<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Ubuntu;
panose-1:2 11 5 4 3 6 2 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.DefaultFontHxMailStyle
{mso-style-name:"Default Font HxMail Style";
font-family:"Ubuntu",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span class=DefaultFontHxMailStyle>What you are looking for is probably what Midpoint calls ‘Personas’<o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><a href="https://docs.evolveum.com/midpoint/reference/misc/persona/">https://docs.evolveum.com/midpoint/reference/misc/persona/</a><o:p></o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:midpoint@lists.evolveum.com">Yakov Revyakin via midPoint</a><br><b>Sent: </b>Monday, February 14, 2022 7:53 AM<br><b>To: </b><a href="mailto:midpoint@lists.evolveum.com">midPoint General Discussion</a><br><b>Cc: </b><a href="mailto:yrevyakin@gmail.com">Yakov Revyakin</a><br><b>Subject: </b>Re: [midPoint] Multiple AD accounts</p></div><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p><div><p class=MsoNormal>Can someone help to move forward?</p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Sun, 13 Feb 2022 at 19:20, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal>For example, I have something like this:</p><div><p class=MsoNormal>(where dn is AD namingAttribute, organization O has two org assignments Off1 & Off2, O includes single-value "department" attribute with value "O" to use it as AD OU name for org O))<br>I use Off1 and Off2 names as tag value.</p></div><div><pre style='background:#2B2B2B'><span style='color:#E8BF6A'><objectType><br> <kind></span><span style='color:#A9B7C6'>generic</span><span style='color:#E8BF6A'></kind><br> <intent></span><span style='color:#A9B7C6'>default</span><span style='color:#E8BF6A'></intent><br> <objectClass></span><span style='color:#A9B7C6'>ri:organizationalUnit</span><span style='color:#E8BF6A'></objectClass><br> <multiplicity><br> <maxOccurs></span><span style='color:#A9B7C6'>unbounded</span><span style='color:#E8BF6A'></maxOccurs><br> <tag><br> <outbound><br> <source><br> <path></span><span style='color:#A9B7C6'>parentOrgRef</span><span style='color:#E8BF6A'></path><br> </source><br> <expression><br> <script><br> <code><span style='background:#364135'><br> </span></span><span style='color:#A9B7C6;background:#364135'>import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;<br> <br> OrgType office = midpoint.getOrgByOid(parentOrgRef.oid);<br> <a href="http://log.info">log.info</a>("1.1" + String.valueOf(<a href="http://office.name">office.name</a>));<br> return <a href="http://office.name">office.name</a>;<br> </span><span style='color:#E8BF6A'></code><br> </script><br> </expression><br> </outbound><br> </tag><br> </multiplicity><br> <attribute><br> <ref></span><span style='color:#A9B7C6'>ri:dn</span><span style='color:#E8BF6A'></ref><br> <matchingRule></span><span style='color:#A9B7C6'>distinguishedName</span><span style='color:#E8BF6A'></matchingRule><br> <outbound><br> <strength></span><span style='color:#A9B7C6'>strong</span><span style='color:#E8BF6A'></strength><br> <source><br> <path></span><span style='color:#A9B7C6'>extension/department</span><span style='color:#E8BF6A'></path><br> </source><br> <source><br> <path></span><span style='color:#A9B7C6'>parentOrgRef</span><span style='color:#E8BF6A'></path><br> </source><br> <source><br> <path></span><span style='color:#A9B7C6'>$projection/tag</span><span style='color:#E8BF6A'></path><br> </source><br> <expression><br> <script><br> <code><span style='background:#364135'><br> </span></span><span style='color:#A9B7C6;background:#364135'>import com.evolveum.midpoint.schema.constants.SchemaConstants;<br> import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;<br> import javax.naming.ldap.Rdn;<br> import javax.naming.ldap.LdapName;<br><br> OrgType office = midpoint.getOrgByOid(parentOrgRef.oid);<br><br> <a href="http://log.info">log.info</a>("2.1" + String.valueOf(tag));<br> <a href="http://log.info">log.info</a>("2.2" + String.valueOf(<a href="http://office.name">office.name</a>));<br><br> return basic.composeDn(<br> new Rdn("OU", basic.stringify(department)),<br> new Rdn("OU", basic.stringify(<a href="http://office.name">office.name</a>)),<br> new LdapName("DC=example,DC=com")<br> );<br> </span><span style='color:#E8BF6A'></code><br> </script><br> </expression><br> </outbound><br> </attribute><br></objectType></span><span style='color:#A9B7C6'><o:p></o:p></span></pre></div></div><div><p class=MsoNormal>For my data structure I wrote above I have the following output in log:</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>1.1 Off1 <br>1.1 Off2 <br>1.1 Off1 <br>1.1 Off2 <br>2.1 Off1 <br>2.2 Off1 <br>2.1 Off1 <br>2.2 Off2 <br>2.1 Off1 <br>2.2 Off1 <br>2.1 Off1 <br>2.2 Off2 <br><br>Partial error while processing projection on resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(AD): Attempt to add 2 values to a single-valued item attributes/dn; values: [PPV(String:OU=O,OU=Off1,DC=example,DC=com), PPV(String:OU=O,OU=Off2,DC=example,DC=com)]</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>How to complete my conf? I don't understand how to configure the multivalued account feature. Please, help</p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Sun, 13 Feb 2022 at 14:48, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal>Correct, I'd like to have multiple AD accounts. How to command to create them?</p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Sun, 13 Feb 2022 at 14:34, Roman Pudil - AMI Praha a.s. via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Hi, </p></div><div><p class=MsoNormal>AD schema did not allow multiple values in DN attribute. See AD schema documentation. </p></div><div><p class=MsoNormal>You have ro use multiple accounts.</p></div><div><p class=MsoNormal>Regards</p></div><div><p class=MsoNormal>Roman Pudil</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Dne ne 13. 2. 2022 13:27 uživatel Yakov Revyakin via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> napsal:</p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal>An org (O, intent : default) is a member of two organizations (Off1 & Off2) different by name but the same by nature (intent : office).</p></div><div><p class=MsoNormal>This structure results in AD as:</p></div><div><p class=MsoNormal>Off1 dn : OU=Off1</p></div><div><p class=MsoNormal>Off2 dn : OU=Off2</p></div><div><p class=MsoNormal>O in Off1 dn : OU=O,OU=Off1</p></div><div><p class=MsoNormal>O in Off2 dn : OU=O,OU=Off2</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>I'd like to have multiple AD accounts under O created: OU=O,OU=Off1 and OU=O,OU=Off2.</p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Could someone provide schema handling with multiple accounts support for the case? I mean TAG support.</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>My configuration tries to save multiple values in dn attribute instead of creating different accounts.</p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks,</p></div><div><p class=MsoNormal>J</p></div></div><p class=MsoNormal>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br><a href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p></blockquote></div></div></div></blockquote></div></blockquote></div></div></blockquote></div><p class=MsoNormal style='margin-left:.2in'>_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br><a href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p><p class=MsoNormal><span class=DefaultFontHxMailStyle><o:p> </o:p></span></p></div></body></html>