<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Peter,</p>
<p>If you add both roles to the same user and you have correct
resourceRef oid and the name of the intent, midPoint should use
the correct schema handling configurations for both accounts and
both should be created. The schema handling also specified how the
accounts names (DN) are constructed.</p>
<p>But wait a minute. It looks like <b>both</b> your accounts are
configured to have the <b>same DN</b> (<b><span class="gmail-Apple-tab-span" style="white-space:pre"></span></b><b>uid=Testuser6,cn=users,o=dev,dc=odhsolutions,dc=com</b>).
This can't be, the test account must have different identifier.
Either change the suffix (like cn=test instead of cn=users for the
testing accounts) or something like that.</p>
<p>So fix your icfs:name (ri:dn) mapping in the schema handling for
the "test" intent and try again.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 03/20/2017 05:03 PM, Peter Healy
wrote:<br>
</div>
<blockquote
cite="mid:CADnbc=zAa2oqXDnH0RnyM=inAgqSwJcf76Ybc9E+ADKoy-rmNg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ivan,
<div>I added a role object as described in example 2 with the
OID of the resource I need to add a test account to, when I
add that role to a user it does come computation and comes
back with success but the user still only has the 1 default
projection assigned. </div>
<div><br>
</div>
<div>I was able to navigate back in the browser history and it
looks like it assigns the existing shadow on the resource to
the "test" intent along with the "default" intent</div>
<div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">
<div class="gmail_extra">Activity<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Status<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Resource
object (if applicable)</div>
<div class="gmail_extra">Computing projections of the focus
object<span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
<div class="gmail_extra">Operation on focus object
(repository)<span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
<div class="gmail_extra">Account (default) on AWS DEV
OpenLDAP<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>uid=Testuser6,cn=users,o=dev,dc=odhsolutions,dc=com</div>
<div class="gmail_extra">Account (test) on AWS DEV OpenLDAP<span class="gmail-Apple-tab-span" style="white-space:pre"> </span>uid=Testuser6,cn=users,o=dev,dc=odhsolutions,dc=com</div>
<div class="gmail_extra">Considering or starting approval
workflows<span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
<div class="gmail_extra"><span class="gmail-Apple-tab-span" style="white-space:pre">
</span></div>
<div class="gmail_extra"><span class="gmail-Apple-tab-span" style="white-space:pre">Is there a way I can specify the uid for the second account or have it follow some kind of iteration rule? </span></div>
<div class="gmail_extra"><span class="gmail-Apple-tab-span" style="white-space:pre">
</span></div>
<div class="gmail_extra"><span class="gmail-Apple-tab-span" style="white-space:pre">Thanks again,</span></div>
<div class="gmail_extra"><span class="gmail-Apple-tab-span" style="white-space:pre">Peter </span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Mar 20, 2017 at 10:32 AM, <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com"
target="_blank">midpoint-request@lists.evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Send midPoint mailing
list submissions to<br>
<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web,
visit<br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
or, via email, send a message with subject or body
'help' to<br>
<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a><br>
<br>
You can reach the person managing the list at<br>
<a moz-do-not-send="true"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.evolveum.<wbr>com</a><br>
<br>
When replying, please edit your Subject line so it is
more specific<br>
than "Re: Contents of midPoint digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Add a second LDAP account to resource for user
(Error:<br>
already contains account of type 'default' on
resource) (Ivan Noris)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Mon, 20 Mar 2017 15:31:36 +0100<br>
From: Ivan Noris <<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
To: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject: Re: [midPoint] Add a second LDAP account to
resource for user<br>
(Error: already contains account of type
'default' on resource)<br>
Message-ID: <<a moz-do-not-send="true"
href="mailto:fc626f42-1372-8fd9-79fa-1fcd09f8cef8@evolveum.com">fc626f42-1372-8fd9-79fa-<wbr>1fcd09f8cef8@evolveum.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi Peter,<br>
<br>
GUI currently cannot use Add projection for
other-than-default intents.<br>
<br>
But it's very easy to create a role:<br>
<br>
Example 1: role to create default account on resource
with given oid<br>
<br>
<br>
<role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
<br>
xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a>"><br>
<name>CSV-1 Default account</name><br>
<description><br>
This role assigns CSV-1 (Simulated App 1) resource
and creates a<br>
test account.<br>
</description><br>
<inducement><br>
<construction><br>
<!-- The c: prefix in type must be there
due to a JAXB bug --><br>
<resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
type="c:ResourceType"/><br>
<kind>account</kind><br>
</construction><br>
</inducement><br>
</role><br>
<br>
Example 2: role to create account with intent test on
resource with<br>
given oid<br>
<br>
<role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
<br>
xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a>"><br>
<name>CSV-1 Tester</name><br>
<description><br>
This role assigns CSV-1 (Simulated App 1) resource
and creates a<br>
test account.<br>
</description><br>
<inducement><br>
<construction><br>
<!-- The c: prefix in type must be there
due to a JAXB bug --><br>
<resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
type="c:ResourceType"/><br>
<kind>account</kind><br>
<intent>test</intent><br>
</construction><br>
</inducement><br>
</role><br>
<br>
Then just add one or both roles to your user in midpoint
and the<br>
corresponding account(s) should be created. Just be sure
to use your<br>
resource oid and correct intent.<br>
<br>
Regards,<br>
<br>
Ivan<br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>