[midPoint] Syncing only specific groups
Pavol Mederly
mederly at evolveum.com
Sat Nov 29 17:42:25 CET 2014
Jason,
there are two different kinds of condition here:
1) condition that is directly under the <objectSynchronization> element
2) condition that is under <correlation> element (which itself is under
<objectSynchronization> element)
You think about the case #1. That condition controls whether the
synchronization policy should be applied to a given resource object
(midPoint shadow).
And yes, there something like getAttributeValue(...) == 'replicated'
makes sense.
But in the sample you refer to, there is the case #2. The condition
relates to <correlation> element, and does exactly it says it does:
/Following search query will look for users that have "employeeNumber"
equal to the "enumber" attribute of the account. //*The condition will
ensure that "enumber" is not empty, otherwise it would match any
midPoint user with empty "employeeNumber" attribute, such as
"administrator". */
(The condition itself refers to /ri:employeeNumber/ attribute instead of
/ri:enumber/, that's a little mistake there, but it's perhaps not
important for our discussion.)
So, again. The condition referred to in the sample does not apply to the
whole synchronization policy. It can be seen as a part of the
correlation expression. Therefore, if a an account without
employeeNumber attribute would exist, the correlation rule would not be
applied, so the corresponding owner user will not be found. But that
means that "unmatched" part of the policy would apply!
Hope this sheds some light to the problem. :)
Best regards,
Pavol
On 29. 11. 2014 17:21, Jason Everling wrote:
> Is what I was asking, in the wiki it says you can add a condition to
> the synchronization policy, under
> https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration
>
> * *condition* is an expression which has to evaluate to true for the
> policy to be used. It can be used for a very fine-grain selection
> of applicable policies.
>
>
> I found a sample, kind of here,
> https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml
>
> I am just a little confused on the condition statement, I was thinking
> it would look something like,
>
> <condition>
> <script>
> <code>
> declare default namespace
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3";
> basic.getAttributeValue(account,
> 'http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'info')
> = replicated
> </code>
> </script>
> </condition>
>
>
> JASON
>
>
> On Sat, Nov 29, 2014 at 2:47 AM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Jason,
>
> although I don't understand what you would like to achieve, a
> quick answer though:
>
> If you would apply a condition to a mapping (incoming or outgoing,
> it does not matter), you can use <condition> subelement directly
> under <incoming> or <outgoing> one.
> However, take this only as a quick hint. I haven't done that, nor
> I'm sure it's implemented. Please try it.
>
> Best regards,
> Pavol
>
>
> On 28. 11. 2014 22:46, Jason Everling wrote:
>> So I have the roleType syncing to the AD attribute, info, the
>> info or roleType. I want any group that contains this roleType or
>> info attribute sync'd, any other s will not be sync'd.
>>
>> I know how to do this in objectTemplate but how in the resource
>> so that it only syncs those groups and not all groups.
>>
>> Where do I put in the condition statement in the resource
>> definition? I searched through what I could in the samples but
>> couldn't find anything like this.
>>
>> JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141129/b9a15567/attachment.htm>
More information about the midPoint
mailing list