Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The outbound configuration specifies how to transform the attribute value from midPoint on the fly before it is sent to resource attribute. The modification value can use other attribute values, constants or anything that can be achieved by an XPath an expression. For example you may wish to set the resource's "fullname" attribute to the uppercase value of midPoint's "fullName" attribute. The outbound is what you use for provisioning.

...

Code Block
xml
xml
titleLDAP Resource Synchronization Example
<synchronization>
        	<objectSynchronization>
	            <!--
	                The synchronization for this resource is enabled.
	                It means that the synchronization will react to changes detected by
	                the system (live sync task, discovery or reconciliation) -->
	            <enabled>true</enabled>

	            <correlation>
	                <q:description>
	                    Correlation expression is a search query.
	                    Following search queury will look for users that have "name"
	                    equal to the "uid" attribute of the account. Simply speaking,
	                    it will look for match in usernames in the IDM and the resource.
	                    The correlation rule always looks for users, so it will not match
	                    any other object type.
	                </q:description>
	                <q:equal>
	                    <q:path>c:name</q:path>
	                    <expression>
	                        <ref>name</ref>
				<script>
								<language>http://www.w3.org/TR/xpath/</language>
		                        <code>
		                            $c:account/c:attributes/ri:uid
		                        </code><path>$account/attributes/ri:uid</path>
	                        </script>
	                    </expression>
	                </q:equal>
	            </correlation>

	            <!-- Confirmation rule may be here, but as the search above will
	                 always return at most one match, the confirmation rule is not needed. -->

	            <!-- Following section describes reactions to a situations.
	                 The setting here assumes that this resource is authoritative,
	                 therefore all accounts created on the resource should be
	                 reflected as new users in IDM.
	                 See http://wiki.evolveum.com/display/midPoint/Synchronization+Situations
	             -->

	            <reaction>
	                <situation>linked</situation>
	                <action>
						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-2#modifyUser</handlerUri>
					</action>
				</reaction>
	            <reaction>
	                <situation>deleted</situation>
	                <action>
						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-2#unlinkAccount</handlerUri>
	            </reaction>

	            <reaction>
	                <situation>unlinked</situation>
	                <action>
						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-2#linkAccount</handlerUri>
	            </reaction>
	            <reaction>
	                <situation>unmatched</situation>
	                <action>
						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-2#addUser</handlerUri>
	                    <!-- Reference to the User Template is here. If the user would be
	                         created as a result of this action, it will be created according
	                         to this template. -->

	                    <userTemplateRef oid="c0c010c0-d34d-b33f-f00d-777222222222"/>
	                </action>
	            </reaction>
		</objectSynchronization>
</synchronization>

...