[midPoint] Multiple AD accounts
Yakov Revyakin
yrevyakin at gmail.com
Sun Feb 13 18:20:36 CET 2022
For example, I have something like this:
(where dn is AD namingAttribute, organization O has two org assignments
Off1 & Off2, O includes single-value "department" attribute with value "O"
to use it as AD OU name for org O))
I use Off1 and Off2 names as tag value.
<objectType>
<kind>generic</kind>
<intent>default</intent>
<objectClass>ri:organizationalUnit</objectClass>
<multiplicity>
<maxOccurs>unbounded</maxOccurs>
<tag>
<outbound>
<source>
<path>parentOrgRef</path>
</source>
<expression>
<script>
<code>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
OrgType office =
midpoint.getOrgByOid(parentOrgRef.oid);
log.info("1.1" + String.valueOf(office.name));
return office.name;
</code>
</script>
</expression>
</outbound>
</tag>
</multiplicity>
<attribute>
<ref>ri:dn</ref>
<matchingRule>distinguishedName</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>extension/department</path>
</source>
<source>
<path>parentOrgRef</path>
</source>
<source>
<path>$projection/tag</path>
</source>
<expression>
<script>
<code>
import
com.evolveum.midpoint.schema.constants.SchemaConstants;
import
com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
import javax.naming.ldap.Rdn;
import javax.naming.ldap.LdapName;
OrgType office = midpoint.getOrgByOid(parentOrgRef.oid);
log.info("2.1" + String.valueOf(tag));
log.info("2.2" + String.valueOf(office.name));
return basic.composeDn(
new Rdn("OU", basic.stringify(department)),
new Rdn("OU", basic.stringify(office.name)),
new LdapName("DC=example,DC=com")
);
</code>
</script>
</expression>
</outbound>
</attribute>
</objectType>
For my data structure I wrote above I have the following output in log:
1.1 Off1
1.1 Off2
1.1 Off1
1.1 Off2
2.1 Off1
2.2 Off1
2.1 Off1
2.2 Off2
2.1 Off1
2.2 Off1
2.1 Off1
2.2 Off2
Partial error while processing projection on
resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(AD): Attempt to add 2 values
to a single-valued item attributes/dn; values:
[PPV(String:OU=O,OU=Off1,DC=example,DC=com),
PPV(String:OU=O,OU=Off2,DC=example,DC=com)]
How to complete my conf? I don't understand how to configure the
multivalued account feature. Please, help
On Sun, 13 Feb 2022 at 14:48, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Correct, I'd like to have multiple AD accounts. How to command to create
> them?
>
> On Sun, 13 Feb 2022 at 14:34, Roman Pudil - AMI Praha a.s. via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>>
>> Hi,
>> AD schema did not allow multiple values in DN attribute. See AD schema
>> documentation.
>> You have ro use multiple accounts.
>> Regards
>> Roman Pudil
>>
>>
>> Dne ne 13. 2. 2022 13:27 uživatel Yakov Revyakin via midPoint <
>> midpoint at lists.evolveum.com> napsal:
>>
>>> An org (O, intent : default) is a member of two organizations (Off1 &
>>> Off2) different by name but the same by nature (intent : office).
>>> This structure results in AD as:
>>> Off1 dn : OU=Off1
>>> Off2 dn : OU=Off2
>>> O in Off1 dn : OU=O,OU=Off1
>>> O in Off2 dn : OU=O,OU=Off2
>>>
>>> I'd like to have multiple AD accounts under O created: OU=O,OU=Off1 and
>>> OU=O,OU=Off2.
>>>
>>> Could someone provide schema handling with multiple accounts support for
>>> the case? I mean TAG support.
>>>
>>> My configuration tries to save multiple values in dn attribute instead
>>> of creating different accounts.
>>>
>>> Thanks,
>>> J
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220213/7359a378/attachment-0001.htm>
More information about the midPoint
mailing list