<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Tim,<br>
<br>
if you mean that in GUI you see the attributes on the right side,
then the behaviour is OK. Mapping define only the rules of how the
attribute value is transformed from midPoint to resource (outbound)
or from the resource to midPoint (inbound). All attributes that are
in schema, are displayed by default.<br>
<br>
You can use <ignore>true</ignore> in the
<attribute> you wish do hide. It will not be displayed in GUI.<br>
<br>
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling#ResourceSchemaHandling-AttributeDefinitions">https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling#ResourceSchemaHandling-AttributeDefinitions</a><br>
<br>
There is also a way how to disable attribute editing and display it
as read only using <limitations> (see also the above or our
samples).<br>
<br>
And, the user/account form honors the security authorizations, so
some users can see / edit different values as other if the security
authorizations are configured and assigned to user (as roles).<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06/18/2015 06:30 PM,
<a class="moz-txt-link-abbreviated" href="mailto:Tim.Strong@sita.aero">Tim.Strong@sita.aero</a> wrote:<br>
</div>
<blockquote
cite="mid:OF92A942FA.E58E5588-ON85257E68.0058AC4C-85257E68.005AA55C@sita.aero"
type="cite"><font face="sans-serif" size="2">Hi Ivan,</font>
<br>
<font face="sans-serif" size="2">That is what I expected, but I
have
all attributes shown in my resource accounts. (Still
unmatched
to users, haven't made it there yet/one step at a time.)</font>
<br>
<br>
<font face="sans-serif" size="2">I have one inbound mapping
expression
as per below, so shouldn't that mean all other attributes should
*not*
appear in the resource accounts? For passing the attributes
from
the resource to the midPoint user, I can see how that works, no
mapping=no
attribute for the user.</font>
<br>
<br>
<font size="3"><schemaHandling></font>
<br>
<font size="3"> <objectType></font>
<br>
<font size="3"> <displayName>AD-LDAP
Accounts</displayName></font>
<br>
<font size="3"> <default>true</default></font>
<br>
<font size="3">
<objectClass>ri:AccountObjectClass</objectClass></font>
<br>
<font size="3"> <attribute></font>
<br>
<font size="3"> <c:ref>icfs:uid</c:ref></font>
<br>
<font size="3">
<exclusiveStrong>false</exclusiveStrong></font>
<br>
<font size="3"> <tolerant>true</tolerant></font>
<br>
<font size="3"> <inbound></font>
<br>
<font size="3">
<authoritative>true</authoritative></font>
<br>
<font size="3">
<exclusive>false</exclusive></font>
<br>
<font size="3">
<strength>normal</strength></font>
<br>
<font size="3"> <target></font>
<br>
<font size="3">
<c:path>$user/employeeNumber</c:path></font>
<br>
<font size="3"> </target></font>
<br>
<font size="3"> </inbound></font>
<br>
<font size="3"> </attribute></font>
<br>
<font size="3"> <credentials></font>
<br>
<font size="3"> <password/></font>
<br>
<font size="3"> </credentials></font>
<br>
<font size="3"> </objectType></font>
<br>
<font size="3"> </schemaHandling></font>
<br>
<br>
<br>
<font face="sans-serif" size="2">Thanks</font>
<br>
<font face="sans-serif" size="2">Ts</font>
<br>
<br>
<br>
<br>
<br>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">From:
</font><font face="sans-serif" size="1">Ivan Noris
<a class="moz-txt-link-rfc2396E" href="mailto:ivan.noris@evolveum.com"><ivan.noris@evolveum.com></a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">To:
</font><font face="sans-serif" size="1"><a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>,
</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Date:
</font><font face="sans-serif" size="1">06/18/2015 11:23 AM</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Subject:
</font><font face="sans-serif" size="1">Re: [midPoint]
ldap account attribute filtering</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Sent by:
</font><font face="sans-serif" size="1">"midPoint"
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a></font>
<br>
<hr noshade="noshade">
<br>
<br>
<br>
<font size="3">Hi Tim,<br>
<br>
if an attribute definition has no inbound expression, the value
of the
resource attribute will not be synchronized to midPoint.<br>
<br>
Regards,<br>
Ivan<br>
</font>
<br>
<font size="3">On 06/18/2015 04:56 PM, </font><a
moz-do-not-send="true" href="mailto:Tim.Strong@sita.aero"><font
color="blue" size="3"><u>Tim.Strong@sita.aero</u></font></a><font
size="3">
wrote:</font>
<br>
<font face="sans-serif" size="2">Hi folks,</font><font size="3"> </font><font
face="sans-serif" size="2"><br>
How do I restrict which attributes are synchronized from an LDAP
resource?</font><font size="3">
</font><font face="sans-serif" size="2"><br>
Is this going to be in schema handling, attributes, fetch
strategy=>explicit
for each attribute?</font><font size="3"> <br>
</font><font face="sans-serif" size="2"><br>
If so, is there a a way to default explicit for attributes and
then only
specify the ones we want to synchronize to midpoint?</font><font
size="3">
<br>
</font><font face="sans-serif" size="2"><br>
I suspect this comes up fairly often since, but I haven't been
able to
quickly find any references to it.</font><font size="3"> <br>
</font><font face="sans-serif" size="2"><br>
Thanks</font><font size="3"> </font><font face="sans-serif"
size="2"><br>
Tim</font>
<p><font size="3">See you at the 2015 Air Transport IT Summit,
Brussels,
16-18 June Click here to register your place now.. </font><a
moz-do-not-send="true" href="http://www.sitasummit.aero/"><font
color="blue" size="3"><u>http://www.sitasummit.aero/</u></font></a><font
size="3">
This document is strictly confidential and intended only for
use by the
addressee unless otherwise stated. If you are not the intended
recipient,
please notify the sender immediately and delete it from your
system. </font>
</p>
<p><font size="3"><br>
</font>
<br>
<tt><font size="3">_______________________________________________<br>
midPoint mailing list<br>
</font></tt><a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"><tt><font
color="blue" size="3"><u>midPoint@lists.evolveum.com</u></font></tt></a><tt><font
size="3"><br>
</font></tt><a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"><tt><font
color="blue" size="3"><u>http://lists.evolveum.com/mailman/listinfo/midpoint</u></font></tt></a><tt><font
size="3"><br>
</font></tt>
<br>
<br>
<tt><font size="3">-- <br>
Ing. Ivan Noris<br>
Senior Identity Management Engineer & IDM Architect<br>
evolveum.com
evolveum.com/blog/<br>
___________________________________________________<br>
"Semper Id(e)M Vix."<br>
</font></tt><tt><font size="2">_______________________________________________<br>
midPoint mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
</font></tt><a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"><tt><font
size="2">http://lists.evolveum.com/mailman/listinfo/midpoint</font></tt></a><tt><font
size="2"><br>
</font></tt>
<br>
<br>
</p>
<p>
See you at the 2015 Air Transport IT Summit, Brussels, 16-18
June
Click here to register your place now..
<a class="moz-txt-link-freetext" href="http://www.sitasummit.aero/">http://www.sitasummit.aero/</a>
This document is strictly confidential and intended only for use
by the
addressee unless otherwise stated. If you are not the intended
recipient,
please notify the sender immediately and delete it from your
system.
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>