[midPoint] Discovering Custom objectClasses
Jason Everling
jeverling at bshp.edu
Fri Aug 19 18:49:15 CEST 2016
I can answer the first question, 2 options, taken from ours ,
Add a protected section for everything you do not want to sync,
https://github.com/Evolveum/midpoint/blob/master/samples/resources/opendj/opendj-localhost-resource-sync-advanced.xml#L309
<protected> <filter> <q:substring
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
<q:matching>stringIgnoreCase</q:matching>
<q:path>attributes/name</q:path>
<q:value>OU=TEMPLATE,DC=TEST,DC=LOCAL</q:value>
<q:anchorEnd>true</q:anchorEnd> </q:substring>
</filter></protected>
you could also instead add into the objectSynchronization section. Not
necessarily based on a query but more of specific attribute values. In the
below (..... ....... 'info') is the ad attribute and values are mpSecurity
or mpDistribution . This keeps midPoint from syncing all AD groups and only
the ones we want to sync.
<objectSynchronization>
<objectClass>ri:CustomGroupObjectClass</objectClass>
<kind>entitlement</kind> <intent>group</intent>
<focusType>c:RoleType</focusType>
<enabled>true</enabled> <!-- Only Sync Groups from AD
that have info set as either "mpSecurity" or "mpDistribution" -->
<condition> <script>
<code> tmp =
basic.getAttributeValue(shadow,
'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3',
'info'); return (tmp == 'mpSecurity' || tmp
== 'mpDistribution') </code>
</script>
</condition>
JASON
On Fri, Aug 19, 2016 at 11:35 AM, Mencel, Matt <mr-mencel at wiu.edu> wrote:
> OK. I think it's correct in the XML. It's just throwing the warning in
> the UI. I'll try a sync and see how it goes.
>
> Is there a way to specify an LDAP query for the sync/import? I just want
> to sync for example my department '(&(objectClass=person)(department=IT))'
> during testing, rather than every user object in my LDAP directory.
>
>
> Also, my resource XML that I edit and put in my source control system....
> Is there a place to put that in midpoint.home that gets imported
> automatically (midpoint.home/import)? Or do I need to manually import that
> every time I make a change to it?
>
> Thanks for being patient with my questions...
>
> Matt
>
>
> On Fri, Aug 19, 2016 at 11:22 AM, Pavol Mederly <
> pavol.mederly at evolveum.com> wrote:
>
>> Hello Matt,
>>
>> I'm afraid that the resource wizard maybe does not work 100% correctly
>> with auxiliary classes. At least I haven't tested it in this way when
>> preparing it for 3.4 release. I've now created MID-3359
>> <https://jira.evolveum.com/browse/MID-3359> for it.
>>
>> For the time being, I'd recommend setting schemaHandling for that
>> particular attribute by hand (via XML editor).
>>
>> Best regards,
>> Pavol
>>
>> ------------------------------
>> *From: *"Matt Mencel" <mr-mencel at wiu.edu>
>> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
>> *Sent: *Friday, August 19, 2016 6:11:13 PM
>> *Subject: *Re: [midPoint] Discovering Custom objectClasses
>>
>>
>> Capitalization looks correct. I notice that I cannot select wiuId on the
>> Schema Handling tab for that attribute. It defaults to CN.
>>
>> The Atttribute drop down is only presenting attributes from the person
>> OC, not the other auxiliary OCs.
>>
>> Matt
>>
>>
>>
>>
>> On Fri, Aug 19, 2016 at 10:47 AM, Radovan Semancik <
>> radovan.semancik at evolveum.com> wrote:
>>
>>> Hi,
>>>
>>> Yes, that should work.
>>> Just check that you have correct lowercase/uppercase form for the
>>> attribute names. LDAP is (mostly) case insensitive, but midPoint is case
>>> sensitive. Look at the <schema> part of the resource definition. That is
>>> generated from the resource. Look for your auxiliary object class
>>> definition there. And use the same capitalization as you see in the
>>> <schema> section.
>>>
>>> --
>>> Radovan Semancik
>>> Software Architectevolveum.com
>>>
>>>
>>>
>>>
>>> On 08/19/2016 05:23 PM, Mencel, Matt wrote:
>>>
>>> Thanks Radovan,
>>>
>>> That helps. Do I declare the auxiliary's attributes in the same place
>>> as the default objectClass then? I'm getting this error in the UI...
>>>
>>> There is no attribute named '{http://midpoint.evolveum.com
>>>> /xml/ns/public/resource/instance-3}wiuId' in object class '{
>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}person'
>>>> (defined in schema handling for 'User Account (kind: ACCOUNT, intent:
>>>> person)').
>>>
>>>
>>> https://gist.github.com/MattMencel/2a3208371a1b0ce422e0b4923df413f7
>>>
>>> On Fri, Aug 19, 2016 at 9:54 AM, Radovan Semancik <
>>> radovan.semancik at evolveum.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> On 08/19/2016 04:26 PM, Mencel, Matt wrote:
>>>>
>>>> I have multiple LDAP objectclasses that contain all the attributes that
>>>> make up a person's identity. I've associated multiple OCs with the same
>>>> kind/intent in midpoint and am getting a warning in the UI.
>>>>
>>>>> There are multiple schema handling definitions for kind/intent:
>>>>> ACCOUNT/person.
>>>>
>>>> Should I be doing this another way?
>>>>
>>>>
>>>> Yes. Just one of the objectclasses is structural (primary). Other
>>>> object classes are auxiliary. MidPoint fully supports auxiliary object
>>>> classes, but you need to use a slightly different approach. Use something
>>>> like this:
>>>>
>>>> <schemaHandling>
>>>> <objectType>
>>>> <kind>account</kind>
>>>> <displayName>Normal Account</displayName>
>>>> <default>true</default>
>>>> <objectClass>ri:inetOrgPerson</objectClass>
>>>> <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
>>>> <auxiliaryObjectClass>ri:foo</auxiliaryObjectClass>
>>>> <auxiliaryObjectClass>ri:bar</auxiliaryObjectClass>
>>>> ...
>>>>
>>>>
>>>> --
>>>> Radovan Semancik
>>>> Software Architectevolveum.com
>>>>
>>>> _______________________________________________ midPoint mailing list
>>>> midPoint at lists.evolveum.com http://lists.evolveum.com/mail
>>>> man/listinfo/midpoint
>>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160819/d43b19b2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-08-19 at 11.09.04 AM.png
Type: image/png
Size: 126703 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160819/d43b19b2/attachment.png>
More information about the midPoint
mailing list