<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
        {margin-top:0;
        margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Hi Mikko,</p>
<p><br>
</p>
<p>I have done more or less the same thing with groups.</p>
<p>I had an existing Domain with users and groups.</p>
<p><br>
</p>
<p>I created a custom attribute ADRoles and important the membership to that attribute.</p>
<p>In the default intent I created a little script that read the values in that attribute and assigned them to existing roles that were imported, but if the role didn't exists it was created.</p>
<p><br>
</p>
<p>You could do the same thing with organisations.</p>
<p>Create Organizational Units for the organisations with the ID and the name is the displayname.</p>
<p>During Reconcile the users are created only once and the organisation ID's are collected in the User attribute and assigned to the Organisational Unit it will lookup.</p>
<p><br>
</p>
<p>Hope this is an interesting way?</p>
<p><br>
</p>
<p>Thanks,</p>
<p><br>
</p>
<p>Dick</p>
</div>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;white-space:normal;"><br /><table cellpadding="0" cellspacing="0" border="0" style="background-color:#FFFFFF;border-collapse:collapse;font-size:0;line-height:16.88px;"><tr><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="border-top:none;border-right:solid 2px #124A7D;border-bottom:none;border-left:none;padding:0 10px 0 0;vertical-align:middle;line-height:normal;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image534000.png@63ED0149.546A0D4C" width="96" height="51" border="0" alt="" style="min-width:96px;font-size:0;" /></a></td><td align="left" style="padding:10px 0 10px 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:13.5px;color:#606060;font-style:normal;font-weight:bold;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Dick Muller</td></tr><tr style="font-size:12px;color:#808080;line-height:15px;"><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Senior Systems Engineer</td></tr></table></td></tr><tr style="line-height:15px;white-space:nowrap;"><td align="left" style="padding:5px 0 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">P: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="tel:0031%208%2082682586" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">0031 8 82682586</strong></a></td><td align="left" style="vertical-align:top;text-align:left;color:#808080;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"> | </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">M: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="tel:0031%206%2046477690" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">0031 6 46477690</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">E: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="mailto:dick.muller@tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">dick.muller@tahzoo.com</strong></a></td><td align="left" style="vertical-align:top;text-align:left;color:#808080;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"> | </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">W: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">www.tahzoo.com</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">A: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="https://www.google.com/maps/place/Delftechpark+37,+2628+XJ+Delft,+Netherlands/@51.997531,4.3824845,17z/data=!3m1!4b1!4m5!3m4!1s0x47c5b589ec2c237b:0x22b6e5d15befb3d5!8m2!3d51.997531!4d4.3846732" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">Delftechpark 37I, 2628 XJ Delft, Netherlands</strong></a></td></tr></table></td></tr></table></td></tr><tr style="line-height:normal;"><td align="left" style="vertical-align:top;"><map id="map_cc63516f-8f45-4371-9749-f18c11d0cfa1" name="map_cc63516f-8f45-4371-9749-f18c11d0cfa1"><area shape="rect" coords="0,0,16,16" href="https://nl.linkedin.com/in/dickmuller" alt="LinkedIn" title="LinkedIn" target="_blank" /><area shape="rect" coords="19,0,35,16" href="skype:dick-muller?chat" alt="Skype" title="Skype" target="_blank" /><area shape="rect" coords="38,0,54,16" href="http://www.twitter.com/MullerDick" alt="Twitter" title="Twitter" target="_blank" /></map><img usemap="#map_cc63516f-8f45-4371-9749-f18c11d0cfa1" src="cid:image965001.png@2168AC16.C434FB46" width="57" height="16" border="0" alt="" style="min-width:57px;font-size:0;" /></td></tr></table></td></tr></table></td></tr></table><br /></div><hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>Van:</b> midPoint <midpoint-bounces@lists.evolveum.com> namens Mikko Pekkarinen <mikko.pekkarinen@datactica.fi><br>
<b>Verzonden:</b> dinsdag 20 december 2016 09:36:22<br>
<b>Aan:</b> midpoint@lists.evolveum.com<br>
<b>Onderwerp:</b> [midPoint] Synchronize multiple accounts per user?</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hello,<br>
<br>
Use case: A resource maintains user accounts and organization information. I need to synchronize these to midPoint.<br>
The user accounts are associated to the organizations, and one person may have an account in multiple organizations.<br>
The accounts have an ID field that uniquely identifies the person who owns the account, and I use this ID to correlate the accounts to midPoint Users. Straigthforward synchronization leads to constraint violation exceptions, as the different accounts have same
 (resource, kind, intent).<br>
<br>
I can see some possible solutions:<br>
 - Writing a script that creates N copies of the resource configuration, with different 'intent' values.<br>
   This is ugly, possibly inefficient, and limits the maximum number of accounts per user.<br>
 - Create a separate User in midPoint for each account.<br>
   Feels wrong. Seems simple in the short term, but leads at least to usability problems.<br>
   Probably other problems as well?<br>
<br>
Are there better choices or any best practices for this situation?<br>
Would the new "identity merging" feature help, i.e. can it merge Users whose shadows have identical<br>
(resource, kind, intent)?<br>
<br>
<br>
Mikko<br>
_______________________________________________<br>
midPoint mailing list<br>
midPoint@lists.evolveum.com<br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</span></font>
</body>
</html>