<div dir="ltr">Ok so that makes a little more sense,<div><br></div><div>The meta role is used so that when a user is created in the "GUI" and is assigned an Org, they will then be created in AD in the same Org. This is that we do not have manually type out the entire OU Path.</div><div><br></div><div>Here is the role,</div><div><br></div><div><div>   <name>Metarole for Orgs</name></div><div>   <description></div><div>        This MetaRole will add the current assigned organization to the organization attribute.</div><div>    </description></div><div>   <metadata></div><div>      <createTimestamp>2015-02-16T13:26:01.203-06:00</createTimestamp></div><div>      <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef></div><div>      <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel></div><div>   </metadata></div><div>   <inducement id="1"></div><div>      <focusMappings></div><div>         <mapping></div><div>            <source></div><div>               <c:path>$immediateRole/name</c:path></div><div>            </source></div><div>            <target></div><div>               <c:path>$focus/organization</c:path></div><div>            </target></div><div>         </mapping></div><div>      </focusMappings></div><div>      <order>2</order></div><div>   </inducement></div><div></role></div></div><div><br></div><div>What would you recommend I try?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 16, 2015 at 3:39 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    Hi Jason,<br>
    <br>
    Pavol and I are looking into the logs.<br>
    <br>
    It seems that the user has assigned organization OU=_DISABLED,OU=SHP
    Students,DC=TEST,DC=LOCAL, oid cce5ec38-5246-4368-9e7b-6b049e01ef4d,
    which sets the attribute "organization" (using the metarole).<br>
    <br>
    Additionally, the user template you posted, also sets the attribute
    "organization", so after processing, user has TWO values of
    organization attribute and this eventually fails in mapping for (AD)
    icfs:name.<br>
    <br>
    How is the first role assigned and why it's kept assigned..?<br>
    <br>
    Regards,<br>
    Ivan<div><div class="h5"><br>
    <br>
    <div>On 10/16/2015 09:55 PM, Jason Everling
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">But the users do not have 2 "organizations in their
        profile, they end up with only 1,
        <div><br>
        </div>
        <div>doesn't the "authoritive" flag ensure that only one value
          exists for any multi value attribute?</div>
        <div><br>
        </div>
        <div>I attached the template that kicks off when a user is added
          back to CSV</div>
        <div><br>
        </div>
        <div>JASON</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Fri, Oct 16, 2015 at 2:52 PM, Jason
          Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">So yes, during the re adding of the user, a
              template kicks off, which all it does, is add back their
              original organization based on costCenter, which then
              causes them to be enabled and moved in into another AD
              container.</div>
            <div class="gmail_extra">
              <div>
                <div><br>
                  <div class="gmail_quote">On Fri, Oct 16, 2015 at 2:50
                    PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank"></a><a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                      <div text="#000000" bgcolor="#FFFFFF"> This is
                        strange.<br>
                        <br>
                        The two values have the same initial, so I start
                        to believe that the two values are produced by
                        "organization" attribute.<br>
                        <br>
                        Can you please check if this user has one or two
                        values of user/organization? One seems to be
                        "OU=DISABLED..."<span><font color="#888888"><br>
                            <br>
                            I.</font></span><span><br>
                          <br>
                          <div>On 10/16/2015 09:02 PM, Jason Everling
                            wrote:<br>
                          </div>
                        </span>
                        <blockquote type="cite">
                          <div>
                            <div>
                              <div dir="ltr">Here is the situation,
                                <div><br>
                                </div>
                                <div>I am running into a issue, if the
                                  user in the CSV has a middle initial
                                  that was not there before and does not
                                  have that value in AD then I get an
                                  error,<br clear="all">
                                  <div><br>
                                  </div>
                                  <div><span>Attempt to replace 2 values
                                      to a single-valued item
                                      attributes/name; values:
                                      [PPV(String:cn=Charlie K.
                                      Brown,OU=DISABLED,OU=Students,DC=TEST,DC=LOCAL),
                                      PPV(String:cn=Charlie K. Brown,</span><span>OU=Dept,OU=Users,OU=Students,</span><span>DC=TEST,DC=LOCAL)]</span><br>
                                  </div>
                                  <div><span><br>
                                    </span></div>
                                  <div><span>The above users original
                                      "name" in AD is</span></div>
                                  <div><span>cn=Charlie
                                      Brown,OU=Dept,OU=Users,OU=Students,DC=TEST,DC=LOCAL</span><span><br>
                                    </span></div>
                                  <div><span><br>
                                    </span></div>
                                  <div><span>So when they are added to
                                      CSV with a middle initial it is
                                      trying to build the new name like
                                      in the first example and fails.</span></div>
                                  <div><br>
                                  </div>
                                  <div>My AD DN code is,</div>
                                  <div><br>
                                  </div>
                                  <div>
                                    <div><span style="white-space:pre-wrap">      </span>if

                                      (additionalName == null) {</div>
                                    <div><span style="white-space:pre-wrap">      </span>return

                                      'cn='+givenName+'
                                      '+familyName+iterationToken+','+organization+'';</div>
                                    <div><span style="white-space:pre-wrap">      </span>}
                                      else {</div>
                                    <div><span style="white-space:pre-wrap">      </span>return

                                      'cn='+givenName+'
                                      '+additionalName+'.
                                      '+familyName+iterationToken+','+organization+'';</div>
                                    <div><span style="white-space:pre-wrap">      </span>}</div>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  -- <br>
                                  <div>
                                    <div dir="ltr">JASON</div>
                                  </div>
                                </div>
                              </div>
                              <br>
                            </div>
                          </div>
                          <font size="2"><br>
                            <br>
                            <span> CONFIDENTIALITY NOTICE:<br>
                              This e-mail together with any attachments
                              is proprietary and confidential; intended
                              for only the recipient(s) named above and
                              may contain information that is
                              privileged. You should not retain, copy or
                              use this e-mail or any attachments for any
                              purpose, or disclose all or any part of
                              the contents to any person. Any views or
                              opinions expressed in this e-mail are
                              those of the author and do not represent
                              those of the Baptist School of Health
                              Professions. If you have received this
                              e-mail in error, or are not the named
                              recipient(s), you are hereby notified that
                              any review, dissemination, distribution or
                              copying of this communication is
                              prohibited by the sender and to do so
                              might constitute a violation of the
                              Electronic Communications Privacy Act, 18
                              U.S.C. section 2510-2521. Please
                              immediately notify the sender and delete
                              this e-mail and any attachments from your
                              computer. </span></font><br>
                          <span> <br>
                            <fieldset></fieldset>
                            <br>
                            <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                          </span></blockquote>
                        <span> <br>
                          <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                        </span></div>
                      <br>
                      _______________________________________________<br>
                      midPoint mailing list<br>
                      <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                      <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                      <br>
                    </blockquote>
                  </div>
                  <br>
                  <br clear="all">
                  <div><br>
                  </div>
                  -- <br>
                </div>
              </div>
              <span><font color="#888888">
                  <div>
                    <div dir="ltr">JASON</div>
                  </div>
                </font></span></div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div>
          <div dir="ltr">JASON</div>
        </div>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
  </div></div></div>

<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">JASON</div></div>
</div>

<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>