[midPoint] Organization Assignment Update via User Attribute

Alexander Bruckner alexander.bruckner at ventum.com
Thu Mar 24 09:42:26 CET 2022 

Hello everyone,

I have a question regarding some configurations with organizations and users and hoped one of you might be able to help:
Our users are read in from a CSV file and have an attribute that shows the organizational ID of their organization e.g. 9921 in the field organizationalUnit, which is also the name and identifier of the organization object in Midpoint.
To automatically assign the organization to the user we use an objectTemplate with this item:

<ref>assignment</ref>
        <mapping id="2">
            <strength>strong</strength>
            <authoritative>true</authoritative>
            <source>
                <path>organizationalUnit</path>
            </source>
            <target>
                <set>
                    <predefined>all</predefined>
                </set>
            </target>
            <expression>
                <assignmentTargetSearch>
                    <targetType>OrgType</targetType>
                    <filter>
                        <q:equal>
                            <q:path>identifier</q:path>
                            <expression>
                                <path>$organizationalUnit</path>
                            </expression>
                        </q:equal>
                    </filter>
                </assignmentTargetSearch>
            </expression>
        </mapping>

This is referenced in the object Synchronization of the CSV Resource for the user accounts:

<objectSynchronization>
            <name>Default account</name>
            <kind>account</kind>
            <intent>default</intent>
            <enabled>true</enabled>
            <correlation>
                <q:equal>
                    <q:path>name</q:path>
                    <expression>
                        <path>$projection/attributes/ri:globalID</path>
                    </expression>
                </q:equal>
                <q:description>
                          Correlation expression is a search query.
                          Following search queury will look for users that have "name"
                          equal to the "name" attribute of the account. Simply speaking,
                          it will look for match in usernames in the IDM and the resource.
                          The correlation rule always looks for users, so it will not match
                          any other object type.
                      </q:description>
            </correlation>
            <reconcile>false</reconcile>
            <reaction>
                <situation>linked</situation>
                <synchronize>true</synchronize>
                <reconcile>false</reconcile>
                <objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
            </reaction>
            <reaction>
                <situation>deleted</situation>
                <synchronize>true</synchronize>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
                </action>
            </reaction>
            <reaction>
                <situation>unlinked</situation>
                <synchronize>true</synchronize>
                <reconcile>false</reconcile>
                <objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
                </action>
            </reaction>
            <reaction>
                <situation>unmatched</situation>
                <synchronize>true</synchronize>
                <reconcile>false</reconcile>
                <objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
                </action>
            </reaction>
        </objectSynchronization>

The adding of the assignment is working fine, but on a change of the current organization in CSV we would like to remove the old organization assignment and replace it with the new one. Right now if we change the organization in CSV the old assignment remains and a new one is added.
>From my understanding the target -> set -> predefined -> all should resolve this but it still just adds the new organization
Am I missing some configuration in the objectTemplate or is the logic for this somewhere else?

If any of you could help us with this it would be greatly appreciated!

Thank you and best regards,
Alexander Bruckner


Alexander Bruckner

ventum consulting gmbh
Ernst-Melchior-Gasse 24, 1020 Wien, Austria
Telefon:   +43 1 535 34 22
Mobil:      +43 664 8451338


alexander.bruckner at ventum.com<mailto:alexander.bruckner at ventum.com>
www.ventum.com<http://www.ventum-consulting.com/>

Handelsgericht Wien, FN 262373V
_________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220324/e47e3855/attachment-0001.htm>

More information about the midPoint mailing list