[midPoint] Inbound mapping using literal expression

Pálos Gustáv gustav.palos at evolveum.com
Wed Apr 19 22:16:26 CEST 2017 

Hi Brad,

for similar case I'm using something like:
                <inbound>
                    <strength>strong</strength>
                    <target>
                        <c:path>locality</c:path>
                    </target>
                    <expression>
                        <description>Fixed locality</description>
                        <value>Bratislava</value>
                    </expression>
                </inbound>
            </attribute>

Gustav

2017-04-19 20:42 GMT+02:00 Brad Firestone <bhotrock at gmail.com>:

> Hello,
> I am trying to connect an Active Directory resource which will be an
> authoritative source for some of my midPoint Users.  However, I need to set
> some static values for the midPoint User extended attributes and these
> values are unrelated to anything in Active Directory.  I've read everything
> I can find about inbound mapping and expressions and can't find how to
> configure the mapping when there's not a source, and the value will just be
> created by the expression.  The problem seems to be what to put in the
> <ref> field.  (It doesn't work without something there.)  I have five of
> these attributes that I need to set.
>
> Here is my intended attribute setting from the AD resource, without a
> <ref> field:
>
> <attribute>
> <ref></ref>
> <displayName>Affiliation</displayName>
> <inbound>
> <expression>
> <value>HQ-AD</value>
> </expression>
> <target>
> <path>$user/extension/affiliation</path>
> </target>
> </inbound>
> </attribute>
>
> I'm still getting started with midPoint, and know I'm missing a lot of
> understanding.  Maybe this is something that I need to handle using Object
> Templates?  (I'm still trying to wrap my brain around how Templates are
> used.)
>
> My overall goal is to be able to automatically pull midPoint Users from
> several different resources including two different Active Directories, and
> three different LDAP directories.  Each of these connections will be
> inbound ONLY.  We will also create users directly in midPoint.  Then I
> would use outbound mappings to a different LDAP directory (we can call it
> MasterLDAP) that will include an account for all the midPoint Users.  I
> would like all of this to happen "automatically" so that when an account is
> added to one of the "source" resources, the midPoint User will be created
> and also the MasterLDAP account would be projected.  We may also end up
> projecting accounts to other resources at some time in the future, but what
> I have listed is Phase 1.
>
> I would be grateful for any advice on how to best do this.
> Thank you!
> Brad
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>



-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170419/8acd929f/attachment.htm>

More information about the midPoint mailing list