<div dir="ltr"> I sent it to your email address, most of of it was asked on this list as I was setting up our environment, in the archives <a href="http://lists.evolveum.com/pipermail/midpoint/">http://lists.evolveum.com/pipermail/midpoint/</a> around Oct 2014 up until Mar/April 2015 I blew up this mailing list with a ton of emails. Thanks again to everyone at Evolveum for being so patient with me!! </div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Tue, Aug 23, 2016 at 12:58 PM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The process right now is a Perl script we wrote 15+ years ago, but you're right. If I get this working correctly, Midpoint would create the usernames instead, so this will be fine. When the import from CSV does an add, the object template would generate the UID. I need to get all the users imported from LDAP first though before I implement that.<div><br></div><div>I'd love to see your template, if just to have a real world example to refer to. If you don't want to share it here feel free to email me directly, or put it in a private gist on Github or something.</div><div><br></div><div>Thanks!</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 23, 2016 at 12:45 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Does it have to wait for username from ldap or can you generate them in midpoint or have you just gotten that far yet? Maybe someone else can jump in on which route to take, in reverse order, our CSV is also <span style="font-size:12.8px">authoritative</span> , BUT if no account found it will generate the username based on an object template in midpoint and then it provisions that account to the different resources the user should have access to.<div><br></div><div>Have you gotten around to object templates in midpoint? You can attach a template to each resource, and also make a default gui one, for example, </div><div><br></div><div>on the resource it is </div><div><br></div><div><div> <reaction></div><div><span style="white-space:pre-wrap"> </span><!-- Users will be ENABLED and moved into the correct Org Unit --></div><div> <situation>unlinked</situation<wbr>></div><div><span style="white-space:pre-wrap"> </span><objectTemplateRef oid="10000000-0000-0000-0000-0<wbr>00000000302"/></div><div><span style="white-space:pre-wrap"> </span><action></div><div><span style="white-space:pre-wrap"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount" target="_blank">http://midpoint.ev<wbr>olveum.com/xml/ns/public/model<wbr>/action-3#linkAccount</a></handler<wbr>Uri></div><div><span style="white-space:pre-wrap"> </span></action></div><div> </reaction></div><div><font color="#cc0000"> <reaction></font></div><div><font color="#cc0000"> <situation>unmatched</situatio<wbr>n></font></div><div><font color="#cc0000"> <objectTemplateRef oid="10000000-0000-0000-0000-0<wbr>00000000203"/></font></div><div><font color="#cc0000"><span style="white-space:pre-wrap"> </span><action></font></div><div><font color="#cc0000"><span style="white-space:pre-wrap"> </span><handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser" target="_blank">http://midpoint.ev<wbr>olveum.com/xml/ns/public/model<wbr>/action-3#addUser</a></handlerUri></font></div><div><font color="#cc0000"><span style="white-space:pre-wrap"> </span></action></font></div><div><font color="#cc0000"> </reaction></font></div></div><div><br></div><div>and then my object template relating to the 'unmatched' situation will generate a username based on different user 'types' or their affiliated status, you know, faculty/staff like to have better looking usernames, hah.. I can share some of the template if needed</div><span><font color="#888888"><div><br></div><div><br></div><div><br></div><div><br></div></font></span></div><div class="gmail_extra"><span><font color="#888888"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div></font></span><div><div>
<br><div class="gmail_quote">On Tue, Aug 23, 2016 at 12:32 PM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The CSV is the authoritative source. When an account is first sent in that file I don't have an LDAP entry for it yet, so no username can be assigned yet. So ideally what would happen...<div><br></div><div>- New user created from the CSV with the ID as it's name for the time being...</div><div>- An LDAP account is then provisioned based on the info and I get the username back from the LDAP resource</div><div>- "Rename" the object in midpoint with the username set as name and ID would be in the employeeID attribute.</div><div><br></div><div>I haven't done anything with the name attribute yet because I wasn't sure what I needed to do. So right now it just picks up the ID from the CSV I think because that is what is set as the "uniqueIdentifier" in that resource.</div><div><br></div><div><span><div><span style="white-space:pre-wrap"> </span><attribute></div><div><span style="white-space:pre-wrap"> </span><ref>icfs:name</ref></div><div><span style="white-space:pre-wrap"> </span><displayName>Name</displayName<wbr>></div></span><span><div><span style="white-space:pre-wrap"> </span><outbound></div><div><span style="white-space:pre-wrap"> </span><strength>weak</strength></div><div><span style="white-space:pre-wrap"> </span><source></div></span><div><span style="white-space:pre-wrap"> </span><path>$user/name</path></div><div><span style="white-space:pre-wrap"> </span></source></div><div><span style="white-space:pre-wrap"> </span></outbound></div><div><span style="white-space:pre-wrap"> </span><inbound></div><div><span style="white-space:pre-wrap"> </span><target></div><div><span style="white-space:pre-wrap"> </span><path>$user/name</path></div><div><span style="white-space:pre-wrap"> </span></target></div><div><span style="white-space:pre-wrap"> </span></inbound></div><div><span style="white-space:pre-wrap"> </span></attribute></div></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Aug 23, 2016 at 12:22 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr">In one of our resources, we also use the ID as the unique identifier. Do the users already exist in midpoint that the CSV accounts belong too? If so, then you would match based on your extension attribute, what do you have for icfs:name mapping? like our CSV for example,<div><br></div><div><div> <attribute></div><div> <ref>icfs:name</ref></div><div> <displayName>Name</displayName<wbr>></div><div> <limitations></div><div> <minOccurs>0</minOccurs></div><div> <access></div><div> <read>true</read></div><div> </access></div><div> </limitations></div><div> <inbound></div><div><div> <target></div><div> <path></div><div> $c:user/c:extension/bshp:uniqu<wbr>eID</div><div> </path></div><div> </target></div></div><div> </inbound></div><div> </attribute></div><div><br></div><div><div> <correlation></div><div> <q:equal></div><div> <q:path>c:user/c:extension/bsh<wbr>p:unqiueID</q:path></div><div><span style="white-space:pre-wrap"> </span><expression></div><div><span style="white-space:pre-wrap"> </span><path></div><div><span style="white-space:pre-wrap"> </span>declare namespace icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum<wbr>.com/xml/ns/public/connector/i<wbr>cf-1/resource-schema-3</a>";</div><div><span style="white-space:pre-wrap"> </span>$account/attributes/icfs:name</div><div><span style="white-space:pre-wrap"> </span></path></div><div><span style="white-space:pre-wrap"> </span></expression></div><div> </q:equal></div><div> </correlation></div></div></div><div><br></div><div>This way, if it is an existing user with the same value, it will match and link accounts, if not, then the object template will generate a new user based on what we have defined as a 'username'</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div><div><div>
<br><div class="gmail_quote">On Tue, Aug 23, 2016 at 10:50 AM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I meant to include this screenshot in my reply....<div><br></div><div><img src="cid:ii_is7ne99l0_156b8185ab2f7e26" width="562" height="390"><br><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 23, 2016 at 10:37 AM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">So I have a followup question. In my CSV resource the unique attribute is an ID number. It's getting imported to the "Name" field in Midpoint. It's just odd that the "Name" appears as the id number. Can I rename that field or should I import that ID attribute to a new custom field that I put in my custom schema file? Is there a way to present a custom schema attribute in that top bar?<div><br></div><div>I'm assuming the Name field in Midpoint really should be a username as that seems to be the intent for that. When I get my LDAP resource working I will be able to add the username data, but I'm not that far yet. So just trying to figure out how to handle it with the data coming from the CSV import.</div><div><br></div><div>Thanks,</div><div>Matt</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 22, 2016 at 5:20 PM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Figured it out. Have to call $user/extention/major in the attribute mapping.<div><br></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 22, 2016 at 5:17 PM, Mencel, Matt <span dir="ltr"><<a href="mailto:mr-mencel@wiu.edu" target="_blank">mr-mencel@wiu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Ah, of course...thanks for that link. I created the xsd file with my new attributes...<div><font face="monospace, monospace"><br></font></div><div><div><font face="monospace, monospace"><xsd:element name="major" type="xsd:string" minOccurs="0" maxOccurs="unbounded"></font></div><div><font face="monospace, monospace"> <xsd:annotation></font></div><div><font face="monospace, monospace"> <xsd:appinfo></font></div><div><font face="monospace, monospace"> <a:indexed>true</a:indexed></font></div><div><font face="monospace, monospace"> <a:displayName>Major</a:displa<wbr>yName></font></div><div><font face="monospace, monospace"> <a:displayOrder>130</a:display<wbr>Order></font></div><div><font face="monospace, monospace"> </xsd:appinfo></font></div><div><font face="monospace, monospace"> </xsd:annotation></font></div><div><font face="monospace, monospace"> </xsd:element></font></div></div><div><br></div><div>I see the empty fields now in the user entry (Extension section), but I must still be missing something because I'm still not getting it during the import. Do I have to do anything different in the schemaHandling section of my resource in order to use it?</div><div><br></div><div><font face="monospace, monospace"><schemaHandling></font></div><div><font face="monospace, monospace">...</font></div><div><div><font face="monospace, monospace"><span style="white-space:pre-wrap"> </span><attribute></font></div><div><font face="monospace, monospace"> <ref>ri:major</ref></font></div><div><font face="monospace, monospace"> <displayName>Major</displayNam<wbr>e></font></div><div><font face="monospace, monospace"> <outbound></font></div><div><font face="monospace, monospace"> <strength>weak</strength></font></div><div><font face="monospace, monospace"> <source></font></div><div><font face="monospace, monospace"> <path>$user/major</path></font></div><div><font face="monospace, monospace"> </source></font></div><div><font face="monospace, monospace"> </outbound></font></div><div><font face="monospace, monospace"> <inbound></font></div><div><font face="monospace, monospace"> <target></font></div><div><font face="monospace, monospace"> <path>$user/major</path></font></div><div><font face="monospace, monospace"> </target></font></div><div><font face="monospace, monospace"> </inbound></font></div><div><font face="monospace, monospace"> </attribute></font></div></div><div><font face="monospace, monospace">...</font></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Mon, Aug 22, 2016 at 4:56 PM, Brad Fardig <span dir="ltr"><<a href="mailto:brad.fardig@cogitogroup.com.au" target="_blank">brad.fardig@cogitogroup.com.a<wbr>u</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div lang="EN-AU" link="blue" vlink="purple"><div><p class="MsoNormal"><a name="m_-699379153214643544_m_-6980165997335034052_m_8361319852135788110_m_6834803988593877422_m_8886730979992043530_m_-3617800939546299231_m_8326204684344477523_m_8889698733946160196_m_-451863426910490024__MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi Matt,<u></u><u></u></span></a></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">This doc provides an example of how to add the schema extensions that you require: </span><a href="https://wiki.evolveum.com/display/midPoint/Custom+Schema+Extension" target="_blank"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">https://wiki.evolveum.com/disp<wbr>lay/midPoint/Custom+Schema+Ext<wbr>ension</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hope this helps<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Regards,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Brad<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> midPoint [mailto:<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists<wbr>.evolveum.com</a>] <b>On Behalf Of </b>Mencel, Matt<br><b>Sent:</b> Tuesday, 23 August 2016 7:39 AM<br><b>To:</b> midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Subject:</b> [midPoint] Adding Custom Attributes to Midpoint<u></u><u></u></span></p></div></div><div><div><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">I have lots of custom attributes in my different resources (e.g. studentId, major, minor, etc....). I'd like to add this and many others to Midpoint so I can sync them between resources. I see there is an objectTemplate that can be used, but the examples I've seen only only show using that to do actions like create fullName from givenName and familyName. <u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Do I also use objectTemplate when I just want to sync a new attribute in from a resource? Or should it be picking that up from the schema?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I get errors like this when attempting to import an account with a custom attribute.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal"><span style="font-family:"Courier New"">2016-08-22 16:35:45,425 [] [http-nio-8080-exec-4] WARN (com.evolveum.midpoint.provisi<wbr>oning.impl.ResourceManager): Schema error while processing schemaHandling section of resource:0d6babea-6896-11e6-9d<wbr>38-0050569aa9d2(CSV TEADVS): Definition of attribute studentmajor not found in object class {<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3%7dAccountObjectClass" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/resource/instanc<wbr>e-3}AccountObjectClass</a> as defined in definition of resource:0d6babea-6896-11e6-9d<wbr>38-0050569aa9d2(CSV TEADVS)</span> <u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div><p class="MsoNormal"><br><br><i>This email, and any attachment, is confidential and also privileged. If you have received it in error, please notify me immediately and delete it from your system along with any attachments. You should not copy or use it for any purpose, nor disclose its contents to any other person. </i><u></u><u></u></p></div></div><br></div></div>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div></div>
<br>
</div></div><font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br><span><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></span></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div></div><div><div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br></div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>