[midPoint] filter LDAP entries

Jason Everling jeverling at bshp.edu
Mon Jun 11 16:14:34 CEST 2018 

within the objectSynchronization section add a condition, will only return
people who have the attribute businessCategory equal to midpoint_test

   <synchronization>
      <objectSynchronization>
         <objectClass>ri:inetOrgPerson</objectClass>
         <enabled>true</enabled>
         <condition>
            <script>
<code>
ppl = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/
xml/ns/public/resource/instance-3', 'businessCategory');
return (ppl == 'midpoint_test')
</code>
            </script>
         </condition>
         <correlation>
            <q:equal>

JASON

On Mon, Jun 11, 2018 at 8:42 AM, Jeria, Esteban <esteban.jeria at cgi.com>
wrote:

> Hi,
>
>
>
> Is there anyone who can help me?  :-)
>
>
>
> *Esteban Jeria*
>
> esteban.jeria at cgi.com
> Conseiller *CGI* / *CGI* Consultant
>
> Sécurité - Gestion des Identités et des Accès / Security - Identity and
> Access Management
>
>
>
> *From:* Jeria, Esteban [mailto:esteban.jeria at cgi.com]
> *Sent:* Thursday, May 31, 2018 11:52 AM
> *To:* midpoint at lists.evolveum.com
> *Subject:* [midPoint] filter LDAP entries
>
>
>
> Hi,
>
>
>
> I was wondering if there is a way to restrict the ldap connector so that
> it will only work with a subset of entries from an OU, like a filter.
>
> We currently have a LAB environment with over 50K entries, so I would like
> to limit our tests with only a dozen of them, previously identified with an
> attribute (businessCategory = midpoint_test).
>
>
>
> I tried using the <protected> section on the <schemaHandling> with a
> reversed filter:
>
>
>
> <protected>
>
>    <filter>
>
>       <q:not>
>
>          <q:equal>
>
>             <q:path>attributes/businessCategory</q:path>
>
>            <q:value>midpoint_test</q:value>
>
>          </q:equal>
>
>       </q:not>
>
>    </filter>
>
> </protected>
>
>
>
> But it doesn't work properly, it really ignores the entries that don't
> match the attribute, but I have this error on the targeted entries and I'm
> unable to modify them.
>
>
>
> SystemException: Security violation during processing shadow shadow:
> uid=testuser,ou=IT,ou=people,dc=example,dc=com
> (OID:4d030941-e623-46e2-8b17-2c99ae6639d5): Cannot modify protected
> resource object
>
>
>
> *Esteban Jeria*
>
> esteban.jeria at cgi.com
> Conseiller *CGI* / *CGI* Consultant
>
> Sécurité - Gestion des Identités et des Accès / Security - Identity and
> Access Management
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180611/0a704d2a/attachment.htm>

More information about the midPoint mailing list