[midPoint] Help looping on Active Directory groups

Pavol Mederly mederly at evolveum.com
Thu Sep 3 15:45:57 CEST 2015 

Hello Fabio,

the problem is that you've put your script to *ri:title* attribute. So 
(I think) that as an input you get the value of this attribute, which is 
a string. The <source> declaration is not appropriate here.

If you want to process ri:groups attribute, please put this mapping 
under *ri:groups* attribute.
Also, use *<relativityMode>absolute</relativityMode>* (as a child of 
<script>) in order to get all the values of ri:groups at once.
Remove the <source> part and refer to the input variable (now called 
gruppi) simply as *input*.

Hope this helps,
Pavol

> Hi,
> I have an Active Directory resource and I need to reconcile users. In 
> populating a virtual user attribute I need to check if the 
> corresponding AD account has a particular group assigned. This is a 
> snippet of the resource xml:
>
>                 <attribute>
> <c:ref>ri:title</c:ref>
> <displayName>Gruppi</displayName>
>                     <inbound>
>                         <source>
> <name>gruppi</name>
> <path>$shadow/attributes/groups</path>
>                         </source>
>                         <expression>
>                           <script>
>                              <code>
>                                 def isdirettore = false
>                                 def n = gruppi.size()
>                                 for (def i = 0; i < n; i++) {
>                                     def gruppo = gruppi.get(i)
>                                     if (it =~ /^CN=.*_DIV.._DIR.*$/) {
> isdirettore = true
>                                     }
>                                 }
>                                 isdirettore
>                              </code>
>                           </script>
>                         </expression>
>                         <target>
> <path>$user/extension/mise:organizzazione</path>
>                         </target>
>                     </inbound>
>                  </attribute>
>
> I need to loop on assigned AD groups and I need to check the string 
> format of each group using a regular expression. The problem is that 
> in the variable named “gruppi” I have only a string and not an array 
> or List. Do you have any ideas?
>
> Thanks and regards.
>
>   Fabio
>
> --
> Fabio Contessi <f.contessi at nsr.it <mailto:f.contessi at nsr.it>>
>
> nova systems roma / nsr
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150903/411145f3/attachment.htm>

More information about the midPoint mailing list