[midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint
Paulo Fernandes de Souza Junior
PFSJ at senado.leg.br
Tue Sep 8 14:20:40 CEST 2020
Have you seen this?
https://wiki.evolveum.com/display/midPoint/Inbound+Mapping#InboundMapping-Association
Wouldn't that be the solution to your problem?
Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
________________________________
De: midPoint <midpoint-bounces at lists.evolveum.com> em nome de mid point via midPoint <midpoint at lists.evolveum.com>
Enviado: segunda-feira, 7 de setembro de 2020 04:57
Para: midpoint at lists.evolveum.com
Cc: mid point
Assunto: Re: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint
Hello
thanks a lot Pascal for your answer
When i wrote security group, it is windows active directory security groups, Midpoint is a new installation and after the original import of users into midpoint, some active directory security groups have been updated by administrator using powershell.
the result is that the users are assigned correctly in active directory but the users are not assigned to the midpoint roles and doesn't show in the roles members.
Of course on the role projection i can see all the users part of the security group.
to clarify
AD security group Midpoint role
"test" -------------------------------------> "test"
user1 nothing in members
user2
user3
the goal is to assign the users part of "test" AD security group to "test" midpoint role , without doing another import.
we have others AD Security group in the same situation
So i was thinking of a bulk import
Thanks again for you answer, ill read it carefully
Have a nice day
-----Original Message-----
From: Pascal PÉRICHON via midPoint <midpoint at lists.evolveum.com>
To: midpoint at lists.evolveum.com
Cc: Pascal PÉRICHON <pascal.perichon at u-paris.fr>
Sent: Fri, Sep 4, 2020 11:51 am
Subject: Re: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint
hello,
SomethIng like that : this is a task that you should import from import menu and run from task menu.
by group you mean midpoint organizations ?
This is not tested, so... but it just a start.
<?xml version="1.0" encoding="UTF-8"?>
<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance>>
<task>
<name>task suppression Assignement ETUDIANT-LICENCE</name>
<extension>
<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"<http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3>
xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"<http://midpoint.evolveum.com/xml/ns/public/model/scripting-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance>
xmlns:api="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"<http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"<http://midpoint.evolveum.com/xml/ns/public/common/org-3>>
<s:search>
<s:type>c:UserType</s:type>
<s:query>
<q:filter>
<q:and>
<q:equal>
<q:path>subtype</q:path>
<q:value>ETUDIANT-LICENCE</q:value>
</q:equal>
<q:org>
<q:orgRef>
<!-- TPC group (organization) -->
<q:oid>1f043504-127b-4707-b4dd-11fa5603ef1e</q:oid>
</q:orgRef>
<q:maxDepth>unbounded</q:maxDepth>
</q:org>
</q:and>
</q:filter>
</s:query>
<s:action>
<s:type>modify</s:type>
<s:parameter>
<s:name>delta</s:name>
<c:value xsi:type="t:ObjectDeltaType">
<t:changeType>modify</t:changeType>
<t:itemDelta>
<t:modificationType>add</t:modificationType>
<t:path>c:assignment</t:path>
<t:value xsi:type="c:AssignmentType">
<!-- Telem role -->
<targetRef oid="f602c03b-4c50-4a7c-8866-59202dc27fad" relation="org:default" type="c:RoleType"/>
<!-- add multiple role is necessary -->
<!--targetRef oid="other-role" relation="org:default" type="c:RoleType"/>
<targetRef oid="another-role" relation="org:default" type="c:RoleType"/-->
</t:value>
</t:itemDelta>
</c:value>
</s:parameter>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002"/>
<executionStatus>runnable</executionStatus>
<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
<recurrence>single</recurrence>
</task>
</objects>
Le 04/09/2020 à 09:33, mid point via midPoint a écrit :
Good morning
I ask this question 2 weeks ago, and no answer.
I supposed i was wrong to think that this question would have interested a lot of midpoint users.
it is maybe too simple.
in case of someone has an example of bulk action that accomplish what i want, please do not hesitate to share
Best regards
-----Original Message-----
From: mid point <pointmid2 at aol.com><mailto:pointmid2 at aol.com>
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Sent: Thu, Aug 20, 2020 5:41 pm
Subject: [midPoint] midpoint 4.0.1 - need to do a bulk action to assign users from AD specific security group to a role in midpoint
Hello
As a short introduction, i'm a new midpoint administrator and i'm French :-)
My company is using a midpoint solution, it was installed recently by an external company.
it is working fine so far.
Midpoint has two AD domain resources
I need to assign all users from an existing security group within one of the AD ressources to a midpoint role
I already created the midpoint role with all necessary assignments and inducements
but there is too much users in the security group to assign them one by one and i would like to use bulk action to do this.
Unfortunately , my developer skills are null and for this reason kindly request your help
I hope one of you will help me and give me a good script.I hope the data below can be enough
the role name is : Telem his OID is f602c03b-4c50-4a7c-8866-59202dc27fad
the security group name is TPC his OID is 1f043504-127b-4707-b4dd-11fa5603ef1e
the AD ressource name is Internal his OID is e580a543-6b87-460b-aa80-3525e436cf9f
thanks in advance
Raymond
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200908/ede640cf/attachment.htm>
More information about the midPoint
mailing list