[midPoint] Adding Custom Attributes to Midpoint
Mencel, Matt
mr-mencel at wiu.edu
Tue Aug 23 19:58:04 CEST 2016
The process right now is a Perl script we wrote 15+ years ago, but you're
right. If I get this working correctly, Midpoint would create the
usernames instead, so this will be fine. When the import from CSV does an
add, the object template would generate the UID. I need to get all the
users imported from LDAP first though before I implement that.
I'd love to see your template, if just to have a real world example to
refer to. If you don't want to share it here feel free to email me
directly, or put it in a private gist on Github or something.
Thanks!
On Tue, Aug 23, 2016 at 12:45 PM, Jason Everling <jeverling at bshp.edu> wrote:
> Does it have to wait for username from ldap or can you generate them in
> midpoint or have you just gotten that far yet? Maybe someone else can jump
> in on which route to take, in reverse order, our CSV is also authoritative ,
> BUT if no account found it will generate the username based on an object
> template in midpoint and then it provisions that account to the different
> resources the user should have access to.
>
> Have you gotten around to object templates in midpoint? You can attach a
> template to each resource, and also make a default gui one, for example,
>
> on the resource it is
>
> <reaction>
> <!-- Users will be ENABLED and moved into the correct Org Unit -->
> <situation>unlinked</situation>
> <objectTemplateRef oid="10000000-0000-0000-0000-000000000302"/>
> <action>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> model/action-3#linkAccount</handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <objectTemplateRef oid="10000000-0000-0000-0000-
> 000000000203"/>
> <action>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> model/action-3#addUser</handlerUri>
> </action>
> </reaction>
>
> and then my object template relating to the 'unmatched' situation will
> generate a username based on different user 'types' or their affiliated
> status, you know, faculty/staff like to have better looking usernames,
> hah.. I can share some of the template if needed
>
>
>
>
>
> JASON
>
> On Tue, Aug 23, 2016 at 12:32 PM, Mencel, Matt <mr-mencel at wiu.edu> wrote:
>
>> The CSV is the authoritative source. When an account is first sent in
>> that file I don't have an LDAP entry for it yet, so no username can be
>> assigned yet. So ideally what would happen...
>>
>> - New user created from the CSV with the ID as it's name for the time
>> being...
>> - An LDAP account is then provisioned based on the info and I get the
>> username back from the LDAP resource
>> - "Rename" the object in midpoint with the username set as name and ID
>> would be in the employeeID attribute.
>>
>> I haven't done anything with the name attribute yet because I wasn't sure
>> what I needed to do. So right now it just picks up the ID from the CSV I
>> think because that is what is set as the "uniqueIdentifier" in that
>> resource.
>>
>> <attribute>
>> <ref>icfs:name</ref>
>> <displayName>Name</displayName>
>> <outbound>
>> <strength>weak</strength>
>> <source>
>> <path>$user/name</path>
>> </source>
>> </outbound>
>> <inbound>
>> <target>
>> <path>$user/name</path>
>> </target>
>> </inbound>
>> </attribute>
>>
>> On Tue, Aug 23, 2016 at 12:22 PM, Jason Everling <jeverling at bshp.edu>
>> wrote:
>>
>>> In one of our resources, we also use the ID as the unique identifier. Do
>>> the users already exist in midpoint that the CSV accounts belong too? If
>>> so, then you would match based on your extension attribute, what do you
>>> have for icfs:name mapping? like our CSV for example,
>>>
>>> <attribute>
>>> <ref>icfs:name</ref>
>>> <displayName>Name</displayName>
>>> <limitations>
>>> <minOccurs>0</minOccurs>
>>> <access>
>>> <read>true</read>
>>> </access>
>>> </limitations>
>>> <inbound>
>>> <target>
>>> <path>
>>> $c:user/c:extension/bshp:uniqueID
>>> </path>
>>> </target>
>>> </inbound>
>>> </attribute>
>>>
>>> <correlation>
>>> <q:equal>
>>> <q:path>c:user/c:extension/bsh
>>> p:unqiueID</q:path>
>>> <expression>
>>> <path>
>>> declare namespace icfs="http://midpoint.evolveum
>>> .com/xml/ns/public/connector/icf-1/resource-schema-3";
>>> $account/attributes/icfs:name
>>> </path>
>>> </expression>
>>> </q:equal>
>>> </correlation>
>>>
>>> This way, if it is an existing user with the same value, it will match
>>> and link accounts, if not, then the object template will generate a new
>>> user based on what we have defined as a 'username'
>>>
>>> JASON
>>>
>>> On Tue, Aug 23, 2016 at 10:50 AM, Mencel, Matt <mr-mencel at wiu.edu>
>>> wrote:
>>>
>>>> I meant to include this screenshot in my reply....
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Aug 23, 2016 at 10:37 AM, Mencel, Matt <mr-mencel at wiu.edu>
>>>> wrote:
>>>>
>>>>> So I have a followup question. In my CSV resource the unique
>>>>> attribute is an ID number. It's getting imported to the "Name" field in
>>>>> Midpoint. It's just odd that the "Name" appears as the id number. Can I
>>>>> rename that field or should I import that ID attribute to a new custom
>>>>> field that I put in my custom schema file? Is there a way to present a
>>>>> custom schema attribute in that top bar?
>>>>>
>>>>> I'm assuming the Name field in Midpoint really should be a username as
>>>>> that seems to be the intent for that. When I get my LDAP resource working
>>>>> I will be able to add the username data, but I'm not that far yet. So just
>>>>> trying to figure out how to handle it with the data coming from the CSV
>>>>> import.
>>>>>
>>>>> Thanks,
>>>>> Matt
>>>>>
>>>>> On Mon, Aug 22, 2016 at 5:20 PM, Mencel, Matt <mr-mencel at wiu.edu>
>>>>> wrote:
>>>>>
>>>>>> Figured it out. Have to call $user/extention/major in the attribute
>>>>>> mapping.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 22, 2016 at 5:17 PM, Mencel, Matt <mr-mencel at wiu.edu>
>>>>>> wrote:
>>>>>>
>>>>>>> Ah, of course...thanks for that link. I created the xsd file with
>>>>>>> my new attributes...
>>>>>>>
>>>>>>> <xsd:element name="major" type="xsd:string" minOccurs="0"
>>>>>>> maxOccurs="unbounded">
>>>>>>> <xsd:annotation>
>>>>>>> <xsd:appinfo>
>>>>>>> <a:indexed>true</a:indexed>
>>>>>>> <a:displayName>Major</a:displayName>
>>>>>>> <a:displayOrder>130</a:displayOrder>
>>>>>>> </xsd:appinfo>
>>>>>>> </xsd:annotation>
>>>>>>> </xsd:element>
>>>>>>>
>>>>>>> I see the empty fields now in the user entry (Extension section),
>>>>>>> but I must still be missing something because I'm still not getting it
>>>>>>> during the import. Do I have to do anything different in the
>>>>>>> schemaHandling section of my resource in order to use it?
>>>>>>>
>>>>>>> <schemaHandling>
>>>>>>> ...
>>>>>>> <attribute>
>>>>>>> <ref>ri:major</ref>
>>>>>>> <displayName>Major</displayName>
>>>>>>> <outbound>
>>>>>>> <strength>weak</strength>
>>>>>>> <source>
>>>>>>> <path>$user/major</path>
>>>>>>> </source>
>>>>>>> </outbound>
>>>>>>> <inbound>
>>>>>>> <target>
>>>>>>> <path>$user/major</path>
>>>>>>> </target>
>>>>>>> </inbound>
>>>>>>> </attribute>
>>>>>>> ...
>>>>>>>
>>>>>>> On Mon, Aug 22, 2016 at 4:56 PM, Brad Fardig <
>>>>>>> brad.fardig at cogitogroup.com.au> wrote:
>>>>>>>
>>>>>>>> Hi Matt,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> This doc provides an example of how to add the schema extensions
>>>>>>>> that you require: https://wiki.evolveum.com/disp
>>>>>>>> lay/midPoint/Custom+Schema+Extension
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hope this helps
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Brad
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>>>>>>>> Behalf Of *Mencel, Matt
>>>>>>>> *Sent:* Tuesday, 23 August 2016 7:39 AM
>>>>>>>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>>>>>>>> *Subject:* [midPoint] Adding Custom Attributes to Midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I have lots of custom attributes in my different resources (e.g.
>>>>>>>> studentId, major, minor, etc....). I'd like to add this and many others to
>>>>>>>> Midpoint so I can sync them between resources. I see there is an
>>>>>>>> objectTemplate that can be used, but the examples I've seen only only show
>>>>>>>> using that to do actions like create fullName from givenName and
>>>>>>>> familyName.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Do I also use objectTemplate when I just want to sync a new
>>>>>>>> attribute in from a resource? Or should it be picking that up from the
>>>>>>>> schema?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I get errors like this when attempting to import an account with a
>>>>>>>> custom attribute.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-08-22 16:35:45,425 [] [http-nio-8080-exec-4] WARN
>>>>>>>> (com.evolveum.midpoint.provisioning.impl.ResourceManager): Schema
>>>>>>>> error while processing schemaHandling section of
>>>>>>>> resource:0d6babea-6896-11e6-9d38-0050569aa9d2(CSV TEADVS):
>>>>>>>> Definition of attribute studentmajor not found in object class {
>>>>>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instanc
>>>>>>>> e-3}AccountObjectClass as defined in definition of
>>>>>>>> resource:0d6babea-6896-11e6-9d38-0050569aa9d2(CSV TEADVS)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *This email, and any attachment, is confidential and also
>>>>>>>> privileged. If you have received it in error, please notify me immediately
>>>>>>>> and delete it from your system along with any attachments. You should not
>>>>>>>> copy or use it for any purpose, nor disclose its contents to any other
>>>>>>>> person. *
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160823/03ea0ec5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-08-23 at 10.28.56 AM.png
Type: image/png
Size: 36370 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160823/03ea0ec5/attachment.png>
More information about the midPoint
mailing list