<div dir="auto"><div>Thanks for the hint, Pavol. I did as you have said and it worked perfectly.</div><div dir="auto"><br></div><div dir="auto"><br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">Em ter., 26 de mar. de 2024, 11:34, Pavol Mederly via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div>
<p>Hi Carlos,</p>
<p>it's a matter of correct setup of your object types.</p>
<p>In particular, the <i>resource object type delineation </i>is
what drives the classification process.</p>
<p><a href="https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation" target="_blank" rel="noreferrer">https://docs.evolveum.com/midpoint/reference/support-4.8/resources/resource-configuration/schema-handling/changes-in-4.6/#resource-object-type-delineation</a></p>
<p>It seems that even our demo is not quite finished with this
regard. It really treats all "groupOfNames" objects as
entitlement/group object type.</p>
<p>Best regards,<br>
</p>
<pre cols="72">--
Pavol Mederly
Software developer
<a href="http://evolveum.com" target="_blank" rel="noreferrer">evolveum.com</a></pre>
<div>On 26/03/2024 12:59, Carlos Ferreira
via midPoint wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello, everyone,<br>
<br>
<br>
I have an Active Directory resource that has 2 complex types.
One - configured with kind=generic, intent=listAD - estabilishes
a link between an AD group and a Midpoint OU. The other one -
configured with kind=entitlement, intent=GroupAD - should
connect and AD group with a Midpoint role.<br>
<br>
The first one is marked as "default".<br>
<br>
In the wizard, when a select <br>
<br>
"Resource objects", select objectclass "group" and try to import
a group as a role, the shadow object is always set up with
"kind=generic, intent=listAD".<br>
<br>
In Midpoint 4.1, for example, when importing any object from a
resource, we were able to select what "intent" we were referring
to and the process worked very fine.<br>
<br>
But now - in Midpoint 4.8 - we can select only the object class
- "user" or "group" (in case of AD), so the link is always
related to the default intent.<br>
<br>
If anyone wants to simulate a similar situation, you can use the
MIDPOINT DEMO repository (<a href="https://demo.evolveum.com/" target="_blank" rel="noreferrer">https://demo.evolveum.com/</a>):<br>
<br>
1. select "repository"->"all objects" from the main menu;<br>
2. select "shadow" -> "ldap server" and "P0002" as name;<br>
3. verify that <kind>entitlement</kind> and
<intent>ldapProject</intent>;<br>
4. delete that shadow;<br>
5. select the "ldap server" resource;<br>
6. select "resource objects";<br>
7. try to import "cn=P0002,ou=Projects,dc=example,dc=com";<br>
8. see that the new "shadow" created for
"'cn=P0002,ou=Projects,dc=example,dc=com" has <br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
and the object itself is not linked to anything.<br>
<br>
Is this the expected behaviour or did I miss anything?<br>
<div><br>
</div>
<div>Thks,</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" rel="noreferrer">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" rel="noreferrer">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" rel="noreferrer">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div></div></div>