[midPoint] Populating parentOrgRef in an Org from a database resource

Pavol Mederly mederly at evolveum.com
Thu Jul 28 10:38:02 CEST 2016


Hello Andrew,

> My understanding is that an org-to-org relationship shouldn’t be an 
> assignment, but a population of the parentOrgRef (see 
> https://wiki.evolveum.com/display/midPoint/Organizational+Structure) 
> and then midpoint handles the rest.
Actually, that wiki article is a bit out-of-date in this respect. 
Currently, the preferred way of linking any focal objects (users, roles, 
orgs, services) to organization structure is via assignments.

One possibility is to map parent_id column to an extension attribute of 
the org object, and then use an object template to create appropriate 
assignment for a given Org object. Something like this: 
https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml. 
<https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml>

(But maybe someone would propose a better solution.)

Best regards,

-- 
Pavol Mederly
Software developer
evolveum.com


On 28.07.2016 8:38, Andrew Brock wrote:
>
> Hi,
>
> I have a database resource that gives me the following organisation 
> info in its columns:
>
> 1.)An ID (an integer)
>
> 2.)A Name (a string)
>
> 3.)The ID of the parent organisation in a column called parent_id (an 
> integer). This value is present for all organisations except for the 
> top parent one.
>
> This resource can be considered the definitive authority for this data 
> (i.e. it’s not present in LDAP).
>
> I currently have a schemaHandling like so:
>
> <schemaHandling>
>
>       <objectType>
>
>          <kind>account</kind>
>
>          <intent>HRM</intent>
>
> <default>true</default>
>
> <objectClass>ri:AccountObjectClass</objectClass>
>
>          <attribute>
>
> <c:ref>icfs:uid</c:ref>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <target>
>
> <c:path>identifier</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
>          <attribute>
>
> <c:ref>ri:name</c:ref>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <target>
>
> <c:path>name</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
>       </objectType>
>
>    </schemaHandling>
>
> The current behaviour when I sync from this resource is all the 
> Organisations are being created with the correct name and unique ID 
> that is copied to the OrgType “Identifier” field, but they are all at 
> the same (top) level in the Org. structure.
>
> I now want to put them into their proper hierarchy!
>
> My understanding is that an org-to-org relationship shouldn’t be an 
> assignment, but a population of the parentOrgRef (see 
> https://wiki.evolveum.com/display/midPoint/Organizational+Structure) 
> and then midpoint handles the rest. What do I need to do to my current 
> configuration to populate the parentOrgRef property using the value of 
> the parent_id column from my database? I can’t assign the parent_id 
> value directly to parentOrgRef as it’s an integer, so I need to get a 
> reference to the parent organisation.
>
> I’ve seen some references to a referenceSearch expression on Github, 
> which I think may be what I need, but I haven’t seen an example of 
> this in action. This is what I’ve got so far (which goes just above 
> the </objectType> tag in my first example), but it doesn’t appear to 
> do anything when I sync:
>
>          <attribute>
>
> <c:ref>ri:parent_id</c:ref>
>
>             <matchingRule 
> xmlns:gen426="http://prism.evolveum.com/xml/ns/public/matching-rule-3">gen426:default</matchingRule>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
> <fetchStrategy>implicit</fetchStrategy>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <expression>
>
>                   <referenceSearch>
>
>    <targetType>c:OrgType</targetType>
>
>                      <filter>
>
>                         <q:equal>
>
>                          <!-- Property from OrgType -->
>
>                            <q:path>identifier</q:path>
>
> <expression>
>
>                               <!-- database column -->
>
> <c:path>$c:account/c:attributes/parent_id</c:path>
>
> </expression>
>
>                         </q:equal>
>
>                      </filter>
>
>                   </referenceSearch>
>
>                </expression>
>
>                <target>
>
>                   <!-- Field on the organisation that is being created -->
>
> <c:path>parentOrgRef</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
> The database table is sorted in such a way that the organisations at 
> level 1 are first, then level 2, then level 3, etc. so I don’t think 
> it’s trying to create or update organisations before their parent 
> organisation has already been created.
>
> Any clues?
>
> Thanks,
>
> Andrew
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160728/2baeeeda/attachment.htm>


More information about the midPoint mailing list