[midPoint] Protected
Jan Kaspar
Caspi at seznam.cz
Thu Jan 4 20:27:48 CET 2018
Hi all,
I have a question about protected objects. I need to exclude multiple OU's
in AD.
I tryed to do that by adding:
<protected>
<filter>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace icfs='http://midpoint.evolveum.
com/xml/ns/public/connector/icf-1/resource-schema-3'; attributes/icfs:name</
q:path>
<q:value>ou=Global,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
</filter>
</protected>
<protected>
<filter>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace icfs='http://midpoint.evolveum.
com/xml/ns/public/connector/icf-1/resource-schema-3'; attributes/icfs:name</
q:path>
<q:value>ou=CZ,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
</filter>
</protected>
<protected>
<filter>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace icfs='http://midpoint.evolveum.
com/xml/ns/public/connector/icf-1/resource-schema-3'; attributes/icfs:name</
q:path>
<q:value>cz=Users,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
</filter>
</protected>
But it doesnt work. I am not able to see account in repository and resource.
If htere is only one protected OU then it works.
Where is an error?
Thanks
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180104/bd3dce13/attachment.htm>
More information about the midPoint
mailing list