[midPoint] Move ou on ldap when user deleted on midpoint

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Fri Jul 28 11:10:31 CEST 2017 

<source>
                  <c:path>activation/effectiveStatus</c:path>
               </source>

This should work.

2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:

> Hello Oskar,
>
> Thank you for your reply fast.
> You mean that, I have to add new <source> to DN attribute mapping, then,
> in the script generate if-else condition to DN generation, right?
> But how can I get "admisitrativestatustype.disable" parameter value to
> <source>? is it like this:
>
> <source>
> <path>$user/activation/administrativeStatus</path>
> </source>
>
> My DN generation is below:
>
>  <attribute>
>             <c:ref>ri:dn</c:ref>
>             <displayName>Distinguished Name</displayName>
>             <matchingRule xmlns:mr="http://prism.
> evolveum.com/xml/ns/public/matching-rule-3">mr:distinguishedName</
> matchingRule>
>             <tolerant>true</tolerant>
>             <exclusiveStrong>false</exclusiveStrong>
>             <outbound>
>                <authoritative>false</authoritative>
>                <exclusive>false</exclusive>
>                <strength>normal</strength>
>                <source>
>                   <c:path>$user/fullName</c:path>
>                </source>
>                <source>
>                   <c:path>$user/organizationalUnit</c:path>
>                </source>
>                <expression>
>                   <script>
>                      <code>
>                          import javax.naming.ldap.Rdn
>                     import javax.naming.ldap.LdapName
>                     log.info(fullName.toString()+'
> '+organizationalUnit.toString())
>                          dn = new LdapName('DC=xxxx,DC=xxx')
>                          organizationalUnit.toString().tokenize('.').each
> { ouname -> dn.add(new Rdn('OU',ouname)) }
> dn.add('CN='+fullName.trim());
> return dn.toString()
> </code>
>                   </script>
>                </expression>
>             </outbound>
>          </attribute>
>
> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
> oskar.butovic at ami.cz> wrote:
>
>> Helo Dilek,
>>
>> I think that adding this logic by script to outbound mapping for
>> ri:dn attribute should do it.
>>
>> You also need to configure disable on delete according to this guide:
>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>
>> Best Regards
>>
>> Oskar Butovič
>>
>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>
>>> Hi All,
>>>
>>> I have a requirement that when a user deleted or disabled, I have to
>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>> any idea how can I configure this? I think it is changin DN, but where can
>>> I configure this and how?
>>>
>>> My scenario is as follow:
>>> - Sync users with HR db and update users in midpoint
>>> - Send users changes to LDAP from midpoint
>>>
>>> Thank you.
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>>
>> Oskar Butovič
>> solution architect
>>
>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>> e-mail: oskar.butovic at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>> web: www.ami.cz
>>
>>
>> [image: AMI Praha a.s.]
>>
>> [image: AMI Praha a.s.]
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170728/add6a80a/attachment.htm>

More information about the midPoint mailing list