[midPoint] Inbound mapping condition to preserve midPoint value
Brad Firestone
bhotrock at gmail.com
Tue Jun 25 17:59:48 CEST 2019
Hi All,
I'm using the lastbind overlay with OpenLDAP to set the authTimestamp
attribute when someone successfully bind to LDAP. I'm putting this
value into a midPoint attribute: $user/extension/lastLDAPLogin
This process works correctly. However, if an LDAP account is removed
from the User and then added back, there isn't an authTimestamp
attribute value until their NEXT successful bind. If the User is
reconciled for any reason, then the midPoint value for lastLDAPLogin is
removed.
I would like to keep that midPoint value no matter what, never remove
it, and update it when OpenLDAP sets a new value. I tried the following
condition, but it's not working
<attribute>
<ref>ri:authTimestamp</ref>
<inbound>
<strength>normal</strength>
<target>
<path>$user/extension/lastLDAPLogin</path>
</target>
<condition>
<script>
<code>!basic.isEmpty(input)</code>
</script>
</condition>
</inbound>
</attribute>
I found this condition listed at:
https://wiki.evolveum.com/display/midPoint/Mapping
(To me, it looks like there is a missing ! in the 2.2 and above example,
but I've tried it both ways.)
With this in place, if I reconcile a User who has a value for
lastLDAPLogin already set, but doesn't have that attribute on the LDAP
server, then the midPoint value is removed.
Does anyone have any ideas of how I should construct my mapping to never
remove the value from midPoint?
Thanks!
More information about the midPoint
mailing list