[midPoint] Syncing only specific groups
Radovan Semancik
radovan.semancik at evolveum.com
Mon Dec 1 11:12:50 CET 2014
Hi Jason,
This is slightly different. The condition tells whether to apply the
specific <objectSynchronization> block or on. The primary use of the
condition is to sort objects of the same object class to "intents" (see
https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass).
The primary meaning of this is to synchronize group object with a role
object (or org object). But it does not synchronize account-group
association (i.e. group membership) with a user-role assignment.
With a bit of trickery it could theoretically work for your case. But I
doubt that it will be practical. You will need one
<objectSynchronization> block for each group that you are trying to
synchronize.
--
Radovan Semancik
Software Architect
evolveum.com
On 11/29/2014 05:21 PM, Jason Everling wrote:
> Is what I was asking, in the wiki it says you can add a condition to
> the synchronization policy, under
> https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration
>
> * *condition* is an expression which has to evaluate to true for the
> policy to be used. It can be used for a very fine-grain selection
> of applicable policies.
>
>
> I found a sample, kind of here,
> https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml
>
> I am just a little confused on the condition statement, I was thinking
> it would look something like,
>
> <condition>
> <script>
> <code>
> declare default namespace
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3";
> basic.getAttributeValue(account,
> 'http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'info')
> = replicated
> </code>
> </script>
> </condition>
>
>
> JASON
>
>
> On Sat, Nov 29, 2014 at 2:47 AM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Jason,
>
> although I don't understand what you would like to achieve, a
> quick answer though:
>
> If you would apply a condition to a mapping (incoming or outgoing,
> it does not matter), you can use <condition> subelement directly
> under <incoming> or <outgoing> one.
> However, take this only as a quick hint. I haven't done that, nor
> I'm sure it's implemented. Please try it.
>
> Best regards,
> Pavol
>
>
> On 28. 11. 2014 22:46, Jason Everling wrote:
>> So I have the roleType syncing to the AD attribute, info, the
>> info or roleType. I want any group that contains this roleType or
>> info attribute sync'd, any other s will not be sync'd.
>>
>> I know how to do this in objectTemplate but how in the resource
>> so that it only syncs those groups and not all groups.
>>
>> Where do I put in the condition statement in the resource
>> definition? I searched through what I could in the samples but
>> couldn't find anything like this.
>>
>> JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141201/d6464b64/attachment.htm>
More information about the midPoint
mailing list