[midPoint] Mapping to specific ObjectClass
Ivan Noris
ivan.noris at evolveum.com
Wed Nov 23 17:37:18 CET 2016
Hi,
assignment of resource from GUI always uses default kind (account) and
default intent. This will be probably enhanced in the future. If you
create a role and specify kind/intent in the inducement, it will work.
Which is what you have already done :-)
Ivan
On 11/23/2016 05:27 PM, Jiri Brom wrote:
> Hi again,
>
> Finally it seems working.
> The mistake I did was that I was assigning the Resource directly to
> the Service using Assignment. But now I tried adding the Resource as
> Inducement to a Role and there I placed the mentioned <kind> and
> <intent> together with the requested <attribute> from schemaHandling.
> Then I assigned the Role to the Service and it works.
>
> <inducement id="1">
> <construction>
> <resourceRef oid="9488ffd0-0c22-4863-af4f-c3a4fd64d509"
> type="c:ResourceType"><!-- freeipa --></resourceRef>
> <kind>entitlement</kind>
> <intent>Service</intent>
> <attribute>
> <c:ref>icfs:name</c:ref>
> <outbound>
> <source>
> <c:path>name</c:path>
> </source>
> </outbound>
> </attribute>
> </construction>
> </inducement>
>
> Thank you for your help :)
>
> J.
>
> Jiří Brom
>
> e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
> CZ: +420723860707
> AT: +436607144324
>
> On Wed, Nov 23, 2016 at 4:15 PM, Jiri Brom <bromjiri at gmail.com
> <mailto:bromjiri at gmail.com>> wrote:
>
> Hi Gustav,
>
> thanks but I tried this and Service attributes still keep mapping
> to UserClass instead of ServiceClass.
>
> <schemaHandling>
> <objectType>
> <kind>entitlement</kind>
> <intent>Service</intent>
> <displayName>Service</displayName>
> <default>false</default>
> <objectClass>ri:ServiceClass</objectClass>
> <attribute>
> <c:ref>icfs:name</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <outbound>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <source>
> <c:path>name</c:path>
> </source>
> </outbound>
> </attribute>
> </objectType>
> <objectType>
> <kind>account</kind>
> <intent>default</intent>
> <displayName>User</displayName>
> <default>true</default>
> <objectClass>ri:UserClass</objectClass>
> <attribute>
> <c:ref>icfs:name</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <outbound>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <source>
> <c:path>name</c:path>
> </source>
> </outbound>
> </attribute>
> </objectType>
> </schemaHandling>
>
>
> Do you know what else could be a problem?
>
> Thank you,
>
> Jiri
>
> Jiří Brom
>
> e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
> CZ: +420723860707 <tel:%2B420723860707>
> AT: +436607144324 <tel:%2B436607144324>
>
> On Wed, Nov 23, 2016 at 3:44 PM, Pálos Gustáv
> <gustav.palos at evolveum.com <mailto:gustav.palos at evolveum.com>> wrote:
>
> sorry for my fault, in XML you see it as:
>
> <kind>account</kind>
> <intent>default</intent>
>
> and services under *Entitlement*
>
> <kind>*entitlement*</kind>
> <intent>Service</intent>
>
> Best regards,
>
> Gustav
>
> 2016-11-23 15:15 GMT+01:00 Pálos Gustáv
> <gustav.palos at evolveum.com <mailto:gustav.palos at evolveum.com>>:
>
> Hi,
>
> please see other connectors, for examle:
> https://github.com/Evolveum/connector-drupal/blob/master/src/main/java/com/evolveum/polygon/connector/drupal/DrupalConnector.java
> <https://github.com/Evolveum/connector-drupal/blob/master/src/main/java/com/evolveum/polygon/connector/drupal/DrupalConnector.java>
>
> public Uid create(ObjectClass objectClass, Set<Attribute>
> attributes, OperationOptions operationOptions) {
> if (objectClass.is(ObjectClass.ACCOUNT_NAME)) { //
> __ACCOUNT__
> return createOrUpdateUser(null, attributes);
> } else {
> // other object classes...
>
> but you need
> <kind>account</kind>
> <kind>service</kind>
>
> and not to use <intent> for this...
>
> Best regards,
>
> Gustav
>
>
> 2016-11-23 15:00 GMT+01:00 Jiri Brom <bromjiri at gmail.com
> <mailto:bromjiri at gmail.com>>:
>
> Hi all,
>
> I want to write a connector which will work with
> attributes of midPoint Users and Services. In my
> CreateOP I need to do something like the following
> pseudocode:
>
> Uid create(oc, attr, oo) {
> if (attr.name <http://attr.name> from User){
> doCreateUser(attr.name <http://attr.name>);
> }
> else{
> doCreateService(attr.name <http://attr.name>);
> }
> }
>
>
> The problem is that I can't distinguish between
> attribute __name__ of User and Service. They both have
> the same name so I can't call the proper function. Is
> there a way to distinguish them using only one
> connector? (I know I can do it easily by implementing
> two connectors)
>
> I tried to solve it using two ObjectClasses but I
> can't figure out how to setup SchemaHandler so User
> maps to UserClass and Service maps to ServiceClass.
> They both map to the one which I set as default.
>
> <schemaHandling>
> <objectType>
> <kind>account</kind>
> <intent>Service</intent>
> <displayName>Service</displayName>
> <default>false</default>
> <objectClass>ri:ServiceClass</objectClass>
> <attribute>
> <c:ref>icfs:name</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <outbound>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <source>
> <c:path>name</c:path> ###/(here
> I need it to map icfs:name of Service)/
> </source>
> </outbound>
> </attribute>
> </objectType>
> <objectType>
> <kind>account</kind>
> <intent>User</intent>
> <displayName>User</displayName>
> <default>true</default>
> <objectClass>ri:UserClass</objectClass>
> <attribute>
> <c:ref>icfs:name</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <outbound>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <source>
> <c:path>name</c:path> ###/(here
> I need it to map icfs:name of User)/
> </source>
> </outbound>
> </attribute>
> </objectType>
> </schemaHandling>
>
>
> Thank you for your answers,
>
> Jiri
>
> Jiří Brom
>
> e-mail: bromjiri at gmail.com <mailto:bromjiri at gmail.com>
> CZ: +420723860707 <tel:%2B420723860707>
> AT: +436607144324 <tel:%2B436607144324>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com <http://evolveum.com/>
>
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com <http://evolveum.com/>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161123/d2ad7a81/attachment.htm>
More information about the midPoint
mailing list