<div dir="ltr">Thanks Ivan, I'll try this.<div><br></div><div>Is there a way to do this assignment from the <span class="" id=":1x2.1" tabindex="-1">MidPoint</span> <span class="" id=":1x2.2" tabindex="-1">UI</span>? The end-user is not tech, so it will be great if they can do this kind of assignment from the <span class="" id=":1x2.3" tabindex="-1">UI</span>.</div><div><br></div><div>Regards,</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Anchorena 1357 PB<br>Tel: +54 (11) 3526.5509<br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Jun 29, 2016 at 12:06 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Martin,<br>
<br>
you can use associationTargetSearch in role:<br>
<br>
. . .<br>
<inducement><br>
<construction><br>
<resourceRef
oid="00000000-dc00-dc00-0001-100000000002"
type="c:ResourceType"/><span class=""><br>
<kind>account</kind><br>
<association><br>
<ref>ri:group</ref><br>
<outbound><br></span>
<strength>strong</strength><br>
<expression><br>
<associationTargetSearch><br>
<filter><br>
<q:equal><br>
<q:path>attributes/ri:dn</q:path><br>
<q:value>cn=group1,ou=foo,ou=bar,dc=example,dc=com</q:value><br>
</q:equal><br>
</filter><br>
<searchStrategy>onResourceIfNeeded</searchStrategy><br>
</associationTargetSearch><br>
</expression><br>
</outbound><br>
</association> <br>
</construction><br>
</inducement><br>
...<br>
<br>
The above example tries to construct an account (intent is not
specified, thus default) and associate with an entitlement, which
has "ri:dn" attribute equal to
"cn=group1,ou=foo,ou=bar,dc=example,dc=com". This will search the
group on the resource.<br>
The shadow will be created after the group is found. Further
associations will use the shadow instead of looking up (searching)
on resource.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 06/29/2016 04:56 PM, Martin Marchese
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi All!,
<div><br>
</div>
<div>I have a question on Role-Entitlement assignment:</div>
<div><br>
</div>
<div>I have an Entitlement representing LDAP groups (it does not
exist in midpoint, just in the resource, so it does not have a
shadow).</div>
<div><br>
</div>
<div>I found the following example:<br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody style="border-radius:0px!important;border:0px!important;float:none!important;height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background:none!important">
<tr style="border-radius:0px!important;border:0px!important;float:none!important;height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background:none!important">
<td style="width:987px;border:0px dashed!important;overflow:visible!important;border-radius:0px!important;float:none!important;height:auto!important;outline:0px!important;padding:0px 0px 0px 15px!important;vertical-align:baseline!important;min-height:auto!important;background-image:none!important;background-repeat:initial!important">
<div title="Hint: double-click to select
code" style="margin:15px 0px 0px!important;padding:0px 0px 15px!important;border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-color:initial!important;background-position:initial!important;background-repeat:initial!important">
<div><code><</code><code>assignment</code><code>></code></div>
<div><code> </code><code><</code><code>construction</code><code>></code></div>
<div><code> </code><code><</code><code>resourceRef</code> <code>oid</code><code>=</code><code>"10000000-0000-0000-0000-000000000004"</code> <code>type</code><code>=</code><code>"c:ResourceType"</code><code>/></code></div>
<div><code> </code><code><</code><code>kind</code><code>>account</</code><code>kind</code><code>></code></div>
<div><code> </code><code><</code><code>association</code><code>></code></div>
<div><code> </code><code><</code><code>ref</code><code>>ri:group</</code><code>ref</code><code>></code></div>
<div><code> </code><code><</code><code>outbound</code><code>></code></div>
<div><code> </code><code><</code><code>expression</code><code>></code></div>
<div><code> </code><code><</code><code>value</code><code>></code></div>
<div><code> </code><code><</code><code>shadowRef</code> <code>oid</code><code>=</code><code>"20000000-0000-0000-3333-000000000001"</code><code>/></code></div>
<div><code> </code><code></</code><code>value</code><code>></code></div>
<div><code> </code><code></</code><code>expression</code><code>></code></div>
<div><code> </code><code></</code><code>outbound</code><code>></code></div>
<div><code> </code><code></</code><code>association</code><code>></code></div>
<div><code> </code><code></</code><code>construction</code><code>></code></div>
<div><code></</code><code>assignment</code><code>></code></div>
<div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;line-height:normal;background-color:initial"><br>
</span></div>
<div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;line-height:normal;background-color:initial">However,
as I don't have the shadow created in MidPoint,
I can't add the shadow OID for reference. Is
there a way to achieve this and not creating the
object within MidPoint?</span><br>
</div>
<div style="margin:0px!important;padding:0px 1em 0px 0px!important;border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-repeat:initial!important"><code style="border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-color:initial!important;background-position:initial!important;background-repeat:initial!important;line-height:normal"><font face="arial, sans-serif" color="#222222" size="2"><br>
</font></code></div>
<div style="margin:0px!important;padding:0px 1em 0px 0px!important;border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-repeat:initial!important"><code style="border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-color:initial!important;background-position:initial!important;background-repeat:initial!important;line-height:normal"><font face="arial, sans-serif" color="#222222" size="2">Another question, as this assignment
will probably be done a non-tech customer, is
there a way to do this assignment thru the UI?</font></code></div>
<div style="margin:0px!important;padding:0px 1em 0px 0px!important;border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-repeat:initial!important"><code style="border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-color:initial!important;background-position:initial!important;background-repeat:initial!important;line-height:normal"><font face="arial, sans-serif" color="#222222" size="2"><br>
</font></code></div>
<div style="margin:0px!important;padding:0px 1em 0px 0px!important;border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;outline:0px!important;overflow:visible!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-repeat:initial!important"><code style="border-radius:0px!important;border:0px!important;float:none!important;min-height:auto!important;margin:0px!important;outline:0px!important;overflow:visible!important;padding:0px!important;vertical-align:baseline!important;width:auto!important;min-height:auto!important;background-image:none!important;background-color:initial!important;background-position:initial!important;background-repeat:initial!important;line-height:normal"><font face="arial, sans-serif" color="#222222" size="2">Thanks in advance</font></code></div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div><br clear="all">
<div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Anchorena 1357 PB<br>
Tel: +54 (11) 3526.5509<br>
<a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>