[midPoint] Synchronize common attribute value between different Objects

Tue Jan 15 13:58:58 CET 2019

Hi Fabian,

afaik there is no midpoint primitive that would address this problem
directly.

You might use a combination of
1) scripting hook that would react to user status changes and sync status
of all his cards
2) task that periodically checks the consistence of user and card status
(as a safe net when the hook fails)

Clumsy solution but it should work in the real world. Has huge potential
for endless enable/disable loops .)

Also i see no condition or other logic in your card service metarole to
check the enabled status of the card first.

arnost

po 14. 1. 2019 v 20:56 odesílatel Fabian <fabianbosch at gmx.de> napsal:

> Hi
>
> I have a special use case for which I need your help.
>
> I have a door-lock system which registers cards with its cardID. The
> collection of cards is handled as midPoint-Ressource and entrys are being
> synced as Type ServiceType.
> Users on the other hand are synchronized from openLDAP.
>
> The use case is that every time I register a new card the card will appear
> in midPoint as a Service and can then be manually assigned to a user. A
> user can have 0..n cards assigned.
>
> both, the user and the card have an attribute "sstatus" which can be set
> enabled/disabled which means to grant access or not (door).
>
> I wrote a role which sets the attribute to "enabled" if this role is
> assigned to a user.
>
>         <inducement id="2">
>             <focusMappings>
>                 <mapping id="3">
>                     <name>S-Status</name>
>                     <expression>
>                         <script xsi:type="c:ScriptExpressionEvaluatorType">
>                             <code>
>                     import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
>                     return ActivationStatusType.ENABLED
>                     </code>
>                         </script>
>                     </expression>
>                     <target>
>                         <c:path>$focus/extension/sstatus</c:path>
>                     </target>
>                 </mapping>
>             </focusMappings>
>         </inducement>
>
> I need a way to provide this changed attribute (in *user*) to all of the
> users *cards* so that every card in the Ressource will have the attribute
> sstatus=enabled
>
> regards,
> Fabian
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>

-- 

*Arnošt Starosta*
solution architect

gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190115/db617c84/attachment.htm>