<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:RU;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:104422269;
mso-list-template-ids:698899024;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="RU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hello, Pavol!<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Thanks for the code. It also works for me.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Saule
<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
midPoint [mailto:midpoint-bounces@lists.evolveum.com] <b>On Behalf Of </b>Pavol Mederly<br>
<b>Sent:</b> Friday, </span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">July 01, 2016 12:05 AM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Subject:</b> Re: [midPoint] Condition for inducment in Metarole<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>Saule,<o:p></o:p></p>
<p>one correction:<o:p></o:p></p>
<p><tt><span style="font-size:10.0pt">focus</span></tt><tt><b><span style="font-size:10.0pt;color:#CC0000">?</span></b></tt><tt><span style="font-size:10.0pt">.assignment.find { it.targetRef?.oid == 'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null</span></tt><o:p></o:p></p>
<p>...in order to work also when adding users. In such cases 'focus' variable is null for 'original state' evaluation.<o:p></o:p></p>
<p>Pavol<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 30.06.2016 17:44, Pavol Mederly wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p>Hello Saule,<o:p></o:p></p>
<p>sorry for the late answer.<o:p></o:p></p>
<p>Yes, it is possible to add a condition for an inducement. This works for me:<o:p></o:p></p>
<p style="margin-bottom:12.0pt"><tt><span style="font-size:10.0pt"> <inducement id="2"></span></tt><span style="font-size:10.0pt;font-family:"Courier New""><br>
<tt> <construction></tt><br>
<tt> <resourceRef oid="b94c683d-517c-4c3e-a307-7c2bbe14453e" type="c:ResourceType"><!-- LDAP --></resourceRef></tt><br>
<tt> <kind>account</kind></tt><br>
<tt> <intent>default</intent></tt><br>
<tt> <association></tt><br>
<tt> <c:ref>ri:group</c:ref></tt><br>
<tt> <outbound></tt><br>
<tt> <expression></tt><br>
<tt> <associationFromLink></tt><br>
<tt> <projectionDiscriminator></tt><br>
<tt> <kind>entitlement</kind></tt><br>
<tt> <intent>group</intent></tt><br>
<tt> </projectionDiscriminator></tt><br>
<tt> </associationFromLink></tt><br>
<tt> </expression></tt><br>
<tt> </outbound></tt><br>
<tt> </association></tt><br>
<tt> </construction></tt><br>
<tt> <order>2</order></tt><br>
</span><tt><span style="font-size:10.0pt;color:#CC0000"> <condition></span></tt><span style="font-size:10.0pt;font-family:"Courier New";color:#CC0000"><br>
<tt> <expression></tt><br>
<tt> <script></tt><br>
<tt> <code></tt><br>
<tt> focus.assignment.find { it.targetRef?.oid == 'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null</tt><br>
<tt> </code></tt><br>
<tt> </script></tt><br>
<tt> </expression></tt><br>
<tt> </condition></tt><br>
</span><tt><span style="font-size:10.0pt"> </inducement></span></tt><o:p></o:p></p>
<p class="MsoNormal">Note that <b>d13681fb-88df-472a-a7fe-d869a1ea4c37</b> is an OID of
<b>AD user role</b>.<br>
<br>
When having this condition, it seems to work:<o:p></o:p></p>
<ol start="1" type="1">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
if adding a user into an org, the account is not automatically created on a resource<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
after assigning AD user role to the user, an account is created, and becomes a member of the AD group<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
after unassigning AD user role from the user, account is deleted<o:p></o:p></li></ol>
<p>Hope this helps,<o:p></o:p></p>
<p>Pavol<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 16.06.2016 12:26, Мамаева Сауле Сериковна wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I have meta role for groups, that is assigned to organization when creating organization by org template. This role creates groups with members associated with this created midpoint organization in Active Directory(AD).
But I want to create only groups in AD by this role and members of this groups should appear in AD only after assigning another role (AD user role) to users. I have another role - AD user role, that is assigned to the user manually and by approval of administrator
and this role creates account of user in AD.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">How and where can I add such condition? Is it possible to add condition for inducement?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">This is xml of meta role for groups:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><role xmlns=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> xmlns:q=<a href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> xmlns:c=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> xmlns:t=<a href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> xmlns:icfs=<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> xmlns:ri=<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> oid="11111111-2222-3333-4444-200000000055"</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> version="8"></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <name>Metarole for groups</name></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <metadata></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</a></createChannel></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </metadata></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <inducement id="1"></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_Saule --></resourceRef></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>entitlement</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>group</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </inducement></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <inducement id="2"></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_ Saule --></resourceRef></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>account</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>default</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <c:ref>ri:group</c:ref></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <associationFromLink></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <projectionDiscriminator></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>entitlement</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>group</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </projectionDiscriminator></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </associationFromLink></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <order>2</order></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </inducement></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"></role></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Best regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Saule
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><o:p> </o:p></span></p>
</div>
</body>
</html>