[midPoint] Provisioning a demo/sample application

Carlos Ferreira carlos18619 at gmail.com
Fri Dec 16 16:19:28 CET 2016 

Hi Aaron,


I think a good start is to study and understand everthing that is
configured in the Midpoint Demo application: https://demo.evolveum.com/
midpoint. At least, it worked for me.

When logged in the application:

1. try to see how the resources where configured (option
configuration->repository objects (left side menu) -> resources (combo in
the top right of page);

2. Explore the LDAP Server (OpenLDAP) over new LDAPConn. resource. Pay
attention to the snippet:

         <association>
            <c:ref>ri:ldapGroups</c:ref>
            <displayName>Group Membership</displayName>
            <matchingRule
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule>
            <tolerant>true</tolerant>
            <kind>entitlement</kind>
            <intent>group</intent>
            <intent>ldapProject</intent>
            <direction>objectToSubject</direction>
            <associationAttribute>ri:member</associationAttribute>
            <valueAttribute>ri:dn</valueAttribute>

<explicitReferentialIntegrity>true</explicitReferentialIntegrity>
         </association>

It tells us how to deal with role association in the ldap structure;

3. Also see (in the same combo) the configuration of the role LDAP Projects
MetaRole. There you will see how the association is managed by the role
definition.


4. Here (in the resource definition) is the code where Midpoint deals with
nested organizations:

   <schemaHandling>
      <objectType>
         <kind>generic</kind>
         <intent>ou</intent>
         <displayName>Organizational Unit</displayName>
         <objectClass>ri:organizationalUnit</objectClass>
         <attribute>
            <c:ref>ri:dn</c:ref>
            <matchingRule
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule>
            <outbound>
               <source>
                  <c:path>$focus/name</c:path>
               </source>
               <expression>
                  <script>
                     <code>

                                import javax.naming.ldap.Rdn
                                import javax.naming.ldap.LdapName
                                import
com.evolveum.midpoint.xml.ns._public.common.common_3.*;

                                dn = new
LdapName('ou=Orgs,dc=example,dc=com')
                                parents = new ArrayList()
                                currentOrg = focus
                                while (currentOrg != null) {
                                parents.add(currentOrg)
                                // see
com.evolveum.midpoint.model.impl.expr.MidpointFunctionsImpl
                                currentOrg =
midpoint.getParentOrgByOrgType(currentOrg, 'functional')
                                }

                                log.info("parents = {}", parents)

                               for (int i = parents.size() -1 ; i >= 0;
i--) {
                                dn.add(new Rdn('ou',
parents.get(i).name.toString()))
                                }                                currentOrg
= focus
                                while (currentOrg != null) {
                                parents.add(currentOrg)
                                // see
com.evolveum.midpoint.model.impl.expr.MidpointFunctionsImpl
                                currentOrg =
midpoint.getParentOrgByOrgType(currentOrg, 'functional')
                                }

                                log.info("parents = {}", parents)


                                log.info("dn = {}", dn)

                                return dn.toString();

                            </code>
                  </script>
               </expression>
            </outbound>
         </attribute>
         <attribute>
            <c:ref>ri:ou</c:ref>
            <matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
         </attribute>
      </objectType>


I hope it may help you.


Carlos

2016-12-14 23:29 GMT-02:00 Aaron Hiniker <hindog at gmail.com>:

> Hi,
>
> I have OpenDJ running and midpoint running on a mysql store and now I want
> to configure a sample application.  I see many different configuration
> files included in the distribution, but it’s very confusing to understand
> what exactly I need to do and which ones to include.  For example, there is
> ldap-deeply-hierarchal folder with 3 config files.  I tried to import
> those files, along with some of the configs from the common folder and
> when I try to assign a user to the “Org Metarule”, I get this error:
>
> Unsatisfied strict dependency of account Discr(RSD(entitlement (group)
> @10000000-0000-0000-0000-000000000003)) dependent on Discr(RSD(generic
> (ou) @10000000-0000-0000-0000-000000000003)): Account not provisioned
>
>
> I don’t know how to decipher what the problem is,  “Account not
> provisioned” isn’t helpful to me since I have no idea WHY it’s not
> provisioned.  Is there a documentation page that would walk me through
> how to spin up a nested org/group demo from soup-to-nuts that doesn’t
> require me to know every detail of the individual configuration
> objects/steps involved?
>
> Thanks,
>
> Aaron
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161216/62d63636/attachment.htm>

More information about the midPoint mailing list