Thanks for the extra info Francesco,
I will try your approach after I succeed to do the way Fabio suggest or
rather if I cannot get it to work.
rgds,
Nik
In this approach suggested by Fabio you are directly dealing with the
internal mechanism provided by the ConnId LDAP connector.
Alternatively, you can empower
1. LDAPMembershipPropagationActions as propagation actions class
(choose this for "Actions class" when defining the LDAP resource from
the admin console)
2. LDAPMembershipSyncActions as synchronization actions class (choose
this for "Actions class" when defining the synchronization task from
the admin console)
This approach works under the assumption that:
1. you are using the same resource for both users and roles (e.g. you
have provided both user and role mapping for the resource)
2. you did not map the special attribute ldapGroups (as opposite of
the approach suggested by Fabio)
I know this should be better documented, it's already in my (long)
TODO list :-)
Regards.
