[midPoint] field manager in AD

Chris Woods chris at cmwoods.com
Wed May 6 12:56:12 CEST 2020


Hi,

forget my post. Being able to read is an advantage... I thought you 
needed an outgoing value.

Regards,
Chris

On 2020-05-06 12:27, Chris Woods wrote:
> Hi Anton, Ivan,
> 
> we have a similar scenario with ServiceNow. The "Manager" field in
> ServiceNow is the UUID of an existing ServiceNow User (in the AD the
> manager field is the DN of an existing user).
> 
> This is our outbound mapping for the manager field in ServiceNow:
> 
> <attribute id="103">
>                 <c:ref
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:manager</c:ref>
>                 <tolerant>false</tolerant>
>                 <exclusiveStrong>false</exclusiveStrong>
>                 <outbound>
>                     <name>ServiceNow Manager Outbound Mapping</name>
>                     <authoritative>true</authoritative>
>                     <exclusive>false</exclusive>
>                     <strength>normal</strength>
>                     <source>
>                         
> <c:path>$focus/extension/rsManager1stLevel</c:path>
>                     </source>
>                     <expression>
>                         <script
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xsi:type="c:ScriptExpressionEvaluatorType">
>                             <code>import
> com.evolveum.midpoint.xml.ns._public.common.common_3.UserType
> 
>                             // Get Manager object and then obtain
> their servicenow dev account uid
> 
>                             UserType manager =
> midpoint.searchObjectByName(UserType.class, rsManager1stLevel);
>                             return midpoint.getLinkedShadow(manager,
> "rs-resource-servicenow-dev", true)?.getPrimaryIdentifierValue();
>                             </code>
>                         </script>
>                     </expression>
>                 </outbound>
>             </attribute>
> 
> in this case we are using an extended attribute rsManager1stLevel.
> This is, however, only a workaround until our org tree is complete.
> Then you can use midpoint.getManagers(Usertype usertype) this will
> return you UserType objects so the additional search will be
> unnecessary. usertype would be the focus object. You would then have
> to select which manager you want to use (midpoint.getManagers returns
> a collection of UserType objects as a user may be assigned to multiple
> organisations with manager.
> 
> The interesting line is the return line as this would get you the DN
> from your AD resource (in the same way we get the UUID of the
> ServiceNow user).
> 
> Regards,
> Chris
> 
> On 2020-05-06 11:29, Ivan Noris wrote:
>> Hi,
>> 
>> if I understand correctly, you would like to import the information
>> about user's manager from AD.
>> 
>> You are right there is no attribute for this in midPoint. This is by
>> design as the organization structure defines, who is the manager.
>> 
>> Example:
>> 
>> User "employee1" in midPoint is in organization Top -> Sales Division
>> -> Sales Team 1
>> 
>> In organization Sales Team 1 there is another user "manager1" assigned
>> to Sales Team 1 as manager (this is a relation of the assignment).
>> 
>> That makes user "manager1" manager of "employee1". It can be used for:
>> 
>> 
>> - displaying in the org. structure
>> 
>> - delegated administration: the manager can do something with his/her
>> subordinate employees
>> 
>> - approvals: the manager can approve requests of his/her subordinate
>> employees
>> 
>> There is no default attribute in UserType that would contain the
>> information "who is my manager". It is always computed by midPoint and
>> you can use methods in midpoint scripting library, e.g.
>> 
>> https://www.evolveum.com/downloads/midpoint/4.1/midpoint-api-4.1-javadoc/com/evolveum/midpoint/model/api/expr/MidpointFunctions.html#getManagersOidsExceptUser(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
>> 
>> 
>> If you don't want to use it, you can define an extension attribute and
>> populate the manager from AD there. But then you would lose the
>> default functionality for deriving the managers from organizational
>> structure as described above.
>> 
>> Best regards,
>> 
>> Ivan
>> On 6. 5. 2020 11:14, Щенев Антон Вячеславович
>> wrote:
>> 
>>> Hi,
>>> 
>>> The user in the AD has a field its leader(manager). In midPoint,
>>> such a field was not found in Users. Of course, you can use any of
>>> the unoccupied, but as provided by the system?
>>> 
>>> С уважением,
>>> 
>>> Щенев Антон Вячеславович
>>> 
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>> 
>> --
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint



More information about the midPoint mailing list