[midPoint] Resource connection automation

Andrew Morgan morgan at oregonstate.edu
Wed Sep 12 23:10:59 CEST 2018


On Wed, 12 Sep 2018, Wojciech Staszewski wrote:

> Hello All!
>
> This question is for those, who have some experience in midPoint deployment.
>
> Simple case:
> - You need to connect already working system as a resource to midPoint,
> - This system contains a few thousands of user accounts with different
> privileges (for simplicity - user groups), and tens of user groups.
> - midPoint already has some of these users taken from elsewhere (let's
> say from HR system), but some of them are archival, disabled or forgotten.
> - Resource user groups are imported as midPoint roles.
>
> The tasks to do:
> - map the resource accounts to midPoint users (this is quite easy:
> "unliked->link" synchronization action),
> - reflect the resource account privileges (group membership) by
> assigning adequate role or roles to the midPoint users.
>
> I wonder if you have any kind of worked out automation (scripts? bulk
> actions?) for the second task?
> Or maybe you're assigning proper roles to the thousands of users just by
> clicking it out one by one using midPoint GUI?

We wrote scripts to assign roles (and do other things) via midPoint's REST 
API.

I have attached the Perl library we wrote.  You don't have to use Perl. 
You can use the code as a reference for how to make the API calls.

Let me know if you have any questions about it.

Thanks,
Andy Morgan
Systems Administrator, Identity & Access Management
Information Services | Oregon State University
541-737-8877 | is.oregonstate.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: midpoint-utils.pl
Type: text/x-perl
Size: 14554 bytes
Desc: 
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180912/eb3df5b0/attachment.pl>


More information about the midPoint mailing list