[midPoint] Import users from AD

Gruber, Michael MICHAEL.GRUBER at wwk.de
Thu May 17 16:05:30 CEST 2018


Hi,

You may try
<c:path>$shadow/attributes/dn</c:path>

instead of
<c:path>$shadow/attributes/distinguishedName</c:path>

We have ri:dn in schema. Afaik, distinguishedName was replaced by dn in schema some time ago. (may depend on version of midoint/connector.)


Regards, Michael


-----Ursprüngliche Nachricht-----
Von: midPoint [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Peter Viskup
Gesendet: Donnerstag, 17. Mai 2018 15:17
An: midpoint
Betreff: [midPoint] Import users from AD

Trying to import users from AD tree to Midpoint without success
(inbound mapping).
Not able to define inbound mapping condition with check of the value
of DN attribute.

This is schema handling for users:

      <objectType>
         <kind>account</kind>
         <intent>corp</intent>
         <displayName>User CORP</displayName>
         <default>true</default>
         <objectClass>ri:user</objectClass>
         <attribute>
            <c:ref>ri:sAMAccountName</c:ref>
            <displayName>Account name</displayName>
            <tolerant>true</tolerant>
            <exclusiveStrong>false</exclusiveStrong>
            <inbound>
               <authoritative>false</authoritative>
               <exclusive>true</exclusive>
               <strength>normal</strength>
               <source>
                  <name>dn</name>
                  <c:path>$shadow/attributes/distinguishedName</c:path>
               </source>
               <target>
                  <c:path>$user/name</c:path>
               </target>
               <condition>
                  <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xsi:type="c:ScriptExpressionEvaluatorType">
                     <code>
        log.info("Attribute dn value: {}", dn.dump());
        log.info("Attribute input value: {}", input.dump());
        if (!basic.isEmpty(dn)){
          return dn.contains('OU=Users');
        }
        return false;
                     </code>
                  </script>
               </condition>
            </inbound>
         </attribute>

Getting error (seems both dn and input variables are not defined):

Cannot invoke method hashCode() on null object in condition in mapping
in inbound expression for
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}sAMAccountName
in resource:2a59c3d6-9d65-4284-980a-3bb8404126b3(Active Directory
CORP)({.../common/common-3}input=null; dn=null; ) in condition in
mapping in inbound expression for
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}sAMAccountName
in resource:2a59c3d6-9d65-4284-980a-3bb8404126b3(Active Directory
CORP)

What source and target paths needs to used in this case?

Peter
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Werner Quante, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK Pensionsfonds AG, Vorstand: Ansgar Eckert, Karl Ruffing, Heinrich Schüppert; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Ansgar Eckert, Stefan Schneider (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach


More information about the midPoint mailing list