<div dir="ltr">Dear Hertzog,<div><br></div><div>Please, try something like this:<br><br>a) to retrieve users:<br><br> <objectType id="93"><br> <kind>account</kind><br> <intent>usuarios</intent><br> <displayName>Account</displayName><br> <description>Usuarios do TRT3 no openldap</description><br> <default>false</default><br> <objectClass>ri:inetOrgPerson</objectClass><br> <auxiliaryObjectClassMappings><br> <tolerant>true</tolerant><br> </auxiliaryObjectClassMappings><br> <delineation><br> <objectClass>ri:inetOrgPerson</objectClass><br> <baseContext><br> <objectClass>ri:organizationalUnit</objectClass><br> <filter><br> <q:equal><br> <q:path>attributes/dn</q:path><br> <q:value>OU=Usuarios,DC=trt</q:value><br> </q:equal><br> </filter><br> </baseContext><br> <searchHierarchyScope>sub</searchHierarchyScope><br> </delineation><br> <focus><br> <type>c:UserType</type><br> </focus></div><div><br></div><div><....><br><br>b) to retrieve groups<br><br> <objectType id="353"><br> <kind>entitlement</kind><br> <intent>unixgroup</intent><br> <displayName>LDAP Sistemas Posixgroup</displayName><br> <lifecycleState>active</lifecycleState><br> <objectClass>ri:posixGroup</objectClass><br> <delineation><br> <objectClass>ri:posixGroup</objectClass><br> <baseContext><br> <objectClass>ri:organizationalUnit</objectClass><br> <filter><br> <q:equal><br> <q:path>attributes/dn</q:path><br> <q:value>ou=sistemas,dc=trt</q:value><br> </q:equal><br> </filter><br> </baseContext><br> <searchHierarchyScope>sub</searchHierarchyScope><br> </delineation><br> <focus><br> <type><br><br><br>PS: remember to define the <generationConstraints> clause as, for example,<br><br> <schema><br> <cachingMetadata><br> <retrievalTimestamp>2025-07-09T20:46:49.027-03:00</retrievalTimestamp><br> <serialNumber>f8db8d23d47e12c5-4a144a735909e4b0</serialNumber><br> </cachingMetadata><br> <generationConstraints><br> <generateObjectClass>ri:inetOrgPerson</generateObjectClass><br> <generateObjectClass>ri:groupOfNames</generateObjectClass><br> <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br> <generateObjectClass>ri:posixGroup</generateObjectClass><br> <generateObjectClass>ri:organizationalUnit</generateObjectClass><br> <generateObjectClass>ri:posixAccount</generateObjectClass><br> <generateObjectClass>ri:sambaSamAccount</generateObjectClass><br> <generateObjectClass>ri:shadowAccount</generateObjectClass><br> <generateObjectClass>ri:qmailUser</generateObjectClass><br> <generateObjectClass>ri:sambaGroupMapping</generateObjectClass><br> <generateObjectClass>ri:sambaUnixIdPool</generateObjectClass><br> </generationConstraints><br><br>--> every objectclass defined on your resource must be informed.<br><br>Carlos</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Em qua., 16 de jul. de 2025 às 05:33, HERTZOG Philippe via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg6530752830024335651">
<div lang="FR" style="overflow-wrap: break-word;">
<div class="m_3732303775923350525WordSection1">
<p class="MsoNormal"><span style="font-family:Lato,sans-serif">Hello,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">I’m using midPoint 4.9.3 to create a POC.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">I’m creating a resource connected to a LDAP server using the out of the box LDAP connector. The structure of my legacy LDAP is as following<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">+ DC=Acme<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"> + cn=Groups<u></u><u></u></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="m_3732303775923350525MsoListParagraph" style="margin-left:52.5pt"><span lang="EN-US" style="font-family:Lato,sans-serif">Groups entries<u></u><u></u></span></li></ul>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:Lato,sans-serif">+ cn=Users<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:35.4pt"><span lang="EN-US" style="font-family:Lato,sans-serif"> + cn=External<u></u><u></u></span></p>
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<li class="m_3732303775923350525MsoListParagraph" style="margin-left:52.5pt"><span lang="EN-US" style="font-family:Lato,sans-serif">Several users entries create by another system<u></u><u></u></span></li></ul>
</ul>
<p class="MsoNormal" style="margin-left:70.5pt"><span lang="EN-US" style="font-family:Lato,sans-serif">+ cn=Iga<u></u><u></u></span></p>
<ul style="margin-top:0cm" type="disc">
<ul style="margin-top:0cm" type="circle">
<li class="m_3732303775923350525MsoListParagraph" style="margin-left:52.5pt"><span lang="EN-US" style="font-family:Lato,sans-serif">Users managed from midpoint<u></u><u></u></span></li></ul>
</ul>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">My objective is to have a resource that manages :
<u></u><u></u></span></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="m_3732303775923350525MsoListParagraph" style="margin-left:0cm"><span lang="EN-US" style="font-family:Lato,sans-serif">The users from the Iga branch<u></u><u></u></span></li><li class="m_3732303775923350525MsoListParagraph" style="margin-left:0cm"><span lang="EN-US" style="font-family:Lato,sans-serif">Add users to groups<u></u><u></u></span></li></ol>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">If I set the base context of my connector to cn=Iga, cn=Users,DC=Acme I can’t get the groups. So I set the base contxt to DC=Acme.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">But this way I retrieve all the users from cn=External also.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">I try to put a filter for the User Object Type. Th efilter I tried was attributes/dn contains “,cn=Iga” but it doesn’t filter as expected. I saw errors in the logs stating that it
is not possible to use wildcards on dn.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">So my question is : how can I implement this kind of scenario the best way?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:Lato,sans-serif">
<u></u><u></u></span></p>
<table border="0" cellspacing="0" cellpadding="0" style="margin-left:5.4pt;border-collapse:collapse">
<tbody>
<tr style="height:49.3pt">
<td width="261" style="width:195.9pt;padding:0cm 5.4pt 0cm 9.9pt;height:49.3pt">
<p class="MsoNormal" align="center" style="text-align:center"><a href="https://www.groupe.schmidt/" target="_blank"><span style="font-size:11pt;color:windowtext;text-decoration:none"><img border="0" width="241" height="126" style="width: 2.5104in; height: 1.3125in;" id="m_3732303775923350525Image_x0020_1" src="cid:ii_198135cdb015b16b23"></span></a><span style="font-size:11pt"><u></u><u></u></span></p>
</td>
<td width="387" valign="top" style="width:290.05pt;padding:0cm 5.4pt 0cm 9.9pt;height:49.3pt">
<p class="MsoNormal"><b><span style="font-size:3pt;font-family:"Century Gothic",sans-serif"><u></u> <u></u></span></b></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10pt;font-family:Calibri,sans-serif">Philippe Hertzog<u></u><u></u></span></b></p>
<p class="MsoNormal" style="margin-bottom:12pt"><i><span lang="EN-US" style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(166,25,40)">Architecte Cloud<u></u><u></u></span></i></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:9pt;font-family:Calibri,sans-serif;color:black">20 Rue Westrich - F 67600 Sélestat<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9pt;font-family:Calibri,sans-serif"><a href="mailto:philippe.hertzog@groupe.schmidt" target="_blank">philippe.hertzog@groupe.schmidt</a><br>
Tél : +33 3 88 57 xx xx<br>
Mobile : +33 6 1</span><span style="font-size:11pt">9</span><span style="font-size:9pt;font-family:Calibri,sans-serif"> 1</span><span style="font-size:11pt">8</span><span style="font-size:9pt;font-family:Calibri,sans-serif">
3</span><span style="font-size:11pt">2</span><span style="font-size:9pt;font-family:Calibri,sans-serif"> 7</span><span style="font-size:11pt">8
</span><span style="font-size:9pt;font-family:Calibri,sans-serif"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:4pt;font-family:Calibri,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:9pt;font-family:Calibri,sans-serif;color:rgb(166,25,40)"><a href="http://www.groupe.schmidt/" target="_blank"><span lang="EN-US">www.groupe.schmidt</span></a></span><span style="font-size:7pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);background:white">
</span><span lang="EN-US" style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);background:white">I
</span><a href="https://fr.linkedin.com/company/schmidt-groupe" target="_blank"><span style="font-size:18pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);text-decoration:none"><img border="0" width="10" height="10" style="width: 0.1041in; height: 0.1041in;" id="m_3732303775923350525Image_x0020_8" src="cid:ii_198135cdb00692e331"></span></a><span lang="EN-US" style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);background:white"> I</span><a href="https://www.facebook.com/SchmidtGroupe" target="_blank"><span lang="EN-US" style="font-size:14pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);background:white;text-decoration:none"><img border="0" width="10" height="10" style="width: 0.1041in; height: 0.1041in;" id="m_3732303775923350525Image_x0020_9" src="cid:ii_198135cdb017745b42"></span></a><span lang="EN-US" style="font-size:10pt;font-family:Calibri,sans-serif;color:rgb(166,25,40);background:white">I</span><span lang="EN-US" style="font-size:9pt;font-family:"Century Gothic",sans-serif;color:rgb(166,25,40)"><u></u><u></u></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div></blockquote></div>