[midPoint] Organization Assignment Update via User Attribute
Alexander Bruckner
alexander.bruckner at ventum.com
Tue Mar 29 09:09:39 CEST 2022
Hello Yakov,
thank you for your suggestion!
We managed to solve our issue a day before receiving your advice by including the following XML snippet in the resource as part of the organizationalUnit attribute under SchemaHandling for account:
<attribute id="120">
<ref>ri:Department</ref>
<displayName>Department</displayName>
<limitations>
<minOccurs>0</minOccurs>
<maxOccurs>1</maxOccurs>
<access>
<read>true</read>
<add>false</add>
<modify>false</modify>
</access>
</limitations>
<inbound id="16">
<strength>strong</strength>
<target>
<path>$focus/organizationalUnit</path>
<set>
<predefined>all</predefined>
</set>
</target>
</inbound>
</attribute>
This also fixed our problem and allowed us to replace the Org assignment of the users.
Thanks again for your help and best Regards,
Alexander Bruckner
ventum consulting gmbh
Ernst-Melchior-Gasse 24, 1020 Wien, Austria
Telefon: +43 1 535 34 22
Mobil: +43 664 8451338
alexander.bruckner at ventum.com<mailto:alexander.bruckner at ventum.com>
www.ventum.com<http://www.ventum-consulting.com/>
Handelsgericht Wien, FN 262373V
_________________________________
Von: Yakov Revyakin <yrevyakin at gmail.com>
Gesendet: Samstag, 26. März 2022 13:26
An: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Alexander Bruckner <alexander.bruckner at ventum.com>
Betreff: Re: [midPoint] Organization Assignment Update via User Attribute
I think object template should include assignment target as the following:
<target>
<path>assignment></path>
<set>
<predefined>all</predefined>
</set>
</target>
On Thu, 24 Mar 2022 at 10:43, Alexander Bruckner via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Hello everyone,
I have a question regarding some configurations with organizations and users and hoped one of you might be able to help:
Our users are read in from a CSV file and have an attribute that shows the organizational ID of their organization e.g. 9921 in the field organizationalUnit, which is also the name and identifier of the organization object in Midpoint.
To automatically assign the organization to the user we use an objectTemplate with this item:
<ref>assignment</ref>
<mapping id="2">
<strength>strong</strength>
<authoritative>true</authoritative>
<source>
<path>organizationalUnit</path>
</source>
<target>
<set>
<predefined>all</predefined>
</set>
</target>
<expression>
<assignmentTargetSearch>
<targetType>OrgType</targetType>
<filter>
<q:equal>
<q:path>identifier</q:path>
<expression>
<path>$organizationalUnit</path>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
</mapping>
This is referenced in the object Synchronization of the CSV Resource for the user accounts:
<objectSynchronization>
<name>Default account</name>
<kind>account</kind>
<intent>default</intent>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<path>$projection/attributes/ri:globalID</path>
</expression>
</q:equal>
<q:description>
Correlation expression is a search query.
Following search queury will look for users that have "name"
equal to the "name" attribute of the account. Simply speaking,
it will look for match in usernames in the IDM and the resource.
The correlation rule always looks for users, so it will not match
any other object type.
</q:description>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<objectTemplateRef oid="1ac7e1d5-c346-46c4-b69e-a13c07b1e7e2" relation="org:default" type="c:ObjectTemplateType"/>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
The adding of the assignment is working fine, but on a change of the current organization in CSV we would like to remove the old organization assignment and replace it with the new one. Right now if we change the organization in CSV the old assignment remains and a new one is added.
From my understanding the target -> set -> predefined -> all should resolve this but it still just adds the new organization
Am I missing some configuration in the objectTemplate or is the logic for this somewhere else?
If any of you could help us with this it would be greatly appreciated!
Thank you and best regards,
Alexander Bruckner
Alexander Bruckner
ventum consulting gmbh
Ernst-Melchior-Gasse 24, 1020 Wien, Austria
Telefon: +43 1 535 34 22
Mobil: +43 664 8451338
alexander.bruckner at ventum.com<mailto:alexander.bruckner at ventum.com>
www.ventum.com<http://www.ventum-consulting.com/>
Handelsgericht Wien, FN 262373V
_________________________________
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220329/0b8af39f/attachment-0001.htm>
More information about the midPoint
mailing list