[midPoint] AD LDAP Connector & manager attribute,

Tue Jul 9 22:01:59 CEST 2024

Hello Keith

We’ve written this custom function to get the user’s manager DN
We use midpoint’s getManagers function, then get the DN from the manager’s AD shadow

<function>
    <name>getManagerDN</name>
    <parameter xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ExpressionParameterType">
        <name>user</name>
        <type>c:UserType</type>
    </parameter>
    <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
        <code>
            import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType
            import static com.evolveum.midpoint.schema.constants.SchemaConstants.*
            import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;

            tmpManagers = midpoint.getManagers(user)
            managerUser = null

            if (!tmpManagers?.isEmpty()) {
                managerUser = tmpManagers.iterator().next()
            }
            if (managerUser) {
                //get shadow for the resource we're interested (by oid)
                managerShadow = midpoint.getLinkedShadow(managerUser, 'your-ad-resource-oid-here', ShadowKindType.ACCOUNT, 'default')
                if (managerShadow) {
                    return basic.getAttributeValue(managerShadow, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn')
                }
            }
            return null
        </code>
    </script>
</function>

> Em 9 de jul. de 2024, à(s) 13:51, Keith Hazelton via midPoint <midpoint at lists.evolveum.com> escreveu:
> 
> Found this in the list archives. Does anyone have a bette solution?
> 
> https://lists.evolveum.com/pipermail/midpoint/2020-December/006654.htmlr
> 
>      --KeithH
> From: midPoint <midpoint-bounces at lists.evolveum.com <mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Philippe via midPoint <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> Sent: Tuesday, July 9, 2024 11:30 AM
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> Cc: philippebriffod at laposte.net <mailto:philippebriffod at laposte.net> <philippebriffod at laposte.net <mailto:philippebriffod at laposte.net>>
> Subject: [midPoint] AD LDAP Connector & manager attribute,
>  
> ‌Hello,
> I'm looking a way to provision the "manager" attribute in Active Directory
> This attribute must be contain a DN
> Is there a way to search in AD (via the connector) or in the account list of the AD resource in Midpoint to get this DN from the manager login or identifier ?
> 
> Thanks
> Philippe
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240709/a86ab81e/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6278 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240709/a86ab81e/attachment-0001.bin>