[midPoint] How to create User-User association?

Roman Pudil - AMI Praha a.s. roman.pudil at ami.cz
Thu Nov 5 16:26:36 CET 2015


Hi Ivan,
yes, I mean midpoint library.

I have already found a solution. Here is part of my code (in template or 
resource definition):

          <script>
             
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
             <code>
             import javax.xml.namespace.QName;
             import com.evolveum.midpoint.prism.query.ObjectQuery;
             import 
com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType;
             import 
com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
             import com.evolveum.midpoint.prism.query.EqualFilter;
             import com.evolveum.midpoint.prism.path.ItemPath;
             import com.evolveum.midpoint.prism.PrismConstants;

             // ------------ needs to be edited -----------------
             searchAttrName = "managerEmpNumber";     // name of 
attribute to search
             searchAttrValue = "123456";      // value of attribute to 
search
             // ------------ needs to be edited (END) -----------------

                filter = EqualFilter.createEqual(new ItemPath(new 
QName(searchAttrName)), 
user.asPrismObject().getDefinition().findPropertyDefinition(new 
QName(searchAttrName)), null, new String(searchAttrValue));
                 // use midPoint Library method "searchObjects"
                 allUsers = midpoint.searchObjects(UserType.class, 
ObjectQuery.createObjectQuery(filter));
                 log.info('Found users {}', allUsers);
         ..........
Now, in allUsers variable are users comply with the defined conditions 
(who have managerEmpNumber = 123456).


Regards
Roman


Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz





Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.



------ Původní zpráva ------
Od: "Ivan Noris" <ivan.noris at evolveum.com>
Komu: midpoint at lists.evolveum.com
Odesláno: 5.11.2015 16:14:57
Předmět: Re: [midPoint] How to create User-User association?

>Hi Roman,
>
>you mean by using midpoint library or some other means..?
>
>i.
>
>On 11/03/2015 09:42 AM, Roman Pudil - AMI Praha a.s. wrote:
>>Hi Ivan,
>>
>>thanks, it partly helped me!
>>How can I search user in MidPoint repository by other attribute (or 
>>extension attribute) than name?
>>
>>Thanks!
>>Regards
>>Roman
>>
>>Roman Pudil
>>solution architect
>>
>>gsm: [+420] 775 663 666
>>e-mail: roman.pudil at ami.cz
>>
>>
>>AMI Praha a.s.
>>Pláničkova 11
>>162 00 Praha 6
>>tel./fax: [+420] 274 783 239
>>web: www.ami.cz
>>
>>
>>
>>
>>
>>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
>>společnost AMI Praha a.s.
>>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>výhradně písemnou formu.
>>
>>
>>
>>------ Původní zpráva ------
>>Od: "Ivan Noris" <ivan.noris at evolveum.com>
>>Komu: midpoint at lists.evolveum.com
>>Odesláno: 2.11.2015 13:48:47
>>Předmět: Re: [midPoint] How to create User-User association?
>>
>>>Hi Roman,
>>>
>>>I have done this for another (not AD) directory using midpoint's 
>>>organizational structure, fetching the manager and his/her account 
>>>attribute(s), i.e. not using entitlements.
>>>
>>>It was something like this:
>>>
>>>                 <attribute>
>>>                     <ref>ri:manager</ref>
>>>                     <tolerant>false</tolerant>
>>>                     <outbound>
>>>                         <strength>strong</strength>
>>>                         <expression>
>>>                             <script>
>>>                                 <code>
>>>import 
>>>com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType
>>>import static 
>>>com.evolveum.midpoint.schema.constants.SchemaConstants.*
>>>
>>>// get managers
>>>tmpManagers = midpoint.getManagersByOrgType(user, 'functional')
>>>managerUser = null
>>>if (!tmpManagers?.isEmpty()) managerUser = 
>>>tmpManagers.iterator().next() <!-- XXX We take FIRST manager -->
>>>
>>>if (managerUser) {
>>>// get shadow for the resource we're interested (by oid)
>>>
>>>     managerShadow = midpoint.getLinkedShadow(managerUser, 
>>>'b26554d2-41fc-11e5-a652-3c970e44b9e2', ShadowKindType.ACCOUNT, 
>>>'default')
>>>     if (managerShadow) {
>>>         managerDn = basic.getAttributeValue(managerShadow, 
>>>'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 
>>>'dn')
>>>         return managerDn
>>>     }
>>>}
>>>return null
>>>                                 </code>
>>>                             </script>
>>>                         </expression>
>>>                         <condition>
>>>. . .
>>>                     </outbound>
>>>                 </attribute>
>>>
>>>Does this help a little?
>>>
>>>Be adwised as there is no source in the mapping, if manager of the 
>>>user changes in midPoint, you need to recompute.
>>>
>>>Regards,
>>>Ivan
>>>
>>>On 11/02/2015 01:04 PM, Roman Pudil - AMI Praha a.s. wrote:
>>>>Hi all,
>>>>how to create user-user manager association (like user-entitlements) 
>>>>in midPoint resource?
>>>>
>>>>I have Active Directory resource and in user object filled "manager" 
>>>>attribute (DN of another user) in AD.
>>>>What is the right way to create user-manager association?
>>>>
>>>>It seems, that user-entitlements association example modified to 
>>>>user-manager association does not work.
>>>>
>>>>Here is part of my code - "account" schema handling on Active 
>>>>Directory resource:
>>>>
>>>>          <association>
>>>>             <c:ref>ri:mgr</c:ref>
>>>>             <displayName>Manager</displayName>
>>>>             <kind>account</kind>
>>>>             <intent>uzivatel-ad</intent>
>>>>             <direction>subjectToObject</direction>
>>>>             <associationAttribute>ri:manager</associationAttribute>
>>>>             <valueAttribute>icfs:name</valueAttribute>
>>>>          </association>
>>>>
>>>>Thanks!
>>>>Regards
>>>>Roman
>>>>
>>>>Roman Pudil
>>>>solution architect
>>>>
>>>>gsm: [+420] 775 663 666
>>>>e-mail: roman.pudil at ami.cz
>>>>
>>>>
>>>>AMI Praha a.s.
>>>>Pláničkova 11
>>>>162 00 Praha 6
>>>>tel./fax: [+420] 274 783 239
>>>>web: www.ami.cz
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá 
>>>>za společnost AMI Praha a.s.
>>>>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>>>výhradně písemnou formu.
>>>>
>>>>
>>>>
>>>>_______________________________________________ midPoint mailing 
>>>>list 
>>>>midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>-- Ing. Ivan Noris Senior Identity Management Engineer & IDM 
>>>Architect evolveum.com evolveum.com/blog/ 
>>>___________________________________________________ "Semper Id(e)M 
>>>Vix."
>>
>>
>>_______________________________________________ midPoint mailing list 
>>midPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>-- Ing. Ivan Noris Senior Identity Management Engineer & IDM Architect 
>evolveum.com evolveum.com/blog/ 
>___________________________________________________ "Semper Id(e)M 
>Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151105/b596b783/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3984 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20151105/b596b783/attachment.bin>


More information about the midPoint mailing list