<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; } @font-face { font-family: "Cambria Math"; } @font-face { font-family: Calibri; } @font-face { font-family: Ubuntu; } p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; } a:link, span.MsoHyperlink { color: blue; text-decoration: underline; } pre { margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New"; } span.DefaultFontHxMailStyle { font-family: Ubuntu, sans-serif; color: windowtext; font-weight: normal; font-style: normal; } span.HTMLPreformattedChar { font-family: "Courier New"; } .MsoChpDefault { } @page WordSection1 { margin: 1in; } div.WordSection1 { }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>If the number of accounts is fixed, I think you should create, in the resource configuration, a different intent for each account.<br>
</p>
<p><br>
</p>
<div id="Signature">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px"><font size="3"><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(31,73,125)">Paulo Fernandes de Souza Júnior</span></b><b style="font-family:Times New Roman"><span style="font-size:10pt; color:rgb(23,54,93)"></span></b><span style="font-family:Times New Roman">
</span><br style="font-family:Times New Roman">
<b style="font-family:Times New Roman"><span style="font-size:8pt; color:rgb(31,73,125)">NQPPPS<br>
</span></b><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Senado Federal -
</span></font><font size="3"><span style="font-size:8pt; font-family:Times New Roman; color:rgb(31,73,125)">PRODASEN<br>
</span><span style="font-size:8pt; font-family:Times New Roman; color:rgb(23,54,93)">Fone: 61 3303.3924</span></font><span style="color:rgb(31,73,125)"></span>
<br>
<br>
<p class="MsoNormal"><br>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="word-wrap:break-word">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>De:</b> midPoint <midpoint-bounces@lists.evolveum.com> em nome de Jason Everling via midPoint <midpoint@lists.evolveum.com><br>
<b>Enviado:</b> segunda-feira, 14 de fevereiro de 2022 13:30<br>
<b>Para:</b> midPoint General Discussion<br>
<b>Cc:</b> Jason Everling<br>
<b>Assunto:</b> Re: [midPoint] Multiple AD accounts</font>
<div> </div>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span class="DefaultFontHxMailStyle">What you are looking for is probably what Midpoint calls ‘Personas’</span></p>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"> </span></p>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"><a href="https://docs.evolveum.com/midpoint/reference/misc/persona/">https://docs.evolveum.com/midpoint/reference/misc/persona/</a></span></p>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"> </span></p>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"> </span></p>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="border:none; padding:0in"><b>From: </b><a href="mailto:midpoint@lists.evolveum.com">Yakov Revyakin via midPoint</a><br>
<b>Sent: </b>Monday, February 14, 2022 7:53 AM<br>
<b>To: </b><a href="mailto:midpoint@lists.evolveum.com">midPoint General Discussion</a><br>
<b>Cc: </b><a href="mailto:yrevyakin@gmail.com">Yakov Revyakin</a><br>
<b>Subject: </b>Re: [midPoint] Multiple AD accounts</p>
</div>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"> </span></p>
<div>
<p class="MsoNormal">Can someone help to move forward?</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Sun, 13 Feb 2022 at 19:20, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<div>
<div>
<p class="MsoNormal">For example, I have something like this:</p>
<div>
<p class="MsoNormal">(where dn is AD namingAttribute, organization O has two org assignments Off1 & Off2, O includes single-value "department" attribute with value "O" to use it as AD OU name for org O))<br>
I use Off1 and Off2 names as tag value.</p>
</div>
<div>
<pre style="background:#2B2B2B"><span style="color:#E8BF6A"><objectType><br> <kind></span><span style="color:#A9B7C6">generic</span><span style="color:#E8BF6A"></kind><br> <intent></span><span style="color:#A9B7C6">default</span><span style="color:#E8BF6A"></intent><br> <objectClass></span><span style="color:#A9B7C6">ri:organizationalUnit</span><span style="color:#E8BF6A"></objectClass><br> <multiplicity><br> <maxOccurs></span><span style="color:#A9B7C6">unbounded</span><span style="color:#E8BF6A"></maxOccurs><br> <tag><br> <outbound><br> <source><br> <path></span><span style="color:#A9B7C6">parentOrgRef</span><span style="color:#E8BF6A"></path><br> </source><br> <expression><br> <script><br> <code><span style="background:#364135"><br> </span></span><span style="color:#A9B7C6; background:#364135">import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;<br> <br> OrgType office = midpoint.getOrgByOid(parentOrgRef.oid);<br> <a href="http://log.info">log.info</a>("1.1" + String.valueOf(<a href="http://office.name">office.name</a>));<br> return <a href="http://office.name">office.name</a>;<br> </span><span style="color:#E8BF6A"></code><br> </script><br> </expression><br> </outbound><br> </tag><br> </multiplicity><br> <attribute><br> <ref></span><span style="color:#A9B7C6">ri:dn</span><span style="color:#E8BF6A"></ref><br> <matchingRule></span><span style="color:#A9B7C6">distinguishedName</span><span style="color:#E8BF6A"></matchingRule><br> <outbound><br> <strength></span><span style="color:#A9B7C6">strong</span><span style="color:#E8BF6A"></strength><br> <source><br> <path></span><span style="color:#A9B7C6">extension/department</span><span style="color:#E8BF6A"></path><br> </source><br> <source><br> <path></span><span style="color:#A9B7C6">parentOrgRef</span><span style="color:#E8BF6A"></path><br> </source><br> <source><br> <path></span><span style="color:#A9B7C6">$projection/tag</span><span style="color:#E8BF6A"></path><br> </source><br> <expression><br> <script><br> <code><span style="background:#364135"><br> </span></span><span style="color:#A9B7C6; background:#364135">import com.evolveum.midpoint.schema.constants.SchemaConstants;<br> import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;<br> import javax.naming.ldap.Rdn;<br> import javax.naming.ldap.LdapName;<br><br> OrgType office = midpoint.getOrgByOid(parentOrgRef.oid);<br><br> <a href="http://log.info">log.info</a>("2.1" + String.valueOf(tag));<br> <a href="http://log.info">log.info</a>("2.2" + String.valueOf(<a href="http://office.name">office.name</a>));<br><br> return basic.composeDn(<br> new Rdn("OU", basic.stringify(department)),<br> new Rdn("OU", basic.stringify(<a href="http://office.name">office.name</a>)),<br> new LdapName("DC=example,DC=com")<br> );<br> </span><span style="color:#E8BF6A"></code><br> </script><br> </expression><br> </outbound><br> </attribute><br></objectType></span><span style="color:#A9B7C6"></span></pre>
</div>
</div>
<div>
<p class="MsoNormal">For my data structure I wrote above I have the following output in log:</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">1.1 Off1 <br>
1.1 Off2 <br>
1.1 Off1 <br>
1.1 Off2 <br>
2.1 Off1 <br>
2.2 Off1 <br>
2.1 Off1 <br>
2.2 Off2 <br>
2.1 Off1 <br>
2.2 Off1 <br>
2.1 Off1 <br>
2.2 Off2 <br>
<br>
Partial error while processing projection on resource:746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2(AD): Attempt to add 2 values to a single-valued item attributes/dn; values: [PPV(String:OU=O,OU=Off1,DC=example,DC=com), PPV(String:OU=O,OU=Off2,DC=example,DC=com)]</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">How to complete my conf? I don't understand how to configure the multivalued account feature. Please, help</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Sun, 13 Feb 2022 at 14:48, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<div>
<p class="MsoNormal">Correct, I'd like to have multiple AD accounts. How to command to create them?</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">On Sun, 13 Feb 2022 at 14:34, Roman Pudil - AMI Praha a.s. via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Hi, </p>
</div>
<div>
<p class="MsoNormal">AD schema did not allow multiple values in DN attribute. See AD schema documentation. </p>
</div>
<div>
<p class="MsoNormal">You have ro use multiple accounts.</p>
</div>
<div>
<p class="MsoNormal">Regards</p>
</div>
<div>
<p class="MsoNormal">Roman Pudil</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">Dne ne 13. 2. 2022 13:27 uživatel Yakov Revyakin via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> napsal:</p>
</div>
<blockquote style="border:none; border-left:solid #CCCCCC 1.0pt; padding:0in 0in 0in 6.0pt; margin-left:4.8pt; margin-right:0in">
<div>
<div>
<p class="MsoNormal">An org (O, intent : default) is a member of two organizations (Off1 & Off2) different by name but the same by nature (intent : office).</p>
</div>
<div>
<p class="MsoNormal">This structure results in AD as:</p>
</div>
<div>
<p class="MsoNormal">Off1 dn : OU=Off1</p>
</div>
<div>
<p class="MsoNormal">Off2 dn : OU=Off2</p>
</div>
<div>
<p class="MsoNormal">O in Off1 dn : OU=O,OU=Off1</p>
</div>
<div>
<p class="MsoNormal">O in Off2 dn : OU=O,OU=Off2</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">I'd like to have multiple AD accounts under O created: OU=O,OU=Off1 and OU=O,OU=Off2.</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Could someone provide schema handling with multiple accounts support for the case? I mean TAG support.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">My configuration tries to save multiple values in dn attribute instead of creating different accounts.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Thanks,</p>
</div>
<div>
<p class="MsoNormal">J</p>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:.2in">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
<p class="MsoNormal"><span class="DefaultFontHxMailStyle"> </span></p>
</div>
</div>
</div>
</body>
</html>