[Midpoint-dev] Inducement updates are not propagated to User after reconciliation

Ivan Noris ivan.noris at evolveum.com
Thu Jan 22 15:26:14 CET 2015 

Hi Anand,

can you please be more precise about "value entered by user"?
Do you mean that the host and/or(?) description attributes are expected
to be managed by the user who is editing the user in midPoint, on the
right side of User details in Accounts part? Are these expected to be
set always explicitly by the user? No automation from midpoint user
attributes?

Thanks,
I.

On 01/22/2015 02:03 PM, Anand Kothekar wrote:
> Hi Ivan, 
>
> Thanks for your inputs.
>
> I tried it by adding this constraint in inducement itself and it
> worked but I want to do this at resource level.
>
> I tried adding the same in resource but the thing is I do not have any
> outbound mapping defined for these attributes (as I use the value
> entered by user ) now if I add only strength property in outbound it
> gives me Error.
>
> Can you help me with pointing to the right kind of mapping I need to do.
>
> Here is the host attribute snippet from my resource: 
>          <attribute>
>             <ref
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:host</ref>
>             <matchingRule
> xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule>
>             <outbound>
>                <strength>strong</strength>
>             </outbound>
>          </attribute>
>
> I need to know how I can map value entered by user.
>
>
>
> Thanks,
> Anand Kothekar
>
>
> On Thu, Jan 22, 2015 at 5:52 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
>     Hi Anand,
>
>     can you please define the mappings for description and host
>     attributes as strong?
>
>     Something like:
>
>                     <attribute>
>                         <ref>ri:description</ref>
>                         <outbound>
>     *                        <strength>strong</strength>**
>     *. . .
>                         </outbound>
>                     </attribute>
>     Then run the reconciliation again please.
>
>     If you already have this configured and it does not work, please
>     share the attribute mappings here.
>
>     Regards,
>     I.
>
>
>     On 01/20/2015 11:15 AM, Anand Kothekar wrote:
>>     Hi,
>>
>>     I have been playing around with role inducements and found some
>>     issue, need some quick help as inducements are quite important
>>     for our solution.
>>
>>     _Issue:_ Inducement updates are not propagated properly to User
>>     after reconciliation.
>>
>>     _Details:_ When user is a assigned a role having a resource
>>     inducement, User gets appropriate accounts and induced group
>>     memberships. Now Changing some attributes in role inducements are
>>     not propagated after reconciling User.
>>
>>     _Steps Followed:_
>>     - I added and ldap resource inducement in a new Role*. *I
>>     provided some attributes like LdapGroups, Host, and description.
>>     - User is  assigned to this Role. User gets the ldap account,
>>     appropriate group memberships and other attributes specified in
>>     inducement (i.e. description ,host(multivalued attribute from an
>>     Auxiliary object class)). So all good till now.
>>     - Now I updated the Resource inducement for example changed the
>>     description, added few groups, added few host.
>>     - After inducement modification I reconciled the User, and
>>     following are the results:
>>
>>         - Group membership is updated appropriately.
>>
>>         - Description is not updated
>>
>>         - host attribute is not updated
>>
>>
>>     Can you guys please check and let me know if I am doing something
>>     wrong or is it a problem somewhere in my resource or some other
>>     issue with midpoint system.
>>
>>     Regards
>>     Anand Kothekar
>>
>>
>>     _______________________________________________
>>     midPoint-dev mailing list
>>     midPoint-dev at lists.evolveum.com <mailto:midPoint-dev at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint-dev
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer
>       evolveum.com <http://evolveum.com>     evolveum.com/blog/ <http://evolveum.com/blog/>
>       _____________________________________________
>       "Semper Id(e)M Vix."
>
>

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150122/15c78bf9/attachment-0001.html>

More information about the midPoint-dev mailing list