<div dir="ltr">Hi Martin, sorry for the delay on sharing the code.<div><br></div><div>Here is how it is working now (notice that we are using unbounded order, since that is how we needed in our model, it may need to be changed depending on you modelling):</div><div><br></div><div><b>Org:</b></div><div><b>-----</b></div><div><div style="font-size:12.8px"><org></div><div style="font-size:12.8px">...</div><div style="font-size:12.8px"> <name>MEGC</name></div></div><div style="font-size:12.8px">.....</div><div><div> <inducement id="2"></div><div> <targetRef oid="00000000-0000-1de4-0004-000000000010" type="RoleType"></targetRef></div><div> <orderConstraint></div><div> <orderMax>unbounded</orderMax></div><div> </orderConstraint></div><div> <focusType>UserType</focusType></div><div> <condition></div><div> <source></div><div> <path>$focusAssignment/extension/metaRelation</path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code>metaRelation == 'STUDENT'</code></div><div> </script></div><div> </expression></div><div> </condition></div><div> </inducement></div></div><div>....</div><div></org></div><div><br></div><div><b>Student Role:</b></div><div><b>------------------</b></div><div><b><br></b></div><div><role></div><div>...</div><div> <name>STUDENT</name><br></div><div><div> <inducement id="2"></div><div> <orderConstraint></div><div> <orderMax>unbounded</orderMax></div><div> </orderConstraint></div><div> <construction></div><div> <resourceRef oid="00000000-0000-1de4-0002-000000000002" type="c:ResourceType"></resourceRef></div><div> <kind>account</kind></div><div> </construction></div><div> </inducement></div></div><div>...</div><div></role></div><div><br></div><div><br></div><div>Regards</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Jorge Newbery 3226<br>Tel: +54 (11) 4552-3050<br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jan 3, 2017 at 3:25 PM, Martin Lízner - AMI Praha a.s. <span dir="ltr"><<a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Im glad that helped, would you mind sharing the code fragments? M.</div><div class="gmail_extra"><span class=""><br clear="all"><div><div class="m_-6321561562435089604gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: [+420] 737 745 571<br>e-mail: <a href="mailto:jmeno.prijmeni@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">2017-01-03 18:59 GMT+01:00 Martin Marchese <span dir="ltr"><<a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Martin,<div><br></div><div>We did that change to our Org-Role model and it worked.</div></div><div class="gmail_extra"><span><br clear="all"><div><div class="m_-6321561562435089604m_8956498311367677910gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Jorge Newbery 3226<br>Tel: <a href="tel:+54%2011%204552-3050" value="+541145523050" target="_blank">+54 (11) 4552-3050</a><br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div></div></div></div></div></div></div>
<br></span><div><div class="m_-6321561562435089604h5"><div class="gmail_quote">On Sat, Dec 31, 2016 at 6:22 AM, Martin Lízner - AMI Praha a.s. <span dir="ltr"><<a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, this is indeed very nice and advanced business logic.<div><br></div><div>I would suggest you try dropping the meta role completely and use organization to induce the logic. <span style="font-size:12.8px">If you need higher level of abstraction, you can imagine orgs (e.g. root) as meta roles and put logic there.</span></div><div><br></div><div>Something like<span style="font-size:12.8px"> (</span>but Im not sure how will <span style="font-size:12.8px">focusAssignment behave)</span>:</div><div><br></div><div><div style="font-size:12.8px"><b>Org XML:</b></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><span><div><org></div><div> <name>MEGC</name></div><div>...</div></span><div><span><div style="font-size:12.8px"> <inducement id="4"></div><div style="font-size:12.8px"> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000011" type="c:RoleType"></targetRef></div></span><span><div style="font-size:12.8px"> <focusType>UserType</focusType<wbr>></div><div style="font-size:12.8px"> <condition></div><div style="font-size:12.8px"> <source></div><div style="font-size:12.8px"> <c:path>$focusAssignment/exten<wbr>sion/metaRelation</c:path></div><div style="font-size:12.8px"> </source></div><div style="font-size:12.8px"> <expression></div><div style="font-size:12.8px"> <script></div><div style="font-size:12.8px"> <code>metaRelation == 'TEACHER'</code></div><div style="font-size:12.8px"> </script></div><div style="font-size:12.8px"> </expression></div><div style="font-size:12.8px"> </condition></div><div style="font-size:12.8px"> </inducement></div></span></div><div>...</div><div></org></div><div><br></div></div><div>Regards, M.</div></div><div class="gmail_extra"><br clear="all"><div><div class="m_-6321561562435089604m_8956498311367677910m_787470744313066090m_4797137835438593034gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: <a href="tel:+420%20737%20745%20571" value="+420737745571" target="_blank">[+420] 737 745 571</a><br>e-mail: <a href="mailto:jmeno.prijmeni@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: <a href="tel:+420%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote"><div><div class="m_-6321561562435089604m_8956498311367677910h5">2016-12-29 19:25 GMT+01:00 Martin Marchese <span dir="ltr"><<a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-6321561562435089604m_8956498311367677910h5"><div dir="ltr">Hi All,<div><br></div><div>We have a role model designed as it follows:</div><div><br></div><div>Users are assigned to an Org (the AssignmentType is extended with metaRelation attribute). This Org, has a Meta Role assigned.<br><br>Based on the value of the metaRelation attribute (STUDENT or TEACHER) the Meta Role induces a Role (order 2 inducement) to the user.</div><div><br></div><div>These induced roles have their own inducements, to resources (OpenLDAP, google apps, office 365, etc).</div><div><br></div><div>Once a user is assigned to an Org, it receives the inderect assignment based on the metaRelation attribute value. However, it's not receiving the resource inducements, hence, the accounts are not being created in the resources.</div><div><br></div><div>Any idea if this is normal behavior or if we are missing something? </div><div><br></div><div>Below are examples of how our objects look like.</div><div><br></div><div><b>Org XML:</b></div><div><br></div><div><div><org></div><div> <name>MEGC</name></div><div>...</div><div> <assignment id="1"></div><div> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000099" type="c:RoleType"></targetRef></div><div> </assignment></div><div>...</div><div></org></div></div><div><br></div><div><b>Meta Role XML:</b></div><div><br></div><div><div><role></div><div> <name>META_ROLE</name></div><div> ...</div><div> <inducement id="4"></div><div> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000011" type="c:RoleType"></targetRef></div><div> <order>2</order></div><div> <focusType>UserType</focusType<wbr>></div><div> <condition></div><div> <source></div><div> <c:path>$focusAssignment/exten<wbr>sion/metaRelation</c:path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code>metaRelation == 'TEACHER'</code></div><div> </script></div><div> </expression></div><div> </condition></div><div> </inducement></div><div>...</div><div></role></div></div><div><br></div><div><b>Induced Role:</b></div><div><br></div><div><div><role></div><div> <name>TEACHER</name></div><div>...</div><div> <inducement id="1"></div><div> <construction></div><div> <resourceRef oid="00000000-0000-1de4-0002-0<wbr>00000000002" type="c:ResourceType"></resour<wbr>ceRef></div><div> <kind>account</kind></div><div> </construction></div><div> </inducement></div><div>...</div><div></role></div></div><div><br></div><div>Thanks in Advance</div><div><br></div><div><div><div class="m_-6321561562435089604m_8956498311367677910m_787470744313066090m_4797137835438593034m_8624053858543491069gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Jorge Newbery 3226<br>Tel: <a href="tel:+54%2011%204552-3050" value="+541145523050" target="_blank">+54 (11) 4552-3050</a><br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div></div></div></div></div></div></div>
</div></div>
<br></div></div>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div></div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>