<font size=2 face="sans-serif">Hi Ivan,</font>
<br><font size=2 face="sans-serif">That is what I expected, but I have
all attributes shown in my resource accounts. (Still unmatched
to users, haven't made it there yet/one step at a time.)</font>
<br>
<br><font size=2 face="sans-serif">I have one inbound mapping expression
as per below, so shouldn't that mean all other attributes should *not*
appear in the resource accounts? For passing the attributes from
the resource to the midPoint user, I can see how that works, no mapping=no
attribute for the user.</font>
<br>
<br><font size=3><schemaHandling></font>
<br><font size=3> <objectType></font>
<br><font size=3> <displayName>AD-LDAP
Accounts</displayName></font>
<br><font size=3> <default>true</default></font>
<br><font size=3> <objectClass>ri:AccountObjectClass</objectClass></font>
<br><font size=3> <attribute></font>
<br><font size=3> <c:ref>icfs:uid</c:ref></font>
<br><font size=3> <exclusiveStrong>false</exclusiveStrong></font>
<br><font size=3> <tolerant>true</tolerant></font>
<br><font size=3> <inbound></font>
<br><font size=3> <authoritative>true</authoritative></font>
<br><font size=3> <exclusive>false</exclusive></font>
<br><font size=3> <strength>normal</strength></font>
<br><font size=3> <target></font>
<br><font size=3>
<c:path>$user/employeeNumber</c:path></font>
<br><font size=3> </target></font>
<br><font size=3> </inbound></font>
<br><font size=3> </attribute></font>
<br><font size=3> <credentials></font>
<br><font size=3> <password/></font>
<br><font size=3> </credentials></font>
<br><font size=3> </objectType></font>
<br><font size=3> </schemaHandling></font>
<br>
<br>
<br><font size=2 face="sans-serif">Thanks</font>
<br><font size=2 face="sans-serif">Ts</font>
<br>
<br>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">Ivan Noris <ivan.noris@evolveum.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">midpoint@lists.evolveum.com,
</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">06/18/2015 11:23 AM</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">Re: [midPoint]
ldap account attribute filtering</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">"midPoint"
<midpoint-bounces@lists.evolveum.com></font>
<br>
<hr noshade>
<br>
<br>
<br><font size=3>Hi Tim,<br>
<br>
if an attribute definition has no inbound expression, the value of the
resource attribute will not be synchronized to midPoint.<br>
<br>
Regards,<br>
Ivan<br>
</font>
<br><font size=3>On 06/18/2015 04:56 PM, </font><a href=mailto:Tim.Strong@sita.aero><font size=3 color=blue><u>Tim.Strong@sita.aero</u></font></a><font size=3>
wrote:</font>
<br><font size=2 face="sans-serif">Hi folks,</font><font size=3> </font><font size=2 face="sans-serif"><br>
How do I restrict which attributes are synchronized from an LDAP resource?</font><font size=3>
</font><font size=2 face="sans-serif"><br>
Is this going to be in schema handling, attributes, fetch strategy=>explicit
for each attribute?</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
If so, is there a a way to default explicit for attributes and then only
specify the ones we want to synchronize to midpoint?</font><font size=3>
<br>
</font><font size=2 face="sans-serif"><br>
I suspect this comes up fairly often since, but I haven't been able to
quickly find any references to it.</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
Thanks</font><font size=3> </font><font size=2 face="sans-serif"><br>
Tim</font>
<p><font size=3>See you at the 2015 Air Transport IT Summit, Brussels,
16-18 June Click here to register your place now.. </font><a href=http://www.sitasummit.aero/><font size=3 color=blue><u>http://www.sitasummit.aero/</u></font></a><font size=3>
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system. </font>
<p><font size=3><br>
</font>
<br><tt><font size=3>_______________________________________________<br>
midPoint mailing list<br>
</font></tt><a href=mailto:midPoint@lists.evolveum.com><tt><font size=3 color=blue><u>midPoint@lists.evolveum.com</u></font></tt></a><tt><font size=3><br>
</font></tt><a href=http://lists.evolveum.com/mailman/listinfo/midpoint><tt><font size=3 color=blue><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></font></tt></a><tt><font size=3><br>
</font></tt>
<br>
<br><tt><font size=3>-- <br>
Ing. Ivan Noris<br>
Senior Identity Management Engineer & IDM Architect<br>
evolveum.com
evolveum.com/blog/<br>
___________________________________________________<br>
"Semper Id(e)M Vix."<br>
</font></tt><tt><font size=2>_______________________________________________<br>
midPoint mailing list<br>
midPoint@lists.evolveum.com<br>
</font></tt><a href=http://lists.evolveum.com/mailman/listinfo/midpoint><tt><font size=2>http://lists.evolveum.com/mailman/listinfo/midpoint</font></tt></a><tt><font size=2><br>
</font></tt>
<br><BR/><p>
See you at the 2015 Air Transport IT Summit, Brussels, 16-18 June
Click here to register your place now.. http://www.sitasummit.aero/
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
</p>