[midPoint] Assignment and unassignment of organizational units

Oliver Schonefeld schonefeld at ids-mannheim.de
Wed Oct 20 16:29:58 CEST 2021 

Hello,

I am running midPoint 4.3.1 and am trying to automatically assign and 
unassign organizational units to user accounts. I have modelled the 
organizational structure of our institute in midpoint. Organizational 
unit membership is governed by a HR feed (modeled as CVS resource) and 
user accounts should be assigned or unassigned to org units depending on 
the information of the hr feed.

I've manged to get the initial assignment of org units to work by adding 
an inbound mapping to the schema handling section of the HR csv resource:
   <!-- ... -->
   <inbound>
     <authoritative>true</authoritative>
     <expression>
       <assignmentTargetSearch>
         <targetType>OrgType</targetType>
         <filter>
           <q:equal>
             <q:path>identifier</q:path>
             <expression>
               <path>$input</path>
             </expression>
           </q:equal>
         </filter>
       </assignmentTargetSearch>
     </expression>
     <target>
       <path>assignment</path>
     </target>
   </inbound>
   <!-- ... -->

However, if I move a user in my HR feed to another org unit, the new 
unit gets assigned to the user (e.g. in reconciliation or live sync), 
but the old unit is never unassigned.

If I set
   <set>
     <predefined>all</predefined>
   </set>
in <target>, midPoint correctly sets the org units, but also removed all 
other assignments, e.g. manual requested or auto-assigned roles, etc.

Ideally, I'd like midpoint to only touch the org unit assignments when 
something changes in the HR feed.

Has anybody some ideas or useful insights, how I can accomplish this goal?


Thank you and best regards
   Oliver
-- 
Oliver Schonefeld
Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
R5, 6-13, D-68161 Mannheim
+49-(0)621-1581-168 | http://www.ids-mannheim.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5381 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/c4e5f238/attachment.bin>

More information about the midPoint mailing list