[midPoint] Syncing only specific groups

Jason Everling jeverling at bshp.edu
Sat Nov 29 18:10:39 CET 2014


Thanks, that is what I was looking for, where to place the condition. Since
I only want to sync groups that match my condition I need to apply it
directly under objectSynchronization.

JASON

On Sat, Nov 29, 2014 at 10:42 AM, Pavol Mederly <mederly at evolveum.com>
wrote:

>  Jason,
>
> there are two different kinds of condition here:
>
> 1) condition that is directly under the <objectSynchronization> element
> 2) condition that is under <correlation> element (which itself is under <objectSynchronization>
> element)
>
> You think about the case #1. That condition controls whether the
> synchronization policy should be applied to a given resource object
> (midPoint shadow).
> And yes, there something like getAttributeValue(...) == 'replicated' makes
> sense.
>
> But in the sample you refer to, there is the case #2. The condition
> relates to <correlation> element, and does exactly it says it does:
>
> *Following search query will look for users that have "employeeNumber"
> equal to the "enumber" attribute of the account. **The condition will
> ensure that "enumber" is not empty, otherwise it would match any midPoint
> user with empty "employeeNumber" attribute, such as "administrator". *
>
> (The condition itself refers to *ri:employeeNumber* attribute instead of
> *ri:enumber*, that's a little mistake there, but it's perhaps not
> important for our discussion.)
>
> So, again. The condition referred to in the sample does not apply to the
> whole synchronization policy. It can be seen as a part of the correlation
> expression. Therefore, if a an account without employeeNumber attribute
> would exist, the correlation rule would not be applied, so the
> corresponding owner user will not be found. But that means that "unmatched"
> part of the policy would apply!
>
> Hope this sheds some light to the problem. :)
>
> Best regards,
> Pavol
>
>
> On 29. 11. 2014 17:21, Jason Everling wrote:
>
> Is what I was asking, in the wiki it says you can add a condition to the
> synchronization policy, under
> https://wiki.evolveum.com/display/midPoint/Synchronization+Configuration
>
>
>    - *condition* is an expression which has to evaluate to true for the
>    policy to be used. It can be used for a very fine-grain selection of
>    applicable policies.
>
>
>  I found a sample, kind of here,
> https://github.com/Evolveum/midpoint/blob/a6c023945dbea34db69a8ff17c9a61b7184c42cc/testing/consistency-mechanism/src/test/resources/request/resource-modify-synchronization.xml
>
>  I am just a little confused on the condition statement, I was thinking
> it would look something like,
>
>  <condition>
>    <script>
>      <code>
>         declare default namespace "
> http://midpoint.evolveum.com/xml/ns/public/common/common-3";
>         basic.getAttributeValue(account, '
> http://midpoint.evolveum.com/xml/ns/public/common/common-3', 'info') =
> replicated
>      </code>
>   </script>
> </condition>
>
>
>  JASON
>
>
> On Sat, Nov 29, 2014 at 2:47 AM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>>  Hello Jason,
>>
>> although I don't understand what you would like to achieve, a quick
>> answer though:
>>
>> If you would apply a condition to a mapping (incoming or outgoing, it
>> does not matter), you can use <condition> subelement directly under
>> <incoming> or <outgoing> one.
>> However, take this only as a quick hint. I haven't done that, nor I'm
>> sure it's implemented. Please try it.
>>
>> Best regards,
>> Pavol
>>
>>
>> On 28. 11. 2014 22:46, Jason Everling wrote:
>>
>>  So I have the roleType syncing to the AD attribute, info, the info or
>> roleType. I want any group that contains this roleType or info attribute
>> sync'd, any other s will not be sync'd.
>>
>>  I know how to do this in objectTemplate but how in the resource so that
>> it only syncs those groups and not all groups.
>>
>>  Where do I put in the condition statement in the resource definition? I
>> searched through what I could in the samples but couldn't find anything
>> like this.
>>
>>  JASON
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141129/ff9cbdae/attachment.htm>


More information about the midPoint mailing list