[midPoint] Conditional Synchronization - Getting MidPoint account attributes

Ivan Noris ivan.noris at evolveum.com
Mon Oct 3 15:00:19 CEST 2016 

Hi Mariano,

I would probably start with something like this:

                        <correlation>
                                <q:and>
                                        <q:equal>
                                                <q:path>c:name</q:path>
                                                <expression>
                                               
<path>$account/attributes/icfs:name</path>
                                                </expression>
                                        </q:equal>
                                        <q:equal>
                                               
<q:path>c:employeeType</q:path>
                                               
<q:value>*EMPLOYEE*</q:value>
                                        </q:equal>
                                </q:and>
                        </correlation>

Similar logic used here: samples/resources/openldap$ less
openldap-localhost-advanced-sync-modifytimestamp.xml    

Ivan

On 09/29/2016 09:03 PM, mariano marron wrote:
> Hi everyone! The issue I have is the following.
>
> I have accounts in a resource that I want to link to existing users in
> MidPoint based on a condition: if the user in MidPoint has a certain
> "employeeType" value, I want the account in the resource to get linked
> to that user. Otherwise, the user shouldn't be linked.
> I understand that I can add the following code to the synchronization
> of the resource:
>
> /   <synchronization>
>       <objectSynchronization>
>          <enabled>true</enabled>
>          <correlation>
>             <condition>
>               <script>
>                   <code>
>                     *basic.getAttributeValue(account, 'name') ==
> "xxxxxxx"*
>                   </code>
>                 </script>
>             </condition>
>
>             <q:equal>
>                <q:path>c:name</q:path>
>                <expression>
>                   <c:path>declare namespace
> icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
> $account/attributes/icfs:name</c:path>
>                </expression>
>             </q:equal>
>          </correlation>/
>
> But that "name" attribute, refeers to the name of the account in the
> resource, not the one in MidPoint. Is there anyway I can refeer to the
> MidPoint account and get the "employeeType" values to compare them to
> a certain value, instead of using the resource account attributes for
> the condition?
>
> Thanks a lot!
>
>     Mariano
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161003/12c337ec/attachment.htm>

More information about the midPoint mailing list