<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hey Arnost</p>
<p>Thanks for your quick reply. I will try to handle this
business-logic with some scripted hooks as you proposed.</p>
<p>cheers</p>
<p>Fabian<br>
</p>
<div class="moz-cite-prefix">Am 15.01.19 um 13:58 schrieb Arnošt
Starosta - AMI Praha a.s.:<br>
</div>
<blockquote type="cite"
cite="mid:CAGPA3FLjsLcnaVOShqZ8kDnf-QyDvefekQO8AHCqnYMXCO19vg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi Fabian,
<div><br>
</div>
<div>afaik there is no midpoint primitive that would address
this problem directly.</div>
<div><br>
</div>
<div>You might use a combination of </div>
<div>1) scripting hook that would react to user status changes
and sync status of all his cards</div>
<div>2) task that periodically checks the consistence of user
and card status (as a safe net when the hook fails)</div>
<div><br>
</div>
<div>Clumsy solution but it should work in the real world. Has
huge potential for endless enable/disable loops .)</div>
<br class="m_3655638364167971459gmail-Apple-interchange-newline">
<div>Also i see no condition or other logic in your card service
metarole to check the enabled status of the card first.<br>
</div>
<div><br>
</div>
<div>arnost</div>
<br>
<div class="gmail_quote">
<div dir="ltr">po 14. 1. 2019 v 20:56 odesílatel Fabian <<a
href="mailto:fabianbosch@gmx.de" target="_blank"
moz-do-not-send="true">fabianbosch@gmx.de</a>> napsal:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi</p>
<p>I have a special use case for which I need your help.</p>
<p>I have a door-lock system which registers cards with
its cardID. The collection of cards is handled as
midPoint-Ressource and entrys are being synced as Type
ServiceType.<br>
Users on the other hand are synchronized from openLDAP.</p>
<p>The use case is that every time I register a new card
the card will appear in midPoint as a Service and can
then be manually assigned to a user. A user can have
0..n cards assigned.</p>
<p>both, the user and the card have an attribute "sstatus"
which can be set enabled/disabled which means to grant
access or not (door).</p>
<p>I wrote a role which sets the attribute to "enabled" if
this role is assigned to a user. <br>
</p>
<pre> <inducement id="2">
<focusMappings>
<mapping id="3">
<name>S-Status</name>
<expression>
<script xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
return ActivationStatusType.ENABLED
</code>
</script>
</expression>
<target>
<c:path>$focus/extension/sstatus</c:path>
</target>
</mapping>
</focusMappings>
</inducement>
</pre>
<p>I need a way to provide this changed attribute (in <b>user</b>)
to all of the users <b>cards</b> so that every card in
the Ressource will have the attribute sstatus=enabled<br>
</p>
<div
class="m_3655638364167971459gmail-m_1449709255000215471moz-signature"><br>
</div>
<div
class="m_3655638364167971459gmail-m_1449709255000215471moz-signature">regards,
<br>
</div>
<div
class="m_3655638364167971459gmail-m_1449709255000215471moz-signature">Fabian<br>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="m_3655638364167971459gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:13px">
<p><strong>Arnošt Starosta</strong><br>
<span style="font-size:11px;color:rgb(128,128,128)">solution
architect</span></p>
</div>
<p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">gsm:
[+420] 603 794 932<br>
e‑mail: <a href="mailto:arnost.starosta@ami.cz"
target="_blank" moz-do-not-send="true">arnost.starosta@ami.cz</a></p>
<p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px"><strong>AMI
Praha a.s.</strong><br>
Pláničkova 11, 162 00 Praha 6</p>
<p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">tel.:
[+420] 274 783 239 | web: <a href="https://www.ami.cz"
target="_blank" moz-do-not-send="true">www.ami.cz</a></p>
<p
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;margin-top:20px"><img
src="http://www.ami.cz/images/podpis/ami_logo.gif"
alt="AMI Praha a.s." style="border:0px"
moz-do-not-send="true"></p>
<p
style="font-family:Arial,sans-serif;font-size:11px;color:rgb(170,170,170)">Textem
tohoto e‑mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.<br>
<span style="font-size:6px"> </span><br>
Tento e‑mail je určen výhradně pro potřeby
jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>
informace. Nejste‑li zamýšleným příjemcem, je zakázáno
jakékoliv zveřejňování, zprostředkování<br>
nebo jiné použití těchto informací. Pokud jste
obdrželi e‑mail neoprávněně, informujte o tom prosím<br>
odesílatele a vymažte neprodleně všechny kopie tohoto
e‑mailu včetně všech jeho příloh. Nakládáním<br>
s neoprávněně získanými informacemi se vystavujete
riziku právního postihu.</p>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<style type="text/css">
h2 { font-family:'raavi'; font-size:18px; color:#5F3F2F; font-weight:lighter; text-transform:uppercase; margin-bottom:0px;}
.block {font-family:'raavi'; font-size:10px; text-transform:uppercase; margin-top:0px;}
a.sign {color:#808080; text-decoration:none; font-family:raavi;}
a.sign:hover{ background-color:#F5F5F5; color:black; font-size:11;}
</style>
<h2> Fabian Bosch </h2>
<hr style="width:300px; color:#7B9C5A; background-color:#7B9C5A;
height:2px;
 margin:0px; text-align:left; border:1px;">
<p class="block">
<br>
<a class="sign"
href="https://secure.flickr.com/photos/biberphotoblog"> Flickr
Fotostream © Fabian Bosch</a>
<br>
<a class="sign" href="https://studieren-ohne-grenzen.org/de/">
Etudes Sans Frontières - Studieren Ohne Grenzen e.V., Ressort
IT</a>
<br>
</p>
</div>
</body>
</html>