[midPoint] Sync Entitlements to Role/Org Object with CSVFileConnector

LECOMTE ANTOINE antoine.lecomte at univ-lyon1.fr
Thu May 19 09:31:16 CEST 2016


Hi Ivan and Radovan,

We achieved the synchronization with the example you provided.
It’s worked using the correlation <q:matching> instead of <q:equal>.


We will try the ConnId CSVDir and give feedbacks soon.


Antoine.

De : midPoint [mailto:midpoint-bounces at lists.evolveum.com] De la part de Radovan Semancik
Envoyé : Tuesday, May 17, 2016 9:21 PM
À : midpoint at lists.evolveum.com
Objet : Re: [midPoint] Sync Entitlements to Role/Org Object with CSVFileConnector

Hi Antoine,

I would like to explain this a bit deeper. Even though the CVSFile connector that we are currently using was originally created by one of our team members it comes from the OpenICF project. It was created back in the "dark ages" when the only thing that the IDM systems were able to manage were accounts. So, the connector is also hard-coded to support only accounts. Yes, there are some tricks to make it work, but it is ugly and it is in fact just abuse of the old code. The systemic solution would be to either extend (or re-write) the old CSVFile connector or to join forces with the ConnId CSVDir connector (https://github.com/Tirasa/ConnIdCSVDirBundle). I would actually prefer the latter option. Cooperation is almost always a better strategy. The thing is, that nobody really tried the ConnId CSVDir connector with midPoint. It is a ConnId connector so theoretically it should be compatible. But theoretically there is no difference between the theory and practice while practically there is a great deal of difference. Therefore if you have the capacity you might want to experiment with the CSVDir connector and report back the results. That will be a great help to midPoint community.



--

Radovan Semancik

Software Architect

evolveum.com

On 05/17/2016 03:55 PM, Ivan Noris wrote:
Hi Antoine,

CSV connector supports only accounts, i.e. kind=account.
So if you want to import something which is not account, but organization or role, you have to pretend it's account.
But it will work.

The schema handling should be configured for objectClass ri:AccountObjectClass, kind=account (which is default) and intent - or if one CSV file will be used only for roles and nothing else, intent may be default.


Synchronization part should look like this:
            <objectSynchronization>
                    <name>Foo</name>
                    <objectClass>ri:AccountObjectClass</objectClass>
                    <kind>account</kind>
                    <intent>default</intent>
                    <focusType>c:RoleType</focusType> <!-- or c:OrgType --><!-- Focus object type to correlate instead of UserType!!! -->
                <enabled>true</enabled>

                <correlation>
            <q:equal>
                <q:matching>polyStringNorm</q:matching>
                <q:path>c:name</q:path>
                <expression>
...
                </expression>
            </q:equal>
                    </correlation>
                <reaction>
                    <situation>linked</situation>
                    <synchronize>true</synchronize>
                </reaction>
                <reaction>
                    <situation>deleted</situation>
                    <synchronize>true</synchronize>
                    <action ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"<http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink>/>
                </reaction>
                <reaction>
                    <situation>unlinked</situation>
                    <synchronize>true</synchronize>
                    <action ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link"<http://midpoint.evolveum.com/xml/ns/public/model/action-3#link>/>
                </reaction>
                <reaction>
                    <situation>unmatched</situation>
                    <synchronize>true</synchronize>
                    <action ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus"<http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus>/>
                </reaction>
        </objectSynchronization>

Regards,
Ivan
On 05/17/2016 03:42 PM, LECOMTE ANTOINE wrote:
Hi,

We can’t figure out how to import Role or Organization through the CSV Connector.
We tried multiples values for kind/intent/ObjectClass/focusType but we don’t pass the synchronization.
The shadows are created with the status UNMATCHED.

We are using Midpoint v. 3.3.1.


Do someone have a resource example or a link explaining how to import Role with the CSV Connector ?


Thanks.

--
Antoine Lecomte.





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160519/65506c45/attachment.htm>


More information about the midPoint mailing list