<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Roman,<br>
<br>
I have done this for another (not AD) directory using midpoint's
organizational structure, fetching the manager and his/her account
attribute(s), i.e. not using entitlements.<br>
<br>
It was something like this:<br>
<br>
<attribute><br>
<ref>ri:manager</ref><br>
<tolerant>false</tolerant><br>
<outbound><br>
<strength>strong</strength><br>
<expression><br>
<script><br>
<code><br>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowKindType<br>
import static
com.evolveum.midpoint.schema.constants.SchemaConstants.*<br>
<br>
// get managers<br>
tmpManagers = midpoint.getManagersByOrgType(user, 'functional')<br>
managerUser = null<br>
if (!tmpManagers?.isEmpty()) managerUser =
tmpManagers.iterator().next() <!-- XXX We take FIRST manager
--><br>
<br>
if (managerUser) {<br>
// get shadow for the resource we're interested (by oid)<br>
<br>
managerShadow = midpoint.getLinkedShadow(managerUser,
'b26554d2-41fc-11e5-a652-3c970e44b9e2', ShadowKindType.ACCOUNT,
'default')<br>
if (managerShadow) {<br>
managerDn = basic.getAttributeValue(managerShadow,
'<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>',
'dn')<br>
return managerDn<br>
}<br>
}<br>
return null<br>
</code><br>
</script><br>
</expression><br>
<condition><br>
. . .<br>
</outbound><br>
</attribute><br>
<br>
Does this help a little?<br>
<br>
Be adwised as there is no source in the mapping, if manager of the
user changes in midPoint, you need to recompute.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 11/02/2015 01:04 PM, Roman Pudil -
AMI Praha a.s. wrote:<br>
</div>
<blockquote
cite="mid:em593a8184-2a4a-4b15-98a5-230da69aa2af@rpudil-dell7440"
type="cite">
<style id="eMClientCss">
blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }
.plain pre, .plain tt { font-family: monospace; font-size: 100%; font-weight: normal; font-style: normal; white-space: pre-wrap; }
a img { border: 0px; }body {font-family: Tahoma;font-size: 12pt;}
.plain pre, .plain tt {font-family: Tahoma;font-size: 12pt;}</style>
<div>Hi all,</div>
<div>how to create user-user manager association (like
user-entitlements) in midPoint resource?</div>
<div> </div>
<div>I have Active Directory resource and in user object filled
"manager" attribute (DN of another user) in AD.</div>
<div>What is the right way to create user-manager association?</div>
<div> </div>
<div>It seems, that user-entitlements association example modified
to user-manager association does not work.</div>
<div> </div>
<div>Here is part of my code - "account" schema handling on Active
Directory resource:</div>
<div> </div>
<div><font face="Verdana"> <association><br>
<c:ref>ri:mgr</c:ref><br>
<displayName>Manager</displayName><br>
<kind>account</kind><br>
<intent>uzivatel-ad</intent><br>
<direction>subjectToObject</direction><br>
<associationAttribute>ri:manager</associationAttribute><br>
<valueAttribute>icfs:name</valueAttribute><br>
</association></font></div>
<div> </div>
<div>Thanks!</div>
<div>Regards</div>
<div>Roman</div>
<div> </div>
<div id="signature_old">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma">
<table style="WHITE-SPACE: normal; WORD-SPACING: 0px;
BORDER-COLLAPSE: collapse; TEXT-TRANSFORM: none; COLOR:
rgb(0,0,0); FONT: medium 'Times New Roman'; WIDOWS: 1;
LETTER-SPACING: normal; TEXT-INDENT: 0px;
-webkit-text-stroke-width: 0px">
<tbody>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)"
colspan="2">
<p><span style="FONT-SIZE: 14px; FONT-WEIGHT: bold">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz"><a class="moz-txt-link-abbreviated" href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; VERTICAL-ALIGN: bottom; COLOR: rgb(0,0,0)">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web:<span class="Apple-converted-space"> </span><a
moz-do-not-send="true" href="http://www.ami.cz"><a class="moz-txt-link-abbreviated" href="http://www.ami.cz">www.ami.cz</a></a></p>
</td>
<td style="BORDER-RIGHT: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(0,0,0)">
<p><img moz-do-not-send="true" title="AMI Praha a.s."
alt=""
src="http://www.ami.cz/images/podpis/ami_logo.gif"
border="0"></p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
moz-do-not-send="true" alt=""
src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"
border="0"></a></td>
</tr>
<tr>
<td style="FONT-SIZE: 11px; FONT-FAMILY: Arial,
sans-serif; COLOR: rgb(128,128,128)" colspan="8"><br>
Textem tohoto e-mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>