<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Pavol,<br>
thanks for great advice!<br>
<br>
Now I have all application roles saved as multi-valued attribute in
the user in MidPoint.<br>
How can I associate these values with entitlements (roles) in
MidPoint? "AssignmentTargetSearch" in mapping gives me "Expression
returned more than one value" exception (yes, attribute is
multi-valued).<br>
<br>
Thanks!<br>
<br>
Regards<br>
R. Pudil<br>
<br>
<div class="moz-signature">
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p> </p>
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial, sans-serif;
font-size:11px; color:#000000; vertical-align:bottom;">
<p> <span style="font-size:14px; font-weight:bold;">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif; font-size:11px;
color:#000000; vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a href="http://www.ami.cz">www.ami.cz</a> </p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif; font-size:11px;
color:#000000;">
<p> <img src="cid:part3.05060401.02040207@ami.cz"
alt="AMI Praha a.s." title="AMI Praha a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part4.07070407.07030405@ami.cz" alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial, sans-serif;
font-size:11px; color:#808080;"> <br>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani
neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena,
musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
<div class="moz-cite-prefix">Dne 20.6.2015 v 18:38 Pavol Mederly
napsal(a):<br>
</div>
<blockquote cite="mid:55859715.4010001@evolveum.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<div class="moz-cite-prefix">Hello Roman,<br>
<br>
we've recently implemented this scenario for one of our
customers.<br>
<br>
It was done via ScriptedSQL connector, as one resource, having
two object classes:<br>
<br>
- users<br>
- roles<br>
<br>
The user-role association was implemented as a multi-valued
attribute called "roles" in the user. (It could be done also via
attribute "users"/"members" in the role object, but we chose
this way because the user in our case has fewer roles than there
are users for a given role.)<br>
<br>
Groovy scripts in the connector were used as a wrapper that
called stored procedures in the database. These procedures were
responsible for manipulating the tables, including updating
user-role table based on the information that came in the
"roles" attribute.<br>
<br>
It is more complex than using the simple DB connector, but works
nicely.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
On 20. 6. 2015 18:07, Roman Pudil - AMI Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:CAEvfcR9SjJSbD02WP2XEWknhcQza0NG6pjuOP9GHEvc8p=Kauw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi all,
<div>I have 3 tables in database.<br>
</div>
<div><br>
</div>
<div>1) table with users</div>
<div>2) talbe with roles</div>
<div>3) table with users id's assigned to roles id's (M:N
relation)</div>
<div><br>
</div>
<div>First table and second table are connected to midPoint as
two database resources (DB users as identities, DB roles as
midPoint roles). But how to process third table to MidPoint
with users to groups relations? As third resource or not?
How? What is best practice?</div>
<div><br>
</div>
<div>Thanks for any idea!</div>
<div><br>
</div>
<div>Regards!</div>
<div>Roman Pudil</div>
<div>AMI Praha, a.s.</div>
</div>
<div dir="ltr">-- <br>
</div>
<div dir="ltr">
<div>
<p> <span>Roman Pudil</span><br>
solution architect<br>
gsm: [+420] 775 663 666<br>
e-mail: <a moz-do-not-send="true">roman.pudil@ami.cz</a></p>
<table>
<tbody>
<tr>
<td>
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a moz-do-not-send="true">www.ami.cz</a> </p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>