<div dir="ltr">within the objectSynchronization section add a condition, will only return people who have the attribute businessCategory equal to midpoint_test<div><br></div><div><div>   <synchronization></div><div>      <objectSynchronization></div><div>         <objectClass>ri:<wbr>inetOrgPerson</objectClass></div><div>         <enabled>true</enabled></div><div><font color="#0000ff">         <condition></font></div><div><font color="#0000ff">            <script></font></div><div><font color="#0000ff"><span style="white-space:pre-wrap">               </span><code></font></div><div><font color="#0000ff"><span style="white-space:pre-wrap">                  </span>ppl = basic.getAttributeValue(<wbr>shadow, '<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/resource/<wbr>instance-3</a>', 'businessCategory');</font></div><div><font color="#0000ff"><span style="white-space:pre-wrap">                    </span>return (ppl == 'midpoint_test')</font></div><div><font color="#0000ff"><span style="white-space:pre-wrap">               </span></code></font></div><div><font color="#0000ff">            </script></font></div><div><font color="#0000ff">         </condition></font></div><div>         <correlation></div><div>            <q:equal></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Mon, Jun 11, 2018 at 8:42 AM, Jeria, Esteban <span dir="ltr"><<a href="mailto:esteban.jeria@cgi.com" target="_blank">esteban.jeria@cgi.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">





<div lang="FR-CA" link="blue" vlink="purple">
<div class="m_-3724886674878533093WordSection1">
<p class="MsoNormal"><span style="color:#1f497d">Hi, <u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">Is there anyone who can help me?  :-)<u></u><u></u></span></p><span class="">
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.5pt;font-family:"Calibri Light","sans-serif";color:blue;background:white">Esteban Jeria</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><a href="mailto:esteban.jeria@cgi.com" target="_blank"><span style="font-family:"Calibri Light","sans-serif"">esteban.jeria@cgi.com</span></a><br>
</span><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">Conseiller
</span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:red;background:white">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">
 / </span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:red;background:white">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">
 Consultant</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
</span><div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Jeria,
 Esteban [mailto:<a href="mailto:esteban.jeria@cgi.com" target="_blank">esteban.jeria@cgi.com</a>] <br>
<b>Sent:</b> Thursday, May 31, 2018 11:52 AM<br>
<b>To:</b> <a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
<b>Subject:</b> [midPoint] filter LDAP entries<u></u><u></u></span></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">I was wondering if there is a way to restrict the ldap connector so that it will only work with a subset of entries from an OU, like a filter.
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">We currently have a LAB environment with over 50K entries, so I would like to limit our tests with only a dozen of them, previously identified with an attribute (businessCategory = midpoint_test).<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">I tried using the <protected> section on the <schemaHandling> with a reversed filter:<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><protected><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">   <filter><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">      <q:not><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">         <q:equal><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">            <q:path>attributes/<wbr>businessCategory</q:path><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">           <q:value>midpoint_<wbr>test</q:value><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">         </q:equal><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">      </q:not><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">   </filter><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"></protected><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">But it doesn't work properly, it really ignores the entries that don't match the attribute, but I have this error on the targeted entries and I'm unable to modify them.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d">SystemException: Security violation during processing shadow shadow: uid=testuser,ou=IT,ou=people,<wbr>dc=example,dc=com (OID:4d030941-e623-46e2-8b17-<wbr>2c99ae6639d5): Cannot modify protected resource object<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.5pt;font-family:"Calibri Light","sans-serif";color:blue;background:white">Esteban Jeria</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><a href="mailto:esteban.jeria@cgi.com" target="_blank"><span style="font-family:"Calibri Light","sans-serif"">esteban.jeria@cgi.com</span></a><br>
</span><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">Conseiller
</span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:red;background:white">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">
 / </span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:red;background:white">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">
 Consultant</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue;background:white"><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light","sans-serif";color:black;background:white">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div></div></div>
</div>

<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>