[midPoint] Protected
Roman Pudil - AMI Praha a.s.
roman.pudil at ami.cz
Thu Jan 4 21:01:52 CET 2018
Hi Jan,
try this modified filter:
<protected>
<filter>
<q:or>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace
icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
attributes/icfs:name</q:path>
<q:value>ou=Global,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace
icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
attributes/icfs:name</q:path>
<q:value>ou=CZ,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
<q:substring>
<q:matching>stringIgnoreCase</q:matching>
<q:path>declare namespace
icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
attributes/icfs:name</q:path>
<q:value>cz=Users,dc=hell,dc=local</q:value>
<q:anchorEnd>true</q:anchorEnd>
</q:substring>
</q:or>
</filter>
</protected>
Regards
Roman Pudil
solution architect
gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz
AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
výhradně písemnou formu.
------ Původní zpráva ------
Od: "Jan Kaspar" <Caspi at seznam.cz>
Komu: midpoint at lists.evolveum.com
Odesláno: 4.1.2018 20:27:48
Předmět: [midPoint] Protected
>Hi all,
>
>I have a question about protected objects. I need to exclude multiple
>OU's in AD.
>
>I tryed to do that by adding:
>
> <protected>
> <filter>
> <q:substring>
> <q:matching>stringIgnoreCase</q:matching>
> <q:path>declare namespace
>icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
>attributes/icfs:name</q:path>
> <q:value>ou=Global,dc=hell,dc=local</q:value>
> <q:anchorEnd>true</q:anchorEnd>
> </q:substring>
> </filter>
> </protected>
> <protected>
> <filter>
> <q:substring>
> <q:matching>stringIgnoreCase</q:matching>
> <q:path>declare namespace
>icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
>attributes/icfs:name</q:path>
> <q:value>ou=CZ,dc=hell,dc=local</q:value>
> <q:anchorEnd>true</q:anchorEnd>
> </q:substring>
> </filter>
> </protected>
> <protected>
> <filter>
> <q:substring>
> <q:matching>stringIgnoreCase</q:matching>
> <q:path>declare namespace
>icfs='http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3';
>attributes/icfs:name</q:path>
> <q:value>cz=Users,dc=hell,dc=local</q:value>
> <q:anchorEnd>true</q:anchorEnd>
> </q:substring>
> </filter>
> </protected>
>
>But it doesnt work. I am not able to see account in repository and
>resource. If htere is only one protected OU then it works.
>Where is an error?
>
>Thanks
>
>Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180104/0a4a90e8/attachment.htm>
More information about the midPoint
mailing list