[midPoint] Conditional Synchronization - Getting MidPoint account attributes
mariano marron
marron.mariano87 at gmail.com
Wed Oct 5 18:45:56 CEST 2016
Hi everyone!
Sorry for the delay, thank you very much for your help Ivan, this solved my
problem!
Cheers,
Mariano
On Wed, Oct 5, 2016 at 10:12 AM, Rodrigo Yanis <ryanis at identicum.com> wrote:
> Hello All,
>
> This approach helped us understanding a similar issue we were having in
> our project. Thanks Ivan for your support.
>
> Regards,
>
>
> *Rodrigo Yanis.*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4824-9971
> ryanis at identicum.com
> www.identicum.com
>
> 2016-10-03 10:00 GMT-03:00 Ivan Noris <ivan.noris at evolveum.com>:
>
>> Hi Mariano,
>>
>> I would probably start with something like this:
>>
>> <correlation>
>> <q:and>
>> <q:equal>
>> <q:path>c:name</q:path>
>> <expression>
>>
>> <path>$account/attributes/icfs:name</path>
>> </expression>
>> </q:equal>
>> <q:equal>
>>
>> <q:path>c:employeeType</q:path>
>> <q:value>*EMPLOYEE*
>> </q:value>
>> </q:equal>
>> </q:and>
>> </correlation>
>>
>> Similar logic used here: samples/resources/openldap$ less
>> openldap-localhost-advanced-sync-modifytimestamp.xml
>> Ivan
>>
>>
>> On 09/29/2016 09:03 PM, mariano marron wrote:
>>
>> Hi everyone! The issue I have is the following.
>>
>> I have accounts in a resource that I want to link to existing users in
>> MidPoint based on a condition: if the user in MidPoint has a certain
>> "employeeType" value, I want the account in the resource to get linked to
>> that user. Otherwise, the user shouldn't be linked.
>> I understand that I can add the following code to the synchronization of
>> the resource:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * <synchronization> <objectSynchronization>
>> <enabled>true</enabled> <correlation> <condition>
>> <script> <code>
>> basic.getAttributeValue(account, 'name') == "xxxxxxx"
>> </code> </script> </condition>
>> <q:equal> <q:path>c:name</q:path>
>> <expression> <c:path>declare namespace
>> icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>';
>> $account/attributes/icfs:name</c:path> </expression>
>> </q:equal> </correlation>*
>>
>> But that "name" attribute, refeers to the name of the account in the
>> resource, not the one in MidPoint. Is there anyway I can refeer to the
>> MidPoint account and get the "employeeType" values to compare them to a
>> certain value, instead of using the resource account attributes for the
>> condition?
>>
>> Thanks a lot!
>>
>> Mariano
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161005/ba9a63a8/attachment.htm>
More information about the midPoint
mailing list