[midPoint] ldap account attribute filtering
Tim.Strong at sita.aero
Tim.Strong at sita.aero
Thu Jun 18 18:30:05 CEST 2015
Hi Ivan,
That is what I expected, but I have all attributes shown in my resource
accounts. (Still unmatched to users, haven't made it there yet/one step
at a time.)
I have one inbound mapping expression as per below, so shouldn't that mean
all other attributes should *not* appear in the resource accounts? For
passing the attributes from the resource to the midPoint user, I can see
how that works, no mapping=no attribute for the user.
<schemaHandling>
<objectType>
<displayName>AD-LDAP Accounts</displayName>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute>
<c:ref>icfs:uid</c:ref>
<exclusiveStrong>false</exclusiveStrong>
<tolerant>true</tolerant>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>$user/employeeNumber</c:path>
</target>
</inbound>
</attribute>
<credentials>
<password/>
</credentials>
</objectType>
</schemaHandling>
Thanks
Ts
From: Ivan Noris <ivan.noris at evolveum.com>
To: midpoint at lists.evolveum.com,
Date: 06/18/2015 11:23 AM
Subject: Re: [midPoint] ldap account attribute filtering
Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>
Hi Tim,
if an attribute definition has no inbound expression, the value of the
resource attribute will not be synchronized to midPoint.
Regards,
Ivan
On 06/18/2015 04:56 PM, Tim.Strong at sita.aero wrote:
Hi folks,
How do I restrict which attributes are synchronized from an LDAP resource?
Is this going to be in schema handling, attributes, fetch
strategy=>explicit for each attribute?
If so, is there a a way to default explicit for attributes and then only
specify the ones we want to synchronize to midpoint?
I suspect this comes up fairly often since, but I haven't been able to
quickly find any references to it.
Thanks
Tim
See you at the 2015 Air Transport IT Summit, Brussels, 16-18 June Click
here to register your place now.. http://www.sitasummit.aero/ This
document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
See you at the 2015 Air Transport IT Summit, Brussels, 16-18 June
Click here to register your place now.. http://www.sitasummit.aero/
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150618/247505cc/attachment.htm>
More information about the midPoint
mailing list