Electronic Commerce, you may object at any time to your data treatment for promotional purposes by notifying us in writing
to the email address above.<br>
<span style="color:white">[Ingram_2818e5de]</span></span><o:p></o:p></p>
</div>
</body>
</html>