[midPoint] Query User for Name Value
Ivan Noris
ivan.noris at evolveum.com
Wed Mar 7 09:40:30 CET 2018
Hi Sean,
I think currently we don't have feature like that. This are some
thoughts that I have:
- let the user enter the account name using self-service into some
extension attribute, that will be then used.
- maybe the value you want can be an assignment parameter for the
assignment which will create the technical account. Related jira issue:
https://jira.evolveum.com/browse/MID-3515
- completely custom GUI on your side, doing whatever, then calling
midPoint REST API to do provisioning
Of course, at the end, intents (or personas) will do the trick. But as
you said, they would expect to already have the value you want to
provision and if it's not possible to derive from the user data, there
must be some interaction.
Maybe there are other possibilities that I'm not aware of. In that case,
my coleagues or other members of this list may have other ideas.
If the jira issue referenced above makes sense for you, or if you need
something completely different, please consider a subscription:
https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature
Best regards,
Ivan
On 06.03.2018 18:20, Sean R Penndorf wrote:
> Ivan,
>
> Thank you for responding.
> Yes, what I was wondering is if there is a way to to have a pop up or
> webform for the user to provide the name interactively.
> The issue is I'm not able to determine the service acct names
> programmatically, so I need to obtain it from the human requester.
>
> I understand I will need to use intents (or possibly personas, though
> I fear those may be confusing to my user base).
>
>
>
> ------------------
> *Sean Penndorf*
> SaaS Operational Services (SOS) - ID Management
> IBM Cloud
> srpenn at us.ibm.com
> Office: 248-552-4791 TL 623-9966
>
>
>
>
>
> From: Ivan Noris <ivan.noris at evolveum.com>
> To: midpoint at lists.evolveum.com
> Date: 03/06/2018 11:03 AM
> Subject: Re: [midPoint] Query User for Name Value
> Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>
> ------------------------------------------------------------------------
>
>
>
> Hi Sean,
> I'm kind of confused what you want to achieve.
> If you want to create another account for the same user on the same
> resource, obviously the accounts must have different identifiers. E.g.
> "sean" and "svc-sean". That's also similar to the example you are
> referring to.
> For this you need to have multiple intent configuration for the same
> resource. One intent (kind=account, intent=default, default=true),
> second intent (kind=account, intent=whatever, default=false). The
> "whatever" may be e.g. "service-account", it's just a string.
> Then you need to have roles which allow you to create normal accounts
> (if you don't specify intent, midPoint assumes intent where
> "default=true") and also roles to create these service accounts
> (kind=account, intent=whatever in the inducement/construction.
> The part which I don't understand is the "query the user for the
> name". I understand that you want to use something else than
> $user/name (Sean). You can use any attribute from the user, the
> attribute might be completely different from $user/name.
> Example: set the user attribute "Nick name" to "DB2admin", and you can
> access it as $user/nickName in the outbound mapping (you need to
> define source path for $user/nickName).
> Or perhaps by "querying" you mean to "ask the user to provide the
> value interactively"?
>
> Best regards,
> Ivan
>
> On 01.03.2018 19:45, Sean R Penndorf wrote:
> Hi Community,
>
> I'm missing some key point somewhere.
>
> Let's say I have a Midpoint user: name = Sean
> I have a resource to AD. Default intent account name = Sean
> So far so good.
>
> Now I need to add a functional ID (faceless account).
> So I setup another intent called "functionalID" name = ?????
>
> In most examples I've seen, you have an outbound mapping something
> like this:
> <expression>
> <script>
> <code>
> 'funcID-'+name
> </code>
> </script>
> </expression>
>
> ...which equates to funcID-Sean.
>
> But, what I REALLY need is the functionalID Name = svc-DB2Admin
> How do I query the user for the name rather than generating the name?
>
>
> Thanks!!
>
>
>
> ------------------*
> Sean Penndorf*
> SaaS Operational Services (SOS) - ID Management
> IBM Cloud_
> __srpenn at us.ibm.com_ <mailto:srpenn at us.ibm.com>
> Office: 248-552-4791 TL 623-9966
>
>
>
>
> _______________________________________________
> midPoint mailing list
> _midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>
> _http://lists.evolveum.com/mailman/listinfo/midpoint_
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=>
>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=qEACHutvsppyidQwf1kYntDY-ZKom0n1kiWqpNpwVXg&m=q142AgaW5SOCX339iEntQ2PgVSDAlZRju00thVg5s1I&s=jSTBsEEB9CTzlvKoh_REqMJwz81RW-geqkxDZsNYtbE&e=
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180307/99090d61/attachment.htm>
More information about the midPoint
mailing list