<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Andrew,<br>
</p>
now I'm a little confused.<br>
You are doing synchronization, where, using inbound, you populare <b>user</b>
extension attribute parentIdentifier.<br>
Then you have object template for <b>OrgType</b>, where you use
this.<br>
<br>
You are probably mixing things.<br>
<br>
What I'd suppose you wish to create is:<br>
1) synchronize users from your source<br>
2) have external attribute for user, which should be used to
automatically assign the organization to user (based on the query
org/identifier == user/extension/parentId)<br>
<br>
This means that the mapping should be in the user template, not org
template. Provided that the organizations already exist in midPoint.<br>
<br>
I'm not sure if your source contains only users with org reference,
or only organizations with their parent reference or both...<br>
<br>
If your source contains the organizations, you probably wish to have
inbounds to populate attributes of organizations, not users. Then
the object template which you have configured, will be executed.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 07/29/2016 07:19 AM, Andrew Brock
wrote:<br>
</div>
<blockquote
cite="mid:ba1eecb20466445d9b4ae42dfc6ca265@shmprdmbx02.sahmri.internal"
type="cite">
<pre wrap="">Ok, so I've added an extension attribute to the OrgType that I map through like this:
<attribute>
<c:ref>ri:parent_id</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound>
<authoritative>true</authoritative>
<exclusive>true</exclusive>
<strength>strong</strength>
<target>
<c:path>$user/extension/parentIdentifier</c:path>
</target>
</inbound>
</attribute>
This works fine. I've then added an object template as suggested:
<objectTemplate oid="10000000-0000-0000-0000-000000000231"
xmlns:xsi='<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>'
xmlns='<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'
xmlns:c='<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'
xmlns:t='<a class="moz-txt-link-freetext" href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a>'
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
xmlns:ext="xmlns:tns=<a class="moz-txt-link-freetext" href="http://sahmri.com/xml/ns/organisation">http://sahmri.com/xml/ns/organisation</a>">
<name>Org Template</name>
<mapping>
<name>Org-org mapping</name>
<authoritative>true</authoritative>
<strength>strong</strength>
<source>
<path>extension/ext:parentIdentifier</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>c:identifier</q:path>
<expression>
<path>$parentIdentifier</path>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</mapping>
</objectTemplate>
...and I've added it to the system configuration like so:
<defaultObjectPolicyConfiguration>
<type>c:OrgType</type>
<objectTemplateRef oid="10000000-0000-0000-0000-000000000231" type="c:ObjectTemplateType"><!-- Org Template --></objectTemplateRef>
</defaultObjectPolicyConfiguration>
...but the template doesn't seem to be triggered when a new Organisation is created - i.e. I don't see an error message but the assignment isn't created either.
Thoughts?
Thanks,
Andrew
-----Original Message-----
Hello Andrew,
</pre>
<blockquote type="cite">
<pre wrap="">My understanding is that an org-to-org relationship shouldn't be an
assignment, but a population of the parentOrgRef (see
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Organizational+Structure">https://wiki.evolveum.com/display/midPoint/Organizational+Structure</a>)
and then midpoint handles the rest.
</pre>
</blockquote>
<pre wrap="">Actually, that wiki article is a bit out-of-date in this respect.
Currently, the preferred way of linking any focal objects (users, roles, orgs, services) to organization structure is via assignments.
One possibility is to map parent_id column to an extension attribute of the org object, and then use an object template to create appropriate assignment for a given Org object. Something like this:
<a class="moz-txt-link-freetext" href="https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml">https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml</a>.
<a class="moz-txt-link-rfc2396E" href="https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml"><https://github.com/Evolveum/midpoint/blob/master/samples/objects/object-template-org.xml></a>
(But maybe someone would propose a better solution.)
Best regards,
--
Pavol Mederly
Software developer
evolveum.com
On 28.07.2016 8:38, Andrew Brock wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
Hi,
I have a database resource that gives me the following organisation
info in its columns:
1.)An ID (an integer)
2.)A Name (a string)
3.)The ID of the parent organisation in a column called parent_id (an
integer). This value is present for all organisations except for the
top parent one.
This resource can be considered the definitive authority for this data
(i.e. it's not present in LDAP).
I currently have a schemaHandling like so:
<schemaHandling>
<objectType>
<kind>account</kind>
<intent>HRM</intent>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute>
<c:ref>icfs:uid</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>identifier</c:path>
</target>
</inbound>
</attribute>
<attribute>
<c:ref>ri:name</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<c:path>name</c:path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
The current behaviour when I sync from this resource is all the
Organisations are being created with the correct name and unique ID
that is copied to the OrgType "Identifier" field, but they are all at
the same (top) level in the Org. structure.
I now want to put them into their proper hierarchy!
My understanding is that an org-to-org relationship shouldn't be an
assignment, but a population of the parentOrgRef (see
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Organizational+Structure">https://wiki.evolveum.com/display/midPoint/Organizational+Structure</a>)
and then midpoint handles the rest. What do I need to do to my current
configuration to populate the parentOrgRef property using the value of
the parent_id column from my database? I can't assign the parent_id
value directly to parentOrgRef as it's an integer, so I need to get a
reference to the parent organisation.
I've seen some references to a referenceSearch expression on Github,
which I think may be what I need, but I haven't seen an example of
this in action. This is what I've got so far (which goes just above
the </objectType> tag in my first example), but it doesn't appear to
do anything when I sync:
<attribute>
<c:ref>ri:parent_id</c:ref>
<matchingRule
xmlns:gen426=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">"http://prism.evolveum.com/xml/ns/public/matching-rule-3"</a>>gen426:default</matchingRule>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<fetchStrategy>implicit</fetchStrategy>
<inbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<expression>
<referenceSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<!-- Property from OrgType -->
<q:path>identifier</q:path>
<expression>
<!-- database column -->
<c:path>$c:account/c:attributes/parent_id</c:path>
</expression>
</q:equal>
</filter>
</referenceSearch>
</expression>
<target>
<!-- Field on the organisation that is being created -->
<c:path>parentOrgRef</c:path>
</target>
</inbound>
</attribute>
The database table is sorted in such a way that the organisations at
level 1 are first, then level 2, then level 3, etc. so I don't think
it's trying to create or update organisations before their parent
organisation has already been created.
Any clues?
Thanks,
Andrew
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>