[midPoint] Adding org assignment via User Template
Brad Fardig
brad.fardig at cogitogroup.com.au
Mon Aug 22 14:47:09 CEST 2016
Hi Roman,
Thanks again.
I had something like that earlier this afternoon and now I get no assignment at all. Your response has however made me realise what the error is (just not how to fix it)
Given the following org:
<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
oid="d9ca2974-af5f-4ae7-acc4-dd9edc28e692"
version="2">
<name>users</name>
<description>Some Users</description>
<parentOrgRef oid="4564b008-e829-420c-bbf7-f2026af3434f" type="c:OrgType"><!—Some Org --></parentOrgRef>
<metadata>
<createTimestamp>2016-08-19T10:40:43.425+10:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</createChannel>
<modifyTimestamp>2016-08-19T10:40:43.511+10:00</modifyTimestamp>
<modifierRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
oid="00000000-0000-0000-0000-000000000002"
type="tns:UserType"><!-- administrator --></modifierRef>
<modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</modifyChannel>
</metadata>
<assignment id="1">
<targetRef oid="4564b008-e829-420c-bbf7-f2026af3434f" type="c:OrgType"><!—Some Org --></targetRef>
</assignment>
<activation>
<administrativeStatus>enabled</administrativeStatus>
<effectiveStatus>enabled</effectiveStatus>
<enableTimestamp>2016-08-19T10:40:43.478+10:00</enableTimestamp>
</activation>
<iteration>0</iteration>
<iterationToken/>
<roleMembershipRef oid="4564b008-e829-420c-bbf7-f2026af3434f" type="c:OrgType"><!—Some Org --></roleMembershipRef>
<displayName>Users</displayName>
<orgType>functional</orgType>
<tenant>false</tenant>
</org>
I’m trying to access the OID value: oid="d9ca2974-af5f-4ae7-acc4-dd9edc28e692"
I could use the name value but it is not guaranteed to be unique within an organisation nor across tenants.
Is there any way to access the OID value or should I set the name field to be the OID and set the displayName to the human readable version? I’d prefer to be able to access the OID field as the other fields are defined as mutable.
Regards,
Brad
From: Roman Pudil - AMI Praha a.s. [mailto:roman.pudil at ami.cz]
Sent: Monday, 22 August 2016 9:56 PM
To: Brad Fardig <brad.fardig at cogitogroup.com.au>; midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re[2]: [midPoint] Adding org assignment via User Template
Hi Brad,
your solution is wrong.
You have to linked org. unit OID with group ID synced from AD (or their names for ex.).
Test it:
1. change organizationalUnit attribute of the user to the org. unit name (which exists in midPoint)
2. change search filter in mapping to:
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>c:name</q:path>
<expression>
<script>
<code>
return organizationalUnit;
</code>
</script>
</expression>
</q:equal>
</assignmentTargetSearch>
</expression>
The better solution is to reconcile AD groups to midPoint.
Regards
Roman Pudil
solution architect
gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz <http://www.ami.cz>
<http://www.ami.cz/images/podpis/ami_logo.gif>
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
------ Původní zpráva ------
Od: "Brad Fardig" <brad.fardig at cogitogroup.com.au <mailto:brad.fardig at cogitogroup.com.au> >
Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz <mailto:roman.pudil at ami.cz> >; "midPoint General Discussion" <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com> >
Odesláno: 22.8.2016 13:24:19
Předmět: RE: [midPoint] Adding org assignment via User Template
Hi Roman,
Sorry forgot to say thank you for the quick response.
A check of the idm.log shows that there is an error, which for the example I provided earlier is:
2016-08-22 20:44:22,704 [] [Thread-24] ERROR (com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator): Object of type 'OrgType' with oid 'organizationalUnit' was not found. in assignment target reference in delta for user:62959f3e-c23d-46a5-9015-60017baf5043( <mailto:test.user4 at demo.local> test.user4 at demo.local)
Regards,
Brad
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com <mailto:midpoint-bounces at lists.evolveum.com> ] On Behalf Of Roman Pudil - AMI Praha a.s.
Sent: Monday, 22 August 2016 8:58 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com> >
Subject: Re: [midPoint] Adding org assignment via User Template
Hi Brad,
include your mapping, org definition and response error message.
Thanks!
Regards
Roman Pudil
solution architect
gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz <mailto:roman.pudil at ami.cz>
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz <http://www.ami.cz>
<http://www.ami.cz/images/podpis/ami_logo.gif>
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
------ Původní zpráva ------
Od: "Brad Fardig" <brad.fardig at cogitogroup.com.au <mailto:brad.fardig at cogitogroup.com.au> >
Komu: "midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com> " <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com> >
Odesláno: 22.8.2016 12:54:47
Předmět: [midPoint] Adding org assignment via User Template
Hi,
I have a user template where I am trying to assign an org based on an oid that is set as part of the user import.
The assignment mapping looks like:
<mapping>
<name>map organization</name>
<strength>strong</strength>
<source>
<path>$user/organizationalUnit</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<oid>Need to put organizationalUnit OID here</oid>
</assignmentTargetSearch>
</expression>
<target>
<c:path>assignment</c:path>
</target>
</mapping>
Issue is I can’t get the OID value populated in the <oid> tag of the assignmentTargetSearch
Any help greatly appreciated
Regards,
Brad
This email, and any attachment, is confidential and also privileged. If you have received it in error, please notify me immediately and delete it from your system along with any attachments. You should not copy or use it for any purpose, nor disclose its contents to any other person.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160822/275d265d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5015 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160822/275d265d/attachment.bin>
More information about the midPoint
mailing list