[midPoint] Fw: Manager info to ActiveDirectory

Mon Jul 24 12:58:23 CEST 2023

**There seems to be something wrong with this mailing list. Repost, because previous mail is not visible on archive and I didn't get a copy from mailing list**

Hello,

I found a working solution for my problem. I send it here in case someone is working with similar scenario in the future. Hopefully this saves a few hours. This one even check if the manager has account in AD and if multiple managers are found with getManager -function this uses info in extended user properties to find out who (if any) is the right one.

<attribute>
                <ref>ri:manager</ref>
                <outbound>
                    <expression>
                        <script>
                            <code>
                                import com.evolveum.midpoint.prism.delta.*;
                                import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
                                UserType manager;
                                Collection<UserType> managers = midpoint.getManagers(focus)
                                // No managers, returning empty string
                                if (managers.size() == 0) {
                                    return ""
                                }

                                // Only one manager found from organization
                                if (managers.size() == 1) {
                                    manager = managers[0]
                                }

                                //Multiple managers, trying to figure out who is the right one
                                else {
                                    String userManager = basic.getExtensionPropertyValue(focus, 'http://example.com/xml/ns/mySchema','supervisorNo').toString();
                                    for (int i = 0;i < managers.size(); i++){
                                        String managerNo = basic.getPropertyValue(managers[i], "employeeNumber");
                                        // Right one found
                                        if (managerNo == userManager) {
                                            manager = managers[i];
                                            break;
                                        }
                                    }
                                    if (manager == null) {
                                        log.warn("Cannog find unambigious manager for " + basic.getPropertyValue(focus, "fullName").toString());
                                        return "";
                                    }

                                }
                                // check if found manager has account in the system
                                ShadowType managershadow = midpoint.getLinkedShadow(manager, resource);
                                if (managershadow != null)
                                {
                                    return basic.getAttributeValue(managershadow, 'dn')
                                }
                                log.warn(basic.getPropertyValue(focus, "fullName").toString()+"'s manager is " + basic.getPropertyValue(manager, "fullName").toString()+" but (s)he does not have account in AD.");
                                return "";
                            </code>
                        </script>
                    </expression>
                </outbound>
            </attribute>

Eetu Salpaharju
Tietokeskus Finland Oy