[midPoint] Conditional Synchronization - Getting MidPoint account attributes

Rodrigo Yanis ryanis at identicum.com
Wed Oct 5 15:12:37 CEST 2016 

Hello All,

This approach helped us understanding a similar issue we were having in our
project. Thanks Ivan for your support.

Regards,


*Rodrigo Yanis.*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4824-9971
ryanis at identicum.com
www.identicum.com

2016-10-03 10:00 GMT-03:00 Ivan Noris <ivan.noris at evolveum.com>:

> Hi Mariano,
>
> I would probably start with something like this:
>
>                         <correlation>
>                                 <q:and>
>                                         <q:equal>
>                                                 <q:path>c:name</q:path>
>                                                 <expression>
>                                                 <path>$account/attributes/
> icfs:name</path>
>                                                 </expression>
>                                         </q:equal>
>                                         <q:equal>
>                                                 <q:path>c:employeeType</q:
> path>
>                                                 <q:value>*EMPLOYEE*
> </q:value>
>                                         </q:equal>
>                                 </q:and>
>                         </correlation>
>
> Similar logic used here: samples/resources/openldap$ less
> openldap-localhost-advanced-sync-modifytimestamp.xml
> Ivan
>
>
> On 09/29/2016 09:03 PM, mariano marron wrote:
>
> Hi everyone! The issue I have is the following.
>
> I have accounts in a resource that I want to link to existing users in
> MidPoint based on a condition: if the user in MidPoint has a certain
> "employeeType" value, I want the account in the resource to get linked to
> that user. Otherwise, the user shouldn't be linked.
> I understand that I can add the following code to the synchronization of
> the resource:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *   <synchronization>       <objectSynchronization>
>  <enabled>true</enabled>          <correlation>             <condition>
>           <script>                   <code>
> basic.getAttributeValue(account, 'name') == "xxxxxxx"
> </code>                 </script>             </condition>
> <q:equal>                <q:path>c:name</q:path>
>  <expression>                   <c:path>declare namespace
> icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>';
> $account/attributes/icfs:name</c:path>                </expression>
>     </q:equal>          </correlation>*
>
> But that "name" attribute, refeers to the name of the account in the
> resource, not the one in MidPoint. Is there anyway I can refeer to the
> MidPoint account and get the "employeeType" values to compare them to a
> certain value, instead of using the resource account attributes for the
> condition?
>
> Thanks a lot!
>
> Mariano
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161005/52ee5534/attachment.htm>

More information about the midPoint mailing list