[midPoint] midPoint Digest, Vol 114, Issue 9
Keith LeValley
klevalley2 at davenport.edu
Thu Oct 21 15:09:08 CEST 2021
Oliver,
For us HR assigns each user an OU (which in our case is a number). The OU
attribute comes through to Midpoint and I use the autoassignment feature
inside Midpoint which works really well. It's a multistep process, but
it's clearly laid out in the Midpoint ebook starting on page 229 (link
below):
https://docs.evolveum.com/book/
You basically create a custom attribute in the org, then Midpoint will see
if the user attribute you select and the custom attribute in the org
match. If they do, the user gets assigned to that org, if they don't then
the user will be removed. Not sure if this will fit your required use
case, but if it does it's a very clean and easy solution.
On Thu, Oct 21, 2021 at 3:47 AM <midpoint-request at lists.evolveum.com> wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. Assignment and unassignment of organizational units
> (Oliver Schonefeld)
> 2. Re: Assignment and unassignment of organizational units
> (Jonathan Hill)
> 3. Re: Scripted SQL Connector - Full Samples (Frédéric Lohier)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 20 Oct 2021 16:29:58 +0200
> From: Oliver Schonefeld <schonefeld at ids-mannheim.de>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] Assignment and unassignment of organizational
> units
> Message-ID: <4ca1c9de-fc7e-d038-f00c-1ed31c54658b at ids-mannheim.de>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello,
>
> I am running midPoint 4.3.1 and am trying to automatically assign and
> unassign organizational units to user accounts. I have modelled the
> organizational structure of our institute in midpoint. Organizational
> unit membership is governed by a HR feed (modeled as CVS resource) and
> user accounts should be assigned or unassigned to org units depending on
> the information of the hr feed.
>
> I've manged to get the initial assignment of org units to work by adding
> an inbound mapping to the schema handling section of the HR csv resource:
> <!-- ... -->
> <inbound>
> <authoritative>true</authoritative>
> <expression>
> <assignmentTargetSearch>
> <targetType>OrgType</targetType>
> <filter>
> <q:equal>
> <q:path>identifier</q:path>
> <expression>
> <path>$input</path>
> </expression>
> </q:equal>
> </filter>
> </assignmentTargetSearch>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> </inbound>
> <!-- ... -->
>
> However, if I move a user in my HR feed to another org unit, the new
> unit gets assigned to the user (e.g. in reconciliation or live sync),
> but the old unit is never unassigned.
>
> If I set
> <set>
> <predefined>all</predefined>
> </set>
> in <target>, midPoint correctly sets the org units, but also removed all
> other assignments, e.g. manual requested or auto-assigned roles, etc.
>
> Ideally, I'd like midpoint to only touch the org unit assignments when
> something changes in the HR feed.
>
> Has anybody some ideas or useful insights, how I can accomplish this goal?
>
>
> Thank you and best regards
> Oliver
> --
> Oliver Schonefeld
> Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
> R5, 6-13, D-68161 Mannheim
> +49-(0)621-1581-168 | http://www.ids-mannheim.de
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 5381 bytes
> Desc: S/MIME Cryptographic Signature
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/c4e5f238/attachment-0001.bin
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 20 Oct 2021 11:11:40 -0400
> From: Jonathan Hill <jhill at exclamationlabs.com>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Assignment and unassignment of organizational
> units
> Message-ID: <EE0B7AE5-3A9D-4687-98BE-66BA8E3A6074 at exclamationlabs.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hey Oliver,
>
> I would try adding assignmentProperties in your assignmentTargetSearch to
> allow a clear set of what can be removed.
>
> ...
> <assignmentProperties>
> <subtype>hrFeed</subtype>
> </assignmentProperties>
> </assignmentTargetSearch>
>
> ...
>
> <set>
> <condition>
> <script>
> <code>
> return input.subtype.contains("hrFeed")
> </code>
> </script>
> </condition>
> </set>
>
> Jonathan Hill
> Exclamation Labs
> 300 Washington Street
> Cumberland, MD 21502
> jhill at exclamationlabs.com <mailto:jhill at exclamationlabs.com>
> www.exclamationlabs.com <http://www.exclamationlabs.com/>
>
> > On Oct 20, 2021, at 10:29 AM, Oliver Schonefeld via midPoint <
> midpoint at lists.evolveum.com> wrote:
> >
> > Hello,
> >
> > I am running midPoint 4.3.1 and am trying to automatically assign and
> unassign organizational units to user accounts. I have modelled the
> organizational structure of our institute in midpoint. Organizational unit
> membership is governed by a HR feed (modeled as CVS resource) and user
> accounts should be assigned or unassigned to org units depending on the
> information of the hr feed.
> >
> > I've manged to get the initial assignment of org units to work by adding
> an inbound mapping to the schema handling section of the HR csv resource:
> > <!-- ... -->
> > <inbound>
> > <authoritative>true</authoritative>
> > <expression>
> > <assignmentTargetSearch>
> > <targetType>OrgType</targetType>
> > <filter>
> > <q:equal>
> > <q:path>identifier</q:path>
> > <expression>
> > <path>$input</path>
> > </expression>
> > </q:equal>
> > </filter>
> > </assignmentTargetSearch>
> > </expression>
> > <target>
> > <path>assignment</path>
> > </target>
> > </inbound>
> > <!-- ... -->
> >
> > However, if I move a user in my HR feed to another org unit, the new
> unit gets assigned to the user (e.g. in reconciliation or live sync), but
> the old unit is never unassigned.
> >
> > If I set
> > <set>
> > <predefined>all</predefined>
> > </set>
> > in <target>, midPoint correctly sets the org units, but also removed all
> other assignments, e.g. manual requested or auto-assigned roles, etc.
> >
> > Ideally, I'd like midpoint to only touch the org unit assignments when
> something changes in the HR feed.
> >
> > Has anybody some ideas or useful insights, how I can accomplish this
> goal?
> >
> >
> > Thank you and best regards
> > Oliver
> > --
> > Oliver Schonefeld
> > Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
> > R5, 6-13, D-68161 Mannheim
> > +49-(0)621-1581-168 | http://www.ids-mannheim.de
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > https://lists.evolveum.com/mailman/listinfo/midpoint
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/ace41b43/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 3
> Date: Thu, 21 Oct 2021 09:47:18 +0200
> From: Frédéric Lohier <frederic at lohier.org>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Cc: "Vitor Alves | Gerencianet" <vitor.alves at gerencianet.com.br>
> Subject: Re: [midPoint] Scripted SQL Connector - Full Samples
> Message-ID:
> <CALRGK0qf-U6Lf=
> dtxWGvawvu6pECLSs+CemvQzY4KcwOMsHnSw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I am also interested in examples using scriptedSQL connector version 2.x.
> I would like to migrate our scriptedSQL resource from scriptedSQL connector
> v1.1.2.0.m3 to V2.2.1
>
> -Frederic
>
> On Mon, Sep 20, 2021, 13:16 Vitor Alves | Gerencianet via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
> > Good morning everybody,
> >
> > Guys, could you help me with a question? The Scripted SQL Connector, are
> > there current full samples? I ask this, because in the samples project
> > hosted on Github, there are only Groovy Scripts (
> >
> https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql
> )
> > , and these are commented out. I'm looking for a more real example, with
> > the case application, creating a MySQL database. If anyone has something
> > like that, could they send it here? Thank you very much for the help of
> the
> > Community.
> >
> >
> >
> >
> >
> >
> >
> > Regards,
> >
> > -----
> > *Vitor Alves*
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > https://lists.evolveum.com/mailman/listinfo/midpoint
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/cd50a53f/attachment.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 114, Issue 9
> ****************************************
>
--
Keith LeValley
Identity Services Architect, Davenport University
phone: (616) 732-1102
klevalley2 at davenport.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/956a8e6f/attachment.htm>
More information about the midPoint
mailing list