[midPoint] Correlation Expression looking only on Resource account

Ivan Noris ivan.noris at evolveum.com
Tue Sep 26 12:05:42 CEST 2017 

Hi Marco,

I think you could try condition in correlation expression like this:

                    <correlation>
                        <q:equal>
                            <q:path>c:employeeNumber</q:path>
                              <expression>
                                <path>$account/attributes/ri:enumber</path>
                              </expression>
                        </q:equal>
                        <condition>
                            <script>
                                <code>basic.getAttributeValue(shadow,
'enumber') != null</code>
                            </script>
                        </condition>
                    </correlation>

This is a fragment from my synchronization configuration; it will
correlate users by employee numbers, but only if the enumber attribute
is not null (e.g. technical users or whatever similar, because otherwise
they would be trying to be correlated with users in midpoint with empty
employeeNumber attribute.

Hope this helps,

regards,

Ivan


On 22.09.2017 16:36, Marco Benucci wrote:
>
> Hi,
>
> I'd like to Link to my virtual identities only accounts that are enabled.
> The resource is basically a database table but i need to use the
> scriptedSqlConnector to assing entitlements.
>
> My accounts on resource have an attribute DISABLED = true / false.
>
> Is there a way to use correlation expression to look only for account
> that have the attribute DISABLED = false?
>
> something like this:
>
> <correlation>
>     <q:and>
>     <q:equal>
>         <q:path>c:name</q:path>
>         <expression>
>             <c:path>$account/attributes/CODI_USER_ID</c:path>
>         </expression>
>     </q:equal>
>     <q:equal>
>         <expression>
>             <c:path>$account/attributes/CODI_USER_ID</c:path>
>         </expression>
>         <q:value>False</q:value>
>     </q:equal>
>     </q:and>
> </correlation>
>
> When I try to save this correlation I obtain the error "Could not
> convert query, because query does not contain item path".
>
> Any ideas?
>
> Thank you,
> Marco
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170926/56ff4104/attachment.htm>

More information about the midPoint mailing list