<div dir="ltr"><div><div><div><div><div><div><div>Hi Aaron,<br><br><br></div>I think a good start is to study and understand everthing that is configured in the Midpoint Demo application: <a target="_blank" href="https://demo.evolveum.com/midpoint">https://demo.evolveum.com/<wbr>midpoint</a>. At least, it worked for me.<br></div><br></div>When logged in the application:<br><br></div>1. try to see how the resources where configured (option configuration->repository objects (left side menu) -> resources (combo in the top right of page); <br><br></div>2. Explore the <a id="gmail-idc6"><span>LDAP Server (OpenLDAP) over new LDAPConn.<span style="color:rgb(0,0,0)"><span style="background-color:rgb(0,0,0)"><span style="background-color:rgb(238,238,238)"><span> resource</span></span></span></span><span style="background-color:rgb(238,238,238)"><span></span></span><font color="#000000">. Pay attention to the snippet:<br><br></font></span><span style="color:rgb(0,0,0)"> <association><br> <c:ref>ri:ldapGroups</c:ref><br> <displayName>Group Membership</displayName><br> <matchingRule xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule><br> <tolerant>true</tolerant><br> <kind>entitlement</kind><br> <intent>group</intent><br> <intent>ldapProject</intent><br> <direction>objectToSubject</direction><br> <associationAttribute>ri:member</associationAttribute><br> <valueAttribute>ri:dn</valueAttribute><br> <explicitReferentialIntegrity>true</explicitReferentialIntegrity><br> </association></span><br><span style="color:rgb(0,0,0)"><br></span></a></div><div><a id="gmail-idc6"><span style="color:rgb(0,0,0)">It tells us how to deal with role association in the ldap structure;<br><br></span></a></div><a id="gmail-idc6">3. <span style="color:rgb(0,0,0)">Also see (in the same combo) the configuration of the role</span> <span class="gmail-page-title">LDAP Projects MetaRole. <span style="color:rgb(0,0,0)">There you will see how the association is managed by the role definition.</span><br><br><br></span></a></div><a id="gmail-idc6"><span class="gmail-page-title"><span style="color:rgb(0,0,0)">4. Here (in the resource definition) is the code where Midpoint deals with nested organizations:</span><br></span></a><div><a id="gmail-idc6"><span class="gmail-page-title"><br> <span style="color:rgb(0,0,0)"> <schemaHandling><br> <objectType><br> <kind>generic</kind><br> <intent>ou</intent><br> <displayName>Organizational Unit</displayName><br> <objectClass>ri:organizationalUnit</objectClass><br> <attribute><br> <c:ref>ri:dn</c:ref><br> <matchingRule xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule><br> <outbound><br> <source><br> <c:path>$focus/name</c:path><br> </source><br> <expression><br> <script><br> <code><br><br> import javax.naming.ldap.Rdn<br> import javax.naming.ldap.LdapName<br> import com.evolveum.midpoint.xml.ns._public.common.common_3.*;<br><br> dn = new LdapName('ou=Orgs,dc=example,dc=com')<br> parents = new ArrayList()<br> currentOrg = focus<br> while (currentOrg != null) {<br> parents.add(currentOrg)<br> // see com.evolveum.midpoint.model.impl.expr.MidpointFunctionsImpl<br> currentOrg = midpoint.getParentOrgByOrgType(currentOrg, 'functional')<br> }<br><br> log.info("parents = {}", parents)<br></span></span><br><span class="gmail-page-title"></span></a> for (int i = parents.size() -1 ; i >= 0; i--) {<br> dn.add(new Rdn('ou', parents.get(i).name.toString()))<br> }<a id="gmail-idc6"><span class="gmail-page-title"><span style="color:rgb(0,0,0)"> currentOrg = focus</span><br> while (currentOrg != null) {<br> parents.add(currentOrg)<br> // see com.evolveum.midpoint.model.impl.expr.MidpointFunctionsImpl<br> currentOrg = midpoint.getParentOrgByOrgType(currentOrg, 'functional')<br> }<br><br> log.info("parents = {}", parents)<br></span></a><br><br> <a href="http://log.info">log.info</a>("dn = {}", dn)<br><br> return dn.toString();<br><br> </code><br> </script><br> </expression><br> </outbound><br> </attribute><br> <attribute><br> <c:ref>ri:ou</c:ref><br> <matchingRule xmlns:mr="<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>">mr:stringIgnoreCase</matchingRule><br> </attribute><br> </objectType><br><br><br></div><div><a id="gmail-idc6"><span class="gmail-page-title"><font color="#000000">I hope it may help you.<br><br><br></font></span></a></div><div><a id="gmail-idc6"><span class="gmail-page-title"><font color="#000000">Carlos<br></font></span></a></div><div><div><a id="gmail-idc6"><span><span style="color:rgb(0,0,0)"><span style="background-color:rgb(0,0,0)"><span style="background-color:rgb(0,0,0)"><span></span></span><span style="background-color:rgb(255,255,255)"><span></span></span> <span style="background-color:rgb(238,238,238)"><span></span></span></span></span></span></a></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-12-14 23:29 GMT-02:00 Aaron Hiniker <span dir="ltr"><<a href="mailto:hindog@gmail.com" target="_blank">hindog@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I have OpenDJ running and midpoint running on a mysql store and now I want to configure a sample application. I see many different configuration files included in the distribution, but it’s very confusing to understand what exactly I need to do and which ones to include. For example, there is <font face="monospace, monospace">ldap-deeply-hierarchal</font> folder with 3 config files. I tried to import those files, along with some of the configs from the <font face="monospace, monospace">common </font><font face="arial, helvetica, sans-serif">folder and when I try to assign a user to the “Org Metarule”, I get this error:</font></div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><span style="color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Unsatisfied strict dependency of account Discr(RSD(entitlement (group) @10000000-0000-0000-0000-<wbr>000000000003)) dependent on Discr(RSD(generic (ou) @10000000-0000-0000-0000-<wbr>000000000003)): Account not provisioned</span></div></div></blockquote><div><span style="color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><br></span></div><div><font face="arial, helvetica, sans-serif">I don’t know how to decipher what the problem is, “Account not provisioned” isn’t helpful to me since I have no idea WHY it’s not provisioned. </font><span style="font-family:arial,helvetica,sans-serif">Is there a documentation page that would walk me through how to spin up a nested org/group demo from soup-to-nuts that doesn</span><font face="arial, helvetica, sans-serif">’t require me to know every detail of the individual configuration objects/steps involved?</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Thanks,</font></div><div><font face="arial, helvetica, sans-serif"><br></font></div><div><font face="arial, helvetica, sans-serif">Aaron</font></div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>