[midPoint] link account in AD

Steklac Michal Michal_Steklac at datalan.sk
Wed Jun 1 12:58:46 CEST 2016 

Hi,

when i set secondaryIdentifier
...
	<attribute>
		<ref>ri:sAMAccountName</ref>
		<secondaryIdentifier>true</secondaryIdentifier>
		<displayName>Login name</displayName>
		<description></description>
		<outbound>
			<strength>strong</strength>
			<source>
				<path>$user/name</path>
			</source>
		</outbound>
	</attribute>
...
still receive error ObjectAlredyExists. In attachment is log.

synchronization of dn attribute
...
	<attribute>
		<ref>ri:dn</ref>
		<displayName>Distinguished Name</displayName>
		<description></description>
		<limitations>
			<minOccurs>0</minOccurs>
			<access>
				<read>true</read>
				<add>true</add>
				<modify>true</modify>
			</access>
		</limitations>
		<!--matchingRule>mr:stringIgnoreCase</matchingRule -->
		<inbound>
			<target>
				<path>$user/extension/ADDN</path>
			</target>
		</inbound>
		<outbound>
			<strength>strong</strength>
			<source>
				<path>$user/givenName</path>
			</source>
			<source>
				<path>$user/familyName</path>
			</source>
			<source>
				<path>$user/extension/ext:orgpath</path>
			</source>
			<source>
				<path>$user/activation/administrativeStatus</path>
			</source>
			<source>
				<path>$account/attributes/distinguishedName</path>
			</source>
			<expression>
				<script>
					<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
					</language>
					<code>
						import javax.naming.ldap.Rdn
						import javax.naming.ldap.LdapName
						import
						com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType
log.info('distinguishedName='+distinguishedName);
						dn = new LdapName('DC=pokus,DC=sk')

						if (orgpath) {
							orgpath.tokenize('/').reverse().each { ouname -> dn.add(new Rdn('ou',ouname)) }
						} else {
						}
						dn.add(new Rdn('cn',familyName.toString() + ' ' + givenName.toString()));
						return dn.toString()
					</code>
				</script>
			</expression>
		</outbound>
	</attribute>
...

Thanks & regards
MiSo
________________________________________
Od: midPoint [midpoint-bounces at lists.evolveum.com] v zastúpení používateľa Ivan Noris [ivan.noris at evolveum.com]
Odoslané: 31. mája 2016 18:36
Do: midpoint at lists.evolveum.com
Predmet: Re: [midPoint] link account in AD

Hi,

I remember to use something like:

                <attribute>
                    <ref>ri:sAMAccountName</ref>
                    <secondaryIdentifier>true</secondaryIdentifier>
...
               </attribute>

to trigger automatic AlreadyExistsException to run discovery,
correlation and link the existing account using correlation expressions.
But I have not tried it recently and not with AdLdap connector at all.

Can you paste XML code how you try to process
$account/attributes/distinguishedName attribute (where you get null)?

Ivan

On 05/31/2016 04:52 PM, Michal Štekláč wrote:
> Hi,
>
> I use ICF com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
> v1.4.2.14 and I want synchronize users to AD and insert to
> organization unit. Users are in hierarchical structure in AD.
> Example:
> CN=Hrasko Janko,ou=BBB,ou=AAA,dc=example,dc=com
> Users exists in AD before start synchronization.
>
> When synchronize user from midpoint which is in OrgUnit AAA, then get
> exception object alredy exist in AD.
> In AD is user CN=Hrasko Janko,ou=BBB,ou=AAA,,dc=example,dc=com and
> synchronization try create CN=Hrasko Janko,ou=AAA,,dc=example,dc=com.
> Correlation atributte is sAMAcountName, which is same and have value
> jhrasko.
>
> 1) Can i link user which is in midpoint with user who exist in AD and
> change dn of user in AD? I don`t want to create new user in AD?
> 2) Can i get dn on user in AD? In old .Net AD connector get dn with
> $account/attributes/distinguishedName. I get null in new AD connector.
>
> Thanks & regards
> MiSo
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

--
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exceptions
Type: application/octet-stream
Size: 14027 bytes
Desc: exceptions
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/2b812bf8/attachment.obj>

More information about the midPoint mailing list