[midPoint] Condition for inducment in Metarole

Мамаева Сауле Сериковна s.mamayeva at ktg.kz
Thu Jun 16 12:26:21 CEST 2016 

Hello,
I have meta role for groups, that is assigned to organization when creating organization by org template. This role creates groups with members associated with this created midpoint organization in Active Directory(AD). But I want to create only groups in AD by this role and members of this groups should appear in AD only after assigning another role (AD user role) to users. I have another role  -  AD user role, that is assigned to the user manually and by approval of administrator and this role creates account of user in AD.
How and where can I add  such condition? Is it  possible to add condition for inducement?
This is xml of meta role for groups:

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
      oid="11111111-2222-3333-4444-200000000055"
      version="8">
   <name>Metarole for groups</name>
   <metadata>
      <createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp>
      <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef>
      <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
   </metadata>
   <inducement id="1">
      <construction>
         <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_Saule --></resourceRef>
         <kind>entitlement</kind>
         <intent>group</intent>
      </construction>
   </inducement>
   <inducement id="2">
      <construction>
         <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_ Saule --></resourceRef>
         <kind>account</kind>
         <intent>default</intent>
         <association>
            <c:ref>ri:group</c:ref>
            <outbound>
               <expression>
                  <associationFromLink>
                     <projectionDiscriminator>
                        <kind>entitlement</kind>
                        <intent>group</intent>
                     </projectionDiscriminator>
                  </associationFromLink>
               </expression>
            </outbound>
         </association>
      </construction>
      <order>2</order>
   </inducement>
</role>

Best regards,
Saule

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/39538e08/attachment.htm>

More information about the midPoint mailing list