[midPoint] Move ou on ldap when user deleted on midpoint

Dilek Gider dilek.gider at basistek.com
Fri Aug 11 10:52:44 CEST 2017


Hi Oskar,

I have an error on my resource like below:

SystemException: groovy.lang.MissingPropertyException: No such property:
legal for class: Script155 expression in mapping in inbound mapping for
activation/administrativeStatus in
resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
({.../common/common-3}input=PPV(ActivationStatusType:ENABLED); ) in
expression in mapping in inbound mapping for
activation/administrativeStatus in
resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db

Midpoint version is 3.4.1, I have read link about Disable instead of
Delete, and looked for example, there is no extra import needed for this.
Is it compatible with 3.4.1 version?

On Fri, Jul 28, 2017 at 12:13 PM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Ok Oskar, I will try and reply, thank you very much.
>
> On Fri, Jul 28, 2017 at 12:10 PM, Oskar Butovič - AMI Praha a.s. <
> oskar.butovic at ami.cz> wrote:
>
>> <source>
>>                   <c:path>activation/effectiveStatus</c:path>
>>                </source>
>>
>> This should work.
>>
>> 2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>
>>> Hello Oskar,
>>>
>>> Thank you for your reply fast.
>>> You mean that, I have to add new <source> to DN attribute mapping, then,
>>> in the script generate if-else condition to DN generation, right?
>>> But how can I get "admisitrativestatustype.disable" parameter value to
>>> <source>? is it like this:
>>>
>>> <source>
>>> <path>$user/activation/administrativeStatus</path>
>>> </source>
>>>
>>> My DN generation is below:
>>>
>>>  <attribute>
>>>             <c:ref>ri:dn</c:ref>
>>>             <displayName>Distinguished Name</displayName>
>>>             <matchingRule xmlns:mr="http://prism.evolveu
>>> m.com/xml/ns/public/matching-rule-3">mr:distinguishedName</matchingRule>
>>>             <tolerant>true</tolerant>
>>>             <exclusiveStrong>false</exclusiveStrong>
>>>             <outbound>
>>>                <authoritative>false</authoritative>
>>>                <exclusive>false</exclusive>
>>>                <strength>normal</strength>
>>>                <source>
>>>                   <c:path>$user/fullName</c:path>
>>>                </source>
>>>                <source>
>>>                   <c:path>$user/organizationalUnit</c:path>
>>>                </source>
>>>                <expression>
>>>                   <script>
>>>                      <code>
>>>                          import javax.naming.ldap.Rdn
>>>                     import javax.naming.ldap.LdapName
>>>                     log.info(fullName.toString()+'
>>> '+organizationalUnit.toString())
>>>                          dn = new LdapName('DC=xxxx,DC=xxx')
>>>                          organizationalUnit.toString().tokenize('.').each
>>> { ouname -> dn.add(new Rdn('OU',ouname)) }
>>> dn.add('CN='+fullName.trim());
>>> return dn.toString()
>>> </code>
>>>                   </script>
>>>                </expression>
>>>             </outbound>
>>>          </attribute>
>>>
>>> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
>>> oskar.butovic at ami.cz> wrote:
>>>
>>>> Helo Dilek,
>>>>
>>>> I think that adding this logic by script to outbound mapping for
>>>> ri:dn attribute should do it.
>>>>
>>>> You also need to configure disable on delete according to this guide:
>>>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>>>
>>>> Best Regards
>>>>
>>>> Oskar Butovič
>>>>
>>>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I have a requirement that when a user deleted or disabled, I have to
>>>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>>>> any idea how can I configure this? I think it is changin DN, but where can
>>>>> I configure this and how?
>>>>>
>>>>> My scenario is as follow:
>>>>> - Sync users with HR db and update users in midpoint
>>>>> - Send users changes to LDAP from midpoint
>>>>>
>>>>> Thank you.
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Oskar Butovič
>>>> solution architect
>>>>
>>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>>> e-mail: oskar.butovic at ami.cz
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>>> web: www.ami.cz
>>>>
>>>>
>>>> [image: AMI Praha a.s.]
>>>>
>>>> [image: AMI Praha a.s.]
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>> společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>>
>> Oskar Butovič
>> solution architect
>>
>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>> e-mail: oskar.butovic at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>> web: www.ami.cz
>>
>>
>> [image: AMI Praha a.s.]
>>
>> [image: AMI Praha a.s.]
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/37cda328/attachment.htm>


More information about the midPoint mailing list