<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Peter,</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 03/20/2017 10:13 PM, Peter Healy
wrote:<br>
</div>
<blockquote
cite="mid:CADnbc=xL53zKYwEo3fa=KuGVr-nVcj2b2-yt_jUS2rq3WCKbAg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ivan,
<div>In my use case we have an application that's configured to
use an LDAP search base in a particular part of the tree to
authenticate all users ex. uid=usercn=users,o=dev,dc=...</div>
<div>Rather than having test users in cn=users,o=test, dc=...</div>
<div><br>
</div>
<div>We have uid=user-test,cn=user,o=dev,dc=...</div>
<div>or uid=user1,cn=user,o=dev,dc=...</div>
<div><br>
</div>
</div>
</blockquote>
<br>
If you must keep all accounts in the same tree, then yes, you need
to modify the DN for the test intent (also maybe for different
attributes, such as cn, uid etc.)<br>
<br>
<blockquote
cite="mid:CADnbc=xL53zKYwEo3fa=KuGVr-nVcj2b2-yt_jUS2rq3WCKbAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>So what I was originally thinking to do is for the "test"
intent to generate the uid=user1...,cn=users,o=dev...</div>
<div>Automatically with the schema handler iteration tokens. </div>
<div>But that didn't seem to be the case, what actually triggers
the iteration token to create a new DN?</div>
</div>
</blockquote>
<br>
The iteration token (by default number starting with 1,2,...) is
automatically added when midPoint detects AlreadyExistsException.
This also assumes you have configured <objectSynchronization>
for (both) intent(s) so that midPoint is able to correlate existing
accounts automatically if this occurs.<br>
<br>
<blockquote
cite="mid:CADnbc=xL53zKYwEo3fa=KuGVr-nVcj2b2-yt_jUS2rq3WCKbAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Instead I added the following to the schema handler for
ri:dn and the "test" intent which seems to be working OK for
me when adding the "test" intent to a role and adding the role
to a user:</div>
<div>
<div><script></div>
<div> <code></div>
<div>'uid=' + name + '-test' + iterationToken +
',cn=users,o=dev,dc=...'</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></code></div>
<div></script></div>
</div>
</div>
</blockquote>
<br>
Yes, that's what you need. But also you may need to create
corresponding "uid" attribute value unless your directory server
does this automatically. (See please our ldap samples, there might
be differences between AD, OpenLDAP etc. Or ask in later emails.)<br>
Also be sure to have <objectSynchronization> for both intents
including conditions - so that midPoint "knows" for existing
accounts, what's their intent. If you are unable to find anything in
our samples related to this, please ask and I will try to paste some
sample fragment from our official training at least.<br>
<br>
<br>
<blockquote
cite="mid:CADnbc=xL53zKYwEo3fa=KuGVr-nVcj2b2-yt_jUS2rq3WCKbAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>and I got a second LDAP account with user-test. </div>
<div><br>
</div>
<div>This seems to be fine but, is there another way to do this?
Would you recommend something different?</div>
</div>
</blockquote>
<br>
It's probably OK, if you cannot distinguish using suffix/tree, using
attribute or DN naming convention is very fine. Just be sure to have
also the objectSynchronization settings.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<blockquote
cite="mid:CADnbc=xL53zKYwEo3fa=KuGVr-nVcj2b2-yt_jUS2rq3WCKbAg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div>Peter<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Mar 20, 2017 at 12:33 PM, <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com"
target="_blank">midpoint-request@lists.evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Send midPoint mailing
list submissions to<br>
<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web,
visit<br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
or, via email, send a message with subject or body
'help' to<br>
<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a><br>
<br>
You can reach the person managing the list at<br>
<a moz-do-not-send="true"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.evolveum.<wbr>com</a><br>
<br>
When replying, please edit your Subject line so it is
more specific<br>
than "Re: Contents of midPoint digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. JMS based workflow configuration (Prabhakara Rao
Doddapaneni)<br>
2. Re: Add a second LDAP account to resource for user
(Error:<br>
already contains account of type 'default' on
resource) (Peter Healy)<br>
3. Re: Add a second LDAP account to resource for user
(Error:<br>
already contains account of type 'default' on
resource) (Ivan Noris)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Mon, 20 Mar 2017 15:29:20 +0000 (UTC)<br>
From: Prabhakara Rao Doddapaneni <<a
moz-do-not-send="true" href="mailto:dp_rao@yahoo.com">dp_rao@yahoo.com</a>><br>
To: "<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>"
<<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
Subject: [midPoint] JMS based workflow configuration<br>
Message-ID: <<a moz-do-not-send="true"
href="mailto:1407184618.3744599.1490023760210@mail.yahoo.com">1407184618.3744599.<wbr>1490023760210@mail.yahoo.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Is this something new I am trying to do with midPoint?<br>
<br>
Date: Mon, 6 Mar 2017 19:30:26 +0000 (UTC)<br>
From: Prabhakara Rao Doddapaneni <<a
moz-do-not-send="true" href="mailto:dp_rao@yahoo.com">dp_rao@yahoo.com</a>><br>
To: "<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>"
<<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>><br>
Subject: [midPoint] JMS based workflow configuration<br>
Message-ID: <<a moz-do-not-send="true"
href="mailto:1001644321.2237664.1488828626312@mail.yahoo.com">1001644321.2237664.<wbr>1488828626312@mail.yahoo.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
One of my resources cannot be configured to respond to
sync poll. I plan to send a message in JMS Q so that
midpoint can listen to that message and reconcile/add
the user into repository. What is the ideal solution to
achieve this? has anybody come across this situation?<br>
Thanks,Prabhakar.<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="http://lists.evolveum.com/pipermail/midpoint/attachments/20170320/b890a3fc/attachment-0001.html"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>pipermail/midpoint/<wbr>attachments/20170320/b890a3fc/<wbr>attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 20 Mar 2017 12:03:55 -0400<br>
From: Peter Healy <<a moz-do-not-send="true"
href="mailto:phealy3330@gmail.com">phealy3330@gmail.com</a>><br>
To: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject: Re: [midPoint] Add a second LDAP account to
resource for user<br>
(Error: already contains account of type
'default' on resource)<br>
Message-ID:<br>
<CADnbc=zAa2oqXDnH0RnyM=<a
moz-do-not-send="true"
href="mailto:inAgqSwJcf76Ybc9E%2BADKoy-rmNg@mail.gmail.com">inAgqS<wbr>wJcf76Ybc9E+ADKoy-rmNg@mail.<wbr>gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi Ivan,<br>
I added a role object as described in example 2 with the
OID of the<br>
resource I need to add a test account to, when I add
that role to a user it<br>
does come computation and comes back with success but
the user still only<br>
has the 1 default projection assigned.<br>
<br>
I was able to navigate back in the browser history and
it looks like it<br>
assigns the existing shadow on the resource to the
"test" intent along with<br>
the "default" intent<br>
<br>
Activity Status Resource object (if applicable)<br>
Computing projections of the focus object<br>
Operation on focus object (repository)<br>
Account (default) on AWS DEV OpenLDAP<br>
uid=Testuser6,cn=users,o=dev,<wbr>dc=odhsolutions,dc=com<br>
Account (test) on AWS DEV OpenLDAP<br>
uid=Testuser6,cn=users,o=dev,<wbr>dc=odhsolutions,dc=com<br>
Considering or starting approval workflows<br>
<br>
Is there a way I can specify the uid for the second
account or have it<br>
follow some kind of iteration rule?<br>
<br>
Thanks again,<br>
Peter<br>
<br>
On Mon, Mar 20, 2017 at 10:32 AM, <<a
moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a>><br>
wrote:<br>
<br>
> Send midPoint mailing list submissions to<br>
> <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
><br>
> To subscribe or unsubscribe via the World Wide Web,
visit<br>
> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
> or, via email, send a message with subject or body
'help' to<br>
> <a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a><br>
><br>
> You can reach the person managing the list at<br>
> <a moz-do-not-send="true"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.evolveum.<wbr>com</a><br>
><br>
> When replying, please edit your Subject line so it
is more specific<br>
> than "Re: Contents of midPoint digest..."<br>
><br>
><br>
> Today's Topics:<br>
><br>
> 1. Re: Add a second LDAP account to resource for
user (Error:<br>
> already contains account of type 'default' on
resource) (Ivan Noris)<br>
><br>
><br>
> ------------------------------<wbr>------------------------------<wbr>----------<br>
><br>
> Message: 1<br>
> Date: Mon, 20 Mar 2017 15:31:36 +0100<br>
> From: Ivan Noris <<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
> To: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
> Subject: Re: [midPoint] Add a second LDAP account
to resource for user<br>
> (Error: already contains account of type
'default' on resource)<br>
> Message-ID: <<a moz-do-not-send="true"
href="mailto:fc626f42-1372-8fd9-79fa-1fcd09f8cef8@evolveum.com">fc626f42-1372-8fd9-79fa-<wbr>1fcd09f8cef8@evolveum.com</a>><br>
> Content-Type: text/plain; charset="utf-8"<br>
><br>
> Hi Peter,<br>
><br>
> GUI currently cannot use Add projection for
other-than-default intents.<br>
><br>
> But it's very easy to create a role:<br>
><br>
> Example 1: role to create default account on
resource with given oid<br>
><br>
><br>
> <role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
> xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/</a><br>
> common/common-3"<br>
><br>
> xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a>"><br>
> <name>CSV-1 Default account</name><br>
> <description><br>
> This role assigns CSV-1 (Simulated App 1)
resource and creates a<br>
> test account.<br>
> </description><br>
> <inducement><br>
> <construction><br>
> <!-- The c: prefix in type must be
there due to a JAXB bug --><br>
> <resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
> type="c:ResourceType"/><br>
> <kind>account</kind><br>
> </construction><br>
> </inducement><br>
> </role><br>
><br>
> Example 2: role to create account with intent test
on resource with<br>
> given oid<br>
><br>
> <role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
> xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a>"<br>
> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/</a><br>
> common/common-3"<br>
><br>
> xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a>"><br>
> <name>CSV-1 Tester</name><br>
> <description><br>
> This role assigns CSV-1 (Simulated App 1)
resource and creates a<br>
> test account.<br>
> </description><br>
> <inducement><br>
> <construction><br>
> <!-- The c: prefix in type must be
there due to a JAXB bug --><br>
> <resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
> type="c:ResourceType"/><br>
> <kind>account</kind><br>
> <intent>test</intent><br>
> </construction><br>
> </inducement><br>
> </role><br>
><br>
> Then just add one or both roles to your user in
midpoint and the<br>
> corresponding account(s) should be created. Just be
sure to use your<br>
> resource oid and correct intent.<br>
><br>
> Regards,<br>
><br>
> Ivan<br>
><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="http://lists.evolveum.com/pipermail/midpoint/attachments/20170320/a91ed915/attachment-0001.html"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>pipermail/midpoint/<wbr>attachments/20170320/a91ed915/<wbr>attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Mon, 20 Mar 2017 17:33:42 +0100<br>
From: Ivan Noris <<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
To: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject: Re: [midPoint] Add a second LDAP account to
resource for user<br>
(Error: already contains account of type
'default' on resource)<br>
Message-ID: <<a moz-do-not-send="true"
href="mailto:57fd8bd1-c8b1-dd43-4e0d-160e16127afb@evolveum.com">57fd8bd1-c8b1-dd43-4e0d-<wbr>160e16127afb@evolveum.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi Peter,<br>
<br>
If you add both roles to the same user and you have
correct resourceRef<br>
oid and the name of the intent, midPoint should use the
correct schema<br>
handling configurations for both accounts and both
should be created.<br>
The schema handling also specified how the accounts
names (DN) are<br>
constructed.<br>
<br>
But wait a minute. It looks like *both* your accounts
are configured to<br>
have the *same DN*<br>
(***uid=Testuser6,cn=users,o=<wbr>dev,dc=odhsolutions,dc=com*).
This can't<br>
be, the test account must have different identifier.
Either change the<br>
suffix (like cn=test instead of cn=users for the testing
accounts) or<br>
something like that.<br>
<br>
So fix your icfs:name (ri:dn) mapping in the schema
handling for the<br>
"test" intent and try again.<br>
<br>
Regards,<br>
<br>
Ivan<br>
<br>
<br>
On 03/20/2017 05:03 PM, Peter Healy wrote:<br>
> Hi Ivan,<br>
> I added a role object as described in example 2
with the OID of the<br>
> resource I need to add a test account to, when I
add that role to a<br>
> user it does come computation and comes back with
success but the user<br>
> still only has the 1 default projection assigned.<br>
><br>
> I was able to navigate back in the browser history
and it looks like<br>
> it assigns the existing shadow on the resource to
the "test" intent<br>
> along with the "default" intent<br>
><br>
> ActivityStatusResource object (if applicable)<br>
> Computing projections of the focus object<br>
> Operation on focus object (repository)<br>
> Account (default) on AWS DEV<br>
> OpenLDAPuid=Testuser6,cn=<wbr>users,o=dev,dc=odhsolutions,<wbr>dc=com<br>
> Account (test) on AWS DEV<br>
> OpenLDAPuid=Testuser6,cn=<wbr>users,o=dev,dc=odhsolutions,<wbr>dc=com<br>
> Considering or starting approval workflows<br>
> Is there a way I can specify the uid for the second
account or have it<br>
> follow some kind of iteration rule?<br>
> Thanks again,<br>
> Peter<br>
><br>
> On Mon, Mar 20, 2017 at 10:32 AM, <<a
moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@<wbr>lists.evolveum.com</a>>>
wrote:<br>
><br>
> Send midPoint mailing list submissions to<br>
> <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.<wbr>evolveum.com</a>><br>
><br>
> To subscribe or unsubscribe via the World Wide
Web, visit<br>
> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
> <<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>><br>
> or, via email, send a message with subject or
body 'help' to<br>
> <a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.<wbr>evolveum.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@<wbr>lists.evolveum.com</a>><br>
><br>
> You can reach the person managing the list at<br>
> <a moz-do-not-send="true"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.evolveum.<wbr>com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.<wbr>evolveum.com</a>><br>
><br>
> When replying, please edit your Subject line so
it is more specific<br>
> than "Re: Contents of midPoint digest..."<br>
><br>
><br>
> Today's Topics:<br>
><br>
> 1. Re: Add a second LDAP account to resource
for user (Error:<br>
> already contains account of type
'default' on resource)<br>
> (Ivan Noris)<br>
><br>
><br>
> ------------------------------<wbr>------------------------------<wbr>----------<br>
><br>
> Message: 1<br>
> Date: Mon, 20 Mar 2017 15:31:36 +0100<br>
> From: Ivan Noris <<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.<wbr>com</a>>><br>
> To: <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.<wbr>evolveum.com</a>><br>
> Subject: Re: [midPoint] Add a second LDAP
account to resource for user<br>
> (Error: already contains account of
type 'default' on<br>
> resource)<br>
> Message-ID: <<a moz-do-not-send="true"
href="mailto:fc626f42-1372-8fd9-79fa-1fcd09f8cef8@evolveum.com">fc626f42-1372-8fd9-79fa-<wbr>1fcd09f8cef8@evolveum.com</a><br>
> <mailto:<a moz-do-not-send="true"
href="mailto:fc626f42-1372-8fd9-79fa-1fcd09f8cef8@evolveum.com">fc626f42-1372-8fd9-<wbr>79fa-1fcd09f8cef8@evolveum.com</a><wbr>>><br>
> Content-Type: text/plain; charset="utf-8"<br>
><br>
> Hi Peter,<br>
><br>
> GUI currently cannot use Add projection for
other-than-default<br>
> intents.<br>
><br>
> But it's very easy to create a role:<br>
><br>
> Example 1: role to create default account on
resource with given oid<br>
><br>
><br>
> <role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
><br>
> xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/common/common-3</a>><wbr>"<br>
><br>
> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/common/common-3</a>><wbr>"<br>
><br>
> xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/resource/<wbr>instance-3</a>>"><br>
> <name>CSV-1 Default
account</name><br>
> <description><br>
> This role assigns CSV-1 (Simulated App 1)
resource and creates a<br>
> test account.<br>
> </description><br>
> <inducement><br>
> <construction><br>
> <!-- The c: prefix in type must
be there due to a JAXB<br>
> bug --><br>
> <resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
> type="c:ResourceType"/><br>
>
<kind>account</kind><br>
> </construction><br>
> </inducement><br>
> </role><br>
><br>
> Example 2: role to create account with intent
test on resource with<br>
> given oid<br>
><br>
> <role oid="2dfa0d20-3263-11e6-838d-<wbr>3c970e44b9e2"<br>
><br>
> xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/common/common-3</a>><wbr>"<br>
><br>
> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>common/common-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/common/common-3</a>><wbr>"<br>
><br>
> xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.<wbr>evolveum.com/xml/ns/public/<wbr>resource/instance-3</a><br>
> <<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
rel="noreferrer" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/resource/<wbr>instance-3</a>>"><br>
> <name>CSV-1 Tester</name><br>
> <description><br>
> This role assigns CSV-1 (Simulated App 1)
resource and creates a<br>
> test account.<br>
> </description><br>
> <inducement><br>
> <construction><br>
> <!-- The c: prefix in type must
be there due to a JAXB<br>
> bug --><br>
> <resourceRef
oid="10000000-9999-9999-0000-<wbr>a000ff000002"<br>
> type="c:ResourceType"/><br>
>
<kind>account</kind><br>
>
<intent>test</intent><br>
> </construction><br>
> </inducement><br>
> </role><br>
><br>
> Then just add one or both roles to your user in
midpoint and the<br>
> corresponding account(s) should be created.
Just be sure to use your<br>
> resource oid and correct intent.<br>
><br>
> Regards,<br>
><br>
> Ivan<br>
><br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> midPoint mailing list<br>
> <a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
--<br>
Ivan Noris<br>
Senior Identity Engineer<br>
<a moz-do-not-send="true" href="http://evolveum.com"
rel="noreferrer" target="_blank">evolveum.com</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="http://lists.evolveum.com/pipermail/midpoint/attachments/20170320/236a6297/attachment.html"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>pipermail/midpoint/<wbr>attachments/20170320/236a6297/<wbr>attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
<br>
------------------------------<br>
<br>
End of midPoint Digest, Vol 59, Issue 116<br>
******************************<wbr>***********<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>