<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Gabriel,</p>
<p>object template and schema handling are similar, but different
concepts.</p>
<p>Schema handling is the place to define how to map the attributes
from midPoint to the resource account (outbound) or vice-versa
(inbound).</p>
<p>Object template is the place to define how midPoint attributes
(e.g. User's fullName) should be defined from other user
attributes (e.g. the same User's givenName and familyName).</p>
<p>Object template can be also used with the resource, but in a
different context. If you have a resource which is a source
resource (contains inbounds and unmatched->addFocus reaction
for example), you can specify an arbitrary object template instead
of the global object template which is specified in the System
configuration.</p>
<p>That said, you should not attempt to define account attributes in
the template but in the schema handling.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 23. 7. 2019 16:41, Guckenbiehl,
Gabriel wrote:<br>
</div>
<blockquote type="cite"
cite="mid:46e6e1e34f0b479480f2a43010eb4330@uni-due.de">
<pre class="moz-quote-pre" wrap="">Hello all,
in my LDAP-scheme I have a field which should be set by an mapping from an
object template. The template is called in the synchronization oft he
LDAP-Ressource. Because the LDAP field is a necessary one I get error
messages, when there is no additional outbound mapping in the schema
handling itself.
But even though I set the dummy-mapping in the ldap-scheme as weak as
possible it still is not overridden by the mapping in the object template.
Maybe anyone here can give me a hint or two, how to enforce the correct
values?
I can not put the correct mapping in schema handling itself, because the
iteration there is already used for other context.
Some experimenting led me to believe that no code in the object-template is
executet, but surely this can't be correct, am I right?
Code below. Best regards and thanks fort he help
Gabriel
Gabriel Guckenbiehl, M.Sc.
Zentrum für Informations- und Mediendienste (ZIM)
Universität Duisburg Essen
Schützenbahn 70
45127 Essen
Telefon: +49 (201) 183-3346
<objectTemplate
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resou
rce-schema-3"</a>
xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/org-3"</a>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
oid="ea0f69ae-b5e6-4ef9-a206-8421814b977f" version="89">
<name>LDAP Template</name>
<iteration>
<maxIterations>100000</maxIterations>
<postIterationCondition>
<variable>
<name>uidnummer</name>
<c:path>$shadow/attributes/ri:uidNumber</c:path>
</variable>
<script xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
xsi:type="c:ScriptExpressionEvaluatorType">
<trace>true</trace>
<code>
tmpUniqueLogin = midpoint.isUniqueAccountValue(resource,
shadow, 'uidNumber', uidnummer)
return tmpUniqueLogin
</code>
</script>
</postIterationCondition>
</iteration>
<mapping id="18">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<expression>
<script xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
return 10000+iteration
</code>
</script>
</expression>
<target>
<c:path>ri:uidNumber</c:path>
</target>
</mapping>
</objectTemplate>
<resource xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resou
rce-schema-3"</a>
xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/org-3"</a>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
oid="7ea21d36-6438-425c-b81c-8be810210000" version="273">
<name>LDAP_2_with_Template</name>
<connectorRef oid="a4f34827-e130-4d54-8b48-7b4b2c52f51c"
relation="org:default" type="c:ConnectorType"/>
<connectorConfiguration
xmlns:icfc=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/conne
ctor-schema-3"</a>>
[...]
</connectorConfiguration>
<schema>
<definition>
<xsd:schema
xmlns:a=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3">"http://prism.evolveum.com/xml/ns/public/annotation-3"</a>
xmlns:ra=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3">"http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"</a>
xmlns:tns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a>
xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a> elementFormDefault="qualified"
targetNamespace=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/instanc
e-3"</a>>
<xsd:import
namespace=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3">"http://prism.evolveum.com/xml/ns/public/annotation-3"</a>/>
<xsd:import
namespace=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3">"http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"</a>
/>
</xsd:complexType>
<xsd:complexType name="posixAccount">
<xsd:annotation>
<xsd:appinfo>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>posixAccount</ra:nativeObjectClass>
<ra:auxiliary>true</ra:auxiliary>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="uidNumber" type="xsd:int">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>190</a:displayOrder>
<ra:nativeAttributeName>uidNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>uidNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:complexType>
</xsd:schema>
</definition>
</schema>
<schemaHandling>
<objectType id="68">
<kind>account</kind>
<intent>Employee</intent>
<displayName>Employee Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
<attribute id="70">
<c:ref>ri:mail</c:ref>
<tolerant>false</tolerant>
<exclusiveStrong>true</exclusiveStrong>
<outbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<source>
<c:path>$user/givenName</c:path>
</source>
<source>
<c:path>$user/emailAddress</c:path>
</source>
<source>
<c:path>$user/familyName</c:path>
</source>
<expression>
<script
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
if (emailAddress != null) {
return emailAddress
} else {
mailName =
givenName.getNorm().tokenize()[0] + iterationToken + '.' +
familyName.getNorm().replaceAll(" ", "_") + '@uni-due.de';
return mailName;
}
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="131">
<c:ref>ri:uidNumber</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>weak</strength>
<expression>
<value>0</value>
</expression>
</outbound>
</attribute>
<iteration>
<maxIterations>1000</maxIterations>
<postIterationCondition>
<variable>
<name>test</name>
<c:path>$shadow/attributes/ri:mail</c:path>
</variable>
<script
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
xsi:type="c:ScriptExpressionEvaluatorType">
<trace>true</trace>
<code>
tmpUniqueLogin =
midpoint.isUniqueAccountValue(resource, shadow, 'mail', test)
return tmpUniqueLogin
</code>
</script>
</postIterationCondition>
</iteration>
</objectType>
</schemaHandling>
<capabilities>[...]
</capabilities>
<synchronization>
<objectSynchronization>
<name>Employee sync</name>
<objectClass>inetOrgPerson</objectClass>
<objectClass>benvwAccount</objectClass>
<kind>account</kind>
<intent>Employee</intent>
<focusType>c:UserType</focusType>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>c:name</q:path>
<expression xmlns="">
<path>$account/attributes/uid</path>
</expression>
</q:equal>
</correlation>
<objectTemplateRef oid="ea0f69ae-b5e6-4ef9-a206-8421814b977f"
relation="org:default" type="c:ObjectTemplateType">
<targetName>LDAP Template</targetName>
</objectTemplateRef>
<reconcile>true</reconcile>
<opportunistic>true</opportunistic>
[...]
</objectSynchronization>
</synchronization>
</resource>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>