[midPoint] field manager in AD
Chris Woods
chris at cmwoods.com
Wed May 6 12:27:43 CEST 2020
Hi Anton, Ivan,
we have a similar scenario with ServiceNow. The "Manager" field in
ServiceNow is the UUID of an existing ServiceNow User (in the AD the
manager field is the DN of an existing user).
This is our outbound mapping for the manager field in ServiceNow:
<attribute id="103">
<c:ref
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:manager</c:ref>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<name>ServiceNow Manager Outbound Mapping</name>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$focus/extension/rsManager1stLevel</c:path>
</source>
<expression>
<script
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>import
com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
// Get Manager object and then obtain their
servicenow dev account uid
UserType manager =
midpoint.searchObjectByName(UserType.class, rsManager1stLevel);
return midpoint.getLinkedShadow(manager,
"rs-resource-servicenow-dev", true)?.getPrimaryIdentifierValue();
</code>
</script>
</expression>
</outbound>
</attribute>
in this case we are using an extended attribute rsManager1stLevel. This
is, however, only a workaround until our org tree is complete. Then you
can use midpoint.getManagers(Usertype usertype) this will return you
UserType objects so the additional search will be unnecessary. usertype
would be the focus object. You would then have to select which manager
you want to use (midpoint.getManagers returns a collection of UserType
objects as a user may be assigned to multiple organisations with
manager.
The interesting line is the return line as this would get you the DN
from your AD resource (in the same way we get the UUID of the ServiceNow
user).
Regards,
Chris
On 2020-05-06 11:29, Ivan Noris wrote:
> Hi,
>
> if I understand correctly, you would like to import the information
> about user's manager from AD.
>
> You are right there is no attribute for this in midPoint. This is by
> design as the organization structure defines, who is the manager.
>
> Example:
>
> User "employee1" in midPoint is in organization Top -> Sales Division
> -> Sales Team 1
>
> In organization Sales Team 1 there is another user "manager1" assigned
> to Sales Team 1 as manager (this is a relation of the assignment).
>
> That makes user "manager1" manager of "employee1". It can be used for:
>
>
> - displaying in the org. structure
>
> - delegated administration: the manager can do something with his/her
> subordinate employees
>
> - approvals: the manager can approve requests of his/her subordinate
> employees
>
> There is no default attribute in UserType that would contain the
> information "who is my manager". It is always computed by midPoint and
> you can use methods in midpoint scripting library, e.g.
>
> https://www.evolveum.com/downloads/midpoint/4.1/midpoint-api-4.1-javadoc/com/evolveum/midpoint/model/api/expr/MidpointFunctions.html#getManagersOidsExceptUser(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
>
>
> If you don't want to use it, you can define an extension attribute and
> populate the manager from AD there. But then you would lose the
> default functionality for deriving the managers from organizational
> structure as described above.
>
> Best regards,
>
> Ivan
> On 6. 5. 2020 11:14, Щенев Антон Вячеславович
> wrote:
>
>> Hi,
>>
>> The user in the AD has a field its leader(manager). In midPoint,
>> such a field was not found in Users. Of course, you can use any of
>> the unoccupied, but as provided by the system?
>>
>> С уважением,
>>
>> Щенев Антон Вячеславович
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list