[midPoint] User renaming in 2 resources
Aivo Kuhlberg
aivo.kuhlberg at rmit.ee
Thu Nov 24 09:19:12 CET 2016
Hi Ivan,
HR system has its own people who manage users' data and midPoint will have its own people who manage user's data. So it depends on how the information flows. If HR system users admin receives first the information that user name has to be changed then everything is OK - after changing user name in HR it will be synced to midPoint and that's all. But the world is not perfect. It may happen that midPoint admin may receive the information first that user's name needs to be changed before user is changed in HR system. I can only hope that this situation will not happen in real life but I want to be sure that this situation does not cause any problems to user's data.
Regards,
Aivo Kuhlberg
________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelIvan Noris <ivan.noris at evolveum.com>
Saadetud: 24. november 2016 9:50
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] User renaming in 2 resources
Hi Aivo,
just to understand, why can the name be changed in midpoint first and in authoritative source later?
Ivan
On 11/23/2016 04:31 PM, Aivo Kuhlberg wrote:
Hi,
I have midPoint connected to HR system (inbound only). Some of the HR user's info, eg firstname and lastname, is synced directly to midPoint when it changes in HR with strong inbound strength. But the problem is here that user's name may be changed first in midPoint and later in HR. When that happens then user name may change back to old value after HR sync and later change back to new value when the user name is changed in HR system. I want to avoid that situation. Once the user name is changed it should not switch back to old value because there are other attributes which depend on that.
My current idea how to avoid that situation is to store the midPoint user's old name values in user's extension attributes when user's name changes, eg "extension/oldgivenname" and "extension/oldsn". In this case I could control for example the HR firstname attribute inbound mapping with simple condition (for simplicity I assume here that oldgivenname is single-valued attribute):
<condition>
<script><code>oldgivenname==null || firstname != oldgivenname</code></script>
</condition>
Question for me here is how to store the midPoint user's givenName or sn attribute value in respective extension/oldgivenname or extension/oldsn attribute before it is changed. Does anybody have any ideas how to implement that functionality or any better ideas how to avoid user name changing issue described above?
Thanks,
Aivo Kuhlberg
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161124/9e36d088/attachment.htm>
More information about the midPoint
mailing list