[midPoint] Inbound mapping condition to preserve midPoint value

Thu Jun 27 17:14:20 CEST 2019

Hi Arnost,

Thank you so much!  This worked perfectly.
Have a great day!
Brad

Arnošt Starosta - AMI Praha a.s. wrote on 6/26/19 4:06 AM:
> Hi Brad,
>
> you can try an odd trick to preserve the old value - i use the 
> identity attribute as both source and target of the mapping. The 
> source contains the 'old' value. Something like this
>
> <attribute>
> <c:ref>ri:authTimestamp</c:ref>
> <inbound>
> <strength>normal</strength>
> <source>
> <c:path>$focus/extension/lastLDAPLogin</c:path><!-- old focus 
> attribute value -->
> </source>
>                     <expression>
>             <c:script>
> <c:code>
>                             ! basic.isEmpty(input) ? input : lastLDAPLogin
>                             </c:code>
>                       </c:script>
> </expression>
>                     <target>
>             <c:path>$focus/extension/lastLDAPLogin</c:path>
>                   </target>
>                 </inbound>
>           </attribute>
>
> I remember i originaly started with the same condition approach but 
> failed, don't know the details any more and lack the theory.
>
> arnost
>
> út 25. 6. 2019 v 17:59 odesílatel Brad Firestone <bhotrock at gmail.com 
> <mailto:bhotrock at gmail.com>> napsal:
>
>     Hi All,
>
>     I'm using the lastbind overlay with OpenLDAP to set the authTimestamp
>     attribute when someone successfully bind to LDAP.  I'm putting this
>     value into a midPoint attribute:  $user/extension/lastLDAPLogin
>
>     This process works correctly.  However, if an LDAP account is removed
>     from the User and then added back, there isn't an authTimestamp
>     attribute value until their NEXT successful bind.  If the User is
>     reconciled for any reason, then the midPoint value for
>     lastLDAPLogin is
>     removed.
>
>     I would like to keep that midPoint value no matter what, never remove
>     it, and update it when OpenLDAP sets a new value.  I tried the
>     following
>     condition, but it's not working
>
>     <attribute>
>          <ref>ri:authTimestamp</ref>
>              <inbound>
>                   <strength>normal</strength>
>                         <target>
>     <path>$user/extension/lastLDAPLogin</path>
>                          </target>
>                          <condition>
>                              <script>
>     <code>!basic.isEmpty(input)</code>
>                              </script>
>                          </condition>
>                      </inbound>
>                  </attribute>
>
>     I found this condition listed at:
>     https://wiki.evolveum.com/display/midPoint/Mapping
>     (To me, it looks like there is a missing ! in the 2.2 and above
>     example,
>     but I've tried it both ways.)
>
>     With this in place, if I reconcile a User who has a value for
>     lastLDAPLogin already set, but doesn't have that attribute on the
>     LDAP
>     server, then the midPoint value is removed.
>
>     Does anyone have any ideas of how I should construct my mapping to
>     never
>     remove the value from midPoint?
>     Thanks!
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz <mailto:arnost.starosta at ami.cz>
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
>
> AMI Praha a.s.
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá 
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může 
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv 
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail 
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně 
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního 
> postihu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190627/534c934e/attachment.htm>