Skip to content

Commit

Permalink
Implement outbounds to LDAP groups
Browse files Browse the repository at this point in the history 
(Currently not quite working.)
  • Loading branch information
@mederly
mederly committed Apr 2, 2019
1 parent 494f566 commit abed488
Show file tree
Hide file tree
Showing 9 changed files with 264 additions and 10 deletions.
5 changes: 5 additions & 0 deletions demo/complex/directory/container_files/seed-data/users.ldif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@ uniqueMember: uid=banderson,ou=People,dc=internet2,dc=edu
uniqueMember: uid=jsmith,ou=People,dc=internet2,dc=edu
cn: users

dn: ou=Affiliations,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
ou: Affiliations

dn: ou=Courses,ou=Groups,dc=internet2,dc=edu
objectClass: top
objectClass: organizationalUnit
Expand Down
36 changes: 36 additions & 0 deletions demo/complex/midpoint-objects/objectTemplates/template-user.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,18 @@
<value>generic-group</value>
</expression>
</populateItem>
<populateItem>
<expression>
<script>
<code>
grouperGroup
</code>
</script>
</expression>
<target>
<path>identifier</path>
</target>
</populateItem>
</populateObject>
</assignmentTargetSearch>
</expression>
Expand Down Expand Up @@ -125,6 +137,18 @@
<value>mailing-list</value>
</expression>
</populateItem>
<populateItem>
<expression>
<script>
<code>
grouperGroup
</code>
</script>
</expression>
<target>
<path>identifier</path>
</target>
</populateItem>
</populateObject>
</assignmentTargetSearch>
</expression>
Expand Down Expand Up @@ -195,6 +219,18 @@
<value>affiliation</value>
</expression>
</populateItem>
<populateItem>
<expression>
<script>
<code>
grouperGroup.substring(16)
</code>
</script>
</expression>
<target>
<path>identifier</path>
</target>
</populateItem>
</populateObject>
</assignmentTargetSearch>
</expression>
Expand Down
118 changes: 117 additions & 1 deletion demo/complex/midpoint-objects/resources/ldap-main.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,10 +190,35 @@
</attribute>
<association>
<tolerant>false</tolerant>
<ref>ri:group</ref>
<ref>ri:affiliationGroup</ref>
<kind>entitlement</kind>
<intent>affiliation-group</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:uniqueMember</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
</association>
<association>
<tolerant>false</tolerant>
<ref>ri:courseGroup</ref>
<kind>entitlement</kind>
<intent>course-group</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:uniqueMember</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
</association>
<association>
<tolerant>false</tolerant>
<ref>ri:midpointGroup</ref>
<kind>entitlement</kind>
<intent>midpoint-group</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:uniqueMember</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
</association>
<association>
<tolerant>false</tolerant>
<ref>ri:genericGroup</ref>
<kind>entitlement</kind>
<intent>generic-group</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:uniqueMember</associationAttribute>
Expand All @@ -219,6 +244,44 @@
</credentials>
</objectType>

<objectType>
<kind>entitlement</kind>
<intent>affiliation-group</intent>
<displayName>LDAP Group for affiliations</displayName>
<objectClass>ri:groupOfUniqueNames</objectClass>
<attribute>
<ref>ri:uniqueMember</ref>
<matchingRule>mr:distinguishedName</matchingRule>
<fetchStrategy>minimal</fetchStrategy>
</attribute>
<attribute>
<ref>ri:dn</ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>identifier</path>
</source>
<expression>
<script>
<code>
basic.composeDnWithSuffix('cn', identifier, 'ou=Affiliations,ou=Groups,dc=internet2,dc=edu')
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<ref>ri:cn</ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>weak</strength>
<source>
<path>identifier</path>
</source>
</outbound>
</attribute>
</objectType>
<objectType>
<kind>entitlement</kind>
<intent>course-group</intent>
Expand Down Expand Up @@ -377,6 +440,59 @@
</action>
</reaction>
</objectSynchronization>
<objectSynchronization>
<name>affiliation-group sync</name>
<objectClass>ri:groupOfUniqueNames</objectClass>
<kind>entitlement</kind>
<intent>affiliation-group</intent>
<focusType>OrgType</focusType>
<enabled>true</enabled>
<condition>
<script>
<code>
import javax.naming.ldap.*
dn = new LdapName(basic.getAttributeValue(account, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
log.info('affiliation-group sync: considering {}; dn.size={}, dn.startsWith={}', dn, dn.size(), dn.startsWith(new LdapName('ou=Affiliations,ou=Groups,dc=internet2,dc=edu')))
dn.size() == 5 &amp;&amp; dn.startsWith(new LdapName('ou=Affiliations,ou=Groups,dc=internet2,dc=edu'))
</code>
</script>
</condition>
<correlation>
<q:and>
<q:equal>
<q:path>identifier</q:path>
<expression>
<path>$shadow/attributes/ri:cn</path>
</expression>
</q:equal>
<q:equal>
<q:path>subtype</q:path>
<q:value>affiliation</q:value>
</q:equal>
</q:and>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
</reaction>
</objectSynchronization>
<objectSynchronization>
<name>course-group sync</name>
<objectClass>ri:groupOfUniqueNames</objectClass>
Expand Down
24 changes: 21 additions & 3 deletions demo/complex/midpoint-objects/resources/resource-grouper.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@
<attribute>
<ref>icfs:name</ref>
<inbound>
<strength>strong</strength>
<target>
<path>name</path>
</target>
Expand All @@ -110,7 +111,7 @@
<ref>ri:group</ref>
<displayName>Subject Groups</displayName>
<inbound>
<strength>strong</strength>
<strength>strong</strength>
<target>
<path>extension/grouperGroup</path>
</target>
Expand All @@ -125,7 +126,7 @@
<attribute>
<ref>icfs:name</ref>
<inbound>
<strength>strong</strength>
<strength>strong</strength>
<expression>
<script>
<code>
Expand All @@ -142,7 +143,7 @@
</target>
</inbound>
<inbound>
<strength>strong</strength>
<strength>strong</strength>
<expression>
<script>
<code>
Expand All @@ -158,6 +159,23 @@
<path>subtype</path>
</target>
</inbound>
<inbound>
<strength>strong</strength>
<expression>
<script>
<code>
if (input ==~ /ref:affiliation:.*/) {
input.substring(16)
} else {
input
}
</code>
</script>
</expression>
<target>
<path>identifier</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
Expand Down
27 changes: 27 additions & 0 deletions demo/complex/midpoint-objects/roles/metarole-affiliation.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,31 @@
<inducement id="1">
<targetRef oid="1d7c0e3a-4456-409c-9f50-95407b2eb785" relation="org:default" type="c:OrgType" /> <!-- affiliations -->
</inducement>
<inducement id="2">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<kind>entitlement</kind>
<intent>affiliation-group</intent>
</construction>
</inducement>
<inducement id="3">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<association>
<c:ref>ri:affiliationGroup</c:ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>affiliation-group</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
<order>2</order>
</inducement>

</role>
6 changes: 3 additions & 3 deletions demo/complex/midpoint-objects/roles/metarole-course.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,16 @@
<name>metarole-course</name>
<inducement id="1">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<kind>entitlement</kind>
<intent>course-group</intent>
</construction>
</inducement>
<inducement id="2">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP for Grouper (i-data) -->
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<association>
<c:ref>ri:group</c:ref>
<c:ref>ri:courseGroup</c:ref>
<outbound>
<expression>
<associationFromLink>
Expand Down
28 changes: 27 additions & 1 deletion demo/complex/midpoint-objects/roles/metarole-grouper-group.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,33 @@
oid="48e231be-8474-4ed0-a85e-6acf4c5e8d52">
<name>metarole-grouper-group</name>
<inducement id="1">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<kind>entitlement</kind>
<intent>generic-group</intent>
</construction>
<order>1</order>
</inducement>
<inducement id="2">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<association>
<c:ref>ri:genericGroup</c:ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>generic-group</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
<order>2</order>
</inducement>
<inducement id="3">
<targetRef oid="1f339075-5b2f-4a18-9c98-451f3eb0d28d" relation="org:default" type="c:OrgType" /> <!-- groups -->
</inducement>

</role>
28 changes: 27 additions & 1 deletion demo/complex/midpoint-objects/roles/metarole-mailing-list.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,33 @@
oid="1c7beff4-cdf6-4e9f-b54c-79d0766f6fbe">
<name>metarole-mailing-list</name>
<inducement id="1">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<kind>entitlement</kind>
<intent>generic-group</intent>
</construction>
<order>1</order>
</inducement>
<inducement id="2">
<construction>
<resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" /> <!-- OpenLDAP -->
<association>
<c:ref>ri:genericGroup</c:ref>
<outbound>
<expression>
<associationFromLink>
<projectionDiscriminator>
<kind>entitlement</kind>
<intent>generic-group</intent>
</projectionDiscriminator>
</associationFromLink>
</expression>
</outbound>
</association>
</construction>
<order>2</order>
</inducement>
<inducement id="3">
<targetRef oid="d81fb46c-20c7-44d3-8402-fef404ea1264" relation="org:default" type="c:OrgType" /> <!-- mailing-lists -->
</inducement>

</role>
Loading

0 comments on commit abed488

Please sign in to comment.