0

I want to assign default roles (using AD groups) at the user creation in OpenIDM.

I already created and setted role assignments using the OpenIDM REST API but I want to add the user to AD groups without adding him a specific role.

Here is on of my role mapping : 

{
  "properties": {
    "description": "Data Provider Role"
  },
  "assignments": {
    "ad": {
      "attributes": [
        {
          "name": "ldapGroups",
          "assignmentOperation": "mergeWithTarget",
          "unassignmentOperation": "removeFromTarget",
         "value": [
             "CN=GRP_SHARE_USERS,CN=Users,DC=acme,DC=com"
         ]
        }
      ]
    },
     "alfresco": {
         "attributes": [
                 {
                     "name": "groups",
                     "value": "ACMEUSER"
                 }
             ],
         "onAssignment": {
             "file": "roles/onAssignment_alfresco.groovy",
             "type": "groovy"
         },
         "onUnassignment": {
             "file": "roles/onUnassignment_alfresco.groovy",
             "type": "groovy"
         }
     }
  }
}

How to proceed ? Can I modify the ldapGroups property on the "onCreate" script ?

Spawnrider
  • 1,727
  • 1
  • 19
  • 32
  • Your reference to "AD groups" makes this confusing - could you provide some detail on how you have your mapping configured? Also whether you are planning on creating these users from the mapping or instead directly via rest. – Jake Feasel Apr 02 '15 at 14:43
  • I plan to create user from the mapping and eventually assign roles at the same time. I just edited my question and added my role mapping. How can assign this role using the mapping or at the user creation in the target system ? – Spawnrider Apr 07 '15 at 15:36

0 Answers0