[midPoint] Move ou on ldap when user deleted on midpoint

Dilek Gider dilek.gider at basistek.com
Fri Jul 28 11:13:59 CEST 2017


Ok Oskar, I will try and reply, thank you very much.

On Fri, Jul 28, 2017 at 12:10 PM, Oskar Butovič - AMI Praha a.s. <
oskar.butovic at ami.cz> wrote:

> <source>
>                   <c:path>activation/effectiveStatus</c:path>
>                </source>
>
> This should work.
>
> 2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>
>> Hello Oskar,
>>
>> Thank you for your reply fast.
>> You mean that, I have to add new <source> to DN attribute mapping, then,
>> in the script generate if-else condition to DN generation, right?
>> But how can I get "admisitrativestatustype.disable" parameter value to
>> <source>? is it like this:
>>
>> <source>
>> <path>$user/activation/administrativeStatus</path>
>> </source>
>>
>> My DN generation is below:
>>
>>  <attribute>
>>             <c:ref>ri:dn</c:ref>
>>             <displayName>Distinguished Name</displayName>
>>             <matchingRule xmlns:mr="http://prism.evolveu
>> m.com/xml/ns/public/matching-rule-3">mr:distinguishedName</matchingRule>
>>             <tolerant>true</tolerant>
>>             <exclusiveStrong>false</exclusiveStrong>
>>             <outbound>
>>                <authoritative>false</authoritative>
>>                <exclusive>false</exclusive>
>>                <strength>normal</strength>
>>                <source>
>>                   <c:path>$user/fullName</c:path>
>>                </source>
>>                <source>
>>                   <c:path>$user/organizationalUnit</c:path>
>>                </source>
>>                <expression>
>>                   <script>
>>                      <code>
>>                          import javax.naming.ldap.Rdn
>>                     import javax.naming.ldap.LdapName
>>                     log.info(fullName.toString()+'
>> '+organizationalUnit.toString())
>>                          dn = new LdapName('DC=xxxx,DC=xxx')
>>                          organizationalUnit.toString().tokenize('.').each
>> { ouname -> dn.add(new Rdn('OU',ouname)) }
>> dn.add('CN='+fullName.trim());
>> return dn.toString()
>> </code>
>>                   </script>
>>                </expression>
>>             </outbound>
>>          </attribute>
>>
>> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
>> oskar.butovic at ami.cz> wrote:
>>
>>> Helo Dilek,
>>>
>>> I think that adding this logic by script to outbound mapping for
>>> ri:dn attribute should do it.
>>>
>>> You also need to configure disable on delete according to this guide:
>>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>>
>>> Best Regards
>>>
>>> Oskar Butovič
>>>
>>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>
>>>> Hi All,
>>>>
>>>> I have a requirement that when a user deleted or disabled, I have to
>>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>>> any idea how can I configure this? I think it is changin DN, but where can
>>>> I configure this and how?
>>>>
>>>> My scenario is as follow:
>>>> - Sync users with HR db and update users in midpoint
>>>> - Send users changes to LDAP from midpoint
>>>>
>>>> Thank you.
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Oskar Butovič
>>> solution architect
>>>
>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>> e-mail: oskar.butovic at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>> web: www.ami.cz
>>>
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> [image: AMI Praha a.s.]
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170728/784d6dc0/attachment.htm>


More information about the midPoint mailing list