[midPoint] How to create User-User association?

Ivan Noris ivan.noris at evolveum.com
Thu Nov 5 16:14:57 CET 2015 

Hi Roman,

you mean by using midpoint library or some other means..?

i.

On 11/03/2015 09:42 AM, Roman Pudil - AMI Praha a.s. wrote:
> Hi Ivan,
>  
> thanks, it partly helped me!
> How can I search user in MidPoint repository by other attribute (or
> extension attribute) than name?
>  
> Thanks!
> Regards
> Roman
>  
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
>
> 	    	    	
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 	    	    	
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>  
>  
>  
> ------ Původní zpráva ------
> Od: "Ivan Noris" <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>
> Komu: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Odesláno: 2.11.2015 13:48:47
> Předmět: Re: [midPoint] How to create User-User association?
>  
>> Hi Roman,
>>
>> I have done this for another (not AD) directory using midpoint's
>> organizational structure, fetching the manager and his/her account
>> attribute(s), i.e. not using entitlements.
>>
>> It was something like this:
>>
>>                 <attribute>
>>                     <ref>ri:manager</ref>
>>                     <tolerant>false</tolerant>
>>                     <outbound>
>>                         <strength>strong</strength>
>>                         <expression>
>>                             <script>
>>                                 <code>
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType
>> import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
>>
>> // get managers
>> tmpManagers = midpoint.getManagersByOrgType(user, 'functional')
>> managerUser = null
>> if (!tmpManagers?.isEmpty()) managerUser =
>> tmpManagers.iterator().next() <!-- XXX We take FIRST manager -->
>>
>> if (managerUser) {
>> // get shadow for the resource we're interested (by oid)
>>
>>     managerShadow = midpoint.getLinkedShadow(managerUser,
>> 'b26554d2-41fc-11e5-a652-3c970e44b9e2', ShadowKindType.ACCOUNT,
>> 'default')
>>     if (managerShadow) {
>>         managerDn = basic.getAttributeValue(managerShadow,
>> 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn')
>>         return managerDn
>>     }
>> }
>> return null
>>                                 </code>
>>                             </script>
>>                         </expression>
>>                         <condition>
>> . . .
>>                     </outbound>
>>                 </attribute>
>>
>> Does this help a little?
>>
>> Be adwised as there is no source in the mapping, if manager of the
>> user changes in midPoint, you need to recompute.
>>
>> Regards,
>> Ivan
>>
>> On 11/02/2015 01:04 PM, Roman Pudil - AMI Praha a.s. wrote:
>>> Hi all,
>>> how to create user-user manager association (like user-entitlements)
>>> in midPoint resource?
>>>  
>>> I have Active Directory resource and in user object filled "manager"
>>> attribute (DN of another user) in AD.
>>> What is the right way to create user-manager association?
>>>  
>>> It seems, that user-entitlements association example modified to
>>> user-manager association does not work.
>>>  
>>> Here is part of my code - "account" schema handling on Active
>>> Directory resource:
>>>  
>>>          <association>
>>>             <c:ref>ri:mgr</c:ref>
>>>             <displayName>Manager</displayName>
>>>             <kind>account</kind>
>>>             <intent>uzivatel-ad</intent>
>>>             <direction>subjectToObject</direction>
>>>             <associationAttribute>ri:manager</associationAttribute>
>>>             <valueAttribute>icfs:name</valueAttribute>
>>>          </association>
>>>  
>>> Thanks!
>>> Regards
>>> Roman
>>>  
>>>
>>> Roman Pudil
>>> solution architect
>>>
>>> gsm: [+420] 775 663 666
>>> e-mail: roman.pudil at ami.cz
>>>
>>> 	    	    	
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel./fax: [+420] 274 783 239
>>> web: www.ami.cz
>>>
>>> 	    	    	
>>>
>>>
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>> za společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>  
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151105/54f08035/attachment.htm>

More information about the midPoint mailing list