[midPoint] Organization Assignment Update via User Attribute
Yakov Revyakin
yrevyakin at gmail.com
Sat Mar 26 13:26:21 CET 2022
I think object template should include assignment target as the following:
<target>
* <path>assignment></path>*
<set>
<predefined>all</predefined>
</set>
</target>
On Thu, 24 Mar 2022 at 10:43, Alexander Bruckner via midPoint <
midpoint at lists.evolveum.com> wrote:
> Hello everyone,
>
>
>
> I have a question regarding some configurations with organizations and
> users and hoped one of you might be able to help:
>
> Our users are read in from a CSV file and have an attribute that shows the
> organizational ID of their organization e.g. 9921 in the field
> organizationalUnit, which is also the name and identifier of the
> organization object in Midpoint.
>
> To automatically assign the organization to the user we use an
> objectTemplate with this item:
>
>
>
> <ref>assignment</ref>
>
> <mapping id="2">
>
> <strength>strong</strength>
>
> <authoritative>true</authoritative>
>
> <source>
>
> <path>organizationalUnit</path>
>
> </source>
>
> <target>
>
> <set>
>
> <predefined>all</predefined>
>
> </set>
>
> </target>
>
> <expression>
>
> <assignmentTargetSearch>
>
> <targetType>OrgType</targetType>
>
> <filter>
>
> <q:equal>
>
> <q:path>identifier</q:path>
>
> <expression>
>
> <path>$organizationalUnit</path>
>
> </expression>
>
> </q:equal>
>
> </filter>
>
> </assignmentTargetSearch>
>
> </expression>
>
> </mapping>
>
>
>
> This is referenced in the object Synchronization of the CSV Resource for
> the user accounts:
>
>
>
> <objectSynchronization>
>
> <name>Default account</name>
>
> <kind>account</kind>
>
> <intent>default</intent>
>
> <enabled>true</enabled>
>
> <correlation>
>
> <q:equal>
>
> <q:path>name</q:path>
>
> <expression>
>
> <path>$projection/attributes/ri:globalID</path>
>
> </expression>
>
> </q:equal>
>
> <q:description>
>
> Correlation expression is a search query.
>
> Following search queury will look for users that
> have "name"
>
> equal to the "name" attribute of the account.
> Simply speaking,
>
> it will look for match in usernames in the IDM
> and the resource.
>
> The correlation rule always looks for users, so
> it will not match
>
> any other object type.
>
> </q:description>
>
> </correlation>
>
> <reconcile>false</reconcile>
>
> <reaction>
>
> <situation>linked</situation>
>
> <synchronize>true</synchronize>
>
> <reconcile>false</reconcile>
>
> <objectTemplateRef
> oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default"
> type="c:ObjectTemplateType"/>
>
> </reaction>
>
> <reaction>
>
> <situation>deleted</situation>
>
> <synchronize>true</synchronize>
>
> <action>
>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
> </handlerUri>
>
> </action>
>
> </reaction>
>
> <reaction>
>
> <situation>unlinked</situation>
>
> <synchronize>true</synchronize>
>
> <reconcile>false</reconcile>
>
> <objectTemplateRef
> oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default"
> type="c:ObjectTemplateType"/>
>
> <action>
>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
> </handlerUri>
>
> </action>
>
> </reaction>
>
> <reaction>
>
> <situation>unmatched</situation>
>
> <synchronize>true</synchronize>
>
> <reconcile>false</reconcile>
>
> <objectTemplateRef
> oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default"
> type="c:ObjectTemplateType"/>
>
> <action>
>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
> </handlerUri>
>
> </action>
>
> </reaction>
>
> </objectSynchronization>
>
>
>
> The adding of the assignment is working fine, but on a change of the
> current organization in CSV we would like to remove the old organization
> assignment and replace it with the new one. Right now if we change the
> organization in CSV the old assignment remains and a new one is added.
>
> From my understanding the target -> set -> predefined -> all should
> resolve this but it still just adds the new organization
>
> Am I missing some configuration in the objectTemplate or is the logic for
> this somewhere else?
>
>
>
> If any of you could help us with this it would be greatly appreciated!
>
>
>
> Thank you and best regards,
>
> Alexander Bruckner
>
>
>
>
>
> *Alexander Bruckner*
>
>
>
> *ventum **consulting gmbh*
> Ernst-Melchior-Gasse 24, 1020 Wien, Austria
>
> Telefon: +43 1 535 34 22
>
> Mobil: +43 664 8451338
>
>
>
>
> alexander.bruckner at ventum.com
>
> www.ventum.com <http://www.ventum-consulting.com/>
>
>
>
> Handelsgericht Wien, FN 262373V
>
> _________________________________
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220326/99f815ac/attachment-0001.htm>
More information about the midPoint
mailing list