[midPoint] Add a second LDAP account to resource for user (Error: already contains account of type 'default' on resource)

Peter Healy phealy3330 at gmail.com
Mon Mar 20 17:03:55 CET 2017


Hi Ivan,
I added a role object as described in example 2 with the OID of the
resource I need to add a test account to, when I add that role to a user it
does come computation and comes back with success but the user still only
has the 1 default projection assigned.

I was able to navigate back in the browser history and it looks like it
assigns the existing shadow on the resource to the "test" intent along with
the "default" intent

Activity Status Resource object (if applicable)
Computing projections of the focus object
Operation on focus object (repository)
Account (default) on AWS DEV OpenLDAP
uid=Testuser6,cn=users,o=dev,dc=odhsolutions,dc=com
Account (test) on AWS DEV OpenLDAP
uid=Testuser6,cn=users,o=dev,dc=odhsolutions,dc=com
Considering or starting approval workflows

Is there a way I can specify the uid for the second account or have it
follow some kind of iteration rule?

Thanks again,
Peter

On Mon, Mar 20, 2017 at 10:32 AM, <midpoint-request at lists.evolveum.com>
wrote:

> Send midPoint mailing list submissions to
>         midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
>         midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
>         midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1. Re: Add a second LDAP account to resource for user (Error:
>       already contains account of type 'default' on resource) (Ivan Noris)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 20 Mar 2017 15:31:36 +0100
> From: Ivan Noris <ivan.noris at evolveum.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Add a second LDAP account to resource for user
>         (Error: already contains account of type 'default' on resource)
> Message-ID: <fc626f42-1372-8fd9-79fa-1fcd09f8cef8 at evolveum.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Peter,
>
> GUI currently cannot use Add projection for other-than-default intents.
>
> But it's very easy to create a role:
>
> Example 1: role to create default account on resource with given oid
>
>
> <role oid="2dfa0d20-3263-11e6-838d-3c970e44b9e2"
>         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/
> common/common-3"
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>     <name>CSV-1 Default account</name>
>     <description>
>      This role assigns CSV-1 (Simulated App 1) resource and creates a
> test account.
>     </description>
>     <inducement>
>         <construction>
>             <!-- The c: prefix in type must be there due to a JAXB bug -->
>             <resourceRef oid="10000000-9999-9999-0000-a000ff000002"
> type="c:ResourceType"/>
>                 <kind>account</kind>
>         </construction>
>     </inducement>
> </role>
>
> Example 2: role to create account with intent test on resource with
> given oid
>
> <role oid="2dfa0d20-3263-11e6-838d-3c970e44b9e2"
>         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/
> common/common-3"
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>     <name>CSV-1 Tester</name>
>     <description>
>      This role assigns CSV-1 (Simulated App 1) resource and creates a
> test account.
>     </description>
>     <inducement>
>         <construction>
>             <!-- The c: prefix in type must be there due to a JAXB bug -->
>             <resourceRef oid="10000000-9999-9999-0000-a000ff000002"
> type="c:ResourceType"/>
>                 <kind>account</kind>
>                 <intent>test</intent>
>         </construction>
>     </inducement>
> </role>
>
> Then just add one or both roles to your user in midpoint and the
> corresponding account(s) should be created. Just be sure to use your
> resource oid and correct intent.
>
> Regards,
>
> Ivan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170320/a91ed915/attachment.htm>


More information about the midPoint mailing list