<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Saule,</p>
<p>one correction:</p>
<p><tt>focus<font color="#cc0000"><b>?</b></font>.assignment.find {
it.targetRef?.oid == 'd13681fb-88df-472a-a7fe-d869a1ea4c37' } !=
null</tt><br>
</p>
<p>...in order to work also when adding users. In such cases 'focus'
variable is null for 'original state' evaluation.</p>
<p>Pavol<br>
</p>
<br>
<div class="moz-cite-prefix">On 30.06.2016 17:44, Pavol Mederly
wrote:<br>
</div>
<blockquote
cite="mid:c190f63d-b180-9145-1cd7-329eb7a58678@evolveum.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<p>Hello Saule,</p>
<p>sorry for the late answer.</p>
<p>Yes, it is possible to add a condition for an inducement. This
works for me:</p>
<p><font size="-1"><tt> <inducement id="2"></tt><tt><br>
</tt><tt> <construction></tt><tt><br>
</tt><tt> <resourceRef
oid="b94c683d-517c-4c3e-a307-7c2bbe14453e"
type="c:ResourceType"><!-- LDAP
--></resourceRef></tt><tt><br>
</tt><tt> <kind>account</kind></tt><tt><br>
</tt><tt> <intent>default</intent></tt><tt><br>
</tt><tt> <association></tt><tt><br>
</tt><tt> <c:ref>ri:group</c:ref></tt><tt><br>
</tt><tt> <outbound></tt><tt><br>
</tt><tt> <expression></tt><tt><br>
</tt><tt> <associationFromLink></tt><tt><br>
</tt><tt> <projectionDiscriminator></tt><tt><br>
</tt><tt>
<kind>entitlement</kind></tt><tt><br>
</tt><tt>
<intent>group</intent></tt><tt><br>
</tt><tt> </projectionDiscriminator></tt><tt><br>
</tt><tt> </associationFromLink></tt><tt><br>
</tt><tt> </expression></tt><tt><br>
</tt><tt> </outbound></tt><tt><br>
</tt><tt> </association></tt><tt><br>
</tt><tt> </construction></tt><tt><br>
</tt><tt> <order>2</order></tt><tt><br>
</tt><font color="#cc0000"><tt> <condition></tt><tt><br>
</tt><tt> <expression></tt><tt><br>
</tt><tt> <script></tt><tt><br>
</tt><tt> <code></tt><tt><br>
</tt><tt> focus.assignment.find {
it.targetRef?.oid ==
'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null</tt><tt><br>
</tt><tt> </code></tt><tt><br>
</tt><tt> </script></tt><tt><br>
</tt><tt> </expression></tt><tt><br>
</tt><tt> </condition></tt><tt><br>
</tt></font><tt> </inducement></tt><tt><br>
</tt></font><br>
</p>
Note that <b>d13681fb-88df-472a-a7fe-d869a1ea4c37</b> is an OID
of <b>AD user role</b>.<br>
<br>
When having this condition, it seems to work:<br>
<ol>
<li>if adding a user into an org, the account is not
automatically created on a resource</li>
<li>after assigning AD user role to the user, an account is
created, and becomes a member of the AD group</li>
<li>after unassigning AD user role from the user, account is
deleted</li>
</ol>
<p>Hope this helps,</p>
<p>Pavol<br>
</p>
<br>
<br>
<div class="moz-cite-prefix">On 16.06.2016 12:26, Мамаева Сауле
Сериковна wrote:<br>
</div>
<blockquote
cite="mid:0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have meta role for
groups, that is assigned to organization when creating
organization by org template. This role creates groups
with members associated with this created midpoint
organization in Active Directory(AD). But I want to create
only groups in AD by this role and members of this groups
should appear in AD only after assigning another role (AD
user role) to users. I have another role - AD user role,
that is assigned to the user manually and by approval of
administrator and this role creates account of user in AD.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">How and where can I
add such condition? Is it possible to add condition for
inducement?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This is xml of meta
role for groups:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><role
xmlns=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:q=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:c=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:t=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:icfs=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:ri=<a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
oid="11111111-2222-3333-4444-200000000055"<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
version="8"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<name>Metarole for groups</name><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<creatorRef oid="00000000-0000-0000-0000-000000000002"
type="c:UserType"><!-- administrator
--></creatorRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<createChannel><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<inducement id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111"
type="c:ResourceType"><!-- Ldap_AD_Saule
--></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<inducement id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111"
type="c:ResourceType"><!-- Ldap_AD_ Saule
--></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>default</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<association><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</association><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Best
regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Saule
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>