[midPoint] Configuring synchronisation of resource account to user

Tommy Montegu tommy.montegu at exodata.fr
Thu Apr 20 09:37:06 CEST 2017


Ivan,

 

Thank you very much for your time. I read some LDAP samples to configure
synchronization. I decided to setup the correlation with CN. 

 

For example, in my resource AD, I have the CN define like this :

 

         <attribute>

            <c:ref>ri:cn</c:ref>

            <limitations>

               <minOccurs>0</minOccurs>

            </limitations>

            <outbound>

               <source>

                  <c:path>name</c:path>

               </source>

            </outbound>

         </attribute>

 

In my Zimbra resource, I have the CN define like this :

 

<attribute>

            <c:ref>ri:cn</c:ref>

            <displayName>Common Name</displayName>

            <limitations>

               <minOccurs>0</minOccurs>

               <access>

                  <read>true</read>

                  <add>true</add>

                  <modify>true</modify>

               </access>

            </limitations>

            <outbound>

               <source>

                  <c:path>fullName</c:path>

               </source>

            </outbound>

         </attribute>

 

So I begin to write the correlation like this :

 

<objectSynchronization>

         <name>Account sync</name>

         <objectClass>ri:zimbraAccount</objectClass>

         <kind>account</kind>

         <intent>default</intent>

         <focusType>UserType</focusType>

         <enabled>true</enabled>

         <correlation>

            <q:equal>

               <q:path>c:name</q:path>

               <expression>

                  <path>$user/attributes/cn</path>

               </expression>

            </q:equal>

         </correlation>

      </objectSynchronization>

 

It is the good syntax ? For me, the search query will look for users that
have "name" equal to the "cn" of this account. So after, I need to
configure reaction is that correct ?

I read that we don't have to configure a confirmation rule because the
search will always return at most one match.

 

So, I think about this reaction :

<reaction>

            <situation>linked</situation>

            <synchronize>true</synchronize>

         </reaction>

         <reaction>

            <situation>deleted</situation>

            <action
ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink"/>

         </reaction>

         <reaction>

            <situation>unlinked</situation>

            <action
ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#link"/>

         </reaction>

 

But if it's unmatched, what should I put in reaction ? 

 

I hope you can help me to configure my synchronization task and help me to
finish configure.

 

Thank you very much for your help and your time, which is very
appreciated.

 

Best regards,

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170420/c43ee0b0/attachment.htm>


More information about the midPoint mailing list