<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Thank you to both Ivan and
Gustáv!<br>
<br>
Now I understand that I can add multiple inbound sections to one single
resource attribute and create values in multiple midPoint User
attributes. I was thinking it had to be a one-to-one relationship.
This works great!<br>
<br>
Thank you so much for your great support!!<br>
Brad<br>
<br>
<span>Ivan Noris wrote:</span><br>
<blockquote cite="mid:b768fc5e-8230-f5bb-01c4-6428519856e8@evolveum.com"
type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<p>Hi Brad,</p>
I'm using this (the fragment is from our MidPoint Customization and
Deployment 1 training and it's for source CSV, but the logic is the
same for any resource - just the attribute reference will differ):<br>
<br>
<attribute><br>
<ref>icfs:name</ref><br>
<limitations><br>
<access><br>
<read>true</read><br>
<add>false</add><br>
<modify>false</modify><br>
</access><br>
</limitations><br>
<font color="#3333ff"> <inbound><br>
<expression><br>
<script><br>
<code>'X' + input</code><br>
</script><br>
</expression><br>
<target><br>
<path>$user/name</path><br>
</target><br>
</inbound><br>
</font><font color="#ff6600"> <inbound><br>
<target><br>
<path>$user/employeeNumber</path><br>
</target><br>
</inbound><br>
</font><font color="#ff0000"> <inbound><br>
<expression><br>
<value>EMP</value><br>
</expression><br>
<target><br>
<path>$user/employeeType</path><br>
</target><br>
</inbound><br>
</font> </attribute><br>
<br>
<p>There are three inbounds for icfs:name (which is guaranteed to
always exist - in AD case this could be ri:cn or ri:dn). One
inbound is using the value as is and setting
$user/employeeNumber; one inbound is prepending "X" and storing
the value to $user/name. And the third inbound (red) is doing what
you probably need - setting literal value "EMP" to
$user/employeeType attribute.</p>
<p>This works, used many times. Just use some AD-mandatory attribute
in <ref>..</ref>.<br>
</p>
Best regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04/19/2017 08:42 PM, Brad Firestone
wrote:<br>
</div>
<blockquote cite="mid:58F7AFA1.1070800@gmail.com" type="cite">Hello,
<br>
I am trying to connect an Active Directory resource which will be
an authoritative source for some of my midPoint Users. However, I
need to set some static values for the midPoint User extended
attributes and these values are unrelated to anything in Active
Directory. I've read everything I can find about inbound mapping
and expressions and can't find how to configure the mapping when
there's not a source, and the value will just be created by the
expression. The problem seems to be what to put in the
<ref> field. (It doesn't work without something there.) I
have five of these attributes that I need to set.
<br>
<br>
Here is my intended attribute setting from the AD resource,
without a <ref> field:
<br>
<br>
<attribute>
<br>
<ref></ref>
<br>
<displayName>Affiliation</displayName>
<br>
<inbound>
<br>
<expression>
<br>
<value>HQ-AD</value>
<br>
</expression>
<br>
<target>
<br>
<path>$user/extension/affiliation</path>
<br>
</target>
<br>
</inbound>
<br>
</attribute>
<br>
<br>
I'm still getting started with midPoint, and know I'm missing a
lot of understanding. Maybe this is something that I need to
handle using Object Templates? (I'm still trying to wrap my brain
around how Templates are used.)
<br>
<br>
My overall goal is to be able to automatically pull midPoint Users
from several different resources including two different Active
Directories, and three different LDAP directories. Each of these
connections will be inbound ONLY. We will also create users
directly in midPoint. Then I would use outbound mappings to a
different LDAP directory (we can call it MasterLDAP) that will
include an account for all the midPoint Users. I would like all
of this to happen "automatically" so that when an account is added
to one of the "source" resources, the midPoint User will be
created and also the MasterLDAP account would be projected. We
may also end up projecting accounts to other resources at some
time in the future, but what I have listed is Phase 1.
<br>
<br>
I would be grateful for any advice on how to best do this.
<br>
Thank you!
<br>
Brad
<br>
_______________________________________________
<br>
midPoint mailing list
<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
<br></blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body></html>