[midPoint] Mapping of Service attributes

Wed Nov 16 15:47:03 CET 2016

Hi,

schema handling looks ok for me - mapping whatever focus to account.
Btw. which connector are you using?

But - how are you provisioning this? Which role are you assigning to
your Service?

I need to see the inducement part of the role...

Ivan

On 11/16/2016 03:11 PM, Jiri Brom wrote:
> Hi,
>
> Just for testing I tried to map $focus/identifier as Source in the
> existing LDAP connector in online demo. In schema handling called
> "LDAP project groups" it was working. The main difference from my
> schema handling is that it has __GROUP__ objectClass. Is it possible
> that attributes from Org, Role or Service can be mapped only to
> __GROUP__  object class? 
>
> My schema handling is following:
>
> <schemaHandling>
>       <objectType>
>          <kind>account</kind>
>          <default>true</default>
>          <objectClass>ri:AccountObjectClass</objectClass>
>          <attribute>
>             <c:ref>icfs:name</c:ref>
>             <tolerant>true</tolerant>
>             <exclusiveStrong>false</exclusiveStrong>
>             <outbound>
>                <authoritative>true</authoritative>
>                <exclusive>false</exclusive>
>                <strength>normal</strength>
>                <source>
>                   <c:path>$focus/name</c:path>
>                </source>
>             </outbound>
>          </attribute>
>          <attribute>
>             <c:ref>ri:identifier</c:ref>
>             <tolerant>true</tolerant>
>             <exclusiveStrong>false</exclusiveStrong>
>             <outbound>
>                <authoritative>true</authoritative>
>                <exclusive>false</exclusive>
>                <strength>normal</strength>
>                <source>
>                   <c:path>$focus/identifier</c:path>
>                </source>
>             </outbound>
>          </attribute>
>       </objectType>
>    </schemaHandling> 
>
>
> Thank you for your answers,
>
> Jiri
>
>
> Jiří Brom
>
> e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
> CZ: +420723860707
> AT: +436607144324
>
> On Wed, Nov 16, 2016 at 1:33 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
>     Hi,
>
>     the __ACCOUNT__ is the default, yes.
>
>     I don't know which connector are you using, but in general there
>     is no problem for midPoint to create accounts for organizations or
>     roles; it's just not very common. Normally you sould use
>     <objectClass> in the schema handling to tell the connector which
>     kind of the object it should create.
>
>     Could you share the resource of at least part of it - schema handling?
>
>     Ivan
>
>
>     On 11/16/2016 01:07 PM, Jiri Brom wrote:
>>     Hi,
>>
>>     In my case when I try to map for instance "$focus/tenant", which
>>     is an attribute of OrgType
>>     (https://wiki.evolveum.com/display/midPoint/OrgType
>>     <https://wiki.evolveum.com/display/midPoint/OrgType>) it also
>>     doesn't work. Still the same error "No definition for 'tenant' in
>>     user". I think I do some stupid mistake in setup which allows me
>>     to provision User attributes only. Do you use some special
>>     configuration when working with OrgType or RoleType? E.g. Kind,
>>     Intent, etc..
>>
>>     Or is it possible that the problem is in the ObjectClass defined
>>     in my connector schema? As I understand the Connector Development
>>     Guide, then __ACOUNT__ is the default one (I am using that one).
>>     Do I have to use some other ObjectClass when mapping Role, Org or
>>     other attributes?
>>
>>     Thank you for your answers,
>>
>>     Jiri
>>
>>     Jiří Brom
>>
>>     e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
>>     CZ: +420723860707 <tel:%2B420723860707>
>>     AT: +436607144324 <tel:%2B436607144324>
>>
>>     On Wed, Nov 16, 2016 at 12:57 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         The wizard could really have a problem in this respect. We
>>         haven't updated it after Services were introduced, as far as
>>         I know.
>>
>>         Pavol Mederly
>>         Software developer
>>         evolveum.com <http://evolveum.com>
>>
>>         On 16.11.2016 12:42, Ivan Noris wrote:
>>>
>>>         Hi Jiri,
>>>
>>>         I have not used Service, but for provisioning objects for
>>>         Roles / Organizations I'm using $focus and it should be the
>>>         same for Service.
>>>
>>>         Maybe the resource wizard has an issue with Service? Just
>>>         thinking. But using XML editor/upload you should be able to
>>>         access the attributes as $focus/identifier etc.
>>>
>>>         Let us know please anyway.
>>>
>>>         Regards,
>>>
>>>         Ivan
>>>
>>>
>>>         On 11/16/2016 12:29 PM, Jiri Brom wrote:
>>>>         Hi all,
>>>>
>>>>         I have a problem with mapping of Service attributes to a
>>>>         connector in Schema handling. 
>>>>         I've successfully implemented a midPoint connector which
>>>>         maps User attributes to my resource. Now I want to do the
>>>>         same but with Service attributes.
>>>>
>>>>         In case of User attributes I can simply define Outbound
>>>>         mapping (e.g. "name", "givenName", "familyName") but I
>>>>         can't figure out how to access Service attributes (e.g.
>>>>         "identifier", "url") in the same way.
>>>>
>>>>         I know I should probably use "$focus/" variable but the
>>>>         resource wizard keeps notifying me "No definition for
>>>>         'identifier' in user". 
>>>>         Is there a way to simply access the Service attributes? 
>>>>
>>>>         Thank you very much,
>>>>
>>>>         Jiri
>>>>
>>>>
>>>>         e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
>>>>         CZ: +420723860707 <tel:%2B420723860707>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         midPoint mailing list
>>>>         midPoint at lists.evolveum.com
>>>>         <mailto:midPoint at lists.evolveum.com>
>>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>         <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>         -- 
>>>         Ivan Noris
>>>         Senior Identity Engineer
>>>         evolveum.com <http://evolveum.com>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>         <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>         _______________________________________________ midPoint
>>         mailing list midPoint at lists.evolveum.com
>>         <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>         <http://lists.evolveum.com/mailman/listinfo/midpoint> 
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>     <http://lists.evolveum.com/mailman/listinfo/midpoint>
>     -- 
>     Ivan Noris
>     Senior Identity Engineer
>     evolveum.com <http://evolveum.com>
>
>     _______________________________________________ midPoint mailing
>     list midPoint at lists.evolveum.com
>     <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>     <http://lists.evolveum.com/mailman/listinfo/midpoint> 
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161116/3817271e/attachment.htm>