<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Saule,</p>
<p>sorry for the late answer.</p>
<p>Yes, it is possible to add a condition for an inducement. This
works for me:</p>
<p><font size="-1"><tt> <inducement id="2"></tt><tt><br>
</tt><tt> <construction></tt><tt><br>
</tt><tt> <resourceRef
oid="b94c683d-517c-4c3e-a307-7c2bbe14453e"
type="c:ResourceType"><!-- LDAP
--></resourceRef></tt><tt><br>
</tt><tt> <kind>account</kind></tt><tt><br>
</tt><tt> <intent>default</intent></tt><tt><br>
</tt><tt> <association></tt><tt><br>
</tt><tt> <c:ref>ri:group</c:ref></tt><tt><br>
</tt><tt> <outbound></tt><tt><br>
</tt><tt> <expression></tt><tt><br>
</tt><tt> <associationFromLink></tt><tt><br>
</tt><tt> <projectionDiscriminator></tt><tt><br>
</tt><tt>
<kind>entitlement</kind></tt><tt><br>
</tt><tt>
<intent>group</intent></tt><tt><br>
</tt><tt> </projectionDiscriminator></tt><tt><br>
</tt><tt> </associationFromLink></tt><tt><br>
</tt><tt> </expression></tt><tt><br>
</tt><tt> </outbound></tt><tt><br>
</tt><tt> </association></tt><tt><br>
</tt><tt> </construction></tt><tt><br>
</tt><tt> <order>2</order></tt><tt><br>
</tt><font color="#cc0000"><tt> <condition></tt><tt><br>
</tt><tt> <expression></tt><tt><br>
</tt><tt> <script></tt><tt><br>
</tt><tt> <code></tt><tt><br>
</tt><tt> focus.assignment.find {
it.targetRef?.oid == 'd13681fb-88df-472a-a7fe-d869a1ea4c37'
} != null</tt><tt><br>
</tt><tt> </code></tt><tt><br>
</tt><tt> </script></tt><tt><br>
</tt><tt> </expression></tt><tt><br>
</tt><tt> </condition></tt><tt><br>
</tt></font><tt> </inducement></tt><tt><br>
</tt></font><br>
</p>
Note that <b>d13681fb-88df-472a-a7fe-d869a1ea4c37</b> is an OID of
<b>AD user role</b>.<br>
<br>
When having this condition, it seems to work:<br>
<ol>
<li>if adding a user into an org, the account is not automatically
created on a resource</li>
<li>after assigning AD user role to the user, an account is
created, and becomes a member of the AD group</li>
<li>after unassigning AD user role from the user, account is
deleted</li>
</ol>
<p>Hope this helps,</p>
<p>Pavol<br>
</p>
<br>
<br>
<div class="moz-cite-prefix">On 16.06.2016 12:26, Мамаева Сауле
Сериковна wrote:<br>
</div>
<blockquote
cite="mid:0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have meta role for
groups, that is assigned to organization when creating
organization by org template. This role creates groups with
members associated with this created midpoint organization
in Active Directory(AD). But I want to create only groups in
AD by this role and members of this groups should appear in
AD only after assigning another role (AD user role) to
users. I have another role - AD user role, that is
assigned to the user manually and by approval of
administrator and this role creates account of user in AD.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">How and where can I add
such condition? Is it possible to add condition for
inducement?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This is xml of meta role
for groups:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><role
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
oid="11111111-2222-3333-4444-200000000055"<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
version="8"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<name>Metarole for groups</name><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<creatorRef oid="00000000-0000-0000-0000-000000000002"
type="c:UserType"><!-- administrator
--></creatorRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<createChannel><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<inducement id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111"
type="c:ResourceType"><!-- Ldap_AD_Saule
--></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<inducement id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111"
type="c:ResourceType"><!-- Ldap_AD_ Saule
--></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>default</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<association><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</expression><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</association><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</construction><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
<order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">
</inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Best
regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Saule
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>