[midPoint] Move ou on ldap when user deleted on midpoint
Dilek Gider
dilek.gider at basistek.com
Fri Jul 28 11:06:19 CEST 2017
Hello Oskar,
Thank you for your reply fast.
You mean that, I have to add new <source> to DN attribute mapping, then, in
the script generate if-else condition to DN generation, right?
But how can I get "admisitrativestatustype.disable" parameter value to
<source>? is it like this:
<source>
<path>$user/activation/administrativeStatus</path>
</source>
My DN generation is below:
<attribute>
<c:ref>ri:dn</c:ref>
<displayName>Distinguished Name</displayName>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:distinguishedName</matchingRule>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$user/fullName</c:path>
</source>
<source>
<c:path>$user/organizationalUnit</c:path>
</source>
<expression>
<script>
<code>
import javax.naming.ldap.Rdn
import javax.naming.ldap.LdapName
log.info(fullName.toString()+'
'+organizationalUnit.toString())
dn = new LdapName('DC=xxxx,DC=xxx')
organizationalUnit.toString().tokenize('.').each {
ouname -> dn.add(new Rdn('OU',ouname)) }
dn.add('CN='+fullName.trim());
return dn.toString()
</code>
</script>
</expression>
</outbound>
</attribute>
On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
oskar.butovic at ami.cz> wrote:
> Helo Dilek,
>
> I think that adding this logic by script to outbound mapping for
> ri:dn attribute should do it.
>
> You also need to configure disable on delete according to this guide:
> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>
> Best Regards
>
> Oskar Butovič
>
> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>
>> Hi All,
>>
>> I have a requirement that when a user deleted or disabled, I have to move
>> this user on ldap to different ou, named as LEFT_USERS. Could you give any
>> idea how can I configure this? I think it is changin DN, but where can I
>> configure this and how?
>>
>> My scenario is as follow:
>> - Sync users with HR db and update users in midpoint
>> - Send users changes to LDAP from midpoint
>>
>> Thank you.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170728/8690eb51/attachment.htm>
More information about the midPoint
mailing list