[midPoint] How to blank out user properties?

Jason Everling jeverling at bshp.edu
Thu Jul 2 22:55:31 CEST 2020 

:/ ive been updating some of our logstash stuff, should be != faculty and
!= staff
JASON


On Thu, Jul 2, 2020 at 3:49 PM Jason Everling <jeverling at bshp.edu> wrote:

> Gotcha, I just put together a quick example for an idea, you can also go
> with if affiliation == student && not == faculty ||  affiliation == student
> && not == staff || etc...
>
> for the assignments, you would write the script to get all assignments
> then if your resource doesn't exist apply mapping, there is a midpoint
> function for it, we used something similar for a bulk task, ill find it on
> my prod git repo, its back there in time,
>
> someone else might be able to chime in sooner
>
>
>
> On Thu, Jul 2, 2020 at 2:13 PM Richard Frovarp <richard.frovarp at ndsu.edu>
> wrote:
>
>> But students can be employed. I need it so that if they aren't in that
>> resource, they are removed. You're earlier example makes some sense, but I
>> don't have a deep enough understanding of midPoint to fully implement it.
>> Error complains about the source of $user/assignments. I'm on 4.1 and it
>> looks like that may have changed some, but I can't quite figure out how.
>>
>> Kind of frustrated as this seems like it should be a basic operation, and
>> it's the one thing stopping me from going further. I don't want a mess of
>> stale data in a brand new system a day after it goes up.
>>
>> I've been looking at queries and bulk actions, but I can't figure out how
>> to find all users that aren't referenced by a resource. I can find all in
>> the resource, and all that have a resource that isn't it (which is all of
>> the users as names are pulled in from a different resource). What is a one
>> minute query in raw SQL is beyond my understanding here right now.
>>
>> On Thu, 2020-07-02 at 13:15 -0500, Jason Everling wrote:
>>
>> Also this in the default template, if return null; doesn’t work you could
>> also go with return ‘’; . So many different ways to do it without relying
>> on a deleted template
>>
>>
>>
>> <mapping>
>>
>>   <description>Clean out department</description>
>>
>>   <strength>strong</strength>
>>
>>   <source>
>>
>>     <path>$user/extension/your_affiliation</path>
>>
>>   </source>
>>
>>   <target>
>>
>>     <path>$user/extension/ndsuPrimaryJobTitle</path>
>>
>>   </target>
>>
>>   <expression>
>>
>>     <script>
>>
>>       <code>
>>
>>        if (affiliation == ‘student’) {
>>
>>             return null;
>>
>>         }
>>
>>       </code>
>>
>>     </script>
>>
>>   </expression>
>>
>> </mapping>
>>
>>
>>
>>
>>
>> *From: *Jason Everling <jeverling at bshp.edu>
>> *Sent: *Thursday, July 2, 2020 1:06 PM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *RE: [midPoint] How to blank out user properties?
>>
>>
>>
>> ** only if the resource isn’t assigned?*
>>
>>
>>
>> *From: *Jason Everling <jeverling at bshp.edu>
>> *Sent: *Thursday, July 2, 2020 1:04 PM
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *RE: [midPoint] How to blank out user properties?
>>
>>
>>
>> What about just a regular mapping in the default user template with a
>> condition strong that gets applied and only if the resource is assigned?
>>
>>
>>
>> <mapping>
>>
>>   <description>Clean out department</description>
>>
>>   <strength>strong</strength>
>>
>>   <source>
>>
>>     <path>$user/assignments</path>
>>
>>   </source>
>>
>>   <target>
>>
>>     <path>$user/extension/ndsuPrimaryJobTitle</path>
>>
>>   </target>
>>
>>   <expression>
>>
>>     <script>
>>
>>       <code>
>>
>>        if (assignment != your resource) {
>>
>>             return null;
>>
>>         }
>>
>>       </code>
>>
>>     </script>
>>
>>   </expression>
>>
>> </mapping>
>>
>>
>>
>>
>>
>> *From: *Richard Frovarp <richard.frovarp at ndsu.edu>
>> *Sent: *Thursday, July 2, 2020 12:56 PM
>> *To: *midpoint at lists.evolveum.com
>> *Subject: *Re: [midPoint] How to blank out user properties?
>>
>>
>>
>> I've seen your archive example. I wasn't completely clear. I don't want
>> to archive the old value. I just want it gone. I want to keep the user
>> object though. So if I were to leave NDSU, we would want there to still be
>> the name, employee number, etc to remain. But my title would no longer
>> apply. A bigger deal if I were to become a student, we wouldn't want my job
>> title applied to my AD object for instance as it wouldn't be applicable.
>> Just trying to get the value back to null.
>>
>>
>>
>> On Thu, 2020-07-02 at 12:22 -0500, Jason Everling wrote:
>>
>> So what I can read from, you want to archive the old value? We do this
>> for various attributes when they are changed, see here, I had added it to
>> the midpoint samples a while back, it will take the old value which was
>> previously set and then add it to a custom schema attribute for archival
>> history, such as a username change, level change, affiliation, etc..
>>
>>
>>
>>
>> https://github.com/evolveum/midpoint-samples/blob/master/samples/contrib/bshp/objects/objectTemplates/Includes%20-%20Archiving.xml
>>
>>
>>
>> *From: *Richard Frovarp <richard.frovarp at ndsu.edu>
>> *Sent: *Thursday, July 2, 2020 11:13 AM
>> *Subject: *[midPoint] How to blank out user properties?
>>
>>
>>
>> I'm reading a list of our employees from a DB through a
>>
>> DatabaseTableConnector resource. As part of that process I'm setting a
>>
>> custom schema element that is their title. That's fine. However, when
>>
>> they are no longer employed, they disappear from the database table.
>>
>>
>>
>> So I'm trying to blank out the title property, since if they aren't
>>
>> employed anymore, they don't have a title. We want to keep historic
>>
>> records, and they may still be a student, which we wouldn't populate a
>>
>> title.
>>
>>
>>
>> How does one go about doing this? It was suggested using an object
>>
>> template on the deleted situation, but that doesn't appear to be
>>
>> working.
>>
>>
>>
>> Resource:
>>
>>
>>
>> <reaction>
>>
>>   <situation>deleted</situation>
>>
>>   <synchronize>true</synchronize>
>>
>>   <action>
>>
>>     <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action
>>
>> -3#unlink</handlerUri>;
>>
>>   </action>
>>
>>   <objectTemplateRef oid="5b23b0d3-0740-47a1-932d-c5a4ab513bc4" />
>>
>> </reaction>
>>
>>
>>
>> User Template:
>>
>>
>>
>> <mapping>
>>
>>   <description>Clean out department</description>
>>
>>   <strength>strong</strength>
>>
>>   <target>
>>
>>     <path>$user/extension/ndsuPrimaryJobTitle</path>
>>
>>   </target>
>>
>>   <expression>
>>
>>     <script>
>>
>>       <code>null</code>
>>
>>     </script>
>>
>>   </expression>
>>
>> </mapping>
>>
>>
>>
>> No errors are thrown, it's just that the title element remains populate
>>
>> with the last know value when the user is deleted from the resource.
>>
>>
>>
>> Thanks,
>>
>> Richard
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com
>>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com
>>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com
>>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200702/c4651524/attachment.htm>

More information about the midPoint mailing list