[midPoint] Sync Entitlements to Role/Org Object with CSVFileConnector

Radovan Semancik radovan.semancik at evolveum.com
Tue May 17 21:20:44 CEST 2016 

Hi Antoine,

I would like to explain this a bit deeper. Even though the CVSFile 
connector that we are currently using was originally created by one of 
our team members it comes from the OpenICF project. It was created back 
in the "dark ages" when the only thing that the IDM systems were able to 
manage were accounts. So, the connector is also hard-coded to support 
only accounts. Yes, there are some tricks to make it work, but it is 
ugly and it is in fact just abuse of the old code. The systemic solution 
would be to either extend (or re-write) the old CSVFile connector or to 
join forces with the ConnId CSVDir connector 
(https://github.com/Tirasa/ConnIdCSVDirBundle). I would actually prefer 
the latter option. Cooperation is almost always a better strategy. The 
thing is, that nobody really tried the ConnId CSVDir connector with 
midPoint. It is a ConnId connector so theoretically it should be 
compatible. But theoretically there is no difference between the theory 
and practice while practically there is a great deal of difference. 
Therefore if you have the capacity you might want to experiment with the 
CSVDir connector and report back the results. That will be a great help 
to midPoint community.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 05/17/2016 03:55 PM, Ivan Noris wrote:
> Hi Antoine,
>
> CSV connector supports only accounts, i.e. kind=account.
> So if you want to import something which is not account, but 
> organization or role, you have to pretend it's account.
> But it will work.
>
> The schema handling should be configured for objectClass 
> ri:AccountObjectClass, kind=account (which is default) and intent - or 
> if one CSV file will be used only for roles and nothing else, intent 
> may be default.
>
>
> Synchronization part should look like this:
>             <objectSynchronization>
>                     <name>Foo</name>
> <objectClass>ri:AccountObjectClass</objectClass>
>                     <kind>account</kind>
>                     <intent>default</intent>
> *<focusType>c:RoleType</focusType> <!-- or c:OrgType --><!-- Focus 
> object type to correlate instead of UserType!!! -->*
>                 <enabled>true</enabled>
>
>                 <correlation>
>             <q:equal>
> <q:matching>polyStringNorm</q:matching>
>                 <q:path>c:name</q:path>
>                 <expression>
> ...
>                 </expression>
>             </q:equal>
>                     </correlation>
>                 <reaction>
>                     <situation>linked</situation>
>                     <synchronize>true</synchronize>
>                 </reaction>
>                 <reaction>
>                     <situation>deleted</situation>
>                     <synchronize>true</synchronize>
>                     <action 
> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"/>
>                 </reaction>
>                 <reaction>
>                     <situation>unlinked</situation>
>                     <synchronize>true</synchronize>
>                     <action 
> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link"/>
>                 </reaction>
>                 <reaction>
>                     <situation>unmatched</situation>
>                     <synchronize>true</synchronize>
>                     <action 
> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus"/>
>                 </reaction>
>         </objectSynchronization>
>
> Regards,
> Ivan
>
> On 05/17/2016 03:42 PM, LECOMTE ANTOINE wrote:
>>
>> Hi,
>>
>> We can’t figure out how to import Role or Organization through the 
>> CSV Connector.
>>
>> We tried multiples values for kind/intent/ObjectClass/focusType but 
>> we don’t pass the synchronization.
>>
>> The shadows are created with the status UNMATCHED.
>>
>> We are using Midpoint v. 3.3.1.
>>
>> Do someone have a resource example or a link explaining how to import 
>> Role with the CSV Connector ?
>>
>> Thanks.
>>
>> --
>>
>> Antoine Lecomte.
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>    Ing. Ivan Noris
>    Senior Identity Management Engineer & IDM Architect
>    evolveum.com                     evolveum.com/blog/
>    ___________________________________________________
>    "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160517/394f76c6/attachment.htm>

More information about the midPoint mailing list