[midPoint] Inbound mapping using literal expression
Ivan Noris
ivan.noris at evolveum.com
Thu Apr 20 08:48:41 CEST 2017
Hi Brad,
I'm using this (the fragment is from our MidPoint Customization and
Deployment 1 training and it's for source CSV, but the logic is the same
for any resource - just the attribute reference will differ):
<attribute>
<ref>icfs:name</ref>
<limitations>
<access>
<read>true</read>
<add>false</add>
<modify>false</modify>
</access>
</limitations>
<inbound>
<expression>
<script>
<code>'X' + input</code>
</script>
</expression>
<target>
<path>$user/name</path>
</target>
</inbound>
<inbound>
<target>
<path>$user/employeeNumber</path>
</target>
</inbound>
<inbound>
<expression>
<value>EMP</value>
</expression>
<target>
<path>$user/employeeType</path>
</target>
</inbound>
</attribute>
There are three inbounds for icfs:name (which is guaranteed to always
exist - in AD case this could be ri:cn or ri:dn). One inbound is using
the value as is and setting $user/employeeNumber; one inbound is
prepending "X" and storing the value to $user/name. And the third
inbound (red) is doing what you probably need - setting literal value
"EMP" to $user/employeeType attribute.
This works, used many times. Just use some AD-mandatory attribute in
<ref>..</ref>.
Best regards,
Ivan
On 04/19/2017 08:42 PM, Brad Firestone wrote:
> Hello,
> I am trying to connect an Active Directory resource which will be an
> authoritative source for some of my midPoint Users. However, I need
> to set some static values for the midPoint User extended attributes
> and these values are unrelated to anything in Active Directory. I've
> read everything I can find about inbound mapping and expressions and
> can't find how to configure the mapping when there's not a source, and
> the value will just be created by the expression. The problem seems
> to be what to put in the <ref> field. (It doesn't work without
> something there.) I have five of these attributes that I need to set.
>
> Here is my intended attribute setting from the AD resource, without a
> <ref> field:
>
> <attribute>
> <ref></ref>
> <displayName>Affiliation</displayName>
> <inbound>
> <expression>
> <value>HQ-AD</value>
> </expression>
> <target>
> <path>$user/extension/affiliation</path>
> </target>
> </inbound>
> </attribute>
>
> I'm still getting started with midPoint, and know I'm missing a lot of
> understanding. Maybe this is something that I need to handle using
> Object Templates? (I'm still trying to wrap my brain around how
> Templates are used.)
>
> My overall goal is to be able to automatically pull midPoint Users
> from several different resources including two different Active
> Directories, and three different LDAP directories. Each of these
> connections will be inbound ONLY. We will also create users directly
> in midPoint. Then I would use outbound mappings to a different LDAP
> directory (we can call it MasterLDAP) that will include an account for
> all the midPoint Users. I would like all of this to happen
> "automatically" so that when an account is added to one of the
> "source" resources, the midPoint User will be created and also the
> MasterLDAP account would be projected. We may also end up projecting
> accounts to other resources at some time in the future, but what I
> have listed is Phase 1.
>
> I would be grateful for any advice on how to best do this.
> Thank you!
> Brad
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170420/a3ecbfb8/attachment.htm>
More information about the midPoint
mailing list