Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
midPoint_container/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
365 lines (357 sloc)
13.8 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!-- | |
~ Copyright (c) 2019 Evolveum and contributors | |
~ | |
~ This work is dual-licensed under the Apache License 2.0 | |
~ and European Union Public License. See LICENSE file for details. | |
--> | |
<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272" | |
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | |
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" | |
xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | |
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3" | |
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"> | |
<name>LDAP (directory)</name> | |
<connectorRef type="ConnectorType"> | |
<filter> | |
<q:equal> | |
<q:path>c:connectorType</q:path> | |
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value> | |
</q:equal> | |
</filter> | |
</connectorRef> | |
<connectorConfiguration | |
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" | |
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector"> | |
<icfc:configurationProperties | |
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector"> | |
<icfcldap:port>389</icfcldap:port> | |
<icfcldap:host>directory</icfcldap:host> | |
<!-- <icfcldap:host>192.168.56.101</icfcldap:host> --> | |
<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext> | |
<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn> | |
<icfcldap:bindPassword> | |
<t:clearValue>password</t:clearValue> | |
</icfcldap:bindPassword> | |
<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute> | |
<icfcldap:pagingStrategy>spr</icfcldap:pagingStrategy> <!-- spr? --> | |
<!-- <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> --> | |
<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes> | |
<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes> | |
<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes> | |
<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify> | |
<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm --> | |
<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule --> | |
</icfc:configurationProperties> | |
<icfc:resultsHandlerConfiguration> | |
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler> | |
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler> | |
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler> | |
</icfc:resultsHandlerConfiguration> | |
</connectorConfiguration> | |
<schema> | |
<generationConstraints> | |
<generateObjectClass>ri:inetOrgPerson</generateObjectClass> | |
<generateObjectClass>ri:eduPerson</generateObjectClass> | |
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass> | |
<generateObjectClass>ri:groupOfNames</generateObjectClass> | |
<generateObjectClass>ri:organizationalUnit</generateObjectClass> | |
</generationConstraints> | |
</schema> | |
<schemaHandling> | |
<objectType> | |
<kind>account</kind> | |
<displayName>Normal Account</displayName> | |
<default>true</default> | |
<objectClass>ri:inetOrgPerson</objectClass> | |
<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass> | |
<attribute> | |
<ref>ri:dn</ref> | |
<displayName>Distinguished Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>name</path> | |
</source> | |
<expression> | |
<script> | |
<code> | |
'uid=' + name + ',ou=People,dc=internet2,dc=edu' | |
</code> | |
</script> | |
</expression> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:cn</ref> | |
<displayName>Common Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>fullName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:sn</ref> | |
<displayName>Surname</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>familyName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:givenName</ref> | |
<displayName>Given Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>givenName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:uid</ref> | |
<displayName>Login Name</displayName> | |
<tolerant>false</tolerant> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>name</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:mail</ref> | |
<displayName>Mail</displayName> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>emailAddress</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:employeeNumber</ref> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>employeeNumber</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:businessCategory</ref> | |
<tolerant>false</tolerant> | |
</attribute> | |
<!-- <attribute> | |
<ref>ri:eduPersonAffiliation</ref> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>extension/rawAffiliation</path> | |
</source> | |
</outbound> | |
<tolerant>false</tolerant> | |
</attribute> --> | |
<!-- TODO MidPoint Basics Training, LAB 4-9, part 1 of 2: uncomment the following content --> | |
<!-- | |
<activation> | |
<administrativeStatus> | |
<outbound/> | |
</administrativeStatus> | |
</activation> | |
--> | |
<!-- TODO MidPoint Basics Training, LAB 4-9, part 1 of 2: end of to-be-uncommented content --> | |
<association> | |
<tolerant>false</tolerant> | |
<ref>ri:group</ref> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<direction>objectToSubject</direction> | |
<associationAttribute>ri:uniqueMember</associationAttribute> | |
<valueAttribute>ri:dn</valueAttribute> | |
</association> | |
<protected> | |
<filter> | |
<q:equal> | |
<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching> | |
<q:path>attributes/ri:dn</q:path> | |
<q:value>cn=root,dc=internet2,dc=edu</q:value> | |
</q:equal> | |
</filter> | |
</protected> | |
<credentials> | |
<password> | |
<outbound/> | |
</password> | |
</credentials> | |
</objectType> | |
<objectType> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<displayName>LDAP Group</displayName> | |
<objectClass>ri:groupOfUniqueNames</objectClass> | |
<attribute> | |
<ref>ri:uniqueMember</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<fetchStrategy>minimal</fetchStrategy> | |
</attribute> | |
<attribute> | |
<ref>ri:dn</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>extension/ldapDn</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:cn</ref> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<outbound> | |
<strength>weak</strength> | |
<source> | |
<path>identifier</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:uniqueMember</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<fetchStrategy>minimal</fetchStrategy> | |
</attribute> | |
</objectType> | |
</schemaHandling> | |
<!-- TODO MidPoint Basics Training, LAB 4-9, part 2 of 2: uncomment the following content --> | |
<!-- | |
<capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"> | |
<configured> | |
<cap:activation> | |
<cap:status> | |
<cap:attribute>ri:nsAccountLock</cap:attribute> | |
<cap:enableValue/> | |
<cap:disableValue>true</cap:disableValue> | |
</cap:status> | |
</cap:activation> | |
</configured> | |
</capabilities> | |
--> | |
<!-- TODO MidPoint Basics Training, LAB 4-9, part 2 of 2: end of to-be-uncommented content --> | |
<synchronization> | |
<objectSynchronization> | |
<enabled>true</enabled> | |
<correlation> | |
<q:equal> | |
<q:path>name</q:path> | |
<expression> | |
<path> | |
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; | |
$projection/attributes/ri:uid | |
</path> | |
</expression> | |
</q:equal> | |
</correlation> | |
<reaction> | |
<situation>linked</situation> | |
<synchronize>true</synchronize> | |
</reaction> | |
<reaction> | |
<situation>deleted</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unlinked</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unmatched</situation> | |
</reaction> | |
</objectSynchronization> | |
<objectSynchronization> | |
<name>group sync</name> | |
<objectClass>ri:groupOfUniqueNames</objectClass> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<focusType>OrgType</focusType> | |
<enabled>true</enabled> | |
<condition> | |
<script> | |
<code> | |
import javax.naming.ldap.* | |
dn = new LdapName(basic.getAttributeValue(projection, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn')) | |
dn.startsWith(new LdapName('ou=Affiliations,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=generic,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=midpoint,ou=Groups,dc=internet2,dc=edu')) | |
</code> | |
</script> | |
</condition> | |
<correlation> | |
<q:equal> | |
<q:path>extension/ldapDn</q:path> | |
<expression> | |
<path>$projection/attributes/ri:dn</path> | |
</expression> | |
</q:equal> | |
</correlation> | |
<reaction> | |
<situation>linked</situation> | |
<synchronize>true</synchronize> | |
</reaction> | |
<reaction> | |
<situation>deleted</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unlinked</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unmatched</situation> | |
</reaction> | |
</objectSynchronization> | |
</synchronization> | |
<consistency> | |
<avoidDuplicateValues>true</avoidDuplicateValues> | |
</consistency> | |
</resource> |