[midPoint] Inbound mapping condition to preserve midPoint value
Arnošt Starosta - AMI Praha a.s.
arnost.starosta at ami.cz
Wed Jun 26 11:06:37 CEST 2019
Hi Brad,
you can try an odd trick to preserve the old value - i use the identity
attribute as both source and target of the mapping. The source contains the
'old' value. Something like this
<attribute>
<c:ref>ri:authTimestamp</c:ref>
<inbound>
<strength>normal</strength>
<source>
<c:path>$focus/extension/lastLDAPLogin</c:path><!--
old focus attribute value -->
</source>
<expression>
<c:script>
<c:code>
! basic.isEmpty(input) ? input : lastLDAPLogin
</c:code>
</c:script>
</expression>
<target>
<c:path>$focus/extension/lastLDAPLogin</c:path>
</target>
</inbound>
</attribute>
I remember i originaly started with the same condition approach but failed,
don't know the details any more and lack the theory.
arnost
út 25. 6. 2019 v 17:59 odesílatel Brad Firestone <bhotrock at gmail.com>
napsal:
> Hi All,
>
> I'm using the lastbind overlay with OpenLDAP to set the authTimestamp
> attribute when someone successfully bind to LDAP. I'm putting this
> value into a midPoint attribute: $user/extension/lastLDAPLogin
>
> This process works correctly. However, if an LDAP account is removed
> from the User and then added back, there isn't an authTimestamp
> attribute value until their NEXT successful bind. If the User is
> reconciled for any reason, then the midPoint value for lastLDAPLogin is
> removed.
>
> I would like to keep that midPoint value no matter what, never remove
> it, and update it when OpenLDAP sets a new value. I tried the following
> condition, but it's not working
>
> <attribute>
> <ref>ri:authTimestamp</ref>
> <inbound>
> <strength>normal</strength>
> <target>
> <path>$user/extension/lastLDAPLogin</path>
> </target>
> <condition>
> <script>
> <code>!basic.isEmpty(input)</code>
> </script>
> </condition>
> </inbound>
> </attribute>
>
> I found this condition listed at:
> https://wiki.evolveum.com/display/midPoint/Mapping
> (To me, it looks like there is a missing ! in the 2.2 and above example,
> but I've tried it both ways.)
>
> With this in place, if I reconcile a User who has a value for
> lastLDAPLogin already set, but doesn't have that attribute on the LDAP
> server, then the midPoint value is removed.
>
> Does anyone have any ideas of how I should construct my mapping to never
> remove the value from midPoint?
> Thanks!
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
--
*Arnošt Starosta*
solution architect
gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz
*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6
tel.: [+420] 274 783 239 | web: www.ami.cz
[image: AMI Praha a.s.]
Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190626/5b408090/attachment.htm>
More information about the midPoint
mailing list