
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Sean,</p>

    <p>I'm kind of confused what you want to achieve.</p>

    <p>If you want to create another account for the same user on the

      same resource, obviously the accounts must have different

      identifiers. E.g. "sean" and "svc-sean". That's also similar to

      the example you are referring to.</p>

    <p>For this you need to have multiple intent configuration for the

      same resource. One intent (kind=account, intent=default,

      default=true), second intent (kind=account, intent=whatever,

      default=false). The "whatever" may be e.g. "service-account", it's

      just a string.</p>

    <p>Then you need to have roles which allow you to create normal

      accounts (if you don't specify intent, midPoint assumes intent

      where "default=true") and also roles to create these service

      accounts (kind=account, intent=whatever in the

      inducement/construction.</p>

    <p>The part which I don't understand is the "query the user for the

      name". I understand that you want to use something else than

      $user/name (Sean). You can use any attribute from the user, the

      attribute might be completely different from $user/name.</p>

    <p>Example: set the user attribute "Nick name" to "DB2admin", and

      you can access it as $user/nickName in the outbound mapping (you

      need to define source path for $user/nickName).<br>

    </p>

    Or perhaps by "querying" you mean to "ask the user to provide the

    value interactively"?<br>

    <br>

    Best regards,<br>

    Ivan<br>

    <br>

    <div class="moz-cite-prefix">On 01.03.2018 19:45, Sean R Penndorf

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:OFE8770E8F.094BF729-ON85258243.0065BC21-85258243.0067129C@notes.na.collabserv.com"><span

        style=" font-size:10pt;font-family:sans-serif">Hi Community,</span><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">I'm missing

        some

        key point somewhere.</span><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">Let's say I

        have

        a Midpoint user:  name = Sean</span><br>

      <span style=" font-size:10pt;font-family:sans-serif">I have a

        resource

        to AD. Default intent account name = Sean</span><br>

      <span style=" font-size:10pt;font-family:sans-serif">So far so

        good.</span><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">Now I need to

        add a functional ID (faceless account).</span><br>

      <span style=" font-size:10pt;font-family:sans-serif">So I setup

        another

        intent called "functionalID"  name = ?????</span><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">In most

        examples

        I've seen, you have an outbound mapping something like this:</span><br>

      <tt><span style=" font-size:12pt">                    <expression></span></tt><br>

      <tt><span style=" font-size:12pt">                        <script></span></tt><br>

      <tt><span style=" font-size:12pt">                            <code></span></tt><br>

      <tt><span style=" font-size:12pt">                                'funcID-'+name</span></tt><br>

      <tt><span style=" font-size:12pt">                            </code></span></tt><br>

      <tt><span style=" font-size:12pt">                        </script></span></tt><br>

      <tt><span style=" font-size:12pt">                    </expression></span></tt><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">...which

        equates

        to funcID-Sean.</span><br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">But, what I

        REALLY

        need is the functionalID Name = svc-DB2Admin</span><br>

      <span style=" font-size:10pt;font-family:sans-serif">How do I

        query

        the user for the name rather than generating the name?</span><br>

      <br>

      <br>

      <span style=" font-size:10pt;font-family:sans-serif">Thanks!!</span><br>

      <br>

      <br>

      <br>

      <span style=" font-size:10pt;color:#808080;font-family:Arial">------------------</span><br>

      <span style=" font-size:12pt;font-family:Arial"><b>Sean Penndorf</b></span><br>

      <span style=" font-size:10pt;color:#808080;font-family:Arial">SaaS

        Operational Services (SOS) - ID Management</span><br>

      <span style=" font-size:10pt;color:#808080;font-family:Arial">IBM

        Cloud</span><br>

      <span style=" font-size:10pt;color:#000080;font-family:Arial"><a class="moz-txt-link-abbreviated" href="mailto:srpenn@us.ibm.com">srpenn@us.ibm.com</a></span><br>

      <span style=" font-size:10pt;color:#808080;font-family:Arial">Office:

        248-552-4791   TL  623-9966</span><br>

      <br>

      <br>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

midPoint mailing list

<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Ivan Noris

Senior Identity Engineer

evolveum.com

</pre>

  </body>

</html>