[midPoint] Users and Groups in database
Roman Pudil - AMI Praha a.s.
roman.pudil at ami.cz
Mon Jun 22 17:13:36 CEST 2015
Hi Pavol,
thanks for great advice!
Now I have all application roles saved as multi-valued attribute in the
user in MidPoint.
How can I associate these values with entitlements (roles) in MidPoint?
"AssignmentTargetSearch" in mapping gives me "Expression returned more
than one value" exception (yes, attribute is multi-valued).
Thanks!
Regards
R. Pudil
Roman Pudil
solution architect
gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz <http://www.ami.cz>
AMI Praha a.s.
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
výhradně písemnou formu.
Dne 20.6.2015 v 18:38 Pavol Mederly napsal(a):
> Hello Roman,
>
> we've recently implemented this scenario for one of our customers.
>
> It was done via ScriptedSQL connector, as one resource, having two
> object classes:
>
> - users
> - roles
>
> The user-role association was implemented as a multi-valued attribute
> called "roles" in the user. (It could be done also via attribute
> "users"/"members" in the role object, but we chose this way because
> the user in our case has fewer roles than there are users for a given
> role.)
>
> Groovy scripts in the connector were used as a wrapper that called
> stored procedures in the database. These procedures were responsible
> for manipulating the tables, including updating user-role table based
> on the information that came in the "roles" attribute.
>
> It is more complex than using the simple DB connector, but works nicely.
>
> Best regards,
> Pavol
>
> On 20. 6. 2015 18:07, Roman Pudil - AMI Praha a.s. wrote:
>> Hi all,
>> I have 3 tables in database.
>>
>> 1) table with users
>> 2) talbe with roles
>> 3) table with users id's assigned to roles id's (M:N relation)
>>
>> First table and second table are connected to midPoint as two
>> database resources (DB users as identities, DB roles as midPoint
>> roles). But how to process third table to MidPoint with users to
>> groups relations? As third resource or not? How? What is best practice?
>>
>> Thanks for any idea!
>>
>> Regards!
>> Roman Pudil
>> AMI Praha, a.s.
>> --
>>
>> Roman Pudil
>> solution architect
>> gsm: [+420] 775 663 666
>> e-mail: roman.pudil at ami.cz
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel./fax: [+420] 274 783 239
>> web: www.ami.cz
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150622/51624a32/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ami_logo.gif
Type: image/gif
Size: 2900 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150622/51624a32/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AMI-podpis-IdM_1.png
Type: image/png
Size: 21628 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150622/51624a32/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4240 bytes
Desc: Elektronicky podpis S/MIME
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150622/51624a32/attachment.bin>
More information about the midPoint
mailing list