[midPoint] Inbound mapping condition to preserve midPoint value

Brad Firestone bhotrock at gmail.com
Tue Jun 25 17:59:48 CEST 2019


Hi All,

I'm using the lastbind overlay with OpenLDAP to set the authTimestamp 
attribute when someone successfully bind to LDAP.  I'm putting this 
value into a midPoint attribute:  $user/extension/lastLDAPLogin

This process works correctly.  However, if an LDAP account is removed 
from the User and then added back, there isn't an authTimestamp 
attribute value until their NEXT successful bind.  If the User is 
reconciled for any reason, then the midPoint value for lastLDAPLogin is 
removed.

I would like to keep that midPoint value no matter what, never remove 
it, and update it when OpenLDAP sets a new value.  I tried the following 
condition, but it's not working

<attribute>
     <ref>ri:authTimestamp</ref>
         <inbound>
              <strength>normal</strength>
                    <target>
<path>$user/extension/lastLDAPLogin</path>
                     </target>
                     <condition>
                         <script>
<code>!basic.isEmpty(input)</code>
                         </script>
                     </condition>
                 </inbound>
             </attribute>

I found this condition listed at: 
https://wiki.evolveum.com/display/midPoint/Mapping
(To me, it looks like there is a missing ! in the 2.2 and above example, 
but I've tried it both ways.)

With this in place, if I reconcile a User who has a value for 
lastLDAPLogin already set, but doesn't have that attribute on the LDAP 
server, then the midPoint value is removed.

Does anyone have any ideas of how I should construct my mapping to never 
remove the value from midPoint?
Thanks!



More information about the midPoint mailing list