<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Carlos,</p>
<p>it's a matter of correct setup of your object types.</p>
<p>In particular, the <i>resource object type delineation </i>is
what drives the classification process.</p>
<p><a
href="https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation"
class="moz-txt-link-freetext">https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation</a></p>
<p>It seems that even our demo is not quite finished with this
regard. It really treats all "groupOfNames" objects as
entitlement/group object type.</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">--
Pavol Mederly
Software developer
evolveum.com</pre>
<div class="moz-cite-prefix">On 26/03/2024 12:59, Carlos Ferreira
via midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJHEg66g-vyUR6-BHC1JNCNr-p2o7xs85JVyjN4bxVaTCpB28A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello, everyone,<br>
<br>
<br>
I have an Active Directory resource that has 2 complex types.
One - configured with kind=generic, intent=listAD - estabilishes
a link between an AD group and a Midpoint OU. The other one -
configured with kind=entitlement, intent=GroupAD - should
connect and AD group with a Midpoint role.<br>
<br>
The first one is marked as "default".<br>
<br>
In the wizard, when a select <br>
<br>
"Resource objects", select objectclass "group" and try to import
a group as a role, the shadow object is always set up with
"kind=generic, intent=listAD".<br>
<br>
In Midpoint 4.1, for example, when importing any object from a
resource, we were able to select what "intent" we were referring
to and the process worked very fine.<br>
<br>
But now - in Midpoint 4.8 - we can select only the object class
- "user" or "group" (in case of AD), so the link is always
related to the default intent.<br>
<br>
If anyone wants to simulate a similar situation, you can use the
MIDPOINT DEMO repository (<a href="https://demo.evolveum.com/"
moz-do-not-send="true" class="moz-txt-link-freetext">https://demo.evolveum.com/</a>):<br>
<br>
1. select "repository"->"all objects" from the main menu;<br>
2. select "shadow" -> "ldap server" and "P0002" as name;<br>
3. verify that <kind>entitlement</kind> and
<intent>ldapProject</intent>;<br>
4. delete that shadow;<br>
5. select the "ldap server" resource;<br>
6. select "resource objects";<br>
7. try to import "cn=P0002,ou=Projects,dc=example,dc=com";<br>
8. see that the new "shadow" created for
"'cn=P0002,ou=Projects,dc=example,dc=com" has <br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
and the object itself is not linked to anything.<br>
<br>
Is this the expected behaviour or did I miss anything?<br>
<div><br>
</div>
<div>Thks,</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>