<div dir="ltr"><div dir="ltr"><div>Now when organization is updated with a new value it will re-build the users DN which of course will them in the OU based on the attribute. You can also use org sync to create your AD structure in midpoint then map the organization assignment to the user's attribute so you can use assignment based placement. Just make sure to use a specific org type in the template so it doesn't try to update the attribute with values of orgs that are not really AD ou's. I was using Rdn but it wasn;t working right for AD containers, so a raw script, works great though.</div><div> </div><div> <attribute></div><div> <c:ref>ri:dn</c:ref></div><div> <outbound></div><div> <source></div><div> <c:path>$focus/organization</c:path></div><div> </source></div><div> <source></div><div> <c:path>$focus/name</c:path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code>'CN=' + name + iterationToken + ',' + organization</code></div><div> </script></div><div> </expression></div><div> </outbound></div><div> <inbound></div><div> <expression></div><div> <script></div><div> <code></div><div><span style="white-space:pre"> </span>tmpdn = basic.uc(input);</div><div><span style="white-space:pre"> </span>cn = tmpdn.substring(tmpdn.indexOf(",CN=") + 1);</div><div><span style="white-space:pre"> </span>ou = tmpdn.substring(tmpdn.indexOf(",OU=") + 1);</div><div><span style="white-space:pre"> </span>if (tmpdn.contains(",CN=")) {</div><div><span style="white-space:pre"> </span><a href="http://log.info">log.info</a>("-- DN Path " + cn + "is a container")</div><div><span style="white-space:pre"> </span>return basic.uc(cn);</div><div><span style="white-space:pre"> </span>} </div><div> if (tmpdn.contains(",OU=") && !tmpdn.contains(",CN=")) {</div><div><span style="white-space:pre"> </span><a href="http://log.info">log.info</a>("-- DN Path " + ou + "is a orgunit")</div><div><span style="white-space:pre"> </span>return basic.uc(ou);</div><div> }</div><div><span style="white-space:pre"> </span></code></div><div> </script></div><div> </expression></div><div> <target></div><div> <c:path>$focus/organization</c:path></div><div> </target></div><div> </inbound></div><div> </attribute></div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><br></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 28, 2019 at 10:57 AM Vladislavs Filipciks <<a href="mailto:vladislavs.filipciks@csolutions.lv">vladislavs.filipciks@csolutions.lv</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div>Hello.<br></div><div><br></div><div>Is it possible to take attribute from organizational unit and map it to users attribute?<br></div><div>For example I would like to create extended attribute for organizational unit - DN (Distinguished Name), then map it to user's "Organization" attribute, so then I'll be able to create user in AD in specific OU container.<br></div><div><br></div><div><br></div></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>