[midPoint] How to create User-User association?

Tue Nov 3 09:42:46 CET 2015

Hi Ivan,

thanks, it partly helped me!
How can I search user in MidPoint repository by other attribute (or 
extension attribute) than name?

Thanks!
Regards
Roman

Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz

AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.

------ Původní zpráva ------
Od: "Ivan Noris" <ivan.noris at evolveum.com>
Komu: midpoint at lists.evolveum.com
Odesláno: 2.11.2015 13:48:47
Předmět: Re: [midPoint] How to create User-User association?

>Hi Roman,
>
>I have done this for another (not AD) directory using midpoint's 
>organizational structure, fetching the manager and his/her account 
>attribute(s), i.e. not using entitlements.
>
>It was something like this:
>
>                 <attribute>
>                     <ref>ri:manager</ref>
>                     <tolerant>false</tolerant>
>                     <outbound>
>                         <strength>strong</strength>
>                         <expression>
>                             <script>
>                                 <code>
>import 
>com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType
>import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
>
>// get managers
>tmpManagers = midpoint.getManagersByOrgType(user, 'functional')
>managerUser = null
>if (!tmpManagers?.isEmpty()) managerUser = 
>tmpManagers.iterator().next() <!-- XXX We take FIRST manager -->
>
>if (managerUser) {
>// get shadow for the resource we're interested (by oid)
>
>     managerShadow = midpoint.getLinkedShadow(managerUser, 
>'b26554d2-41fc-11e5-a652-3c970e44b9e2', ShadowKindType.ACCOUNT, 
>'default')
>     if (managerShadow) {
>         managerDn = basic.getAttributeValue(managerShadow, 
>'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn')
>         return managerDn
>     }
>}
>return null
>                                 </code>
>                             </script>
>                         </expression>
>                         <condition>
>. . .
>                     </outbound>
>                 </attribute>
>
>Does this help a little?
>
>Be adwised as there is no source in the mapping, if manager of the user 
>changes in midPoint, you need to recompute.
>
>Regards,
>Ivan
>
>On 11/02/2015 01:04 PM, Roman Pudil - AMI Praha a.s. wrote:
>>Hi all,
>>how to create user-user manager association (like user-entitlements) 
>>in midPoint resource?
>>
>>I have Active Directory resource and in user object filled "manager" 
>>attribute (DN of another user) in AD.
>>What is the right way to create user-manager association?
>>
>>It seems, that user-entitlements association example modified to 
>>user-manager association does not work.
>>
>>Here is part of my code - "account" schema handling on Active 
>>Directory resource:
>>
>>          <association>
>>             <c:ref>ri:mgr</c:ref>
>>             <displayName>Manager</displayName>
>>             <kind>account</kind>
>>             <intent>uzivatel-ad</intent>
>>             <direction>subjectToObject</direction>
>>             <associationAttribute>ri:manager</associationAttribute>
>>             <valueAttribute>icfs:name</valueAttribute>
>>          </association>
>>
>>Thanks!
>>Regards
>>Roman
>>
>>Roman Pudil
>>solution architect
>>
>>gsm: [+420] 775 663 666
>>e-mail: roman.pudil at ami.cz
>>
>>
>>AMI Praha a.s.
>>Pláničkova 11
>>162 00 Praha 6
>>tel./fax: [+420] 274 783 239
>>web: www.ami.cz
>>
>>
>>
>>
>>
>>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
>>společnost AMI Praha a.s.
>>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>výhradně písemnou formu.
>>
>>
>>
>>_______________________________________________ midPoint mailing list 
>>midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>-- Ing. Ivan Noris Senior Identity Management Engineer & IDM Architect 
>evolveum.com evolveum.com/blog/ 
>___________________________________________________ "Semper Id(e)M 
>Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151103/5b3cc6e1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3984 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151103/5b3cc6e1/attachment.bin>