<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Daniel,</p>
<p>to be honest, I haven't understood your previous mail fully. But
I can say a few words to this one.</p>
<p>Yes, it is possible to create a condition saying that the group
should be created only if there's at least one potential member.
One of possible implementations is like this:</p>
<p><tt><role ...><br>
<name>Metarole</name></tt><tt><br>
</tt><tt> <inducement></tt><tt><br>
</tt><tt> <construction></tt><tt><br>
</tt><tt> <resourceRef
oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2" /></tt><tt><br>
</tt><tt> <kind>entitlement</kind></tt><tt><br>
</tt><tt> <intent>ldapGroup</intent></tt><tt><br>
</tt><tt> </construction></tt><tt><br>
</tt><tt> <condition></tt><tt><br>
</tt><tt> <expression></tt><tt><br>
</tt><tt> <script></tt><tt><br>
</tt><tt> <code></tt><tt><br>
</tt><tt> import
com.evolveum.midpoint.prism.query.builder.*</tt><tt><br>
</tt><tt> import
com.evolveum.midpoint.xml.ns._public.common.common_3.*</tt><tt><br>
</tt><tt> import javax.xml.namespace.*</tt><tt><br>
</tt></p>
<p><tt> // let's construct a query to find
all the members (see note below)<br>
</tt><tt> query =
QueryBuilder.queryFor(UserType.class, midpoint.prismContext)</tt><tt><br>
</tt><tt> .item(UserType.F_ROLE_MEMBERSHIP_REF).ref(immediateRole.oid)</tt><tt><br>
</tt><tt> .build()</tt><tt><br>
</tt><tt><br>
</tt><tt> members =
midpoint.countObjects(UserType.class, query, null)</tt><tt><br>
</tt><tt> log.info('members = {}', members)</tt><tt><br>
</tt><tt> members != 0</tt><tt><br>
</tt><tt> </code></tt><tt><br>
</tt><tt> </script></tt><tt><br>
</tt><tt> </expression></tt><tt><br>
</tt><tt> </condition></tt><tt><br>
</tt><tt> </inducement></tt><br>
</p>
<p>So, basically we ask if there are any members, and set the
condition to TRUE only if there are some. <br>
</p>
<p>However, there is a problem: Let's illustrate it having a user U
(no assignments) and role R (that has assigned this metarole). The
problem is that the construction condition is evaluated only when
role R is created or recomputed - not at the moment of assigning
role R to the user U. So, in order to achieve the desired result
(create LDAP group when the first user is assigned the role), the
following sequence of events should occur:</p>
<ol>
<li>Role R is assigned to user U. At this moment, group "R" on
resource does not exist, so the user has no account created yet.</li>
<li>Recomputation of R is carried out (manually or because of a
scheduled task). At this moment, group "R" on the resource is
created, having no members so far.</li>
<li>Recomputation of U is carried out. Only at this moment the
user account is created and added to the group "R" on the
resource.</li>
</ol>
<p>Maybe someone could have a better idea how to implement this ...<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 07.10.2016 14:06,
<a class="moz-txt-link-abbreviated" href="mailto:Daniel.Sommer@itconcepts.net">Daniel.Sommer@itconcepts.net</a> wrote:<br>
</div>
<blockquote
cite="mid:OFCC0EE034.9F8182D6-ONC1258045.00428E7F-C1258045.00428E85@itconcepts.net"
type="cite"><font face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif" size="2">
Helloy Guys,<br>
<br>
i wrote before, but maybe this was to complicated. Now i will
reduce it to one concrete question:<br>
<br>
<br>
With meta role i can create a group in ad on assigning the
metarole to any other role (say R), and afterwards creating an
account in ad and adding it to the group<br>
by assigning R to a user. This works fine!<br>
<br>
But now i just want to create the group not at the time i assign
the meta role to R, but only when i assign R to the user <br>
(This would be equal to the condition that the group is only
created if there is at least one account member of it).<br>
<br>
Is this possible, and how?<br>
<br>
<br>
Best regards,<br>
<br>
Daniel<br>
</font>
<p><span style="font-family: Arial;"><span style="color: rgb(153,
153, 153);">Daniel Sommer <br>
Office: +49 228 908733 0 </span></span><span
style="font-family: Arial;"><span style="color: rgb(153, 153,
153);">| </span></span><span style="font-family: Arial;"><span
style="color: rgb(153, 153, 153);">Fax: +49 228 908733 1</span></span><span
style="font-family: Arial;"><span style="color: rgb(153, 153,
153);"> | Mobil: +49 176 162086 79</span></span></p>
<p><span style="font-family: Arial;"><span style="color: rgb(153,
153, 153);">ITConcepts Professional GmbH - In den Dauen 6 -
DE 53117 Bonn</span></span></p>
<p><span style="font-family: Arial;"><span style="color: rgb(153,
153, 153);">Website </span></span><span style="color:
rgb(153, 153, 153);"><a moz-do-not-send="true"
href="http://www.itconcepts.net"><span style="font-family:
Arial;">www.itconcepts.net</span></a><br>
<br>
<a moz-do-not-send="true" href="http://www.itconcepts.net/"><img
src="cid:part2.730C59D7.F1D9ABBD@evolveum.com" alt=""
border="0"></a> <a moz-do-not-send="true"
href="http://www.itconcepts.net/index.php/about-cognitum"><img
src="cid:part4.2276912A.B5BE1E2F@evolveum.com" alt=""
border="0"></a><br>
Besuchen Sie uns auch auf <a moz-do-not-send="true"
href="http://www.xing.com/companies/itconceptsprofessionalgmbh/updates"><img
src="cid:part6.434DB4D4.F7FC734D@evolveum.com" alt=""
border="0"></a> <a moz-do-not-send="true"
href="http://www.linkedin.com/company/itconcepts"><img
src="cid:part8.2571D4E4.E2BA6537@evolveum.com" alt=""
border="0"></a></span></p>
<p><span style="font-size: 12px;"><span style="color: rgb(169,
169, 169);">Events mit ITConcepts<br>
10.-12. Oktober: SailPoint Navigate in Berlin. Mehr Infos </span><a
moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/86-sailpoint-navigate"><span
style="color: rgb(169, 169, 169);">hier</span></a><span
style="color: rgb(169, 169, 169);">.<br>
13. Oktober: Ping IDENTIFY in Frankfurt. <font face="Arial"><font
face="Arial"><font face="Arial">Mehr Infos </font></font></font></span><a
moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/89-ping-identify"><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">hier</font></font></font></span></a><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">.</font></font></font><br>
17. Oktober: <font face="Arial"><font face="Arial"><font
face="Arial">Internationaler Automobil Kongress in
Wolfsburg. Mehr Infos </font></font></font></span><a
moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/88-internationaler-automobil-kongress"><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">hier</font></font></font></span></a><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">.</font></font></font><br>
18.- 20. Oktober: it-sa, IT Security Messe in Nürnberg, Mehr
Infos </span><a moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/84-it-sa-2016"><span
style="color: rgb(169, 169, 169);">hier</span></a><span
style="color: rgb(169, 169, 169);">.<br>
18.- 20. Oktober: IZB in Wolfsburg, <font face="Arial"><font
face="Arial"><font face="Arial">Mehr Infos </font></font></font></span><a
moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/87-izb-internationale-zuliefererboerse"><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">hier</font></font></font></span></a><span
style="color: rgb(169, 169, 169);">.<br>
16.- 17. November: BMC Exchange in Mainz .<font face="Arial"><font
face="Arial"><font face="Arial">Mehr Infos </font></font></font></span><a
moz-do-not-send="true"
href="http://www.itconcepts.de/index.php/veranstaltungen/details/53-bmc-exchange-2016"><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">hier</font></font></font></span></a><span
style="color: rgb(169, 169, 169);"><font face="Arial"><font
face="Arial"><font face="Arial">.</font></font></font></span></span></p>
<p><span style="color: rgb(169, 169, 169);"><span
style="font-family: Arial;"><span style="font-size: small;">Trainings
von ITConcepts</span></span><br>
17. -21. Oktober: Öffentliches Training Dell One Identity
Manager 6.x - Basisschulung (</span><a moz-do-not-send="true"
href="http://tp://www.itconcepts.de/index.php/iam/dell-one-identity-manager-basisschulung"><span
style="color: rgb(0, 0, 255);">Kursinhalt</span></a><span
style="color: rgb(169, 169, 169);">)</span><br>
<br>
<span style="font-size: x-small;"><span style="font-family:
Arial;"><span style="color: rgb(153, 153, 153);">ITConcepts
Professional GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB
12947 - Ust-Id Nr: DE211482933<br>
ITConcepts Automotive GmbH Gf.: Sven Moog, Sitz Wolfsburg,
AG Braunschweig HRB 204188 - Ust-Id Nr: DE223888748<br>
ITConcepts Operations GmbH Gf.: Sven Moog, Sitz Bonn, AG
Bonn HRB 15454 - St.-Nr: 205/5726/0602</span></span></span></p>
<p><span style="font-size: x-small;"><span style="font-family:
Arial;"><span style="color: rgb(153, 153, 153);">Diese
E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind<br>
oder diese E-Mail irrtümlich erhalten haben, informieren
Sie bitte sofort den Absender und vernichten Sie diese
Mail.<br>
Das unerlaubte Kopieren sowie die unbefugte Weitergabe
dieser E-Mail sind nicht gestattet.</span></span></span></p>
<p><span style="font-size: x-small;"><span style="font-family:
Arial;"><span style="color: rgb(153, 153, 153);">This e-mail
may contain confidential and/or privileged information. If
you are not the intended recipient<br>
(or have received this e-mail in error) please notify the
sender immediately and destroy this e-mail.</span><br>
<span style="color: rgb(153, 153, 153);">Any unauthorised
copying, disclosure or distribution of the material in
this e-mail is strictly forbidden.</span></span></span></p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>