[midPoint] Move ou on ldap when user deleted on midpoint

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Fri Aug 11 11:55:04 CEST 2017


Hi Dilek,

according to error log it seems that you are using variable "legal" in *inbound
*mapping. IMHO legal variable is accessible only in outbound mapping. You
can also try this trick
https://stackoverflow.com/questions/216484/how-do-i-enumerate-all-the-defined-variables-in-a-groovy-script
to see all available variables in given groovy scope.

2017-08-11 10:52 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:

> Hi Oskar,
>
> I have an error on my resource like below:
>
> SystemException: groovy.lang.MissingPropertyException: No such property:
> legal for class: Script155 expression in mapping in inbound mapping for
> activation/administrativeStatus in resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
> ({.../common/common-3}input=PPV(ActivationStatusType:ENABLED); ) in
> expression in mapping in inbound mapping for activation/administrativeStatus
> in resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
>
> Midpoint version is 3.4.1, I have read link about Disable instead of
> Delete, and looked for example, there is no extra import needed for this.
> Is it compatible with 3.4.1 version?
>
> On Fri, Jul 28, 2017 at 12:13 PM, Dilek Gider <dilek.gider at basistek.com>
> wrote:
>
>> Ok Oskar, I will try and reply, thank you very much.
>>
>> On Fri, Jul 28, 2017 at 12:10 PM, Oskar Butovič - AMI Praha a.s. <
>> oskar.butovic at ami.cz> wrote:
>>
>>> <source>
>>>                   <c:path>activation/effectiveStatus</c:path>
>>>                </source>
>>>
>>> This should work.
>>>
>>> 2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>
>>>> Hello Oskar,
>>>>
>>>> Thank you for your reply fast.
>>>> You mean that, I have to add new <source> to DN attribute mapping,
>>>> then, in the script generate if-else condition to DN generation, right?
>>>> But how can I get "admisitrativestatustype.disable" parameter value to
>>>> <source>? is it like this:
>>>>
>>>> <source>
>>>> <path>$user/activation/administrativeStatus</path>
>>>> </source>
>>>>
>>>> My DN generation is below:
>>>>
>>>>  <attribute>
>>>>             <c:ref>ri:dn</c:ref>
>>>>             <displayName>Distinguished Name</displayName>
>>>>             <matchingRule xmlns:mr="http://prism.evolveu
>>>> m.com/xml/ns/public/matching-rule-3">mr:distinguishedName</m
>>>> atchingRule>
>>>>             <tolerant>true</tolerant>
>>>>             <exclusiveStrong>false</exclusiveStrong>
>>>>             <outbound>
>>>>                <authoritative>false</authoritative>
>>>>                <exclusive>false</exclusive>
>>>>                <strength>normal</strength>
>>>>                <source>
>>>>                   <c:path>$user/fullName</c:path>
>>>>                </source>
>>>>                <source>
>>>>                   <c:path>$user/organizationalUnit</c:path>
>>>>                </source>
>>>>                <expression>
>>>>                   <script>
>>>>                      <code>
>>>>                          import javax.naming.ldap.Rdn
>>>>                     import javax.naming.ldap.LdapName
>>>>                     log.info(fullName.toString()+'
>>>> '+organizationalUnit.toString())
>>>>                          dn = new LdapName('DC=xxxx,DC=xxx')
>>>>                          organizationalUnit.toString().tokenize('.').each
>>>> { ouname -> dn.add(new Rdn('OU',ouname)) }
>>>> dn.add('CN='+fullName.trim());
>>>> return dn.toString()
>>>> </code>
>>>>                   </script>
>>>>                </expression>
>>>>             </outbound>
>>>>          </attribute>
>>>>
>>>> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
>>>> oskar.butovic at ami.cz> wrote:
>>>>
>>>>> Helo Dilek,
>>>>>
>>>>> I think that adding this logic by script to outbound mapping for
>>>>> ri:dn attribute should do it.
>>>>>
>>>>> You also need to configure disable on delete according to this guide:
>>>>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Oskar Butovič
>>>>>
>>>>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I have a requirement that when a user deleted or disabled, I have to
>>>>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>>>>> any idea how can I configure this? I think it is changin DN, but where can
>>>>>> I configure this and how?
>>>>>>
>>>>>> My scenario is as follow:
>>>>>> - Sync users with HR db and update users in midpoint
>>>>>> - Send users changes to LDAP from midpoint
>>>>>>
>>>>>> Thank you.
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Oskar Butovič
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>>>> e-mail: oskar.butovic at ami.cz
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>>>> web: www.ami.cz
>>>>>
>>>>>
>>>>> [image: AMI Praha a.s.]
>>>>>
>>>>> [image: AMI Praha a.s.]
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>> společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Oskar Butovič
>>> solution architect
>>>
>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>> e-mail: oskar.butovic at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>> web: www.ami.cz
>>>
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> [image: AMI Praha a.s.]
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/6b7896c4/attachment.htm>


More information about the midPoint mailing list