[midPoint] [Midpoint-dev] Inducement updates are not propagated to User after reconciliation

Anand Kothekar anand.kothekar at confluxsys.com
Thu Jan 22 15:49:55 CET 2015 

Hi,

Yes, the host attribute will be entered by the user who is managing the
midpoint or it will be populated in inducement of a role by our custom code
. It will never be automated to get the value from any focus object like
User.


Thanks
Anand



On Thu, Jan 22, 2015 at 7:56 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

>  Hi Anand,
>
> can you please be more precise about "value entered by user"?
> Do you mean that the host and/or(?) description attributes are expected to
> be managed by the user who is editing the user in midPoint, on the right
> side of User details in Accounts part? Are these expected to be set always
> explicitly by the user? No automation from midpoint user attributes?
>
> Thanks,
> I.
>
>
> On 01/22/2015 02:03 PM, Anand Kothekar wrote:
>
> Hi Ivan,
>
>  Thanks for your inputs.
>
>  I tried it by adding this constraint in inducement itself and it worked
> but I want to do this at resource level.
>
>  I tried adding the same in resource but the thing is I do not have any
> outbound mapping defined for these attributes (as I use the value entered
> by user ) now if I add only strength property in outbound it gives me Error.
>
>  Can you help me with pointing to the right kind of mapping I need to do.
>
>  Here is the host attribute snippet from my resource:
>           <attribute>
>             <ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:host</ref>
>             <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
>             <outbound>
>                <strength>strong</strength>
>             </outbound>
>          </attribute>
>
>  I need to know how I can map value entered by user.
>
>
>
>  Thanks,
>  Anand Kothekar
>
>
> On Thu, Jan 22, 2015 at 5:52 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Hi Anand,
>>
>> can you please define the mappings for description and host attributes as
>> strong?
>>
>> Something like:
>>
>>                 <attribute>
>>                     <ref>ri:description</ref>
>>                     <outbound>
>> *                        <strength>strong</strength>*
>> . . .
>>                     </outbound>
>>                 </attribute>
>> Then run the reconciliation again please.
>>
>> If you already have this configured and it does not work, please share
>> the attribute mappings here.
>>
>> Regards,
>> I.
>>
>>
>> On 01/20/2015 11:15 AM, Anand Kothekar wrote:
>>
>>  Hi,
>>
>>  I have been playing around with role inducements and found some issue,
>> need some quick help as inducements are quite important for our solution.
>>
>>  *Issue:* Inducement updates are not propagated properly to User after
>> reconciliation.
>>
>>  *Details:* When user is a assigned a role having a resource inducement,
>> User gets appropriate accounts and induced group memberships. Now Changing
>> some attributes in role inducements are not propagated after reconciling
>> User.
>>
>>  *Steps Followed:*
>> - I added and ldap resource inducement in a new Role*. *I provided some
>> attributes like LdapGroups, Host, and description.
>>  - User is  assigned to this Role. User gets the ldap account,
>> appropriate group memberships and other attributes specified in inducement
>> (i.e. description ,host(multivalued attribute from an Auxiliary object
>> class)). So all good till now.
>> - Now I updated the Resource inducement for example changed the
>> description, added few groups, added few host.
>> - After inducement modification I reconciled the User, and following are
>> the results:
>>
>> - Group membership is updated appropriately.
>>
>>  - Description is not updated
>>
>>  - host attribute is not updated
>>
>>
>>  Can you guys please check and let me know if I am doing something wrong
>> or is it a problem somewhere in my resource or some other issue with
>> midpoint system.
>>
>>  Regards
>> Anand Kothekar
>>
>>
>>  _______________________________________________
>> midPoint-dev mailing listmidPoint-dev at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com     evolveum.com/blog/
>>   _____________________________________________
>>   "Semper Id(e)M Vix."
>>
>>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer
>   evolveum.com     evolveum.com/blog/
>   _____________________________________________
>   "Semper Id(e)M Vix."
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150122/f9b4e893/attachment.htm>

More information about the midPoint mailing list