[midPoint] Inbound mapping using literal expression

Brad Firestone bhotrock at gmail.com
Thu Apr 20 14:09:07 CEST 2017 

Thank you to both Ivan and Gustáv!

Now I understand that I can add multiple inbound sections to one single 
resource attribute and create values in multiple midPoint User 
attributes.  I was thinking it had to be a one-to-one relationship.  
This works great!

Thank you so much for your great support!!
Brad

Ivan Noris wrote:
>
> Hi Brad,
>
> I'm using this (the fragment is from our MidPoint Customization and 
> Deployment 1 training and it's for source CSV, but the logic is the 
> same for any resource - just the attribute reference will differ):
>
> <attribute>
> <ref>icfs:name</ref>
> <limitations>
> <access>
> <read>true</read>
> <add>false</add>
> <modify>false</modify>
> </access>
> </limitations>
> <inbound>
> <expression>
> <script>
> <code>'X' + input</code>
> </script>
> </expression>
> <target>
> <path>$user/name</path>
> </target>
> </inbound>
> <inbound>
> <target>
> <path>$user/employeeNumber</path>
> </target>
> </inbound>
> <inbound>
> <expression>
> <value>EMP</value>
> </expression>
> <target>
> <path>$user/employeeType</path>
> </target>
> </inbound>
> </attribute>
>
> There are three inbounds for icfs:name (which is guaranteed to always 
> exist - in AD case this could be ri:cn or ri:dn). One inbound is 
> using  the value as is and setting $user/employeeNumber; one inbound 
> is prepending "X" and storing the value to $user/name. And the third 
> inbound (red) is doing what you probably need - setting literal value 
> "EMP" to $user/employeeType attribute.
>
> This works, used many times. Just use some AD-mandatory attribute in 
> <ref>..</ref>.
>
> Best regards,
> Ivan
>
> On 04/19/2017 08:42 PM, Brad Firestone wrote:
>> Hello,
>> I am trying to connect an Active Directory resource which will be an 
>> authoritative source for some of my midPoint Users.  However, I need 
>> to set some static values for the midPoint User extended attributes 
>> and these values are unrelated to anything in Active Directory.  I've 
>> read everything I can find about inbound mapping and expressions and 
>> can't find how to configure the mapping when there's not a source, 
>> and the value will just be created by the expression.  The problem 
>> seems to be what to put in the <ref> field.  (It doesn't work without 
>> something there.)  I have five of these attributes that I need to set.
>>
>> Here is my intended attribute setting from the AD resource, without a 
>> <ref> field:
>>
>> <attribute>
>> <ref></ref>
>> <displayName>Affiliation</displayName>
>> <inbound>
>> <expression>
>> <value>HQ-AD</value>
>> </expression>
>> <target>
>> <path>$user/extension/affiliation</path>
>> </target>
>> </inbound>
>> </attribute>
>>
>> I'm still getting started with midPoint, and know I'm missing a lot 
>> of understanding.  Maybe this is something that I need to handle 
>> using Object Templates?  (I'm still trying to wrap my brain around 
>> how Templates are used.)
>>
>> My overall goal is to be able to automatically pull midPoint Users 
>> from several different resources including two different Active 
>> Directories, and three different LDAP directories.  Each of these 
>> connections will be inbound ONLY.  We will also create users directly 
>> in midPoint.  Then I would use outbound mappings to a different LDAP 
>> directory (we can call it MasterLDAP) that will include an account 
>> for all the midPoint Users.  I would like all of this to happen 
>> "automatically" so that when an account is added to one of the 
>> "source" resources, the midPoint User will be created and also the 
>> MasterLDAP account would be projected.  We may also end up projecting 
>> accounts to other resources at some time in the future, but what I 
>> have listed is Phase 1.
>>
>> I would be grateful for any advice on how to best do this.
>> Thank you!
>> Brad
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170420/3783aac9/attachment.htm>

More information about the midPoint mailing list