[midPoint] Organizational Unit attribute mapping to User attribute

Jason Everling jeverling at bshp.edu
Thu Mar 28 19:18:13 CET 2019 

Now when organization is updated with a new value it will re-build the
users DN which of course will them in the OU based on the attribute. You
can also use org sync to create your AD structure in midpoint then map the
organization assignment to the user's attribute so you can use assignment
based placement. Just make sure to use a specific org type in the template
so it doesn't try to update the attribute with values of orgs that are not
really AD ou's. I was using Rdn but it wasn;t working right for AD
containers, so a raw script, works great though.

       <attribute>
            <c:ref>ri:dn</c:ref>
            <outbound>
               <source>
                  <c:path>$focus/organization</c:path>
               </source>
               <source>
                  <c:path>$focus/name</c:path>
               </source>
               <expression>
                  <script>
                     <code>'CN=' + name + iterationToken + ',' +
organization</code>
                  </script>
               </expression>
            </outbound>
            <inbound>
               <expression>
                  <script>
                     <code>
tmpdn = basic.uc(input);
cn = tmpdn.substring(tmpdn.indexOf(",CN=") + 1);
ou = tmpdn.substring(tmpdn.indexOf(",OU=") + 1);
if (tmpdn.contains(",CN=")) {
log.info("-- DN Path " + cn + "is a container")
return basic.uc(cn);
}
                                if (tmpdn.contains(",OU=") &&
!tmpdn.contains(",CN=")) {
log.info("-- DN Path " + ou + "is a orgunit")
return basic.uc(ou);
                               }
</code>
                  </script>
               </expression>
               <target>
                  <c:path>$focus/organization</c:path>
               </target>
            </inbound>
         </attribute>



On Thu, Mar 28, 2019 at 10:57 AM Vladislavs Filipciks <
vladislavs.filipciks at csolutions.lv> wrote:

> Hello.
>
> Is it possible to take attribute from organizational unit and map it to
> users attribute?
> For example I would like to create extended attribute for organizational
> unit - DN (Distinguished Name), then map it to user's "Organization"
> attribute, so then I'll be able to create user in AD in specific OU
> container.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190328/d6112af5/attachment.htm>

More information about the midPoint mailing list