Skip to content

Commit

Permalink
Add first grouper<->midpoint demo files
Browse files Browse the repository at this point in the history 
First attempt at grouper<->midpoint interconnection
demonstration. There's "OpenLDAP edu" resource used
to import users into midPoint and "Grouper SQL" resource
used to import group membership information from Grouper.

Work in progress. Very limited functionality as for now.
  • Loading branch information
@mederly
mederly committed Aug 11, 2018
1 parent 9e2b681 commit 0a56b12
Show file tree
Hide file tree
Showing 6 changed files with 595 additions and 0 deletions.
233 changes: 233 additions & 0 deletions grouper-midpoint-demo/objects/resources/ldap-edu.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,233 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License,
Version 2.0 (the "License"); ~ you may not use this file except in compliance
with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0
~ ~ Unless required by applicable law or agreed to in writing, software ~
distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the
License for the specific language governing permissions and ~ limitations
under the License. -->


<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">

<resource oid="18eceda9-b6cd-4bdd-a06b-e77d4fddf975">

<name>OpenLDAP edu</name>

<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
</q:equal>
</filter>
</connectorRef>

<connectorConfiguration
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
<icfc:configurationProperties>
<icfcldap:port>389</icfcldap:port>
<icfcldap:host>grouper</icfcldap:host>
<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
<icfcldap:bindDn>cn=root,dc=internet2,dc=edu</icfcldap:bindDn>
<icfcldap:bindPassword>
<t:clearValue>password</t:clearValue>
</icfcldap:bindPassword>
<icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
<icfcldap:pagingStrategy>spr</icfcldap:pagingStrategy>
<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm>
<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>

<schema>
<generationConstraints>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:eduPerson</generateObjectClass>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:organizationalUnit</generateObjectClass>
</generationConstraints>
</schema>

<schemaHandling>
<objectType>
<kind>account</kind>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
<attribute>
<ref>ri:dn</ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<matchingRule>mr:stringIgnoreCase</matchingRule>
</attribute>
<attribute>
<ref>ri:entryUUID</ref>
<displayName>Entry UUID</displayName>
<limitations>
<access>
<read>true</read>
<add>false</add>
<modify>true</modify>
</access>
</limitations>
<matchingRule>mr:stringIgnoreCase</matchingRule>
</attribute>
<attribute>
<ref>ri:cn</ref>
<displayName>Common Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<inbound>
<target>
<path>fullName</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:sn</ref>
<displayName>Surname</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<inbound>
<target>
<path>familyName</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:givenName</ref>
<displayName>Given Name</displayName>
<inbound>
<target>
<path>givenName</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:uid</ref>
<displayName>Login Name</displayName>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<inbound>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:mail</ref>
<displayName>Mail</displayName>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<inbound>
<target>
<path>emailAddress</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:employeeNumber</ref>
<inbound>
<target>
<path>employeeNumber</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:businessCategory</ref>
<inbound>
<target>
<path>extension/ldap_businessCategory</path>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:eduPersonAffiliation</ref>
<inbound>
<target>
<path>extension/ldap_eduPersonAffiliation</path>
</target>
</inbound>
</attribute>
<protected>
<filter>
<q:equal>
<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
<q:path>attributes/ri:dn</q:path>
<q:value>cn=root,dc=internet2,dc=edu</q:value>
</q:equal>
</filter>
</protected>
</objectType>

</schemaHandling>

<synchronization>
<objectSynchronization>
<enabled>true</enabled>

<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<path>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
$account/attributes/ri:uid
</path>
</expression>
</q:equal>
</correlation>

<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>

<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>

</resource>

</objects>
132 changes: 132 additions & 0 deletions grouper-midpoint-demo/objects/resources/scriptedsql-grouper.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
<?xml version="1.0" encoding="UTF-8"?>

<c:resource oid="ef2bc95b-76e0-48e2-86d6-3d4f02d420db" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" xmlns:my="http://myself.me/schemas/whatever" xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">

<c:name>Grouper SQL</c:name>

<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
</q:equal>
</filter>
</connectorRef>

<c:connectorConfiguration>

<icfc:configurationProperties
xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
<icscscriptedsql:host>grouper</icscscriptedsql:host>
<icscscriptedsql:port>3306</icscscriptedsql:port>
<icscscriptedsql:quoting></icscscriptedsql:quoting>
<icscscriptedsql:user>root</icscscriptedsql:user>
<icscscriptedsql:password>
<clearValue></clearValue>
</icscscriptedsql:password>
<icscscriptedsql:database>grouper</icscscriptedsql:database>
<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>

<icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
<icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/TestScript.groovy</icscscriptedsql:testScriptFileName>
<icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>

<icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
<!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->

<icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
<icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>

<icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
<icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
<icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
<icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
<icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
<icscscriptedsql:allNative>false</icscscriptedsql:allNative>
<!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
<icscscriptedsql:datasource></icscscriptedsql:datasource>
</icfc:configurationProperties>

<!-- Generic ICF configuration -->

</c:connectorConfiguration>

<schemaHandling>
<objectType>
<kind>account</kind>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute>
<ref>ri:subject_id</ref>
<displayName>Subject ID</displayName>
</attribute>
<attribute>
<ref>ri:subject_identifier0</ref>
<displayName>Subject Identifier</displayName>
</attribute>
<attribute>
<ref>ri:name</ref>
<displayName>Name</displayName>
</attribute>
<attribute>
<ref>ri:group</ref>
<displayName>Subject Groups</displayName>
<inbound>
<target>
<path>extension/grouper_group</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>

<synchronization>
<objectSynchronization>
<enabled>true</enabled>

<correlation>
<q:equal>
<q:path>employeeNumber</q:path>
<expression>
<path>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
$account/attributes/ri:subject_identifier0
</path>
</expression>
</q:equal>
</correlation>

<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>

<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<!-- >action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action -->
</reaction>
</objectSynchronization>
</synchronization>

</c:resource>

22 changes: 22 additions & 0 deletions grouper-midpoint-demo/schema/user-schema.xsd
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<xsd:schema elementFormDefault="qualified"
targetNamespace="http://grouper-demo.tier.internet2.edu"
xmlns:tns="http://grouper-demo.tier.internet2.edu"
xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<xsd:complexType name="UserExtensionType">
<xsd:annotation>
<xsd:appinfo>
<a:extension ref="c:UserType"/>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="ldap_eduPersonAffiliation" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="ldap_businessCategory" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="grouper_group" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
Loading

0 comments on commit 0a56b12

Please sign in to comment.