<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body text="#000000" bgcolor="#FFFFFF">Hi Arnost,<br>
<br>
Thank you so much! This worked perfectly.<br>
Have a great day!<br>
Brad<br>
<br>
<span>Arnošt Starosta - AMI Praha a.s. wrote on 6/26/19 4:06 AM:</span><br>
<blockquote type="cite"
cite="mid:CAGPA3FKmSTZ_MK5ppLT6iZdZA8k4WOwm=cZQ9fFL7shu3T-D5w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">Hi Brad,<div><br></div><div>you can try an odd trick to
preserve the old value - i use the identity attribute as both source
and target of the mapping. The source contains the 'old' value.
Something like this</div><div><br></div><div>
<attribute><br>
<c:ref>ri:authTimestamp</c:ref><br>
<inbound><br>
<strength>normal</strength><br>
<source><br>
<c:path>$focus/extension/lastLDAPLogin</c:path><!-- old
focus attribute value --></div><div>
</source><br> <expression><br>
<c:script><br>
<c:code><br> ! basic.isEmpty(input) ?
input : lastLDAPLogin<br> </c:code><br>
</c:script><br>
</expression><br> <target><br>
<c:path>$focus/extension/lastLDAPLogin</c:path><br>
</target><br> </inbound><br>
</attribute><br></div><div><br></div><div>I remember i
originaly started with the same condition approach but failed, don't
know the details any more and lack the theory.</div><div><br></div><div>arnost</div></div>
<br>
<div class="gmail_quote"><div dir="ltr" class="gmail_attr">út 25. 6.
2019 v 17:59 odesílatel Brad Firestone <<a
href="mailto:bhotrock@gmail.com" moz-do-not-send="true">bhotrock@gmail.com</a>>
napsal:<br></div><blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi
All,<br>
<br>
I'm using the lastbind overlay with OpenLDAP to set the authTimestamp <br>
attribute when someone successfully bind to LDAP. I'm putting this <br>
value into a midPoint attribute: $user/extension/lastLDAPLogin<br>
<br>
This process works correctly. However, if an LDAP account is removed <br>
from the User and then added back, there isn't an authTimestamp <br>
attribute value until their NEXT successful bind. If the User is <br>
reconciled for any reason, then the midPoint value for lastLDAPLogin is <br>
removed.<br>
<br>
I would like to keep that midPoint value no matter what, never remove <br>
it, and update it when OpenLDAP sets a new value. I tried the following
<br>
condition, but it's not working<br>
<br>
<attribute><br>
<ref>ri:authTimestamp</ref><br>
<inbound><br>
<strength>normal</strength><br>
<target><br>
<path>$user/extension/lastLDAPLogin</path><br>
</target><br>
<condition><br>
<script><br>
<code>!basic.isEmpty(input)</code><br>
</script><br>
</condition><br>
</inbound><br>
</attribute><br>
<br>
I found this condition listed at: <br>
<a href="https://wiki.evolveum.com/display/midPoint/Mapping"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/Mapping</a><br>
(To me, it looks like there is a missing ! in the 2.2 and above example,
<br>
but I've tried it both ways.)<br>
<br>
With this in place, if I reconcile a User who has a value for <br>
lastLDAPLogin already set, but doesn't have that attribute on the LDAP <br>
server, then the midPoint value is removed.<br>
<br>
Does anyone have any ideas of how I should construct my mapping to never
<br>
remove the value from midPoint?<br>
Thanks!<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></blockquote></div>
<br clear="all">
<div><br></div>
-- <br>
<div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div
dir="ltr"><div
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:13px"><p><strong>Arnošt
Starosta</strong><br><span
style="font-size:11px;color:rgb(128,128,128)">solution architect</span></p></div><p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">gsm:
[+420] 603 794 932<br>e‑mail: <a href="mailto:arnost.starosta@ami.cz"
target="_blank" moz-do-not-send="true">arnost.starosta@ami.cz</a></p><p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px"><strong>AMI
Praha a.s.</strong><br>Pláničkova 11, 162 00 Praha 6</p><p
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">tel.:
[+420] 274 783 239 | web: <a href="https://www.ami.cz" target="_blank"
moz-do-not-send="true">www.ami.cz</a></p><p
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;margin-top:20px"><img
src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s."
style="border: 0px;" moz-do-not-send="true"></p><p
style="font-family:Arial,sans-serif;font-size:11px;color:rgb(170,170,170)">Textem
tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně písemnou formu.<br><span
style="font-size:6px"> </span><br>Tento e‑mail je určen výhradně
pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>informace.
Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování,
zprostředkování<br>nebo jiné použití těchto informací. Pokud jste
obdrželi e‑mail neoprávněně, informujte o tom prosím<br>odesílatele
a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním<br>s neoprávněně získanými informacemi
se vystavujete riziku právního postihu.</p></div></div></div></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body></html>