[midPoint] Adding Custom Attributes to Midpoint

Jason Everling jeverling at bshp.edu
Tue Aug 23 19:45:41 CEST 2016


Does it have to wait for username from ldap or can you generate them in
midpoint or have you just gotten that far yet? Maybe someone else can jump
in on which route to take, in reverse order, our CSV is also authoritative ,
BUT if no account found it will generate the username based on an object
template in midpoint and then it provisions that account to the different
resources the user should have access to.

Have you gotten around to object templates in midpoint? You can attach a
template to each resource, and also make a default gui one, for example,

on the resource it is

                <reaction>
<!-- Users will be ENABLED and moved into the correct Org Unit -->
                    <situation>unlinked</situation>
<objectTemplateRef oid="10000000-0000-0000-0000-000000000302"/>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount
</handlerUri>
</action>
                </reaction>
                <reaction>
                    <situation>unmatched</situation>
                    <objectTemplateRef
oid="10000000-0000-0000-0000-000000000203"/>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser
</handlerUri>
</action>
                </reaction>

and then my object template relating to the 'unmatched' situation will
generate a username based on different user 'types' or their affiliated
status, you know, faculty/staff like to have better looking usernames,
hah.. I can share some of the template if needed





JASON

On Tue, Aug 23, 2016 at 12:32 PM, Mencel, Matt <mr-mencel at wiu.edu> wrote:

> The CSV is the authoritative source.  When an account is first sent in
> that file I don't have an LDAP entry for it yet, so no username can be
> assigned yet.  So ideally what would happen...
>
> - New user created from the CSV with the ID as it's name for the time
> being...
> - An LDAP account is then provisioned based on the info and I get the
> username back from the LDAP resource
> - "Rename" the object in midpoint with the username set as name and ID
> would be in the employeeID attribute.
>
> I haven't done anything with the name attribute yet because I wasn't sure
> what I needed to do.  So right now it just picks up the ID from the CSV I
> think because that is what is set as the "uniqueIdentifier" in that
> resource.
>
> <attribute>
> <ref>icfs:name</ref>
> <displayName>Name</displayName>
> <outbound>
> <strength>weak</strength>
> <source>
> <path>$user/name</path>
> </source>
> </outbound>
> <inbound>
> <target>
> <path>$user/name</path>
> </target>
> </inbound>
> </attribute>
>
> On Tue, Aug 23, 2016 at 12:22 PM, Jason Everling <jeverling at bshp.edu>
> wrote:
>
>> In one of our resources, we also use the ID as the unique identifier. Do
>> the users already exist in midpoint that the CSV accounts belong too? If
>> so, then you would match based on your extension attribute, what do you
>> have for icfs:name mapping? like our CSV for example,
>>
>>                 <attribute>
>>                     <ref>icfs:name</ref>
>>                     <displayName>Name</displayName>
>>                     <limitations>
>>                         <minOccurs>0</minOccurs>
>>                         <access>
>>                             <read>true</read>
>>                         </access>
>>                     </limitations>
>>                     <inbound>
>>                         <target>
>>                             <path>
>>                                 $c:user/c:extension/bshp:uniqueID
>>                             </path>
>>                         </target>
>>                     </inbound>
>>                 </attribute>
>>
>>                 <correlation>
>>                     <q:equal>
>>                         <q:path>c:user/c:extension/bshp:unqiueID</q:path>
>> <expression>
>> <path>
>> declare namespace icfs="http://midpoint.evolveum
>> .com/xml/ns/public/connector/icf-1/resource-schema-3";
>> $account/attributes/icfs:name
>> </path>
>> </expression>
>>                     </q:equal>
>>                 </correlation>
>>
>> This way, if it is an existing user with the same value, it will match
>> and link accounts, if not, then the object template will generate a new
>> user based on what we have defined as a 'username'
>>
>> JASON
>>
>> On Tue, Aug 23, 2016 at 10:50 AM, Mencel, Matt <mr-mencel at wiu.edu> wrote:
>>
>>> I meant to include this screenshot in my reply....
>>>
>>>
>>>>>>
>>> On Tue, Aug 23, 2016 at 10:37 AM, Mencel, Matt <mr-mencel at wiu.edu>
>>> wrote:
>>>
>>>> So I have a followup question.  In my CSV resource the unique attribute
>>>> is an ID number.  It's getting imported to the "Name" field in Midpoint.
>>>> It's just odd that the "Name" appears as the id number.  Can I rename that
>>>> field or should I import that ID attribute to a new custom field that I put
>>>> in my custom schema file?  Is there a way to present a custom schema
>>>> attribute in that top bar?
>>>>
>>>> I'm assuming the Name field in Midpoint really should be a username as
>>>> that seems to be the intent for that.  When I get my LDAP resource working
>>>> I will be able to add the username data, but I'm not that far yet.  So just
>>>> trying to figure out how to handle it with the data coming from the CSV
>>>> import.
>>>>
>>>> Thanks,
>>>> Matt
>>>>
>>>> On Mon, Aug 22, 2016 at 5:20 PM, Mencel, Matt <mr-mencel at wiu.edu>
>>>> wrote:
>>>>
>>>>> Figured it out.  Have to call $user/extention/major in the attribute
>>>>> mapping.
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 22, 2016 at 5:17 PM, Mencel, Matt <mr-mencel at wiu.edu>
>>>>> wrote:
>>>>>
>>>>>> Ah, of course...thanks for that link.  I created the xsd file with my
>>>>>> new attributes...
>>>>>>
>>>>>> <xsd:element name="major" type="xsd:string" minOccurs="0"
>>>>>> maxOccurs="unbounded">
>>>>>>                 <xsd:annotation>
>>>>>>                     <xsd:appinfo>
>>>>>>                         <a:indexed>true</a:indexed>
>>>>>>                         <a:displayName>Major</a:displayName>
>>>>>>                         <a:displayOrder>130</a:displayOrder>
>>>>>>                     </xsd:appinfo>
>>>>>>                 </xsd:annotation>
>>>>>>             </xsd:element>
>>>>>>
>>>>>> I see the empty fields now in the user entry (Extension section), but
>>>>>> I must still be missing something because I'm still not getting it during
>>>>>> the import.  Do I have to do anything different in the schemaHandling
>>>>>> section of my resource in order to use it?
>>>>>>
>>>>>> <schemaHandling>
>>>>>> ...
>>>>>> <attribute>
>>>>>>           <ref>ri:major</ref>
>>>>>>           <displayName>Major</displayName>
>>>>>>           <outbound>
>>>>>>             <strength>weak</strength>
>>>>>>             <source>
>>>>>>               <path>$user/major</path>
>>>>>>             </source>
>>>>>>           </outbound>
>>>>>>           <inbound>
>>>>>>             <target>
>>>>>>               <path>$user/major</path>
>>>>>>             </target>
>>>>>>           </inbound>
>>>>>>         </attribute>
>>>>>> ...
>>>>>>
>>>>>> On Mon, Aug 22, 2016 at 4:56 PM, Brad Fardig <
>>>>>> brad.fardig at cogitogroup.com.au> wrote:
>>>>>>
>>>>>>> Hi Matt,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> This doc provides an example of how to add the schema extensions
>>>>>>> that you require:  https://wiki.evolveum.com/disp
>>>>>>> lay/midPoint/Custom+Schema+Extension
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hope this helps
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Brad
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>>>>>>> Behalf Of *Mencel, Matt
>>>>>>> *Sent:* Tuesday, 23 August 2016 7:39 AM
>>>>>>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>>>>>>> *Subject:* [midPoint] Adding Custom Attributes to Midpoint
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I have lots of custom attributes in my different resources (e.g.
>>>>>>> studentId, major, minor, etc....).  I'd like to add this and many others to
>>>>>>> Midpoint so I can sync them between resources.  I see there is an
>>>>>>> objectTemplate that can be used, but the examples I've seen only only show
>>>>>>> using that to do actions like create fullName from givenName and
>>>>>>> familyName.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Do I also use objectTemplate when I just want to sync a new
>>>>>>> attribute in from a resource?  Or should it be picking that up from the
>>>>>>> schema?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I get errors like this when attempting to import an account with a
>>>>>>> custom attribute.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2016-08-22 16:35:45,425 [] [http-nio-8080-exec-4] WARN
>>>>>>> (com.evolveum.midpoint.provisioning.impl.ResourceManager): Schema
>>>>>>> error while processing schemaHandling section of
>>>>>>> resource:0d6babea-6896-11e6-9d38-0050569aa9d2(CSV TEADVS):
>>>>>>> Definition of attribute studentmajor not found in object class {
>>>>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instanc
>>>>>>> e-3}AccountObjectClass as defined in definition of
>>>>>>> resource:0d6babea-6896-11e6-9d38-0050569aa9d2(CSV TEADVS)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *This email, and any attachment, is confidential and also
>>>>>>> privileged. If you have received it in error, please notify me immediately
>>>>>>> and delete it from your system along with any attachments. You should not
>>>>>>> copy or use it for any purpose, nor disclose its contents to any other
>>>>>>> person. *
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160823/470dc7c7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-08-23 at 10.28.56 AM.png
Type: image/png
Size: 36370 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160823/470dc7c7/attachment.png>


More information about the midPoint mailing list