[midPoint] Populating parentOrgRef in an Org from a database resource

Andrew Brock Andrew.Brock at sahmri.com
Fri Jul 29 07:19:10 CEST 2016 

Ok, so I've added an extension attribute to the OrgType that I map through like this:

         <attribute>
            <c:ref>ri:parent_id</c:ref>
            <tolerant>true</tolerant>
            <exclusiveStrong>false</exclusiveStrong>
            <inbound>
               <authoritative>true</authoritative>
               <exclusive>true</exclusive>
               <strength>strong</strength>
               <target>
                  <c:path>$user/extension/parentIdentifier</c:path>
               </target>
            </inbound>
         </attribute>


This works fine. I've then added an object template as suggested:

<objectTemplate oid="10000000-0000-0000-0000-000000000231"
   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
   xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
   xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
   xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
   xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
   xmlns:ext="xmlns:tns=http://sahmri.com/xml/ns/organisation">
    <name>Org Template</name>
    
    <mapping>
    	<name>Org-org mapping</name>
    	<authoritative>true</authoritative>
		<strength>strong</strength>
    	<source>
    		<path>extension/ext:parentIdentifier</path>
    	</source>
		<expression>
			<assignmentTargetSearch>
				<targetType>c:OrgType</targetType>
				<filter>
					<q:equal>
						<q:path>c:identifier</q:path>
						<expression>
							<path>$parentIdentifier</path>
						</expression>
					</q:equal>
				</filter>
			</assignmentTargetSearch>
		</expression> 
    	<target>
    		<path>assignment</path>
    	</target>
    </mapping>
</objectTemplate>



...and I've added it to the system configuration like so:

 
   <defaultObjectPolicyConfiguration>
      <type>c:OrgType</type>
      <objectTemplateRef oid="10000000-0000-0000-0000-000000000231" type="c:ObjectTemplateType"><!-- Org Template --></objectTemplateRef>
   </defaultObjectPolicyConfiguration>


...but the template doesn't seem to be triggered when a new Organisation is created - i.e. I don't see an error message but the assignment isn't created either.


Thoughts?

Thanks,
Andrew


-----Original Message-----

Hello Andrew,

> My understanding is that an org-to-org relationship shouldn't be an 
> assignment, but a population of the parentOrgRef (see
> https://wiki.evolveum.com/display/midPoint/Organizational+Structure)
> and then midpoint handles the rest.
Actually, that wiki article is a bit out-of-date in this respect. 
Currently, the preferred way of linking any focal objects (users, roles, orgs, services) to organization structure is via assignments.

One possibility is to map parent_id column to an extension attribute of the org object, and then use an object template to create appropriate assignment for a given Org object. Something like this: 
https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml. 
<https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml>

(But maybe someone would propose a better solution.)

Best regards,

--
Pavol Mederly
Software developer
evolveum.com


On 28.07.2016 8:38, Andrew Brock wrote:
>
> Hi,
>
> I have a database resource that gives me the following organisation 
> info in its columns:
>
> 1.)An ID (an integer)
>
> 2.)A Name (a string)
>
> 3.)The ID of the parent organisation in a column called parent_id (an 
> integer). This value is present for all organisations except for the 
> top parent one.
>
> This resource can be considered the definitive authority for this data 
> (i.e. it's not present in LDAP).
>
> I currently have a schemaHandling like so:
>
> <schemaHandling>
>
>       <objectType>
>
>          <kind>account</kind>
>
>          <intent>HRM</intent>
>
> <default>true</default>
>
> <objectClass>ri:AccountObjectClass</objectClass>
>
>          <attribute>
>
> <c:ref>icfs:uid</c:ref>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <target>
>
> <c:path>identifier</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
>          <attribute>
>
> <c:ref>ri:name</c:ref>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <target>
>
> <c:path>name</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
>       </objectType>
>
>    </schemaHandling>
>
> The current behaviour when I sync from this resource is all the 
> Organisations are being created with the correct name and unique ID 
> that is copied to the OrgType "Identifier" field, but they are all at 
> the same (top) level in the Org. structure.
>
> I now want to put them into their proper hierarchy!
>
> My understanding is that an org-to-org relationship shouldn't be an 
> assignment, but a population of the parentOrgRef (see 
> https://wiki.evolveum.com/display/midPoint/Organizational+Structure) 
> and then midpoint handles the rest. What do I need to do to my current 
> configuration to populate the parentOrgRef property using the value of 
> the parent_id column from my database? I can't assign the parent_id 
> value directly to parentOrgRef as it's an integer, so I need to get a 
> reference to the parent organisation.
>
> I've seen some references to a referenceSearch expression on Github, 
> which I think may be what I need, but I haven't seen an example of 
> this in action. This is what I've got so far (which goes just above 
> the </objectType> tag in my first example), but it doesn't appear to 
> do anything when I sync:
>
>          <attribute>
>
> <c:ref>ri:parent_id</c:ref>
>
>             <matchingRule 
> xmlns:gen426="http://prism.evolveum.com/xml/ns/public/matching-rule-3">gen426:default</matchingRule>
>
> <tolerant>true</tolerant>
>
> <exclusiveStrong>false</exclusiveStrong>
>
> <fetchStrategy>implicit</fetchStrategy>
>
>             <inbound>
>
> <authoritative>true</authoritative>
>
> <exclusive>false</exclusive>
>
> <strength>normal</strength>
>
>                <expression>
>
>                   <referenceSearch>
>
>    <targetType>c:OrgType</targetType>
>
>                      <filter>
>
>                         <q:equal>
>
>                          <!-- Property from OrgType -->
>
>                            <q:path>identifier</q:path>
>
> <expression>
>
>                               <!-- database column -->
>
> <c:path>$c:account/c:attributes/parent_id</c:path>
>
> </expression>
>
>                         </q:equal>
>
>                      </filter>
>
>                   </referenceSearch>
>
>                </expression>
>
>                <target>
>
>                   <!-- Field on the organisation that is being created -->
>
> <c:path>parentOrgRef</c:path>
>
>                </target>
>
>             </inbound>
>
>          </attribute>
>
> The database table is sorted in such a way that the organisations at 
> level 1 are first, then level 2, then level 3, etc. so I don't think 
> it's trying to create or update organisations before their parent 
> organisation has already been created.
>
> Any clues?
>
> Thanks,
>
> Andrew
>
>
>
> _______________________________________________
> midPoint mailing list
> http://lists.evolveum.com/mailman/listinfo/midpoint
> http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list