diff --git a/demo/complex/directory/container_files/seed-data/users.ldif b/demo/complex/directory/container_files/seed-data/users.ldif
index 09c34da..383b1b7 100644
--- a/demo/complex/directory/container_files/seed-data/users.ldif
+++ b/demo/complex/directory/container_files/seed-data/users.ldif
@@ -12,6 +12,11 @@ uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
cn: users
+dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu
+objectClass: top
+objectClass: organizationalUnit
+ou: Affiliations
+
dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
diff --git a/demo/complex/midpoint-objects/objectTemplates/template-user.xml b/demo/complex/midpoint-objects/objectTemplates/template-user.xml
index c2bb8a5..633369a 100644
--- a/demo/complex/midpoint-objects/objectTemplates/template-user.xml
+++ b/demo/complex/midpoint-objects/objectTemplates/template-user.xml
@@ -55,6 +55,18 @@
generic-group
+
+
+
+
+
+ identifier
+
+
@@ -125,6 +137,18 @@
mailing-list
+
+
+
+
+
+ identifier
+
+
@@ -195,6 +219,18 @@
affiliation
+
+
+
+
+
+ identifier
+
+
diff --git a/demo/complex/midpoint-objects/resources/ldap-main.xml b/demo/complex/midpoint-objects/resources/ldap-main.xml
index 8277067..520a46b 100644
--- a/demo/complex/midpoint-objects/resources/ldap-main.xml
+++ b/demo/complex/midpoint-objects/resources/ldap-main.xml
@@ -190,10 +190,35 @@
false
- [ri:group]
+ [ri:affiliationGroup]
+ entitlement
+ affiliation-group
+ objectToSubject
+ ri:uniqueMember
+ ri:dn
+
+
+ false
+ [ri:courseGroup]
entitlement
course-group
+ objectToSubject
+ ri:uniqueMember
+ ri:dn
+
+
+ false
+ [ri:midpointGroup]
+ entitlement
midpoint-group
+ objectToSubject
+ ri:uniqueMember
+ ri:dn
+
+
+ false
+ [ri:genericGroup]
+ entitlement
generic-group
objectToSubject
ri:uniqueMember
@@ -219,6 +244,44 @@
+
+ entitlement
+ affiliation-group
+ LDAP Group for affiliations
+ ri:groupOfUniqueNames
+
+ [ri:uniqueMember]
+ mr:distinguishedName
+ minimal
+
+
+ [ri:dn]
+ mr:stringIgnoreCase
+
+ strong
+
+ identifier
+
+
+
+
+
+
+
+ [ri:cn]
+ mr:stringIgnoreCase
+
+ weak
+
+ identifier
+
+
+
+
entitlement
course-group
@@ -377,6 +440,59 @@
+
+ affiliation-group sync
+ ri:groupOfUniqueNames
+ entitlement
+ affiliation-group
+ OrgType
+ true
+
+
+
+
+
+
+ identifier
+
+ $shadow/attributes/ri:cn
+
+
+
+ subtype
+ affiliation
+
+
+
+
+ linked
+ true
+
+
+ deleted
+ true
+
+ http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
+
+
+
+ unlinked
+ true
+
+ http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
+
+
+
+ unmatched
+
+
course-group sync
ri:groupOfUniqueNames
diff --git a/demo/complex/midpoint-objects/resources/resource-grouper.xml b/demo/complex/midpoint-objects/resources/resource-grouper.xml
index ebefae8..f2da6be 100644
--- a/demo/complex/midpoint-objects/resources/resource-grouper.xml
+++ b/demo/complex/midpoint-objects/resources/resource-grouper.xml
@@ -101,6 +101,7 @@
[icfs:name]
+ strong
name
@@ -110,7 +111,7 @@
[ri:group]
Subject Groups
- strong
+ strong
extension/grouperGroup
@@ -125,7 +126,7 @@
[icfs:name]
- strong
+ strong
+
+
+ identifier
+
+
diff --git a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml b/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
index d986597..079273d 100644
--- a/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-affiliation.xml
@@ -12,4 +12,31 @@
+
+
+
+ entitlement
+ affiliation-group
+
+
+
+
+
+
+ ri:affiliationGroup
+
+
+
+
+ entitlement
+ affiliation-group
+
+
+
+
+
+
+ 2
+
+
diff --git a/demo/complex/midpoint-objects/roles/metarole-course.xml b/demo/complex/midpoint-objects/roles/metarole-course.xml
index 3e26105..38eea7e 100644
--- a/demo/complex/midpoint-objects/roles/metarole-course.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-course.xml
@@ -11,16 +11,16 @@
metarole-course
-
+
entitlement
course-group
-
+
- ri:group
+ ri:courseGroup
diff --git a/demo/complex/midpoint-objects/roles/metarole-grouper-group.xml b/demo/complex/midpoint-objects/roles/metarole-grouper-group.xml
index df08f51..9b1db49 100644
--- a/demo/complex/midpoint-objects/roles/metarole-grouper-group.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-grouper-group.xml
@@ -10,7 +10,33 @@
oid="48e231be-8474-4ed0-a85e-6acf4c5e8d52">
metarole-grouper-group
+
+
+ entitlement
+ generic-group
+
+ 1
+
+
+
+
+
+ ri:genericGroup
+
+
+
+
+ entitlement
+ generic-group
+
+
+
+
+
+
+ 2
+
+
-
diff --git a/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml b/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
index acdc319..dc801f9 100644
--- a/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
@@ -10,7 +10,33 @@
oid="1c7beff4-cdf6-4e9f-b54c-79d0766f6fbe">
metarole-mailing-list
+
+
+ entitlement
+ generic-group
+
+ 1
+
+
+
+
+
+ ri:genericGroup
+
+
+
+
+ entitlement
+ generic-group
+
+
+
+
+
+
+ 2
+
+
-
diff --git a/demo/complex/midpoint-objects/roles/metarole-midpoint-group.xml b/demo/complex/midpoint-objects/roles/metarole-midpoint-group.xml
index a2a2c9a..4b82b0f 100644
--- a/demo/complex/midpoint-objects/roles/metarole-midpoint-group.xml
+++ b/demo/complex/midpoint-objects/roles/metarole-midpoint-group.xml
@@ -20,7 +20,7 @@
- ri:group
+ ri:midpointGroup