[midPoint] midPoint Digest, Vol 114, Issue 9
Paulo Fernandes de Souza Junior
PFSJ at senado.leg.br
Thu Oct 21 15:50:21 CEST 2021
Here, we don't directly assign the OU in an inbound mapping, but in an object template. The inbound mapping in the resource maps to the user attribute, using the set/predefined/all clause, and from there the global user template maps
the assignment.
Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
Fone: 61 3303.3924
________________________________
De: midPoint <midpoint-bounces at lists.evolveum.com> em nome de Keith LeValley via midPoint <midpoint at lists.evolveum.com>
Enviado: quinta-feira, 21 de outubro de 2021 10:09
Para: midPoint General Discussion
Cc: Keith LeValley
Assunto: Re: [midPoint] midPoint Digest, Vol 114, Issue 9
Oliver,
For us HR assigns each user an OU (which in our case is a number). The OU attribute comes through to Midpoint and I use the autoassignment feature inside Midpoint which works really well. It's a multistep process, but it's clearly laid out in the Midpoint ebook starting on page 229 (link below):
https://docs.evolveum.com/book/
You basically create a custom attribute in the org, then Midpoint will see if the user attribute you select and the custom attribute in the org match. If they do, the user gets assigned to that org, if they don't then the user will be removed. Not sure if this will fit your required use case, but if it does it's a very clean and easy solution.
On Thu, Oct 21, 2021 at 3:47 AM <midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com>> wrote:
Send midPoint mailing list submissions to
midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.evolveum.com/mailman/listinfo/midpoint
or, via email, send a message with subject or body 'help' to
midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com>
You can reach the person managing the list at
midpoint-owner at lists.evolveum.com<mailto:midpoint-owner at lists.evolveum.com>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of midPoint digest..."
Today's Topics:
1. Assignment and unassignment of organizational units
(Oliver Schonefeld)
2. Re: Assignment and unassignment of organizational units
(Jonathan Hill)
3. Re: Scripted SQL Connector - Full Samples (Frédéric Lohier)
----------------------------------------------------------------------
Message: 1
Date: Wed, 20 Oct 2021 16:29:58 +0200
From: Oliver Schonefeld <schonefeld at ids-mannheim.de<mailto:schonefeld at ids-mannheim.de>>
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: [midPoint] Assignment and unassignment of organizational
units
Message-ID: <4ca1c9de-fc7e-d038-f00c-1ed31c54658b at ids-mannheim.de<mailto:4ca1c9de-fc7e-d038-f00c-1ed31c54658b at ids-mannheim.de>>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hello,
I am running midPoint 4.3.1 and am trying to automatically assign and
unassign organizational units to user accounts. I have modelled the
organizational structure of our institute in midpoint. Organizational
unit membership is governed by a HR feed (modeled as CVS resource) and
user accounts should be assigned or unassigned to org units depending on
the information of the hr feed.
I've manged to get the initial assignment of org units to work by adding
an inbound mapping to the schema handling section of the HR csv resource:
<!-- ... -->
<inbound>
<authoritative>true</authoritative>
<expression>
<assignmentTargetSearch>
<targetType>OrgType</targetType>
<filter>
<q:equal>
<q:path>identifier</q:path>
<expression>
<path>$input</path>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
<!-- ... -->
However, if I move a user in my HR feed to another org unit, the new
unit gets assigned to the user (e.g. in reconciliation or live sync),
but the old unit is never unassigned.
If I set
<set>
<predefined>all</predefined>
</set>
in <target>, midPoint correctly sets the org units, but also removed all
other assignments, e.g. manual requested or auto-assigned roles, etc.
Ideally, I'd like midpoint to only touch the org unit assignments when
something changes in the HR feed.
Has anybody some ideas or useful insights, how I can accomplish this goal?
Thank you and best regards
Oliver
--
Oliver Schonefeld
Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
R5, 6-13, D-68161 Mannheim
+49-(0)621-1581-168 | http://www.ids-mannheim.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5381 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/c4e5f238/attachment-0001.bin>
------------------------------
Message: 2
Date: Wed, 20 Oct 2021 11:11:40 -0400
From: Jonathan Hill <jhill at exclamationlabs.com<mailto:jhill at exclamationlabs.com>>
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] Assignment and unassignment of organizational
units
Message-ID: <EE0B7AE5-3A9D-4687-98BE-66BA8E3A6074 at exclamationlabs.com<mailto:EE0B7AE5-3A9D-4687-98BE-66BA8E3A6074 at exclamationlabs.com>>
Content-Type: text/plain; charset="utf-8"
Hey Oliver,
I would try adding assignmentProperties in your assignmentTargetSearch to allow a clear set of what can be removed.
...
<assignmentProperties>
<subtype>hrFeed</subtype>
</assignmentProperties>
</assignmentTargetSearch>
...
<set>
<condition>
<script>
<code>
return input.subtype.contains("hrFeed")
</code>
</script>
</condition>
</set>
Jonathan Hill
Exclamation Labs
300 Washington Street
Cumberland, MD 21502
jhill at exclamationlabs.com<mailto:jhill at exclamationlabs.com> <mailto:jhill at exclamationlabs.com<mailto:jhill at exclamationlabs.com>>
www.exclamationlabs.com<http://www.exclamationlabs.com> <http://www.exclamationlabs.com/>
> On Oct 20, 2021, at 10:29 AM, Oliver Schonefeld via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
>
> Hello,
>
> I am running midPoint 4.3.1 and am trying to automatically assign and unassign organizational units to user accounts. I have modelled the organizational structure of our institute in midpoint. Organizational unit membership is governed by a HR feed (modeled as CVS resource) and user accounts should be assigned or unassigned to org units depending on the information of the hr feed.
>
> I've manged to get the initial assignment of org units to work by adding an inbound mapping to the schema handling section of the HR csv resource:
> <!-- ... -->
> <inbound>
> <authoritative>true</authoritative>
> <expression>
> <assignmentTargetSearch>
> <targetType>OrgType</targetType>
> <filter>
> <q:equal>
> <q:path>identifier</q:path>
> <expression>
> <path>$input</path>
> </expression>
> </q:equal>
> </filter>
> </assignmentTargetSearch>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> </inbound>
> <!-- ... -->
>
> However, if I move a user in my HR feed to another org unit, the new unit gets assigned to the user (e.g. in reconciliation or live sync), but the old unit is never unassigned.
>
> If I set
> <set>
> <predefined>all</predefined>
> </set>
> in <target>, midPoint correctly sets the org units, but also removed all other assignments, e.g. manual requested or auto-assigned roles, etc.
>
> Ideally, I'd like midpoint to only touch the org unit assignments when something changes in the HR feed.
>
> Has anybody some ideas or useful insights, how I can accomplish this goal?
>
>
> Thank you and best regards
> Oliver
> --
> Oliver Schonefeld
> Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
> R5, 6-13, D-68161 Mannheim
> +49-(0)621-1581-168 | http://www.ids-mannheim.de
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/ace41b43/attachment-0001.htm>
------------------------------
Message: 3
Date: Thu, 21 Oct 2021 09:47:18 +0200
From: Frédéric Lohier <frederic at lohier.org<mailto:frederic at lohier.org>>
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Cc: "Vitor Alves | Gerencianet" <vitor.alves at gerencianet.com.br<mailto:vitor.alves at gerencianet.com.br>>
Subject: Re: [midPoint] Scripted SQL Connector - Full Samples
Message-ID:
<CALRGK0qf-U6Lf=dtxWGvawvu6pECLSs+CemvQzY4KcwOMsHnSw at mail.gmail.com<mailto:dtxWGvawvu6pECLSs%2BCemvQzY4KcwOMsHnSw at mail.gmail.com>>
Content-Type: text/plain; charset="utf-8"
Hello,
I am also interested in examples using scriptedSQL connector version 2.x.
I would like to migrate our scriptedSQL resource from scriptedSQL connector
v1.1.2.0.m3 to V2.2.1
-Frederic
On Mon, Sep 20, 2021, 13:16 Vitor Alves | Gerencianet via midPoint <
midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
> Good morning everybody,
>
> Guys, could you help me with a question? The Scripted SQL Connector, are
> there current full samples? I ask this, because in the samples project
> hosted on Github, there are only Groovy Scripts (
> https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql)
> , and these are commented out. I'm looking for a more real example, with
> the case application, creating a MySQL database. If anyone has something
> like that, could they send it here? Thank you very much for the help of the
> Community.
>
>
>
>
>
>
>
> Regards,
>
> -----
> *Vitor Alves*
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/cd50a53f/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
------------------------------
End of midPoint Digest, Vol 114, Issue 9
****************************************
--
Keith LeValley
Identity Services Architect, Davenport University
phone: (616) 732-1102
klevalley2 at davenport.edu
<mailto:klevalley2 at davenport.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/ad800935/attachment-0001.htm>
More information about the midPoint
mailing list