<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">If your
<span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:13.3333px">extension/adOUContainer</span> =
<span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:13.3333px">OU=TEHNISKAIS CENTRS,OU=ANOTHER1,DC=EXAMPLE,DC=COM</span> you would want to use the below,<div><br></div><div>description.tokenize("OU=")[0].split(",")[0];<br clear="all"><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><br></div></div></div>which would yeild,</div><div><br></div><div><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:13.3333px">TEHNISKAIS CENTRS</span> <br></div><div><br></div><div>check</div><div><a href="https://ideone.com/RUoDgB">https://ideone.com/RUoDgB</a><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 8, 2019 at 12:14 PM Jason Everling <<a href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">What is the value for the Org 'name' attribute ?<div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 8, 2019 at 9:03 AM Vladislavs Filipciks <<a href="mailto:vladislavs.filipciks@csolutions.lv" target="_blank">vladislavs.filipciks@csolutions.lv</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div>Hi.<br></div><div>I was looking on OrgSync Story Test, esecialy part when assignmentTargetSearch is used to assign first Org from orgpath.<br></div><div>So I've tried to implement it in my scenario:<br></div><div><mapping><br> <name>Org mapping</name><br> <authoritative>true</authoritative><br> <source><br> <path>extension/adOUContainer</path><br> </source><br> <expression><br> <assignmentTargetSearch><br> <targetType>OrgType</targetType><br> <filter><br> <q:equal><br> <q:path>name</q:path><br> <expression><br> <script><br> <code><br> adOUContainer.tokenize(',OU=')[0]<br> </code><br> </script><br> </expression><br> </q:equal><br> </filter><br> </assignmentTargetSearch><br> </expression><br> <target><br> <path>assignment</path><br> </target><br> </mapping><br></div><div><br></div><div>But no assignment is returned (i think so), because user is not getting the proper assignment of OrgType.<br></div><div><br></div><div>I've tried "Mapping playground", and here's what I get:<br></div><div><br></div><div><mapping><br> <name>Org mapping</name><br> <authoritative>true</authoritative><br> <source><br> <path>description</path><br> </source><br> <expression><br> <assignmentTargetSearch><br> <targetType>OrgType</targetType><br> <filter><br> <equal><br> <path>name</path><br> <expression><br> <script><br> <code><br> description.tokenize(',OU=')[0]<br> </code><br> </script><br> </expression><br> </equal><br> </filter><br> </assignmentTargetSearch><br> </expression><br> <target><br> <path>assignment</path><br> </target><br> </mapping><br></div><div><br></div><div>With request of:<br></div><div><br></div><div><mappingExecutionRequest><br> <sourceContext><br> <user><br> <description>OU=TEHNISKAIS CENTRS</description><br> <br> </user><br> </sourceContext><br></mappingExecutionRequest><br></div><div><br></div><div>and the result will be:<br></div><div><br></div><div>Output triple: <br> DeltaSetTriple:<br> zero:<br> id=null<br> targetRef: oid=756c807e-b01b-44ff-a750-13f004599859(OrgType)<br> plus:<br> minus:<br><br>Condition output triple: <br> DeltaSetTriple:<br> zero:<br> true<br> plus:<br> minus:<br><br>Time constraint valid: true<br>Next recompute time: null<br><br>Evaluation time: 18 ms<br></div><div><br></div><div>So, if I'm right, this assignmentTargetSearch returned the right OrgType (oid in result refer to Org that I'm trying to assign).<br></div><div>Any suggestions? <br></div><div><br></div><hr id="gmail-m_1241233570980703093gmail-m_-4273719157674995937zwchr"><div><b>From: </b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br><b>To: </b>"midpoint" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Sent: </b>Tuesday, 2 April, 2019 16:56:50<br><b>Subject: </b>Re: [midPoint] Organizational Unit attribute mapping to User attribute<br></div><br><div><div dir="ltr">Its a 3 part configuration, one to assign the org based on the user attribute within the default user template and then a metarole to create the focus mappings to the user that gets assigned to all orgs of the specified type, I used orgType in the example because that is what is used mainly on midpoint samples as well,<br><br><br><br><div><div><div dir="ltr" class="gmail-m_1241233570980703093gmail-m_-4273719157674995937gmail_signature"><div dir="ltr"><br></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 2, 2019 at 3:09 AM Vladislavs Filipciks <<a href="mailto:vladislavs.filipciks@csolutions.lv" target="_blank">vladislavs.filipciks@csolutions.lv</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div>Basically, right now what I need is that MidPoint Org attribute is mapped to all users organization attribute, that are assigned to that Org.<br></div><br><hr id="gmail-m_1241233570980703093gmail-m_-4273719157674995937gmail-m_-6656761972989021944zwchr"><div><b>From: </b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br><b>To: </b>"midpoint" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Sent: </b>Monday, 1 April, 2019 17:03:07<br><b>Subject: </b>Re: [midPoint] Organizational Unit attribute mapping to User attribute<br></div><br><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">There are some examples and such on github but nothing really complete for AD itself, you can start here to get an idea, <a href="https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources/orgsync" target="_blank">https://github.com/Evolveum/midpoint/tree/master/testing/story/src/test/resources/orgsync</a><br></div><div dir="ltr"><br></div><div dir="ltr"><div>Give me sometime and I can send you a complete working set for AD, also, it would be easier to extend your schema with some extensions for easier management and future use. The 'origanization' attribute is PolyString, it is up to you.</div><br><div>For example, each type, (UserTypeExtensionType, RoleTypeExtensionType, OrgTypeExtensionType) in ours we have an extension attribute 'adLdapPath' and 'odLdapPath' since we use both AD and OpenLDAP which gets filled in using the sample I first sent for each in the resource definition</div><div><br><div><span style="white-space:pre-wrap"> </span><xsd:element name="
adLdapPath" type="xsd:string" minOccurs="0" maxOccurs="1"></div><div><span style="white-space:pre-wrap"> </span><xsd:annotation></div><div><span style="white-space:pre-wrap"> </span><xsd:appinfo></div><div><span style="white-space:pre-wrap"> </span><a:indexed>true</a:indexed></div><div><span style="white-space:pre-wrap"> </span><a:displayName>Active Directory Path</a:displayName></div><div><span style="white-space:pre-wrap"> </span><a:displayOrder>1041</a:displayOrder></div><div><span style="white-space:pre-wrap"> </span><a:help>Path to object in Active Directory</a:help></div><div><span style="white-space:pre-wrap"> </span></xsd:appinfo></div><div><span style="white-space:pre-wrap"> </span></xsd:annotation></div><div><span style="white-space:pre-wrap"> </span></xsd:element></div><div><div><span style="white-space:pre-wrap"> </span><xsd:element name=" odLdapPath" type="xsd:string" minOccurs="0" maxOccurs="1"></div><div><span style="white-space:pre-wrap"> </span><xsd:annotation></div><div><span style="white-space:pre-wrap"> </span><xsd:appinfo></div><div><span style="white-space:pre-wrap"> </span><a:indexed>true</a:indexed></div><div><span style="white-space:pre-wrap"> </span><a:displayName>OpenLDAP Path</a:displayName></div><div><span style="white-space:pre-wrap"> </span><a:displayOrder>1042</a:displayOrder></div><div><span style="white-space:pre-wrap"> </span><a:help>Path to object in OpenLDAP</a:help></div><div><span style="white-space:pre-wrap"> </span></xsd:appinfo></div><div><span style="white-space:pre-wrap"> </span></xsd:annotation></div><div><span style="white-space:pre-wrap"> </span></xsd:element></div></div></div><br><br><br><br><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 1, 2019 at 3:58 AM Vladislavs Filipciks <<a href="mailto:vladislavs.filipciks@csolutions.lv" target="_blank">vladislavs.filipciks@csolutions.lv</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div>Thanks for reply. This sync works fine for inbound mapping from AD resource - organizations in midpoint are being created on demand.<br></div><br><div>What I'm trying to achieve is:<br></div><div>1. Import organization structure from AD resource. Your mapping works fine if the user in AD is placed in any OU in AD. But how can I import OU's from AD to midpoint organization structure if there are no any users in that OU in AD? I got group import from AD, when AD groups being synced to midpoint roles, but I was not able to sync OU's from AD to Organizations in midpoint. Here's my object type (taken from OrgSync Story example):<br></div><div><objectType><br> <kind>generic</kind><br> <intent>ou</intent><br> <displayName>Organizational Unit</displayName><br> <objectClass>ri:organizationalUnit</objectClass><br> <attribute><br> <ref>ri:ou</ref><br> <inbound><br> <strength>weak</strength><br> <target><br> <path>$focus/name</path><br> </target><br> </inbound><br> </attribute><br> <attribute><br> <ref>ri:description</ref><br> <inbound>,<br> <strength>weak</strength><br> <target><br> <path>$focus/description</path><br> </target><br> </inbound><br> </attribute><br></objectType><br></div><br><div>With this object type I don't see any record in resource for Generic kind.<br></div><br><div>2. I would like to make MidPoint central management system, so I would like to be able to create new Organization in MidPoint, then when user is assigned this organization, this user will be created in AD Resource in Organization's container in AD resource. I've tried to specify DN for Organization in midpoint in description attribute and then construct user's DN:<br></div><br><div> <inducement id="10"><br> <construction><br> <strength>weak</strength><br> <resourceRef oid="be74efc9-6df3-470c-bfcf-c6d4f4165772" relation="org:default" type="c:ResourceType"><br> <!-- CS AD User outbound Resource 19.26 --><br> </resourceRef><br> <attribute id="12"><br> <c:ref>ri:dn</c:ref><br> <displayName>Distinguished Name</displayName><br> <outbound><br> <source><br> <c:path>$user/fullName</c:path><br> </source><br> <source><br> <c:path>description</c:path><br> </source><br> <expression><br> <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="c:ScriptExpressionEvaluatorType"><br> <code><br> 'CN=' + fullName + ',' + description<br> </code><br> </script><br> </expression><br> </outbound><br> </attribute><br> </construction><br> </inducement><br></div><br><div>But user is not created in resource.<br></div><br><br><br><br><hr id="gmail-m_1241233570980703093gmail-m_-4273719157674995937gmail-m_-6656761972989021944gmail-m_7482030579916371688zwchr"><div><b>From: </b>"Jason Everling" <<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>><br><b>To: </b>"midpoint" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br><b>Sent: </b>Thursday, 28 March, 2019 20:18:13<br><b>Subject: </b>Re: [midPoint] Organizational Unit attribute mapping to User attribute<br></div><br><div><div dir="ltr"><div dir="ltr"><div>Now when organization is updated with a new value it will re-build the users DN which of course will them in the OU based on the attribute. You can also use org sync to create your AD structure in midpoint then map the organization assignment to the user's attribute so you can use assignment based placement. Just make sure to use a specific org type in the template so it doesn't try to update the attribute with values of orgs that are not really AD ou's. I was using Rdn but it wasn;t working right for AD containers, so a raw script, works great though.</div><div> </div><div> <attribute></div><div> <c:ref>ri:dn</c:ref></div><div> <outbound></div><div> <source></div><div> <c:path>$focus/organization</c:path></div><div> </source></div><div> <source></div><div> <c:path>$focus/name</c:path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code>'CN=' + name + iterationToken + ',' + organization</code></div><div> </script></div><div> </expression></div><div> </outbound></div><div> <inbound></div><div> <expression></div><div> <script></div><div> <code></div><div><span style="white-space:pre-wrap"> </span>tmpdn = basic.uc(input);</div><div><span style="white-space:pre-wrap"> </span>cn = tmpdn.substring(tmpdn.indexOf(",CN=") + 1);</div><div><span style="white-space:pre-wrap"> </span>ou = tmpdn.substring(tmpdn.indexOf(",OU=") + 1);</div><div><span style="white-space:pre-wrap"> </span>if (tmpdn.contains(",CN=")) {</div><div><span style="white-space:pre-wrap"> </span><a href="http://log.info" target="_blank">log.info</a>("-- DN Path " + cn + "is a container")</div><div><span style="white-space:pre-wrap"> </span>return basic.uc(cn);</div><div><span style="white-space:pre-wrap"> </span>} </div><div> if (tmpdn.contains(",OU=") && !tmpdn.contains(",CN=")) {</div><div><span style="white-space:pre-wrap"> </span><a href="http://log.info" target="_blank">log.info</a>("-- DN Path " + ou + "is a orgunit")</div><div><span style="white-space:pre-wrap"> </span>return basic.uc(ou);</div><div> }</div><div><span style="white-space:pre-wrap"> </span></code></div><div> </script></div><div> </expression></div><div> <target></div><div> <c:path>$focus/organization</c:path></div><div> </target></div><div> </inbound></div><div> </attribute></div><div><div dir="ltr" class="gmail-m_1241233570980703093gmail-m_-4273719157674995937gmail-m_-6656761972989021944gmail-m_7482030579916371688gmail_signature"><div dir="ltr"><br></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 28, 2019 at 10:57 AM Vladislavs Filipciks <<a href="mailto:vladislavs.filipciks@csolutions.lv" target="_blank">vladislavs.filipciks@csolutions.lv</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div>Hello.<br></div><br><div>Is it possible to take attribute from organizational unit and map it to users attribute?<br></div><div>For example I would like to create extended attribute for organizational unit - DN (Distinguished Name), then map it to user's "Organization" attribute, so then I'll be able to create user in AD in specific OU container.<br></div><br><br></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div><br></div></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
<br>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></div></div></div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</blockquote></div>