[midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint

Paulo Fernandes de Souza Junior PFSJ at senado.leg.br
Tue Sep 8 14:20:40 CEST 2020


Have you seen this?


https://wiki.evolveum.com/display/midPoint/Inbound+Mapping#InboundMapping-Association​


Wouldn't that be the solution to your problem?


Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN



________________________________
De: midPoint <midpoint-bounces at lists.evolveum.com> em nome de mid point via midPoint <midpoint at lists.evolveum.com>
Enviado: segunda-feira, 7 de setembro de 2020 04:57
Para: midpoint at lists.evolveum.com
Cc: mid point
Assunto: Re: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint

Hello

thanks a lot Pascal for your answer
When i wrote security group, it is windows active directory security groups, Midpoint is a new installation and after the original import of users into midpoint, some active directory security groups have been updated by administrator using powershell.
the result is that the users are assigned correctly in active directory but the users are not assigned to the midpoint roles and doesn't show in the roles members.
Of course on the role projection i can see all the users part of the security group.

to clarify

AD security group                                                     Midpoint role
"test"                         ------------------------------------->          "test"
user1                                                                           nothing in members
user2
user3

the goal is to assign the users part of "test" AD security group to "test" midpoint role , without doing another import.
we have others AD Security group in the same situation
So i was thinking of a bulk import

Thanks again for you answer, ill read it carefully

Have a nice day


-----Original Message-----
From: Pascal PÉRICHON via midPoint <midpoint at lists.evolveum.com>
To: midpoint at lists.evolveum.com
Cc: Pascal PÉRICHON <pascal.perichon at u-paris.fr>
Sent: Fri, Sep 4, 2020 11:51 am
Subject: Re: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint

hello,
SomethIng like that  : this is a task that you should import from import menu and run from task menu.
by group you mean midpoint organizations ?
This is not tested, so... but it just a start.

<?xml version="1.0" encoding="UTF-8"?>
<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance>>
    <task>
        <name>task suppression Assignement ETUDIANT-LICENCE</name>
        <extension>
            <scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"<http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3>
                                 xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"<http://midpoint.evolveum.com/xml/ns/public/model/scripting-3>
                                 xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
                                 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
                                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance>
                                 xmlns:api="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"<http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>
                                 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
                                 xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>
                                 xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"<http://midpoint.evolveum.com/xml/ns/public/common/org-3>>
                <s:search>
                    <s:type>c:UserType</s:type>
                    <s:query>
                        <q:filter>
                            <q:and>
                                <q:equal>
                                    <q:path>subtype</q:path>
                                    <q:value>ETUDIANT-LICENCE</q:value>
                                </q:equal>
                                <q:org>
                                    <q:orgRef>
                                        <!-- TPC group (organization) -->
                                        <q:oid>1f043504-127b-4707-b4dd-11fa5603ef1e</q:oid>
                                    </q:orgRef>
                                    <q:maxDepth>unbounded</q:maxDepth>
                                </q:org>
                            </q:and>
                        </q:filter>
                    </s:query>

                    <s:action>
                        <s:type>modify</s:type>
                        <s:parameter>
                            <s:name>delta</s:name>
                            <c:value xsi:type="t:ObjectDeltaType">
                                <t:changeType>modify</t:changeType>
                                <t:itemDelta>
                                    <t:modificationType>add</t:modificationType>
                                    <t:path>c:assignment</t:path>
                                    <t:value xsi:type="c:AssignmentType">
                                        <!-- Telem role -->
                                        <targetRef oid="f602c03b-4c50-4a7c-8866-59202dc27fad" relation="org:default" type="c:RoleType"/>
                                        <!-- add multiple role is necessary -->
                                        <!--targetRef oid="other-role" relation="org:default" type="c:RoleType"/>
                                        <targetRef oid="another-role" relation="org:default" type="c:RoleType"/-->
                                    </t:value>
                                </t:itemDelta>
                            </c:value>
                        </s:parameter>
                    </s:action>

                </s:search>
            </scext:executeScript>
        </extension>
        <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
        <executionStatus>runnable</executionStatus>

        <category>BulkActions</category>
        <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
        <recurrence>single</recurrence>
    </task>
</objects>


Le 04/09/2020 à 09:33, mid point via midPoint a écrit :
Good morning

I ask this question 2 weeks ago, and no answer.
I supposed i was wrong to think that this question would have interested a lot of midpoint users.
it is maybe too simple.
in case of someone has an example of bulk action that accomplish what i want, please do not hesitate to share

Best regards





-----Original Message-----
From: mid point <pointmid2 at aol.com><mailto:pointmid2 at aol.com>
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Sent: Thu, Aug 20, 2020 5:41 pm
Subject: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint

Hello

As a short introduction, i'm a new midpoint administrator and i'm French :-)

My company is using a midpoint solution, it was installed recently by an external company.
it is working fine so far.
Midpoint has two AD domain resources

I need to assign all users from an existing security group within one of the AD ressources to a midpoint role
I already created the midpoint role with all necessary assignments and inducements

but there is too much users in the security group to assign them one by one and i would like to use bulk action to do this.
Unfortunately , my developer skills are null and for this reason kindly request your help

I hope one of you will  help me and give me a good script.I hope the data below can be enough

the role name is : Telem                      his OID is  f602c03b-4c50-4a7c-8866-59202dc27fad
the security group name is TPC           his  OID is 1f043504-127b-4707-b4dd-11fa5603ef1e
the AD ressource name is Internal       his  OID is e580a543-6b87-460b-aa80-3525e436cf9f

thanks in advance

Raymond
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint



_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200908/ede640cf/attachment.htm>


More information about the midPoint mailing list