[midPoint] Query User for Name Value

Ivan Noris ivan.noris at evolveum.com
Tue Mar 6 16:58:28 CET 2018 

Hi Sean,

I'm kind of confused what you want to achieve.

If you want to create another account for the same user on the same
resource, obviously the accounts must have different identifiers. E.g.
"sean" and "svc-sean". That's also similar to the example you are
referring to.

For this you need to have multiple intent configuration for the same
resource. One intent (kind=account, intent=default, default=true),
second intent (kind=account, intent=whatever, default=false). The
"whatever" may be e.g. "service-account", it's just a string.

Then you need to have roles which allow you to create normal accounts
(if you don't specify intent, midPoint assumes intent where
"default=true") and also roles to create these service accounts
(kind=account, intent=whatever in the inducement/construction.

The part which I don't understand is the "query the user for the name".
I understand that you want to use something else than $user/name (Sean).
You can use any attribute from the user, the attribute might be
completely different from $user/name.

Example: set the user attribute "Nick name" to "DB2admin", and you can
access it as $user/nickName in the outbound mapping (you need to define
source path for $user/nickName).

Or perhaps by "querying" you mean to "ask the user to provide the value
interactively"?

Best regards,
Ivan

On 01.03.2018 19:45, Sean R Penndorf wrote:
> Hi Community,
>
> I'm missing some key point somewhere.
>
> Let's say I have a Midpoint user:  name = Sean
> I have a resource to AD. Default intent account name = Sean
> So far so good.
>
> Now I need to add a functional ID (faceless account).
> So I setup another intent called "functionalID"  name = ?????
>
> In most examples I've seen, you have an outbound mapping something
> like this:
>                     <expression>
>                         <script>
>                             <code>
>                                 'funcID-'+name
>                             </code>
>                         </script>
>                     </expression>
>
> ...which equates to funcID-Sean.
>
> But, what I REALLY need is the functionalID Name = svc-DB2Admin
> How do I query the user for the name rather than generating the name?
>
>
> Thanks!!
>
>
>
> ------------------
> *Sean Penndorf*
> SaaS Operational Services (SOS) - ID Management
> IBM Cloud
> srpenn at us.ibm.com
> Office: 248-552-4791   TL  623-9966
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180306/80a71bf2/attachment.htm>

More information about the midPoint mailing list