[midPoint] multiplicity and dependency

[Yakov Revyakin]

Hi all,
I need to support multiple AD OU projections with the same kind/intent
under an MP org, like:
MP Org1:
intent = unit
OU=O1, OU=Org1, DC=example, DC=com
OU=O2, OU=Org1, DC=example, DC=com
...
OU=On, OU=Org1, DC=example, DC=com
This works fine with implemented multiplicity. Tags in this case are O1,
O2, ..., On

I'd like to add support also for dependent OU's like
OU=Users, OU=O1, OU=Org1, DC=example, DC=com
OU=Users, OU=O2, OU=Org1, DC=example, DC=com
...
OU=Users, OU=On, OU=Org1, DC=example, DC=com

It is obvious that Org1 could manage this account too with another intent
and the same tag value. In this case we could have:

tag=O1
intent = unit
OU=O1, OU=Org1, DC=example, DC=com
intent =users
OU=Users, OU=O1, OU=Org1, DC=example, DC=com

tag=O2
intent = unit
OU=O2, OU=Org1, DC=example, DC=com
intent = users
OU=Users, OU=O2, OU=Org1, DC=example, DC=com
...
tag On
intent = unit
OU=On, OU=Org1, DC=example, DC=com
intent = users
OU=Users, OU=On, OU=Org1, DC=example, DC=com

It looks like dependency between accounts with multiplicity doesn't work.
MP raises an exception:
Unsatisfied strict dependency of account [RSD(generic (users/O1)) resource
AD(oid:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2)] dependent on [RSD(generic
(unit)) resource AD(oid:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2)]: Account not
provisioned.
MP tries to provision users/O1 first ignoring the dependency on the unit.
And also it looks like that dependency doesn't know that independent
account also is multiple.

Under the "dependency" tag I can see the tag "tag". What does it mean and
can it help somehow? Any idea how to solve my task?

Thanks,
J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220911/40a51fbc/attachment.htm>