Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
midPoint_container/demo/grouper/midpoint-objects (obsolete)/resources/ldap-main.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
341 lines (333 sloc)
12.8 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!-- | |
~ Copyright (c) 2019 Evolveum and contributors | |
~ | |
~ This work is dual-licensed under the Apache License 2.0 | |
~ and European Union Public License. See LICENSE file for details. | |
--> | |
<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272" | |
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" | |
xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" | |
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" | |
xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" | |
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3" | |
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"> | |
<name>LDAP (directory)</name> | |
<connectorRef type="ConnectorType"> | |
<filter> | |
<q:equal> | |
<q:path>c:connectorType</q:path> | |
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value> | |
</q:equal> | |
</filter> | |
</connectorRef> | |
<connectorConfiguration | |
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" | |
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector"> | |
<icfc:configurationProperties | |
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector"> | |
<icfcldap:port>389</icfcldap:port> | |
<icfcldap:host>directory</icfcldap:host> | |
<!-- <icfcldap:host>192.168.56.101</icfcldap:host> --> | |
<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext> | |
<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn> | |
<icfcldap:bindPassword> | |
<t:clearValue>password</t:clearValue> | |
</icfcldap:bindPassword> | |
<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute> | |
<icfcldap:pagingStrategy>spr</icfcldap:pagingStrategy> <!-- spr? --> | |
<!-- <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> --> | |
<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes> | |
<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes> | |
<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes> | |
<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify> | |
<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm --> | |
<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule --> | |
</icfc:configurationProperties> | |
<icfc:resultsHandlerConfiguration> | |
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler> | |
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler> | |
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler> | |
</icfc:resultsHandlerConfiguration> | |
</connectorConfiguration> | |
<schema> | |
<generationConstraints> | |
<generateObjectClass>ri:inetOrgPerson</generateObjectClass> | |
<generateObjectClass>ri:eduPerson</generateObjectClass> | |
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass> | |
<generateObjectClass>ri:groupOfNames</generateObjectClass> | |
<generateObjectClass>ri:organizationalUnit</generateObjectClass> | |
</generationConstraints> | |
</schema> | |
<schemaHandling> | |
<objectType> | |
<kind>account</kind> | |
<displayName>Normal Account</displayName> | |
<default>true</default> | |
<objectClass>ri:inetOrgPerson</objectClass> | |
<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass> | |
<attribute> | |
<ref>ri:dn</ref> | |
<displayName>Distinguished Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>name</path> | |
</source> | |
<expression> | |
<script> | |
<code> | |
'uid=' + name + ',ou=People,dc=internet2,dc=edu' | |
</code> | |
</script> | |
</expression> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:cn</ref> | |
<displayName>Common Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>fullName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:sn</ref> | |
<displayName>Surname</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>familyName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:givenName</ref> | |
<displayName>Given Name</displayName> | |
<limitations> | |
<minOccurs>0</minOccurs> | |
</limitations> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>givenName</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:uid</ref> | |
<displayName>Login Name</displayName> | |
<tolerant>false</tolerant> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>name</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:mail</ref> | |
<displayName>Mail</displayName> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>emailAddress</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:employeeNumber</ref> | |
<tolerant>false</tolerant> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>employeeNumber</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:businessCategory</ref> | |
<tolerant>false</tolerant> | |
</attribute> | |
<!-- <attribute> | |
<ref>ri:eduPersonAffiliation</ref> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>extension/rawAffiliation</path> | |
</source> | |
</outbound> | |
<tolerant>false</tolerant> | |
</attribute> --> | |
<association> | |
<tolerant>false</tolerant> | |
<ref>ri:group</ref> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<direction>objectToSubject</direction> | |
<associationAttribute>ri:uniqueMember</associationAttribute> | |
<valueAttribute>ri:dn</valueAttribute> | |
</association> | |
<protected> | |
<filter> | |
<q:equal> | |
<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching> | |
<q:path>attributes/ri:dn</q:path> | |
<q:value>cn=root,dc=internet2,dc=edu</q:value> | |
</q:equal> | |
</filter> | |
</protected> | |
<credentials> | |
<password> | |
<outbound/> | |
</password> | |
</credentials> | |
</objectType> | |
<objectType> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<displayName>LDAP Group</displayName> | |
<objectClass>ri:groupOfUniqueNames</objectClass> | |
<attribute> | |
<ref>ri:uniqueMember</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<fetchStrategy>minimal</fetchStrategy> | |
</attribute> | |
<attribute> | |
<ref>ri:dn</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<outbound> | |
<strength>strong</strength> | |
<source> | |
<path>extension/ldapDn</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:cn</ref> | |
<matchingRule>mr:stringIgnoreCase</matchingRule> | |
<outbound> | |
<strength>weak</strength> | |
<source> | |
<path>identifier</path> | |
</source> | |
</outbound> | |
</attribute> | |
<attribute> | |
<ref>ri:uniqueMember</ref> | |
<matchingRule>mr:distinguishedName</matchingRule> | |
<fetchStrategy>minimal</fetchStrategy> | |
</attribute> | |
</objectType> | |
</schemaHandling> | |
<synchronization> | |
<objectSynchronization> | |
<enabled>true</enabled> | |
<correlation> | |
<q:equal> | |
<q:path>name</q:path> | |
<expression> | |
<path> | |
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"; | |
$projection/attributes/ri:uid | |
</path> | |
</expression> | |
</q:equal> | |
</correlation> | |
<reaction> | |
<situation>linked</situation> | |
<synchronize>true</synchronize> | |
</reaction> | |
<reaction> | |
<situation>deleted</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unlinked</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unmatched</situation> | |
</reaction> | |
</objectSynchronization> | |
<objectSynchronization> | |
<name>group sync</name> | |
<objectClass>ri:groupOfUniqueNames</objectClass> | |
<kind>entitlement</kind> | |
<intent>group</intent> | |
<focusType>OrgType</focusType> | |
<enabled>true</enabled> | |
<condition> | |
<script> | |
<code> | |
import javax.naming.ldap.* | |
dn = new LdapName(basic.getAttributeValue(projection, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn')) | |
dn.startsWith(new LdapName('ou=Affiliations,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=generic,ou=Groups,dc=internet2,dc=edu')) || | |
dn.startsWith(new LdapName('ou=midpoint,ou=Groups,dc=internet2,dc=edu')) | |
</code> | |
</script> | |
</condition> | |
<correlation> | |
<q:equal> | |
<q:path>extension/ldapDn</q:path> | |
<expression> | |
<path>$projection/attributes/ri:dn</path> | |
</expression> | |
</q:equal> | |
</correlation> | |
<reaction> | |
<situation>linked</situation> | |
<synchronize>true</synchronize> | |
</reaction> | |
<reaction> | |
<situation>deleted</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unlinked</situation> | |
<synchronize>true</synchronize> | |
<action> | |
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri> | |
</action> | |
</reaction> | |
<reaction> | |
<situation>unmatched</situation> | |
</reaction> | |
</objectSynchronization> | |
</synchronization> | |
<consistency> | |
<avoidDuplicateValues>true</avoidDuplicateValues> | |
</consistency> | |
</resource> |