[midPoint] [Midpoint-dev] Inducement updates are not propagated to User after reconciliation
Anand Kothekar
anand.kothekar at confluxsys.com
Thu Jan 22 15:49:55 CET 2015
Hi,
Yes, the host attribute will be entered by the user who is managing the
midpoint or it will be populated in inducement of a role by our custom code
. It will never be automated to get the value from any focus object like
User.
Thanks
Anand
On Thu, Jan 22, 2015 at 7:56 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi Anand,
>
> can you please be more precise about "value entered by user"?
> Do you mean that the host and/or(?) description attributes are expected to
> be managed by the user who is editing the user in midPoint, on the right
> side of User details in Accounts part? Are these expected to be set always
> explicitly by the user? No automation from midpoint user attributes?
>
> Thanks,
> I.
>
>
> On 01/22/2015 02:03 PM, Anand Kothekar wrote:
>
> Hi Ivan,
>
> Thanks for your inputs.
>
> I tried it by adding this constraint in inducement itself and it worked
> but I want to do this at resource level.
>
> I tried adding the same in resource but the thing is I do not have any
> outbound mapping defined for these attributes (as I use the value entered
> by user ) now if I add only strength property in outbound it gives me Error.
>
> Can you help me with pointing to the right kind of mapping I need to do.
>
> Here is the host attribute snippet from my resource:
> <attribute>
> <ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:host</ref>
> <matchingRule xmlns:mr="
> http://prism.evolveum.com/xml/ns/public/matching-rule-3
> ">mr:stringIgnoreCase</matchingRule>
> <outbound>
> <strength>strong</strength>
> </outbound>
> </attribute>
>
> I need to know how I can map value entered by user.
>
>
>
> Thanks,
> Anand Kothekar
>
>
> On Thu, Jan 22, 2015 at 5:52 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Anand,
>>
>> can you please define the mappings for description and host attributes as
>> strong?
>>
>> Something like:
>>
>> <attribute>
>> <ref>ri:description</ref>
>> <outbound>
>> * <strength>strong</strength>*
>> . . .
>> </outbound>
>> </attribute>
>> Then run the reconciliation again please.
>>
>> If you already have this configured and it does not work, please share
>> the attribute mappings here.
>>
>> Regards,
>> I.
>>
>>
>> On 01/20/2015 11:15 AM, Anand Kothekar wrote:
>>
>> Hi,
>>
>> I have been playing around with role inducements and found some issue,
>> need some quick help as inducements are quite important for our solution.
>>
>> *Issue:* Inducement updates are not propagated properly to User after
>> reconciliation.
>>
>> *Details:* When user is a assigned a role having a resource inducement,
>> User gets appropriate accounts and induced group memberships. Now Changing
>> some attributes in role inducements are not propagated after reconciling
>> User.
>>
>> *Steps Followed:*
>> - I added and ldap resource inducement in a new Role*. *I provided some
>> attributes like LdapGroups, Host, and description.
>> - User is assigned to this Role. User gets the ldap account,
>> appropriate group memberships and other attributes specified in inducement
>> (i.e. description ,host(multivalued attribute from an Auxiliary object
>> class)). So all good till now.
>> - Now I updated the Resource inducement for example changed the
>> description, added few groups, added few host.
>> - After inducement modification I reconciled the User, and following are
>> the results:
>>
>> - Group membership is updated appropriately.
>>
>> - Description is not updated
>>
>> - host attribute is not updated
>>
>>
>> Can you guys please check and let me know if I am doing something wrong
>> or is it a problem somewhere in my resource or some other issue with
>> midpoint system.
>>
>> Regards
>> Anand Kothekar
>>
>>
>> _______________________________________________
>> midPoint-dev mailing listmidPoint-dev at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint-dev
>>
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer
>> evolveum.com evolveum.com/blog/
>> _____________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com evolveum.com/blog/
> _____________________________________________
> "Semper Id(e)M Vix."
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150122/f9b4e893/attachment.htm>
More information about the midPoint
mailing list