From 7659d49a40a3ad2e92c0058b94b1fda601a5c03a Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Thu, 16 Aug 2018 14:56:53 +0200
Subject: [PATCH] Add midPoint objects

These objects are to be uploaded to the running midPoint instance;
for now - in the future they will be part of the Docker setup.
---
 .../midpoint-objects/linux.properties         |   8 +
 .../objectTemplates/template-org-course.xml   |  18 +
 .../template-org-department.xml               |  18 +
 .../template-role-affiliation.xml             |  17 +
 .../template-role-generic-group.xml           |  17 +
 .../midpoint-objects/orgs/org-courses.xml     |   6 +
 .../midpoint-objects/orgs/org-departments.xml |   6 +
 .../midpoint-objects/resources/ldap-edu.xml   | 418 +++++++++++++++++
 .../resources/ldap-grouper.xml                | 432 ++++++++++++++++++
 .../resources/scriptedsql-grouper.xml         | 129 ++++++
 .../resources/scriptedsql-sis-courses.xml     | 212 +++++++++
 .../roles/metarole-affiliation.xml            |  29 ++
 .../roles/metarole-course.xml                 |  38 ++
 .../roles/metarole-department.xml             |  29 ++
 .../roles/metarole-generic-group.xml          |  38 ++
 .../roles/role-grouper-basic.xml              |  18 +
 .../roles/role-grouper-sysadmin.xml           |  17 +
 .../SystemConfiguration.xml                   | 167 +++++++
 .../midpoint-objects/windows.properties       |   4 +
 19 files changed, 1621 insertions(+)
 create mode 100644 grouper-midpoint/midpoint-objects/linux.properties
 create mode 100644 grouper-midpoint/midpoint-objects/objectTemplates/template-org-course.xml
 create mode 100644 grouper-midpoint/midpoint-objects/objectTemplates/template-org-department.xml
 create mode 100644 grouper-midpoint/midpoint-objects/objectTemplates/template-role-affiliation.xml
 create mode 100644 grouper-midpoint/midpoint-objects/objectTemplates/template-role-generic-group.xml
 create mode 100644 grouper-midpoint/midpoint-objects/orgs/org-courses.xml
 create mode 100644 grouper-midpoint/midpoint-objects/orgs/org-departments.xml
 create mode 100644 grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
 create mode 100644 grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml
 create mode 100644 grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
 create mode 100644 grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/metarole-affiliation.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/metarole-course.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/metarole-department.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/role-grouper-basic.xml
 create mode 100644 grouper-midpoint/midpoint-objects/roles/role-grouper-sysadmin.xml
 create mode 100644 grouper-midpoint/midpoint-objects/systemConfigurations/SystemConfiguration.xml
 create mode 100644 grouper-midpoint/midpoint-objects/windows.properties

diff --git a/grouper-midpoint/midpoint-objects/linux.properties b/grouper-midpoint/midpoint-objects/linux.properties
new file mode 100644
index 0000000..5e9ae01
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/linux.properties
@@ -0,0 +1,8 @@
+s-data.ldap.host=s-data
+s-data.ldap.port=389
+s-data.db.host=s-data
+s-data.db.port=3306
+i-data.ldap.host=i-data
+i-data.ldap.port=389
+g-data.db.host=g-data
+g-data.db.port=3306
diff --git a/grouper-midpoint/midpoint-objects/objectTemplates/template-org-course.xml b/grouper-midpoint/midpoint-objects/objectTemplates/template-org-course.xml
new file mode 100644
index 0000000..4eafd08
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/objectTemplates/template-org-course.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="d35bdec6-643b-41d8-ad5d-8eeb701169d1">
+    <name>template-org-course</name>
+    <mapping>
+        <strength>strong</strength>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>RoleType</targetType>
+                <oid>8aa99e7b-f7d3-4585-9800-14bab4d26a43</oid>     <!--  metarole-course -->
+            </assignmentTargetSearch>
+        </expression>
+        <target>
+            <path>assignment</path>
+        </target>
+    </mapping>
+    
+</objectTemplate>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/objectTemplates/template-org-department.xml b/grouper-midpoint/midpoint-objects/objectTemplates/template-org-department.xml
new file mode 100644
index 0000000..df9b223
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/objectTemplates/template-org-department.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="0caf2f69-7c72-4946-b218-d84e78b2a057">
+    <name>template-org-department</name>
+    <mapping>
+        <strength>strong</strength>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>RoleType</targetType>
+                <oid>ffa9eaec-9539-4d15-97aa-24cd5b92ca5b</oid>     <!--  metarole-department -->
+            </assignmentTargetSearch>
+        </expression>
+        <target>
+            <path>assignment</path>
+        </target>
+    </mapping>
+    
+</objectTemplate>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/objectTemplates/template-role-affiliation.xml b/grouper-midpoint/midpoint-objects/objectTemplates/template-role-affiliation.xml
new file mode 100644
index 0000000..3a9c726
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/objectTemplates/template-role-affiliation.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="d87aa04f-189c-4d6f-b6e1-216dad622142">
+    <name>template-role-affiliation</name>
+    <mapping>
+        <strength>strong</strength>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>RoleType</targetType>
+                <oid>fecae27b-d1d3-40ae-95fa-8f7e44e2ee70</oid>     <!--  metarole-affiliation -->
+            </assignmentTargetSearch>
+        </expression>
+        <target>
+            <path>assignment</path>
+        </target>
+    </mapping>
+</objectTemplate>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/objectTemplates/template-role-generic-group.xml b/grouper-midpoint/midpoint-objects/objectTemplates/template-role-generic-group.xml
new file mode 100644
index 0000000..1205f6d
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/objectTemplates/template-role-generic-group.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="804f8658-0828-4dab-a2ed-f13985e4f80b">
+    <name>template-role-generic-group</name>
+    <mapping>
+        <strength>strong</strength>
+        <expression>
+            <assignmentTargetSearch>
+                <targetType>RoleType</targetType>
+                <oid>c691e15a-f30b-4e15-8445-532db07ceeeb</oid>     <!--  metarole-generic-group -->
+            </assignmentTargetSearch>
+        </expression>
+        <target>
+            <path>assignment</path>
+        </target>
+    </mapping>
+</objectTemplate>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/orgs/org-courses.xml b/grouper-midpoint/midpoint-objects/orgs/org-courses.xml
new file mode 100644
index 0000000..71d1f7e
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/orgs/org-courses.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="225e9360-0639-40ba-8a31-7f31bef067be">
+    <name>courses</name>
+    <displayName>Courses</displayName>
+</org>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/orgs/org-departments.xml b/grouper-midpoint/midpoint-objects/orgs/org-departments.xml
new file mode 100644
index 0000000..5320c1e
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/orgs/org-departments.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    oid="bee44c51-2469-411d-bac7-695728e9c241">
+    <name>departments</name>
+    <displayName>Departments</displayName>
+</org>
\ No newline at end of file
diff --git a/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml b/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
new file mode 100644
index 0000000..324dab2
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
@@ -0,0 +1,418 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License, 
+	Version 2.0 (the "License"); ~ you may not use this file except in compliance 
+	with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 
+	~ ~ Unless required by applicable law or agreed to in writing, software ~ 
+	distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT 
+	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the 
+	License for the specific language governing permissions and ~ limitations 
+	under the License. -->
+
+
+<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+	xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
+	xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+
+	<resource oid="18eceda9-b6cd-4bdd-a06b-e77d4fddf975">
+
+		<name>OpenLDAP edu (s-data)</name>
+
+		<connectorRef type="ConnectorType">
+			<filter>
+				<q:equal>
+					<q:path>c:connectorType</q:path>
+					<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
+				</q:equal>
+			</filter>
+		</connectorRef>
+
+		<connectorConfiguration
+			xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
+			<icfc:configurationProperties
+				xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
+				<icfcldap:port>$(s-data.ldap.port)</icfcldap:port>
+				<icfcldap:host>$(s-data.ldap.host)</icfcldap:host>
+				<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
+				<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
+				<icfcldap:bindPassword>
+					<t:clearValue>password</t:clearValue>
+				</icfcldap:bindPassword>
+				<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute>
+				<icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy> <!-- spr? -->
+				<icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute>
+				<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
+				<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+				<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes>
+				<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
+				<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm  -->
+				<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
+			</icfc:configurationProperties>
+			<icfc:resultsHandlerConfiguration>
+				<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
+				<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
+				<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
+			</icfc:resultsHandlerConfiguration>
+		</connectorConfiguration>
+
+		<schema>
+			<generationConstraints>
+				<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
+				<generateObjectClass>ri:eduPerson</generateObjectClass>
+				<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
+				<generateObjectClass>ri:groupOfNames</generateObjectClass>
+				<generateObjectClass>ri:organizationalUnit</generateObjectClass>
+			</generationConstraints>
+		</schema>
+
+		<schemaHandling>
+			<objectType>
+				<kind>account</kind>
+				<displayName>Normal Account</displayName>
+				<default>true</default>
+				<objectClass>ri:inetOrgPerson</objectClass>
+				<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
+				<attribute>
+					<ref>ri:dn</ref>
+					<displayName>Distinguished Name</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <inbound>
+                        <target>
+                            <path>extension/ldap_dn</path>
+                        </target>
+                    </inbound>
+                    <inbound>
+                        <strength>strong</strength>
+                        <expression>
+                            <assignmentTargetSearch>
+                                <targetType>RoleType</targetType>
+                                <oid>c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f</oid>     <!--  role-grouper-basic -->
+                                <assignmentProperties>
+                                    <subtype>grouper-basic</subtype>
+                                </assignmentProperties>
+                            </assignmentTargetSearch>
+                        </expression>                            
+                        <target>
+                            <path>assignment</path>
+                            <set>
+                                <condition>
+                                    <script>
+                                        <code>
+                                            assignment.subtype.contains('grouper-basic')
+                                        </code>
+                                    </script>
+                                </condition>
+                            </set>
+                        </target>
+                    </inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<displayName>Common Name</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<inbound>
+						<target>
+							<path>fullName</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:sn</ref>
+					<displayName>Surname</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<inbound>
+						<target>
+							<path>familyName</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:givenName</ref>
+					<displayName>Given Name</displayName>
+					<inbound>
+						<target>
+							<path>givenName</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:uid</ref>
+					<displayName>Login Name</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<inbound>
+						<target>
+							<path>name</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:mail</ref>
+					<displayName>Mail</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+					<inbound>
+						<target>
+							<path>emailAddress</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:employeeNumber</ref>
+					<inbound>
+						<target>
+							<path>employeeNumber</path>
+						</target>
+					</inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:businessCategory</ref>
+                    <inbound>
+                        <strength>strong</strength>
+                        <expression>
+                            <assignmentTargetSearch>
+                                <targetType>OrgType</targetType>
+                                <filter>
+                                    <q:equal>
+                                        <q:path>name</q:path>                       
+                                        <expression>
+                                            <script>
+                                                <code>
+                                                    'department_' + input
+                                                </code>
+                                            </script>
+                                        </expression>                       
+                                    </q:equal>
+                                </filter>
+                                <createOnDemand>true</createOnDemand>
+                                <populateObject>
+                                    <populateItem>
+                                        <expression>
+                                            <script>
+                                                <code>
+                                                    'department_' + input
+                                                </code>
+                                            </script>
+                                        </expression>
+                                        <target>
+                                            <path>name</path>
+                                        </target>
+                                    </populateItem>
+                                    <populateItem>
+                                        <expression>
+                                            <script>
+                                                <code>
+                                                    input
+                                                </code>
+                                            </script>
+                                        </expression>
+                                        <target>
+                                            <path>displayName</path>
+                                        </target>
+                                    </populateItem>
+                                    <populateItem>
+                                        <expression>
+                                            <assignmentTargetSearch>
+                                                <targetType>OrgType</targetType>
+                                                <oid>bee44c51-2469-411d-bac7-695728e9c241</oid>
+                                            </assignmentTargetSearch>
+                                        </expression>
+                                        <target>
+                                            <path>assignment</path>
+                                        </target>
+                                    </populateItem>
+                                    <populateItem>
+                                        <expression>
+                                            <script>
+                                                <code>
+                                                    input
+                                                </code>
+                                            </script>
+                                        </expression>
+                                        <target>
+                                            <path>identifier</path>
+                                        </target>
+                                    </populateItem>
+                                    <populateItem>
+                                        <expression>
+                                            <value>department</value>
+                                        </expression>
+                                        <target>
+                                            <path>subtype</path>
+                                        </target>
+                                    </populateItem>
+                                </populateObject>
+                                <assignmentProperties>
+                                    <subtype>department</subtype>
+                                </assignmentProperties>
+                            </assignmentTargetSearch>       
+                        </expression>
+                        <target>
+                            <path>assignment</path>
+                            <set>
+                                <condition>
+                                    <script>
+                                        <code>
+                                            assignment.subtype.contains('department')
+                                        </code>
+                                    </script>
+                                </condition>
+                            </set>
+                        </target>
+                    </inbound>
+				</attribute>
+				<attribute>
+					<ref>ri:eduPersonAffiliation</ref>
+					<inbound>
+						<strength>strong</strength>
+				    	<expression>
+            				<assignmentTargetSearch>
+            					<targetType>RoleType</targetType>
+        						<filter>
+									<q:equal>
+										<q:path>name</q:path>						
+										<expression>
+											<script>
+												<code>
+													'affiliation_' + input
+												</code>
+											</script>
+										</expression>						
+									</q:equal>
+								</filter>
+								<createOnDemand>true</createOnDemand>
+								<populateObject>
+									<populateItem>
+										<expression>
+											<script>
+												<code>
+													'affiliation_' + input
+												</code>
+											</script>
+										</expression>
+										<target>
+											<path>name</path>
+										</target>
+									</populateItem>
+									<populateItem>
+										<expression>
+											<script>
+												<code>
+													'Affiliation: ' + input
+												</code>
+											</script>
+										</expression>
+										<target>
+											<path>displayName</path>
+										</target>
+									</populateItem>
+                                    <populateItem>
+                                        <expression>
+                                            <script>
+                                                <code>
+                                                    input
+                                                </code>
+                                            </script>
+                                        </expression>
+                                        <target>
+                                            <path>identifier</path>
+                                        </target>
+                                    </populateItem>
+									<populateItem>
+										<expression>
+								    		<value>affiliation</value>
+										</expression>
+										<target>
+											<path>subtype</path>
+										</target>
+									</populateItem>
+								</populateObject>
+								<assignmentProperties>
+									<subtype>affiliation</subtype>
+								</assignmentProperties>
+            				</assignmentTargetSearch>    	
+    					</expression>
+    					<target>
+    						<path>assignment</path>
+							<set>
+					            <condition>
+					                <script>
+					                    <code>
+					                    	assignment.subtype.contains('affiliation')
+					                    </code>
+					                </script>
+					            </condition>
+					        </set>
+    					</target>
+    				</inbound>
+				</attribute>
+				<protected>
+					<filter>
+						<q:equal>
+							<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
+							<q:path>attributes/ri:dn</q:path>
+							<q:value>cn=root,dc=internet2,dc=edu</q:value>
+						</q:equal>
+					</filter>
+				</protected>
+			</objectType>
+
+		</schemaHandling>
+
+		<synchronization>
+			<objectSynchronization>
+				<enabled>true</enabled>
+
+				<correlation>
+					<q:equal>
+						<q:path>name</q:path>
+						<expression>
+							<path>
+								declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+								$account/attributes/ri:uid
+							</path>
+						</expression>
+					</q:equal>
+				</correlation>
+
+				<reaction>
+					<situation>linked</situation>
+					<synchronize>true</synchronize>
+				</reaction>
+				<reaction>
+					<situation>deleted</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+					</action>
+				</reaction>
+				<reaction>
+					<situation>unlinked</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+					</action>
+				</reaction>
+				<reaction>
+					<situation>unmatched</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+					</action>
+				</reaction>
+			</objectSynchronization>
+		</synchronization>
+
+	</resource>
+
+</objects>
diff --git a/grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml b/grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml
new file mode 100644
index 0000000..e8b883e
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml
@@ -0,0 +1,432 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License, 
+	Version 2.0 (the "License"); ~ you may not use this file except in compliance 
+	with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 
+	~ ~ Unless required by applicable law or agreed to in writing, software ~ 
+	distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT 
+	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the 
+	License for the specific language governing permissions and ~ limitations 
+	under the License. -->
+
+
+<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+	xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+	xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+	xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
+	xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+
+	<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272">
+
+		<name>OpenLDAP for Grouper (i-data)</name>
+
+		<connectorRef type="ConnectorType">
+			<filter>
+				<q:equal>
+					<q:path>c:connectorType</q:path>
+					<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
+				</q:equal>
+			</filter>
+		</connectorRef>
+
+		<connectorConfiguration
+			xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
+			<icfc:configurationProperties
+				xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
+                <icfcldap:port>$(i-data.ldap.port)</icfcldap:port>
+                <icfcldap:host>$(i-data.ldap.host)</icfcldap:host>
+				<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
+				<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
+				<icfcldap:bindPassword>
+					<t:clearValue>password</t:clearValue>
+				</icfcldap:bindPassword>
+				<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute>
+				<icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy> <!-- spr? -->
+				<icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute>
+				<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
+				<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
+				<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes>
+				<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
+				<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm  -->
+				<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
+			</icfc:configurationProperties>
+			<icfc:resultsHandlerConfiguration>
+				<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
+				<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
+				<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
+			</icfc:resultsHandlerConfiguration>
+		</connectorConfiguration>
+
+		<schema>
+			<generationConstraints>
+				<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
+				<generateObjectClass>ri:eduPerson</generateObjectClass>
+				<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
+				<generateObjectClass>ri:groupOfNames</generateObjectClass>
+				<generateObjectClass>ri:organizationalUnit</generateObjectClass>
+			</generationConstraints>
+		</schema>
+
+		<schemaHandling>
+			<objectType>
+				<kind>account</kind>
+				<displayName>Normal Account</displayName>
+				<default>true</default>
+				<objectClass>ri:inetOrgPerson</objectClass>
+				<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
+				<attribute>
+					<ref>ri:dn</ref>
+					<displayName>Distinguished Name</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <source>
+                            <path>extension/ldap_dn</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:cn</ref>
+					<displayName>Common Name</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+                    <outbound>
+                        <source>
+                            <path>fullName</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:sn</ref>
+					<displayName>Surname</displayName>
+					<limitations>
+						<minOccurs>0</minOccurs>
+					</limitations>
+                    <outbound>
+                        <source>
+                            <path>familyName</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:givenName</ref>
+					<displayName>Given Name</displayName>
+                    <outbound>
+                        <source>
+                            <path>givenName</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:uid</ref>
+					<displayName>Login Name</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <source>
+                            <path>name</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:mail</ref>
+					<displayName>Mail</displayName>
+					<matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <source>
+                            <path>emailAddress</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:employeeNumber</ref>
+                    <outbound>
+                        <source>
+                            <path>employeeNumber</path>
+                        </source>
+                    </outbound>
+				</attribute>
+				<attribute>
+					<ref>ri:businessCategory</ref>
+                    <tolerant>false</tolerant>
+				</attribute>
+				<attribute>
+					<ref>ri:eduPersonAffiliation</ref>
+                    <tolerant>false</tolerant>
+				</attribute>
+                <association>
+                    <tolerant>false</tolerant>
+                    <ref>ri:courseGroup</ref>
+                    <displayName>Course-related groups membership</displayName>
+                    <kind>entitlement</kind>
+                    <intent>course-group</intent>
+                    <direction>objectToSubject</direction>
+                    <associationAttribute>ri:uniqueMember</associationAttribute>
+                    <valueAttribute>ri:dn</valueAttribute>
+                </association>
+                <association>
+                    <tolerant>false</tolerant>
+                    <ref>ri:genericGroup</ref>
+                    <displayName>Generic groups membership</displayName>
+                    <kind>entitlement</kind>
+                    <intent>generic-group</intent>
+                    <direction>objectToSubject</direction>
+                    <associationAttribute>ri:uniqueMember</associationAttribute>
+                    <valueAttribute>ri:dn</valueAttribute>
+                </association>
+				<protected>
+					<filter>
+						<q:equal>
+							<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
+							<q:path>attributes/ri:dn</q:path>
+							<q:value>cn=root,dc=internet2,dc=edu</q:value>
+						</q:equal>
+					</filter>
+				</protected>
+                <credentials>
+                    <password>
+                        <outbound>
+                            <expression>
+                                <asIs />
+                            </expression>
+                        </outbound>
+                    </password>
+                </credentials>
+			</objectType>
+            
+            <objectType>
+                <kind>entitlement</kind>
+                <intent>course-group</intent>
+                <displayName>LDAP Group for courses</displayName>
+                <objectClass>ri:groupOfUniqueNames</objectClass>
+                <attribute>
+                    <ref>ri:uniqueMember</ref>
+                    <matchingRule>mr:distinguishedName</matchingRule>
+                    <fetchStrategy>minimal</fetchStrategy>
+                </attribute>
+                <attribute>
+                    <ref>ri:dn</ref>
+                    <matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <strength>strong</strength>
+                        <source>
+                            <path>identifier</path>
+                        </source>
+                        <expression>
+                            <script>
+                                <code>
+                                    basic.composeDnWithSuffix('cn', identifier, 'ou=Courses,ou=Groups,dc=internet2,dc=edu')
+                                </code>
+                            </script>
+                        </expression>
+                    </outbound>
+                </attribute>
+                <attribute>
+                    <ref>ri:cn</ref>
+                    <matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <strength>weak</strength>
+                        <source>
+                            <path>identifier</path>
+                        </source>
+                    </outbound>
+                </attribute>
+            </objectType>
+            <objectType>
+                <kind>entitlement</kind>
+                <intent>generic-group</intent>
+                <displayName>LDAP Group</displayName>
+                <objectClass>ri:groupOfUniqueNames</objectClass>
+                <attribute>
+                    <ref>ri:uniqueMember</ref>
+                    <matchingRule>mr:distinguishedName</matchingRule>
+                    <fetchStrategy>minimal</fetchStrategy>
+                </attribute>
+                <attribute>
+                    <ref>ri:dn</ref>
+                    <matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <strength>strong</strength>
+                        <trace>true</trace>
+                        <source>
+                            <path>identifier</path>
+                        </source>
+                        <expression>
+                            <script>
+                                <code>
+                                    basic.composeDnWithSuffix('cn', identifier, 'ou=Groups,dc=internet2,dc=edu')
+                                </code>
+                            </script>
+                        </expression>
+                    </outbound>
+                </attribute>
+                <attribute>
+                    <ref>ri:cn</ref>
+                    <matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <outbound>
+                        <strength>weak</strength>
+                        <source>
+                            <path>identifier</path>
+                        </source>
+                    </outbound>
+                </attribute>
+            </objectType>
+		</schemaHandling>
+
+		<synchronization>
+			<objectSynchronization>
+				<enabled>true</enabled>
+				<correlation>
+					<q:equal>
+						<q:path>name</q:path>
+						<expression>
+							<path>
+								declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+								$account/attributes/ri:uid
+							</path>
+						</expression>
+					</q:equal>
+				</correlation>
+				<reaction>
+					<situation>linked</situation>
+					<synchronize>true</synchronize>
+				</reaction>
+				<reaction>
+					<situation>deleted</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+					</action>
+				</reaction>
+				<reaction>
+					<situation>unlinked</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+					</action>
+				</reaction>
+				<reaction>
+					<situation>unmatched</situation>
+					<synchronize>true</synchronize>
+					<action>
+						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+					</action>
+				</reaction>
+			</objectSynchronization>
+            <objectSynchronization>
+                <name>course-group sync</name>
+                <objectClass>ri:groupOfUniqueNames</objectClass>
+                <kind>entitlement</kind>
+                <intent>course-group</intent>
+                <focusType>OrgType</focusType>
+                <enabled>true</enabled>
+                <condition>
+                    <script>
+                        <code>
+                            import javax.naming.ldap.*
+                            dn = new LdapName(basic.getAttributeValue(account, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
+                            log.info('course-group sync: considering {}; dn.size={}, dn.startsWith={}', dn, dn.size(), dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu')))
+                            dn.size() == 5 &amp;&amp; dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu'))
+                        </code>
+                    </script>
+                </condition>
+                <correlation>
+                    <q:and>
+                        <q:equal>
+                            <q:path>identifier</q:path>
+                            <expression>
+                                <path>$shadow/attributes/ri:cn</path>
+                            </expression>
+                        </q:equal>
+                        <q:equal>
+                            <q:path>subtype</q:path>
+                            <q:value>course</q:value>
+                        </q:equal>
+                    </q:and>
+                </correlation>
+                <reaction>
+                    <situation>linked</situation>
+                    <synchronize>true</synchronize>
+                </reaction>
+                <reaction>
+                    <situation>deleted</situation>
+                    <synchronize>true</synchronize>
+                    <action>
+                        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+                    </action>
+                </reaction>
+                <reaction>
+                    <situation>unlinked</situation>
+                    <synchronize>true</synchronize>
+                    <action>
+                        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+                    </action>
+                </reaction>
+                <reaction>
+                    <situation>unmatched</situation>
+                </reaction>
+            </objectSynchronization>
+            <objectSynchronization>
+                <name>generic-group sync</name>
+                <objectClass>ri:groupOfUniqueNames</objectClass>
+                <kind>entitlement</kind>
+                <intent>generic-group</intent>
+                <focusType>RoleType</focusType>
+                <enabled>true</enabled>
+                <condition>
+                    <script>
+                        <code>
+                            import javax.naming.ldap.*
+                            dn = new LdapName(basic.getAttributeValue(account, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
+                            log.info('generic-group sync: considering {}; dn.size={}, dn.startsWith={}', dn, dn.size(), dn.startsWith(new LdapName('ou=Groups,dc=internet2,dc=edu')))
+                            dn.size() == 4 &amp;&amp; dn.startsWith(new LdapName('ou=Groups,dc=internet2,dc=edu'))
+                        </code>
+                    </script>
+                </condition>
+                <correlation>
+                    <q:and>
+                        <q:equal>
+                            <q:path>identifier</q:path>
+                            <expression>
+                                <path>$shadow/attributes/ri:cn</path>
+                            </expression>
+                        </q:equal>
+                        <q:equal>
+                            <q:path>subtype</q:path>
+                            <q:value>generic-group</q:value>
+                        </q:equal>
+                    </q:and>
+                </correlation>
+                <reaction>
+                    <situation>linked</situation>
+                    <synchronize>true</synchronize>
+                </reaction>
+                <reaction>
+                    <situation>deleted</situation>
+                    <synchronize>true</synchronize>
+                    <action>
+                        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+                    </action>
+                </reaction>
+                <reaction>
+                    <situation>unlinked</situation>
+                    <synchronize>true</synchronize>
+                    <action>
+                        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+                    </action>
+                </reaction>
+                <reaction>
+                    <situation>unmatched</situation>
+                </reaction>
+            </objectSynchronization>
+		</synchronization>
+        <consistency>
+            <avoidDuplicateValues>true</avoidDuplicateValues>
+        </consistency>
+	</resource>
+</objects>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
new file mode 100644
index 0000000..0405261
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<c:resource oid="ef2bc95b-76e0-48e2-86d6-3d4f02d420db" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" xmlns:my="http://myself.me/schemas/whatever" xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+
+	<c:name>Grouper SQL</c:name>
+
+	<connectorRef type="ConnectorType">
+		<filter>
+			<q:equal>
+				<q:path>connectorType</q:path>
+				<q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
+			</q:equal>
+		</filter>
+	</connectorRef>
+
+	<c:connectorConfiguration>
+
+		<icfc:configurationProperties 
+			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
+			<icscscriptedsql:host>$(g-data.db.host)</icscscriptedsql:host>
+			<icscscriptedsql:port>$(g-data.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:quoting></icscscriptedsql:quoting>
+			<icscscriptedsql:user>root</icscscriptedsql:user>
+			<icscscriptedsql:password>
+				<clearValue></clearValue>
+			</icscscriptedsql:password>
+			<icscscriptedsql:database>grouper</icscscriptedsql:database>
+			<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
+			<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
+
+			<icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/grouper/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
+			<icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/grouper/TestScript.groovy</icscscriptedsql:testScriptFileName>
+			<icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/grouper/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
+			
+			<icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
+			<!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
+
+			<icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
+			<icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
+
+			<icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
+			<icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
+			<icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
+			<icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
+			<icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
+			<icscscriptedsql:allNative>false</icscscriptedsql:allNative>
+			<!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
+			<icscscriptedsql:datasource></icscscriptedsql:datasource>
+		</icfc:configurationProperties>
+
+		<!-- Generic ICF configuration -->
+
+	</c:connectorConfiguration>
+
+	<schemaHandling>
+		<objectType>
+			<kind>account</kind>
+			<displayName>Normal Account</displayName>
+			<default>true</default>
+			<objectClass>ri:AccountObjectClass</objectClass>
+			<attribute>
+				<ref>ri:subject_id</ref>
+				<displayName>Subject ID</displayName>
+			</attribute>
+			<attribute>
+				<ref>ri:subject_identifier0</ref>
+				<displayName>Subject Identifier</displayName>
+			</attribute>
+			<attribute>
+				<ref>ri:name</ref>
+				<displayName>Name</displayName>
+			</attribute>
+			<!-- >attribute>
+				<ref>ri:group</ref>
+				<displayName>Subject Groups</displayName>
+				<inbound>
+					<target>
+						<path>extension/grouper_group</path>
+					</target>
+				</inbound>
+			</attribute  -->
+		</objectType>
+	</schemaHandling>
+
+	<!-- >synchronization>
+		<objectSynchronization>
+			<enabled>true</enabled>
+
+			<correlation>
+				<q:equal>
+					<q:path>employeeNumber</q:path>
+					<expression>
+						<path>
+							declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+							$account/attributes/ri:subject_identifier0
+						</path>
+					</expression>
+				</q:equal>
+			</correlation>
+
+			<reaction>
+				<situation>linked</situation>
+				<synchronize>true</synchronize>
+			</reaction>
+			<reaction>
+				<situation>deleted</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+				</action>
+			</reaction>
+
+			<reaction>
+				<situation>unlinked</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+				</action>
+			</reaction>
+			<reaction>
+				<situation>unmatched</situation>
+				<synchronize>true</synchronize>
+			</reaction>
+		</objectSynchronization>
+	</synchronization -->
+
+</c:resource>
+
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
new file mode 100644
index 0000000..caf6afd
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<c:resource oid="13660d60-071b-4596-9aa1-5efcd1256c04" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" xmlns:my="http://myself.me/schemas/whatever" xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+
+	<c:name>SQL SIS courses (s-data)</c:name>
+
+	<connectorRef type="ConnectorType">
+		<filter>
+			<q:equal>
+				<q:path>connectorType</q:path>
+				<q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
+			</q:equal>
+		</filter>
+	</connectorRef>
+
+	<c:connectorConfiguration>
+
+		<icfc:configurationProperties 
+			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
+			<icscscriptedsql:host>$(s-data.db.host)</icscscriptedsql:host>
+			<icscscriptedsql:port>$(s-data.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:quoting></icscscriptedsql:quoting>
+			<icscscriptedsql:user>root</icscscriptedsql:user>
+			<icscscriptedsql:password>
+				<clearValue></clearValue>
+			</icscscriptedsql:password>
+			<icscscriptedsql:database>grouper</icscscriptedsql:database>
+			<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
+			<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
+
+			<icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/sis/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
+			<icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/sis/TestScript.groovy</icscscriptedsql:testScriptFileName>
+			<icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/sis/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
+			
+			<icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
+			<!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
+
+			<icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
+			<icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
+
+			<icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
+			<icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
+			<icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
+			<icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
+			<icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
+			<icscscriptedsql:allNative>false</icscscriptedsql:allNative>
+			<!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
+			<icscscriptedsql:datasource></icscscriptedsql:datasource>
+		</icfc:configurationProperties>
+
+		<!-- Generic ICF configuration -->
+
+	</c:connectorConfiguration>
+
+	<schemaHandling>
+		<objectType>
+			<kind>account</kind>
+			<displayName>Normal Account</displayName>
+			<default>true</default>
+			<objectClass>ri:AccountObjectClass</objectClass>
+			<attribute>
+				<ref>ri:uid</ref>
+				<displayName>UID</displayName>
+			</attribute>
+            <attribute>
+                <ref>ri:courseId</ref>
+                <displayName>Course ID</displayName>
+                <inbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>OrgType</targetType>
+                            <filter>
+                                <q:equal>
+                                    <q:path>name</q:path>                       
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'course_' + input
+                                            </code>
+                                        </script>
+                                    </expression>                       
+                                </q:equal>
+                            </filter>
+                            <createOnDemand>true</createOnDemand>
+                            <populateObject>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'course_' + input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>name</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>displayName</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <assignmentTargetSearch>
+                                            <targetType>OrgType</targetType>
+                                            <oid>225e9360-0639-40ba-8a31-7f31bef067be</oid>
+                                        </assignmentTargetSearch>
+                                    </expression>
+                                    <target>
+                                        <path>assignment</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>identifier</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <value>course</value>
+                                    </expression>
+                                    <target>
+                                        <path>subtype</path>
+                                    </target>
+                                </populateItem>
+                            </populateObject>
+                            <assignmentProperties>
+                                <subtype>course</subtype>
+                            </assignmentProperties>
+                        </assignmentTargetSearch>       
+                    </expression>
+                    <target>
+                        <path>assignment</path>
+                        <set>
+                            <condition>
+                                <script>
+                                    <code>
+                                        assignment.subtype.contains('course')
+                                    </code>
+                                </script>
+                            </condition>
+                        </set>
+                    </target>
+                </inbound>
+            </attribute>
+		</objectType>
+	</schemaHandling>
+
+	<synchronization>
+		<objectSynchronization>
+			<enabled>true</enabled>
+
+			<correlation>
+				<q:equal>
+					<q:path>name</q:path>
+					<expression>
+						<path>
+							declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+							$account/attributes/ri:uid
+						</path>
+					</expression>
+				</q:equal>
+			</correlation>
+
+			<reaction>
+				<situation>linked</situation>
+				<synchronize>true</synchronize>
+			</reaction>
+			<reaction>
+				<situation>deleted</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+				</action>
+			</reaction>
+
+			<reaction>
+				<situation>unlinked</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+				</action>
+			</reaction>
+			<reaction>
+				<situation>unmatched</situation>
+				<synchronize>true</synchronize>
+				<!-- >action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+				</action  -->
+			</reaction>
+		</objectSynchronization>
+	</synchronization>
+
+</c:resource>
+
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-affiliation.xml b/grouper-midpoint/midpoint-objects/roles/metarole-affiliation.xml
new file mode 100644
index 0000000..be64d72
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-affiliation.xml
@@ -0,0 +1,29 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="fecae27b-d1d3-40ae-95fa-8f7e44e2ee70">
+    <name>metarole-affiliation</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <attribute>
+                <ref>ri:eduPersonAffiliation</ref>
+                <outbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <script>
+                            <code>assignmentPath[0].target.identifier</code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+        </construction>
+        <order>2</order>
+    </inducement>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-course.xml b/grouper-midpoint/midpoint-objects/roles/metarole-course.xml
new file mode 100644
index 0000000..094f92f
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-course.xml
@@ -0,0 +1,38 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="8aa99e7b-f7d3-4585-9800-14bab4d26a43">
+    <name>metarole-course</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <kind>entitlement</kind>
+            <intent>course-group</intent>
+        </construction>
+    </inducement>
+    <inducement id="2">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <association>
+                <c:ref>ri:courseGroup</c:ref>
+                <outbound>
+                    <expression>
+                        <associationFromLink>
+                            <projectionDiscriminator>
+                                <kind>entitlement</kind>
+                                <intent>course-group</intent>
+                            </projectionDiscriminator>
+                        </associationFromLink>
+                    </expression>
+                </outbound>
+            </association>
+        </construction>
+        <order>2</order>
+    </inducement>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-department.xml b/grouper-midpoint/midpoint-objects/roles/metarole-department.xml
new file mode 100644
index 0000000..96947e3
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-department.xml
@@ -0,0 +1,29 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="ffa9eaec-9539-4d15-97aa-24cd5b92ca5b">
+    <name>metarole-department</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <attribute>
+                <ref>ri:businessCategory</ref>
+                <outbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <script>
+                            <code>assignmentPath[0].target.identifier</code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+        </construction>
+        <order>2</order>
+    </inducement>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml b/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
new file mode 100644
index 0000000..3a6df91
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
@@ -0,0 +1,38 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="c691e15a-f30b-4e15-8445-532db07ceeeb">
+    <name>metarole-generic-group</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <kind>entitlement</kind>
+            <intent>generic-group</intent>
+        </construction>
+    </inducement>
+    <inducement id="2">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+            <association>
+                <c:ref>ri:genericGroup</c:ref>
+                <outbound>
+                    <expression>
+                        <associationFromLink>
+                            <projectionDiscriminator>
+                                <kind>entitlement</kind>
+                                <intent>generic-group</intent>
+                            </projectionDiscriminator>
+                        </associationFromLink>
+                    </expression>
+                </outbound>
+            </association>
+        </construction>
+        <order>2</order>
+    </inducement>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/roles/role-grouper-basic.xml b/grouper-midpoint/midpoint-objects/roles/role-grouper-basic.xml
new file mode 100644
index 0000000..c119b28
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/role-grouper-basic.xml
@@ -0,0 +1,18 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f">
+    <name>role-grouper-basic</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
+        </construction>
+        <order>1</order>
+    </inducement>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/roles/role-grouper-sysadmin.xml b/grouper-midpoint/midpoint-objects/roles/role-grouper-sysadmin.xml
new file mode 100644
index 0000000..5b559f8
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/roles/role-grouper-sysadmin.xml
@@ -0,0 +1,17 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="d48ec05b-fffd-4262-acd3-d9ff63365b62">
+    <name>role-grouper-sysadmin</name>
+    <assignment id="1">
+        <targetRef oid="c691e15a-f30b-4e15-8445-532db07ceeeb" type="RoleType"/>         <!--  metarole-generic-group -->
+    </assignment>
+    <subtype>generic-group</subtype>
+    <identifier>sysadmingroup</identifier>
+</role>
diff --git a/grouper-midpoint/midpoint-objects/systemConfigurations/SystemConfiguration.xml b/grouper-midpoint/midpoint-objects/systemConfigurations/SystemConfiguration.xml
new file mode 100644
index 0000000..146ee38
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/systemConfigurations/SystemConfiguration.xml
@@ -0,0 +1,167 @@
+<systemConfiguration xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="00000000-0000-0000-0000-000000000001" version="2">
+      <name>SystemConfiguration</name>
+      <metadata>
+         <requestTimestamp>2018-08-15T13:30:55.282+02:00</requestTimestamp>
+         <createTimestamp>2018-08-15T13:30:55.372+02:00</createTimestamp>
+         <createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</createChannel>
+      </metadata>
+      <operationExecution id="17">
+         <timestamp>2018-08-15T13:30:55.562+02:00</timestamp>
+         <operation>
+            <objectDelta>
+               <t:changeType>add</t:changeType>
+               <t:objectType>c:SystemConfigurationType</t:objectType>
+            </objectDelta>
+            <executionResult>
+               <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
+               <status>handled_error</status>
+               <token>1000000000000000009</token>
+               <message>Object of type 'SystemConfigurationType' with oid '00000000-0000-0000-0000-000000000001' was not found.</message>
+            </executionResult>
+            <objectName>SystemConfiguration</objectName>
+         </operation>
+         <status>handled_error</status>
+         <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</channel>
+      </operationExecution>
+      <globalSecurityPolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000120" relation="org:default" type="tns:SecurityPolicyType"/>
+      <logging>
+         <classLogger id="1">
+            <level>ERROR</level>
+            <package>ro.isdc.wro.extensions.processor.css.Less4jProcessor</package>
+         </classLogger>
+         <classLogger id="2">
+            <level>OFF</level>
+            <package>org.hibernate.engine.jdbc.spi.SqlExceptionHelper</package>
+         </classLogger>
+         <classLogger id="3">
+            <level>OFF</level>
+            <package>org.hibernate.engine.jdbc.batch.internal.BatchingBatch</package>
+         </classLogger>
+         <classLogger id="4">
+            <level>WARN</level>
+            <package>org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl</package>
+         </classLogger>
+         <classLogger id="5">
+            <level>OFF</level>
+            <package>org.hibernate.internal.ExceptionMapperStandardImpl</package>
+         </classLogger>
+         <classLogger id="6">
+            <level>OFF</level>
+            <package>net.sf.jasperreports.engine.fill.JRFillDataset</package>
+         </classLogger>
+         <classLogger id="7">
+            <level>WARN</level>
+            <package>org.apache.wicket.resource.PropertiesFactory</package>
+         </classLogger>
+         <classLogger id="8">
+            <level>ERROR</level>
+            <package>org.springframework.context.support.ResourceBundleMessageSource</package>
+         </classLogger>
+         <classLogger id="9">
+            <level>INFO</level>
+            <package>com.evolveum.midpoint.model.impl.lens.projector.Projector</package>
+         </classLogger>
+         <classLogger id="10">
+            <level>INFO</level>
+            <package>com.evolveum.midpoint.model.impl.lens.Clockwork</package>
+         </classLogger>
+         <appender id="11" xsi:type="c:FileAppenderConfigurationType">
+            <pattern>%date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n</pattern>
+            <name>MIDPOINT_LOG</name>
+            <fileName>${midpoint.home}/log/midpoint.log</fileName>
+            <filePattern>${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log</filePattern>
+            <maxHistory>10</maxHistory>
+            <maxFileSize>100MB</maxFileSize>
+            <append>true</append>
+         </appender>
+         <appender id="12" xsi:type="c:FileAppenderConfigurationType">
+            <pattern>%date %level: %msg%n</pattern>
+            <name>MIDPOINT_PROFILE_LOG</name>
+            <fileName>${midpoint.home}/log/midpoint-profile.log</fileName>
+            <filePattern>${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log</filePattern>
+            <maxHistory>10</maxHistory>
+            <maxFileSize>100MB</maxFileSize>
+            <append>true</append>
+         </appender>
+         <rootLoggerAppender>MIDPOINT_LOG</rootLoggerAppender>
+         <rootLoggerLevel>INFO</rootLoggerLevel>
+         <auditing>
+            <enabled>false</enabled>
+            <details>false</details>
+         </auditing>
+      </logging>
+      <defaultObjectPolicyConfiguration id="18">
+         <type>RoleType</type>
+         <subtype>affiliation</subtype>
+         <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="d87aa04f-189c-4d6f-b6e1-216dad622142" relation="org:default" type="tns:ObjectTemplateType"/>
+      </defaultObjectPolicyConfiguration>
+      <defaultObjectPolicyConfiguration id="19">
+         <type>OrgType</type>
+         <subtype>department</subtype>
+         <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="0caf2f69-7c72-4946-b218-d84e78b2a057" relation="org:default" type="tns:ObjectTemplateType"/>
+      </defaultObjectPolicyConfiguration>
+      <defaultObjectPolicyConfiguration id="20">
+         <type>OrgType</type>
+         <subtype>course</subtype>
+         <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="d35bdec6-643b-41d8-ad5d-8eeb701169d1" relation="org:default" type="tns:ObjectTemplateType"/>
+      </defaultObjectPolicyConfiguration>
+      <defaultObjectPolicyConfiguration id="21">
+         <type>RoleType</type>
+         <subtype>generic-group</subtype>
+         <objectTemplateRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="804f8658-0828-4dab-a2ed-f13985e4f80b" relation="org:default" type="tns:ObjectTemplateType"/>
+      </defaultObjectPolicyConfiguration>
+      <cleanupPolicy>
+         <auditRecords>
+            <maxAge>P3M</maxAge>
+         </auditRecords>
+         <closedTasks>
+            <maxAge>P1M</maxAge>
+         </closedTasks>
+      </cleanupPolicy>
+      <internals>
+         <enableExperimentalCode>true</enableExperimentalCode>
+      </internals>
+      <adminGuiConfiguration>
+         <userDashboardLink id="13">
+            <targetUrl>/self/profile</targetUrl>
+            <label>Profile</label>
+            <description>View/edit your profile</description>
+            <icon>
+               <cssClass>fa fa-user</cssClass>
+            </icon>
+            <color>green</color>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile</authorization>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
+         </userDashboardLink>
+         <userDashboardLink id="14">
+            <targetUrl>/self/credentials</targetUrl>
+            <label>Credentials</label>
+            <description>View/edit your credentials</description>
+            <icon>
+               <cssClass>fa fa-shield</cssClass>
+            </icon>
+            <color>blue</color>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</authorization>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</authorization>
+         </userDashboardLink>
+         <userDashboardLink id="15">
+            <targetUrl>/admin/users</targetUrl>
+            <label>List users</label>
+            <icon>
+               <cssClass>fa fa-users</cssClass>
+            </icon>
+            <color>red</color>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</authorization>
+         </userDashboardLink>
+         <userDashboardLink id="16">
+            <targetUrl>/admin/resources</targetUrl>
+            <label>List resources</label>
+            <icon>
+               <cssClass>fa fa-database</cssClass>
+            </icon>
+            <color>purple</color>
+            <authorization>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</authorization>
+         </userDashboardLink>
+         <enableExperimentalFeatures>true</enableExperimentalFeatures>
+      </adminGuiConfiguration>
+   </systemConfiguration>
diff --git a/grouper-midpoint/midpoint-objects/windows.properties b/grouper-midpoint/midpoint-objects/windows.properties
new file mode 100644
index 0000000..0ff8d7b
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/windows.properties
@@ -0,0 +1,4 @@
+s-data.ldap.host=192.168.56.101
+s-data.ldap.port=1389
+i-data.ldap.host=192.168.56.101
+i-data.ldap.port=389
\ No newline at end of file