<div dir="ltr">Hi Ivan<div><br></div><div>First of all Ldap connector supports Auxiliary object classes. I have tested it and it works for me.</div><div><br></div><div>Secondly, The host attribute is defined in resource schema and I have added it in Schema Handling but i do not have any outbound mapping right now (quite usual for our requirement, most of the resources have such attributes that cannot be mapped to any focal object in midpoint).</div><div><br></div><div>Is it possible that i can map whatever user has entered (instead of mapping the host or any other attribute to midpoint's focal object) to target resource attribute in outbound mapping.</div><div><br></div><div>What my concern is there is no way in UI to set the strength and doing it at policy level is quite unmanageable(resource is one but inducement will be thousands). </div><div><br></div><div>So just to summarize </div><div>- we want this to be done at resource level.</div><div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div>- i think it is achievable if we can define outbound mapping so that user entered value is mapped to target attribute.</div><div><br></div><div><br></div></blockquote>Thanks</div><div>Anand</div><div><br></div><img width="0" height="0" class="mailtrack-img" src="https://mailtrack.io/trace/mail/546bca2060316b78bc92692baeee1f47ed12f78f.png"></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 22, 2015 at 8:36 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi,<br>
<br>
as you have the mapping in role, not in resource, you should have
the mapping set as strong for "host" attribute in <b>all</b>
applicable roles (that are setting this attribute).<br>
<br>
There will be no configuration in resource, because there is no
mapping for that attribute at the resource level. The strength
always applies to the mapping definition.<br>
<br>
You mentioned that this is auxiliary object class. Not sure if the
LDAP connector supports such classes...<br>
<br>
Regards,<br>
I.<div><div class="h5"><br>
<br>
<div>On 01/22/2015 03:49 PM, Anand Kothekar
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Yes, the host attribute will be entered by the user who is
managing the midpoint or it will be populated in inducement of
a role by our custom code . It will never be automated to get
the value from any focus object like User.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Anand</div>
<div><br>
</div>
<div><br>
</div>
<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 22, 2015 at 7:56 PM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Anand,<br>
<br>
can you please be more precise about "value entered by
user"?<br>
Do you mean that the host and/or(?) description attributes
are expected to be managed by the user who is editing the
user in midPoint, on the right side of User details in
Accounts part? Are these expected to be set always
explicitly by the user? No automation from midpoint user
attributes?<br>
<br>
Thanks,<br>
I.
<div>
<div><br>
<br>
<div>On 01/22/2015 02:03 PM, Anand Kothekar wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Ivan,
<div><br>
</div>
<div>Thanks for your inputs.</div>
<div><br>
</div>
<div>I tried it by adding this constraint in
inducement itself and it worked but I want to do
this at resource level.</div>
<div><br>
</div>
<div>I tried adding the same in resource but the
thing is I do not have any outbound mapping
defined for these attributes (as I use the value
entered by user ) now if I add only strength
property in outbound it gives me Error.</div>
<div><br>
</div>
<div>Can you help me with pointing to the right
kind of mapping I need to do.</div>
<div><br>
</div>
<div>Here is the host attribute snippet from my
resource: </div>
<div>
<div> <attribute></div>
<div> <ref xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>">ri:host</ref></div>
<div> <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule></div>
<div> <outbound></div>
<div>
<strength>strong</strength></div>
<div> </outbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div>I need to know how I can map value entered by
user.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,<br>
</div>
<div>Anand Kothekar</div>
<div><br>
</div>
<img height="0" width="0"></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jan 22, 2015 at
5:52 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi
Anand,<br>
<br>
can you please define the mappings for
description and host attributes as strong?<br>
<br>
Something like:<br>
<br>
<attribute><br>
<ref>ri:description</ref><br>
<outbound><br>
<b>
<strength>strong</strength></b><b><br>
</b>. . .<br>
</outbound><br>
</attribute><br>
Then run the reconciliation again please.<br>
<br>
If you already have this configured and it
does not work, please share the attribute
mappings here.<br>
<br>
Regards,<br>
I.
<div>
<div><br>
<br>
<div>On 01/20/2015 11:15 AM, Anand
Kothekar wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>I have been playing around with
role inducements and found some
issue, need some quick help as
inducements are quite important
for our solution.</div>
<div><br>
</div>
<div><u>Issue:</u> Inducement
updates are not propagated
properly to User after
reconciliation.</div>
<div><br>
</div>
<div><u>Details:</u> When user is a
assigned a role having a resource
inducement, User gets appropriate
accounts and induced group
memberships. Now Changing some
attributes in role inducements are
not propagated after reconciling
User.</div>
<div><br>
</div>
<div><u>Steps Followed:</u></div>
<div>- I added and ldap resource
inducement in a new Role<b>. </b>I
provided some attributes
like LdapGroups, Host, and
description.<br>
</div>
<div>- User is assigned to this
Role. User gets the ldap account,
appropriate group memberships and
other attributes specified in
inducement (i.e. description
,host(multivalued attribute from
an Auxiliary object class)). So
all good till now.</div>
<div>- Now I updated the
Resource inducement for example
changed the description, added few
groups, added few host.</div>
<div>- After inducement modification
I reconciled the User, and
following are the results:</div>
<div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>- Group membership is
updated appropriately.</div>
</blockquote>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>- Description is not
updated</div>
</blockquote>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>- host attribute is not
updated</div>
</blockquote>
</div>
<div><br>
</div>
<div>Can you guys please check and
let me know if I am doing
something wrong or is it a problem
somewhere in my resource or some
other issue with midpoint system.</div>
<div><br>
</div>
<div>Regards</div>
<div>Anand Kothekar</div>
<img height="0" width="0"></div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint-dev mailing list
<a href="mailto:midPoint-dev@lists.evolveum.com" target="_blank">midPoint-dev@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint-dev" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint-dev</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
</blockquote></div><br></div>