<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Gabriel,</p>
<p>currently midPoint supports only one iterator for each object.</p>
<p>I have done something similar in the past, but the "workaround"
was quite limited. I had one iterator which generated $user/name
in object template which was later used as AD's userPrincipalName
(standard outbound path expression), and then I had another
iterator used in the resource, which generated sAMAccountName in a
different format. This worked as in my environment the customer
wanted to have the same logins in AD and midPoint anyway.<br>
</p>
<p>I have not been able to find JIRA feature request to support more
iterators per object/configuration. Feel free to create such
enhancement request if you cannot find it either. It should be
eventually adressed in the future.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 12. 8. 2019 9:07, Guckenbiehl,
Gabriel wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c2fe6be40bd34c8789bf3ced1bb80359@uni-due.de">
<pre class="moz-quote-pre" wrap="">HI Ivan,
sorry being quiet for so long, I have been in vacations.
Thanks for your explanations, obviously I had some twist in my understanding of the concept of an object template.
Maybe you could provide me with another idea of how to achieve what I wanted to get from this construction.
As you may have guessed from the code I had I am trying to build some schema handling which uses two independend iterations, but the standard way in schema handling only provides one iterator. Is there any way to use habe a second one independent from the first? I.e. one of my iterators is expected to run to an max iteration of maybe 10 the other one could reach up to several 1000.
Thanks for your help again
Gabriel
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">-----Ursprüngliche Nachricht-----
Von: midPoint <a class="moz-txt-link-rfc2396E" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> Im Auftrag von
Ivan Noris
Gesendet: Montag, 29. Juli 2019 09:24
An: <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>
Betreff: Re: [midPoint] schema handling vs object template
Hi Gabriel,
object template and schema handling are similar, but different concepts.
Schema handling is the place to define how to map the attributes from
midPoint to the resource account (outbound) or vice-versa (inbound).
Object template is the place to define how midPoint attributes (e.g. User's
fullName) should be defined from other user attributes (e.g. the same User's
givenName and familyName).
Object template can be also used with the resource, but in a different
context. If you have a resource which is a source resource (contains inbounds
and unmatched->addFocus reaction for example), you can specify an
arbitrary object template instead of the global object template which is
specified in the System configuration.
That said, you should not attempt to define account attributes in the
template but in the schema handling.
Best regards,
Ivan
On 23. 7. 2019 16:41, Guckenbiehl, Gabriel wrote:
Hello all,
in my LDAP-scheme I have a field which should be set by an mapping
from an
object template. The template is called in the synchronization oft he
LDAP-Ressource. Because the LDAP field is a necessary one I get
error
messages, when there is no additional outbound mapping in the
schema
handling itself.
But even though I set the dummy-mapping in the ldap-scheme as
weak as
possible it still is not overridden by the mapping in the object
template.
Maybe anyone here can give me a hint or two, how to enforce the
correct
values?
I can not put the correct mapping in schema handling itself, because
the
iteration there is already used for other context.
Some experimenting led me to believe that no code in the object-
template is
executet, but surely this can't be correct, am I right?
Code below. Best regards and thanks fort he help
Gabriel
Gabriel Guckenbiehl, M.Sc.
Zentrum für Informations- und Mediendienste (ZIM)
Universität Duisburg Essen
Schützenbahn 70
45127 Essen
Telefon: +49 (201) 183-3346
<objectTemplate
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/co
mmon-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><http://midpoint.evolveum.com/xml/ns/public/common/common-3></a>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/co
mmon-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><http://midpoint.evolveum.com/xml/ns/public/common/common-3></a>
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connecto
r/icf-1/resou
rce-schema-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"><http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-
schema-3></a>
xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/
org-3"</a> <a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3"><http://midpoint.evolveum.com/xml/ns/public/common/org-3></a>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3"><http://prism.evolveum.com/xml/ns/public/query-3></a>
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/in
stance-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><http://midpoint.evolveum.com/xml/ns/public/resource/instance-3></a>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3"><http://prism.evolveum.com/xml/ns/public/types-3></a>
oid="ea0f69ae-b5e6-4ef9-a206-8421814b977f" version="89">
<name>LDAP Template</name>
<iteration>
<maxIterations>100000</maxIterations>
<postIterationCondition>
<variable>
<name>uidnummer</name>
<c:path>$shadow/attributes/ri:uidNumber</c:path>
</variable>
<script xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-
instance"</a> <a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance"><http://www.w3.org/2001/XMLSchema-instance></a>
xsi:type="c:ScriptExpressionEvaluatorType">
<trace>true</trace>
<code>
tmpUniqueLogin = midpoint.isUniqueAccountValue(resource,
shadow, 'uidNumber', uidnummer)
return tmpUniqueLogin
</code>
</script>
</postIterationCondition>
</iteration>
<mapping id="18">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<expression>
<script xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-
instance"</a> <a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance"><http://www.w3.org/2001/XMLSchema-instance></a>
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
return 10000+iteration
</code>
</script>
</expression>
<target>
<c:path>ri:uidNumber</c:path>
</target>
</mapping>
</objectTemplate>
<resource
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><http://midpoint.evolveum.com/xml/ns/public/common/common-3></a>
xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/co
mmon-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><http://midpoint.evolveum.com/xml/ns/public/common/common-3></a>
xmlns:icfs=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connecto
r/icf-1/resou
rce-schema-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"><http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-
schema-3></a>
xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/
org-3"</a> <a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3"><http://midpoint.evolveum.com/xml/ns/public/common/org-3></a>
xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3"><http://prism.evolveum.com/xml/ns/public/query-3></a>
xmlns:ri=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/in
stance-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><http://midpoint.evolveum.com/xml/ns/public/resource/instance-3></a>
xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3"><http://prism.evolveum.com/xml/ns/public/types-3></a>
oid="7ea21d36-6438-425c-b81c-8be810210000" version="273">
<name>LDAP_2_with_Template</name>
<connectorRef oid="a4f34827-e130-4d54-8b48-7b4b2c52f51c"
relation="org:default" type="c:ConnectorType"/>
<connectorConfiguration
xmlns:icfc=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">"http://midpoint.evolveum.com/xml/ns/public/connecto
r/icf-1/conne
ctor-schema-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"><http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-
schema-3></a> >
[...]
</connectorConfiguration>
<schema>
<definition>
<xsd:schema
xmlns:a=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3">"http://prism.evolveum.com/xml/ns/public/annotation-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3"><http://prism.evolveum.com/xml/ns/public/annotation-3></a>
xmlns:ra=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3">"http://midpoint.evolveum.com/xml/ns/public/resource/a
nnotation-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"><http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3></a>
xmlns:tns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/resource/
instance-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><http://midpoint.evolveum.com/xml/ns/public/resource/instance-3></a>
xmlns:xsd=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema">"http://www.w3.org/2001/XMLSchema"</a>
<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema"><http://www.w3.org/2001/XMLSchema></a> elementFormDefault="qualified"
targetNamespace=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">"http://midpoint.evolveum.com/xml/ns/public/r
esource/instanc
e-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><http://midpoint.evolveum.com/xml/ns/public/resource/instance-3></a> >
<xsd:import
namespace=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3">"http://prism.evolveum.com/xml/ns/public/annotation-
3"</a> <a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/annotation-3"><http://prism.evolveum.com/xml/ns/public/annotation-3></a> />
<xsd:import
namespace=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3">"http://midpoint.evolveum.com/xml/ns/public/resourc
e/annotation-3"</a>
<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"><http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3></a>
/>
</xsd:complexType>
<xsd:complexType name="posixAccount">
<xsd:annotation>
<xsd:appinfo>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>posixAccount</ra:nativeObjectClass>
<ra:auxiliary>true</ra:auxiliary>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="uidNumber" type="xsd:int">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>190</a:displayOrder>
<ra:nativeAttributeName>uidNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>uidNumber</ra:frameworkAttribute
Name>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:complexType>
</xsd:schema>
</definition>
</schema>
<schemaHandling>
<objectType id="68">
<kind>account</kind>
<intent>Employee</intent>
<displayName>Employee Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
<attribute id="70">
<c:ref>ri:mail</c:ref>
<tolerant>false</tolerant>
<exclusiveStrong>true</exclusiveStrong>
<outbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<source>
<c:path>$user/givenName</c:path>
</source>
<source>
<c:path>$user/emailAddress</c:path>
</source>
<source>
<c:path>$user/familyName</c:path>
</source>
<expression>
<script
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance"><http://www.w3.org/2001/XMLSchema-instance></a>
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
if (emailAddress != null) {
return emailAddress
} else {
mailName =
givenName.getNorm().tokenize()[0] + iterationToken + '.' +
familyName.getNorm().replaceAll(" ", "_") + '@uni-due.de';
return mailName;
}
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="131">
<c:ref>ri:uidNumber</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>weak</strength>
<expression>
<value>0</value>
</expression>
</outbound>
</attribute>
<iteration>
<maxIterations>1000</maxIterations>
<postIterationCondition>
<variable>
<name>test</name>
<c:path>$shadow/attributes/ri:mail</c:path>
</variable>
<script
xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance"><http://www.w3.org/2001/XMLSchema-instance></a>
xsi:type="c:ScriptExpressionEvaluatorType">
<trace>true</trace>
<code>
tmpUniqueLogin =
midpoint.isUniqueAccountValue(resource, shadow, 'mail', test)
return tmpUniqueLogin
</code>
</script>
</postIterationCondition>
</iteration>
</objectType>
</schemaHandling>
<capabilities>[...]
</capabilities>
<synchronization>
<objectSynchronization>
<name>Employee sync</name>
<objectClass>inetOrgPerson</objectClass>
<objectClass>benvwAccount</objectClass>
<kind>account</kind>
<intent>Employee</intent>
<focusType>c:UserType</focusType>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>c:name</q:path>
<expression xmlns="">
<path>$account/attributes/uid</path>
</expression>
</q:equal>
</correlation>
<objectTemplateRef oid="ea0f69ae-b5e6-4ef9-a206-
8421814b977f"
relation="org:default" type="c:ObjectTemplateType">
<targetName>LDAP Template</targetName>
</objectTemplateRef>
<reconcile>true</reconcile>
<opportunistic>true</opportunistic>
[...]
</objectSynchronization>
</synchronization>
</resource>
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:midPoint@lists.evolveum.com"><mailto:midPoint@lists.evolveum.com></a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>