[midPoint] DatabaseTableConnector organization structure sync

Arnošt Starosta - AMI Praha a.s. arnost.starosta at ami.cz
Tue May 12 19:03:03 CEST 2020


Hi Merve,

you may load the parent org id to each organization in midpoint with
ordinary resource inbound mapping to an extension attribute. Then create
the assignment from organization to it's parent org in org template by
using the parent id in the filter, like this

https://wiki.evolveum.com/display/midPoint/Automatic+Role+Assignment+HOWTO

Do the same for users and their parent orgs.

During the first organization import the parent org may not exist yet (it
may be processed and created after the child org), thats why you need to
recompute the orgs second time to get all parent assignments working.

good luck

arnost




út 12. 5. 2020 v 16:33 odesílatel mceylan <mrveceylan at gmail.com> napsal:

> Hi Gustav, Thanks for your answer
>
> It did not improve when I imported twice. I didn't understand that. There
> are users in the database table and there is also identifier and parent
> information in their information. Users are sorted, for example, by
> employeeNumber. But unfortunately, the organization name, identifier and
> parent_id in their columns are not sequential. What do I have to do in this
> situation?
>
> Pálos Gustáv <gustav.palos at gmail.com>, 12 May 2020 Sal, 16:57 tarihinde
> şunu yazdı:
>
>> Hi  mceylan,
>>
>> You need organizations in right order (from bottom to top), and I prefer
>> not using createOnDemand, just create orgs with linked shadows & strong
>> assignmentTargetSearch.
>> If you have in wrong order, you need to import "twice", first just create
>> orgs and assign what you already have, and on second round create
>> assignments to missing parents from first run.
>>
>> best regards,
>>
>> Gustav
>>
>>
>> ut 12. 5. 2020 o 15:15 mceylan <mrveceylan at gmail.com> napísal(a):
>>
>>> I made it as the attached source. I added the user template in the file.
>>> This way the organizational tree is created, but parent_id and identifier
>>> get mixed. So some don't occur under child parent. It occurs as a side tab.
>>> I couldn't figure it out.
>>>
>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal, 15:57 tarihinde
>>> şunu yazdı:
>>>
>>>> Hi,
>>>>
>>>> nothing special. Just use them as AccountObjectClass from the connector
>>>> and link them to corresponding objects in midPoint (e.g. Organizations).
>>>>
>>>> Ivan
>>>> On 12. 5. 2020 14:55, mceylan wrote:
>>>>
>>>> Thanks for the answer, Ivan. So what should I do to pull the
>>>> organizational units from DB Table resource and create and synchronize the
>>>> organization tree in midpoint according to parent id and identifier?
>>>>
>>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal, 14:30 tarihinde
>>>> şunu yazdı:
>>>>
>>>>> Hi,
>>>>>
>>>>> I think DB Table connector supports only AccountObjectClass.
>>>>>
>>>>> Ivan
>>>>>
>>>>>
>>>>> On 12. 5. 2020 13:06, mceylan wrote:
>>>>>
>>>>> I get the following error when I set
>>>>> CustomorganizationalUnitObjectClass as database resorce object class. What
>>>>> would be the reason?
>>>>>
>>>>> Error:No objectclass specified and no default can be determined
>>>>>
>>>>> <default>true</default>
>>>>> When I do, I get the following error.
>>>>>
>>>>> Internal error: Got unexpected exception:
>>>>> java.lang.IllegalArgumentException: Operation requires an Account
>>>>> ObjectClass.
>>>>>
>>>>>
>>>>>
>>>>> <schemaHandling>
>>>>>       <objectType id="1">
>>>>>          <kind>generic</kind>
>>>>>          <default>false</default>
>>>>>
>>>>>  <objectClass>ri:CustomorganizationalUnitObjectClass</objectClass>
>>>>>          <attribute id="2">
>>>>>             <c:ref>icfs:uid</c:ref>
>>>>>             <displayName>Entry UUID</displayName>
>>>>>             <limitations>
>>>>>                <access>
>>>>>                   <read>true</read>
>>>>>                </access>
>>>>>             </limitations>
>>>>>          </attribute>
>>>>>          <attribute id="3">
>>>>>             <c:ref>icfs:name</c:ref>
>>>>>             <displayName>Name</displayName>
>>>>>             <limitations>
>>>>>                <minOccurs>0</minOccurs>
>>>>>                <access>
>>>>>                   <read>true</read>
>>>>>                   <add>true</add>
>>>>>                   <modify>true</modify>
>>>>>                </access>
>>>>>             </limitations>
>>>>>             <inbound id="24">
>>>>>                <target>
>>>>>                   <c:path>$user/employeeNumber</c:path>
>>>>>                </target>
>>>>>             </inbound>
>>>>>             <inbound id="43">
>>>>>                <target>
>>>>>                   <c:path>$user/name</c:path>
>>>>>                </target>
>>>>>             </inbound>
>>>>>          </attribute>
>>>>>          <attribute id="15">
>>>>>             <c:ref>ri:parent_id</c:ref>
>>>>>             <inbound id="16">
>>>>>                <target>
>>>>>                   <c:path>$user/extension/parent_id</c:path>
>>>>>                </target>
>>>>>             </inbound>
>>>>>          </attribute>
>>>>>          <attribute id="37">
>>>>>             <c:ref>ri:identifier</c:ref>
>>>>>             <inbound id="39">
>>>>>                <target>
>>>>>                   <c:path>$user/extension/identifier</c:path>
>>>>>                </target>
>>>>>             </inbound>
>>>>>          </attribute>
>>>>>          <attribute id="32">
>>>>>             <c:ref>ri:organization_name</c:ref>
>>>>>             <inbound id="33">
>>>>>                <target>
>>>>>                   <c:path>$user/extension/organizationname</c:path>
>>>>>                </target>
>>>>>             </inbound>
>>>>>          </attribute>
>>>>>          <activation>
>>>>>             <administrativeStatus>
>>>>>                <outbound id="5"/>
>>>>>                <inbound id="6">
>>>>>                   <strength>weak</strength>
>>>>>                </inbound>
>>>>>             </administrativeStatus>
>>>>>          </activation>
>>>>>       </objectType>
>>>>>    </schemaHandling>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>> --
>>>>> Ivan Noris
>>>>> Senior Identity Engineerevolveum.com
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>
>>>>
>>>> --
>>>> Merve CEYLAN
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>> --
>>>> Ivan Noris
>>>> Senior Identity Engineerevolveum.com
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>
>>>
>>> --
>>> Merve CEYLAN
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>> --
>> s pozdravom
>>
>> Gustáv Pálos
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Merve CEYLAN
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 

*Arnošt Starosta*
solution architect

gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200512/00cea923/attachment.htm>


More information about the midPoint mailing list