<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Here, we don't directly assign the OU in an inbound mapping, but in an object template. The inbound mapping in the resource maps to the user attribute, using the set/predefined/all clause, and from there the global user template maps <br>
</p>
<p>the assignment.<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div id="Signature">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px"><font size="3"><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(31,73,125)">Paulo Fernandes de Souza Júnior</span></b><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(23,54,93)"></span></b><span style="font-family:Times New Roman">
</span><br style="font-family:Times New Roman">
<b style="font-family:Times New Roman"><span style="font-size:8pt; color:rgb(31,73,125)">NQPPPS<br>
</span></b><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Senado Federal -
</span></font><font size="3"><span style="font-size:8pt; font-family:Times New Roman; color:rgb(31,73,125)">PRODASEN<br>
</span><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Fone: 61 3303.3924</span></font><span style="color:rgb(31,73,125)"></span>
<br>
<br>
<p class="MsoNormal"><br>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>De:</b> midPoint <midpoint-bounces@lists.evolveum.com> em nome de Keith LeValley via midPoint <midpoint@lists.evolveum.com><br>
<b>Enviado:</b> quinta-feira, 21 de outubro de 2021 10:09<br>
<b>Para:</b> midPoint General Discussion<br>
<b>Cc:</b> Keith LeValley<br>
<b>Assunto:</b> Re: [midPoint] midPoint Digest, Vol 114, Issue 9</font>
<div> </div>
</div>
<div>
<div dir="ltr">Oliver,
<div><br>
</div>
<div>For us HR assigns each user an OU (which in our case is a number). The OU attribute comes through to Midpoint and I use the autoassignment feature inside Midpoint which works really well. It's a multistep process, but it's clearly laid out in the Midpoint
ebook starting on page 229 (link below):</div>
<div><br>
</div>
<div><a href="https://docs.evolveum.com/book/">https://docs.evolveum.com/book/</a><br>
</div>
<div><br>
</div>
<div>You basically create a custom attribute in the org, then Midpoint will see if the user attribute you select and the custom attribute in the org match. If they do, the user gets assigned to that org, if they don't then the user will be removed. Not sure
if this will fit your required use case, but if it does it's a very clean and easy solution.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Oct 21, 2021 at 3:47 AM <<a href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.evolveum.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
Send midPoint mailing list submissions to<br>
<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">
https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:midpoint-request@lists.evolveum.com" target="_blank">midpoint-request@lists.evolveum.com</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:midpoint-owner@lists.evolveum.com" target="_blank">midpoint-owner@lists.evolveum.com</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of midPoint digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Assignment and unassignment of organizational units<br>
(Oliver Schonefeld)<br>
2. Re: Assignment and unassignment of organizational units<br>
(Jonathan Hill)<br>
3. Re: Scripted SQL Connector - Full Samples (Frédéric Lohier)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 20 Oct 2021 16:29:58 +0200<br>
From: Oliver Schonefeld <<a href="mailto:schonefeld@ids-mannheim.de" target="_blank">schonefeld@ids-mannheim.de</a>><br>
To: <a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
Subject: [midPoint] Assignment and unassignment of organizational<br>
units<br>
Message-ID: <<a href="mailto:4ca1c9de-fc7e-d038-f00c-1ed31c54658b@ids-mannheim.de" target="_blank">4ca1c9de-fc7e-d038-f00c-1ed31c54658b@ids-mannheim.de</a>><br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"<br>
<br>
Hello,<br>
<br>
I am running midPoint 4.3.1 and am trying to automatically assign and <br>
unassign organizational units to user accounts. I have modelled the <br>
organizational structure of our institute in midpoint. Organizational <br>
unit membership is governed by a HR feed (modeled as CVS resource) and <br>
user accounts should be assigned or unassigned to org units depending on <br>
the information of the hr feed.<br>
<br>
I've manged to get the initial assignment of org units to work by adding <br>
an inbound mapping to the schema handling section of the HR csv resource:<br>
<!-- ... --><br>
<inbound><br>
<authoritative>true</authoritative><br>
<expression><br>
<assignmentTargetSearch><br>
<targetType>OrgType</targetType><br>
<filter><br>
<q:equal><br>
<q:path>identifier</q:path><br>
<expression><br>
<path>$input</path><br>
</expression><br>
</q:equal><br>
</filter><br>
</assignmentTargetSearch><br>
</expression><br>
<target><br>
<path>assignment</path><br>
</target><br>
</inbound><br>
<!-- ... --><br>
<br>
However, if I move a user in my HR feed to another org unit, the new <br>
unit gets assigned to the user (e.g. in reconciliation or live sync), <br>
but the old unit is never unassigned.<br>
<br>
If I set<br>
<set><br>
<predefined>all</predefined><br>
</set><br>
in <target>, midPoint correctly sets the org units, but also removed all <br>
other assignments, e.g. manual requested or auto-assigned roles, etc.<br>
<br>
Ideally, I'd like midpoint to only touch the org unit assignments when <br>
something changes in the HR feed.<br>
<br>
Has anybody some ideas or useful insights, how I can accomplish this goal?<br>
<br>
<br>
Thank you and best regards<br>
Oliver<br>
-- <br>
Oliver Schonefeld<br>
Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)<br>
R5, 6-13, D-68161 Mannheim<br>
+49-(0)621-1581-168 | <a href="http://www.ids-mannheim.de" rel="noreferrer" target="_blank">
http://www.ids-mannheim.de</a><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: smime.p7s<br>
Type: application/pkcs7-signature<br>
Size: 5381 bytes<br>
Desc: S/MIME Cryptographic Signature<br>
URL: <<a href="https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/c4e5f238/attachment-0001.bin" rel="noreferrer" target="_blank">https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/c4e5f238/attachment-0001.bin</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 20 Oct 2021 11:11:40 -0400<br>
From: Jonathan Hill <<a href="mailto:jhill@exclamationlabs.com" target="_blank">jhill@exclamationlabs.com</a>><br>
To: midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>
Subject: Re: [midPoint] Assignment and unassignment of organizational<br>
units<br>
Message-ID: <<a href="mailto:EE0B7AE5-3A9D-4687-98BE-66BA8E3A6074@exclamationlabs.com" target="_blank">EE0B7AE5-3A9D-4687-98BE-66BA8E3A6074@exclamationlabs.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hey Oliver,<br>
<br>
I would try adding assignmentProperties in your assignmentTargetSearch to allow a clear set of what can be removed.<br>
<br>
...<br>
<assignmentProperties><br>
<subtype>hrFeed</subtype><br>
</assignmentProperties><br>
</assignmentTargetSearch><br>
<br>
...<br>
<br>
<set><br>
<condition><br>
<script><br>
<code><br>
return input.subtype.contains("hrFeed")<br>
</code><br>
</script><br>
</condition><br>
</set><br>
<br>
Jonathan Hill<br>
Exclamation Labs<br>
300 Washington Street<br>
Cumberland, MD 21502<br>
<a href="mailto:jhill@exclamationlabs.com" target="_blank">jhill@exclamationlabs.com</a> <mailto:<a href="mailto:jhill@exclamationlabs.com" target="_blank">jhill@exclamationlabs.com</a>><br>
<a href="http://www.exclamationlabs.com" rel="noreferrer" target="_blank">www.exclamationlabs.com</a> <<a href="http://www.exclamationlabs.com/" rel="noreferrer" target="_blank">http://www.exclamationlabs.com/</a>><br>
<br>
> On Oct 20, 2021, at 10:29 AM, Oliver Schonefeld via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br>
> <br>
> Hello,<br>
> <br>
> I am running midPoint 4.3.1 and am trying to automatically assign and unassign organizational units to user accounts. I have modelled the organizational structure of our institute in midpoint. Organizational unit membership is governed by a HR feed (modeled
as CVS resource) and user accounts should be assigned or unassigned to org units depending on the information of the hr feed.<br>
> <br>
> I've manged to get the initial assignment of org units to work by adding an inbound mapping to the schema handling section of the HR csv resource:<br>
> <!-- ... --><br>
> <inbound><br>
> <authoritative>true</authoritative><br>
> <expression><br>
> <assignmentTargetSearch><br>
> <targetType>OrgType</targetType><br>
> <filter><br>
> <q:equal><br>
> <q:path>identifier</q:path><br>
> <expression><br>
> <path>$input</path><br>
> </expression><br>
> </q:equal><br>
> </filter><br>
> </assignmentTargetSearch><br>
> </expression><br>
> <target><br>
> <path>assignment</path><br>
> </target><br>
> </inbound><br>
> <!-- ... --><br>
> <br>
> However, if I move a user in my HR feed to another org unit, the new unit gets assigned to the user (e.g. in reconciliation or live sync), but the old unit is never unassigned.<br>
> <br>
> If I set<br>
> <set><br>
> <predefined>all</predefined><br>
> </set><br>
> in <target>, midPoint correctly sets the org units, but also removed all other assignments, e.g. manual requested or auto-assigned roles, etc.<br>
> <br>
> Ideally, I'd like midpoint to only touch the org unit assignments when something changes in the HR feed.<br>
> <br>
> Has anybody some ideas or useful insights, how I can accomplish this goal?<br>
> <br>
> <br>
> Thank you and best regards<br>
> Oliver<br>
> -- <br>
> Oliver Schonefeld<br>
> Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)<br>
> R5, 6-13, D-68161 Mannheim<br>
> +49-(0)621-1581-168 | <a href="http://www.ids-mannheim.de" rel="noreferrer" target="_blank">
http://www.ids-mannheim.de</a><br>
> _______________________________________________<br>
> midPoint mailing list<br>
> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
> <a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">
https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/ace41b43/attachment-0001.htm" rel="noreferrer" target="_blank">https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/ace41b43/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 21 Oct 2021 09:47:18 +0200<br>
From: Frédéric Lohier <<a href="mailto:frederic@lohier.org" target="_blank">frederic@lohier.org</a>><br>
To: midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>><br>
Cc: "Vitor Alves | Gerencianet" <<a href="mailto:vitor.alves@gerencianet.com.br" target="_blank">vitor.alves@gerencianet.com.br</a>><br>
Subject: Re: [midPoint] Scripted SQL Connector - Full Samples<br>
Message-ID:<br>
<CALRGK0qf-U6Lf=<a href="mailto:dtxWGvawvu6pECLSs%2BCemvQzY4KcwOMsHnSw@mail.gmail.com" target="_blank">dtxWGvawvu6pECLSs+CemvQzY4KcwOMsHnSw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello,<br>
<br>
I am also interested in examples using scriptedSQL connector version 2.x.<br>
I would like to migrate our scriptedSQL resource from scriptedSQL connector<br>
v1.1.2.0.m3 to V2.2.1<br>
<br>
-Frederic<br>
<br>
On Mon, Sep 20, 2021, 13:16 Vitor Alves | Gerencianet via midPoint <<br>
<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br>
<br>
> Good morning everybody,<br>
><br>
> Guys, could you help me with a question? The Scripted SQL Connector, are<br>
> there current full samples? I ask this, because in the samples project<br>
> hosted on Github, there are only Groovy Scripts (<br>
> <a href="https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql" rel="noreferrer" target="_blank">
https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql</a>)<br>
> , and these are commented out. I'm looking for a more real example, with<br>
> the case application, creating a MySQL database. If anyone has something<br>
> like that, could they send it here? Thank you very much for the help of the<br>
> Community.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> Regards,<br>
><br>
> -----<br>
> *Vitor Alves*<br>
><br>
><br>
> _______________________________________________<br>
> midPoint mailing list<br>
> <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
> <a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">
https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/cd50a53f/attachment.htm" rel="noreferrer" target="_blank">https://lists.evolveum.com/pipermail/midpoint/attachments/20211021/cd50a53f/attachment.htm</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
<br>
------------------------------<br>
<br>
End of midPoint Digest, Vol 114, Issue 9<br>
****************************************<br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Keith LeValley<br>
<div><font face="arial, helvetica, sans-serif">Identity Services Architect</font>, Davenport University</div>
<div>phone: (616) 732-1102</div>
<div><a href="mailto:klevalley2@davenport.edu" target="_blank">klevalley2@davenport.edu<br>
</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>