[midPoint] Fw: Manager info to ActiveDirectory

Eetu Salpaharju Eetu.Salpaharju at tietokeskus.fi
Wed Jul 19 15:49:02 CEST 2023 

** This is a repost for this message. For some reason first never ended up to the mailing list, or at least to archive page. Sorry if you get this message twice **

Hello,

TL;DR; If someone has working solution to populate AD manager field with Midpoint, I'd love to see how it is done.


I have MS Active Directory resource and I'd need to populate manager field. I have users manager information stored in Midpoint in two different ways:

I've extended user schema and added a field named supervisorNo which is reference to employeeNumber in managers user object. I wish I could use that field somehow like this

<attribute>
    <ref>ri:manager</ref>
    <displayName>Manager</displayName>
    <outbound>
        <source>
            <path xmlns:tkuser="http://example.com/xml/ns/mySchema">$user/extension/tkuser:supervisorNo</path>
        </source>
        <expression>
            <script>
                <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
                <variable>
                    <name>manager</name>
                    <value>
                        <!--Find right user in here -->
                    </value>
                </variable>
                <code>
                    concat('CN=', manager.fullName,',OU=Users,DC=example,DC=com')
                </code>
            </script>
        </expression>
    </outbound>
</attribute>

But I cannot figure out how to get another user object as variable in that script.


Another approach would be something suggested in https://lists.evolveum.com/pipermail/midpoint/2016-March/001702.html . I have organization units for users and they have correct managers. BUT... I haven't find any examples how to use getManagers() -function in Groovy and in XML definitions. And links mentioned on that post doesn't work anymore.

And another problem is that I have multiple organizational structures (based on managers, cost centers, locations etc). Each of those can have manager(s) defined so I don't know how to find right manager for a user to use in Active Directory context. One solution would be to use getManagersByOrgType -fucntion but I haven't find a way to define orgType for my organization units. According to https://docs.evolveum.com/midpoint/reference/org/organizational-structure/ -> important properties of org objects -table there should be orgType as a property, but when I try to use it as inbound mapping, Midpoint says that such property does not exists.


- Eetu

More information about the midPoint mailing list