From ef8edacbc334dd3fdd2fce05ac2a45b704b400f5 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Mon, 20 Aug 2018 22:39:57 +0200
Subject: [PATCH] Update midPoint objects after architecture change

---
 .../midpoint-objects/linux.properties         |  14 +-
 .../midpoint-objects/resources/ldap-edu.xml   | 418 ------------------
 .../{ldap-grouper.xml => ldap-main.xml}       |  56 ++-
 .../resources/scriptedsql-grouper.xml         |   4 +-
 .../resources/scriptedsql-sis-courses.xml     |   6 +-
 .../resources/scriptedsql-sis-persons.xml     | 379 ++++++++++++++++
 .../roles/metarole-course.xml                 |   2 +-
 .../roles/metarole-generic-group.xml          |   2 +-
 8 files changed, 427 insertions(+), 454 deletions(-)
 delete mode 100644 grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
 rename grouper-midpoint/midpoint-objects/resources/{ldap-grouper.xml => ldap-main.xml} (91%)
 create mode 100644 grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml

diff --git a/grouper-midpoint/midpoint-objects/linux.properties b/grouper-midpoint/midpoint-objects/linux.properties
index 5e9ae01..4b729c9 100644
--- a/grouper-midpoint/midpoint-objects/linux.properties
+++ b/grouper-midpoint/midpoint-objects/linux.properties
@@ -1,8 +1,6 @@
-s-data.ldap.host=s-data
-s-data.ldap.port=389
-s-data.db.host=s-data
-s-data.db.port=3306
-i-data.ldap.host=i-data
-i-data.ldap.port=389
-g-data.db.host=g-data
-g-data.db.port=3306
+sources.db.host=sources
+sources.db.port=3306
+directory.ldap.host=directory
+directory.ldap.port=389
+grouper.db.host=grouper-data
+grouper.db.port=3306
diff --git a/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml b/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
deleted file mode 100644
index 324dab2..0000000
--- a/grouper-midpoint/midpoint-objects/resources/ldap-edu.xml
+++ /dev/null
@@ -1,418 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- ~ Copyright (c) 2010-2017 Evolveum ~ ~ Licensed under the Apache License, 
-	Version 2.0 (the "License"); ~ you may not use this file except in compliance 
-	with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 
-	~ ~ Unless required by applicable law or agreed to in writing, software ~ 
-	distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT 
-	WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the 
-	License for the specific language governing permissions and ~ limitations 
-	under the License. -->
-
-
-<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
-	xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
-	xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
-	xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
-	xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-
-	<resource oid="18eceda9-b6cd-4bdd-a06b-e77d4fddf975">
-
-		<name>OpenLDAP edu (s-data)</name>
-
-		<connectorRef type="ConnectorType">
-			<filter>
-				<q:equal>
-					<q:path>c:connectorType</q:path>
-					<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
-				</q:equal>
-			</filter>
-		</connectorRef>
-
-		<connectorConfiguration
-			xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
-			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
-			<icfc:configurationProperties
-				xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
-				<icfcldap:port>$(s-data.ldap.port)</icfcldap:port>
-				<icfcldap:host>$(s-data.ldap.host)</icfcldap:host>
-				<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
-				<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
-				<icfcldap:bindPassword>
-					<t:clearValue>password</t:clearValue>
-				</icfcldap:bindPassword>
-				<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute>
-				<icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy> <!-- spr? -->
-				<icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute>
-				<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
-				<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
-				<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes>
-				<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
-				<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm  -->
-				<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
-			</icfc:configurationProperties>
-			<icfc:resultsHandlerConfiguration>
-				<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
-				<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
-				<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
-			</icfc:resultsHandlerConfiguration>
-		</connectorConfiguration>
-
-		<schema>
-			<generationConstraints>
-				<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
-				<generateObjectClass>ri:eduPerson</generateObjectClass>
-				<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
-				<generateObjectClass>ri:groupOfNames</generateObjectClass>
-				<generateObjectClass>ri:organizationalUnit</generateObjectClass>
-			</generationConstraints>
-		</schema>
-
-		<schemaHandling>
-			<objectType>
-				<kind>account</kind>
-				<displayName>Normal Account</displayName>
-				<default>true</default>
-				<objectClass>ri:inetOrgPerson</objectClass>
-				<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
-				<attribute>
-					<ref>ri:dn</ref>
-					<displayName>Distinguished Name</displayName>
-					<limitations>
-						<minOccurs>0</minOccurs>
-					</limitations>
-					<matchingRule>mr:stringIgnoreCase</matchingRule>
-                    <inbound>
-                        <target>
-                            <path>extension/ldap_dn</path>
-                        </target>
-                    </inbound>
-                    <inbound>
-                        <strength>strong</strength>
-                        <expression>
-                            <assignmentTargetSearch>
-                                <targetType>RoleType</targetType>
-                                <oid>c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f</oid>     <!--  role-grouper-basic -->
-                                <assignmentProperties>
-                                    <subtype>grouper-basic</subtype>
-                                </assignmentProperties>
-                            </assignmentTargetSearch>
-                        </expression>                            
-                        <target>
-                            <path>assignment</path>
-                            <set>
-                                <condition>
-                                    <script>
-                                        <code>
-                                            assignment.subtype.contains('grouper-basic')
-                                        </code>
-                                    </script>
-                                </condition>
-                            </set>
-                        </target>
-                    </inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:cn</ref>
-					<displayName>Common Name</displayName>
-					<limitations>
-						<minOccurs>0</minOccurs>
-					</limitations>
-					<inbound>
-						<target>
-							<path>fullName</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:sn</ref>
-					<displayName>Surname</displayName>
-					<limitations>
-						<minOccurs>0</minOccurs>
-					</limitations>
-					<inbound>
-						<target>
-							<path>familyName</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:givenName</ref>
-					<displayName>Given Name</displayName>
-					<inbound>
-						<target>
-							<path>givenName</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:uid</ref>
-					<displayName>Login Name</displayName>
-					<matchingRule>mr:stringIgnoreCase</matchingRule>
-					<inbound>
-						<target>
-							<path>name</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:mail</ref>
-					<displayName>Mail</displayName>
-					<matchingRule>mr:stringIgnoreCase</matchingRule>
-					<inbound>
-						<target>
-							<path>emailAddress</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:employeeNumber</ref>
-					<inbound>
-						<target>
-							<path>employeeNumber</path>
-						</target>
-					</inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:businessCategory</ref>
-                    <inbound>
-                        <strength>strong</strength>
-                        <expression>
-                            <assignmentTargetSearch>
-                                <targetType>OrgType</targetType>
-                                <filter>
-                                    <q:equal>
-                                        <q:path>name</q:path>                       
-                                        <expression>
-                                            <script>
-                                                <code>
-                                                    'department_' + input
-                                                </code>
-                                            </script>
-                                        </expression>                       
-                                    </q:equal>
-                                </filter>
-                                <createOnDemand>true</createOnDemand>
-                                <populateObject>
-                                    <populateItem>
-                                        <expression>
-                                            <script>
-                                                <code>
-                                                    'department_' + input
-                                                </code>
-                                            </script>
-                                        </expression>
-                                        <target>
-                                            <path>name</path>
-                                        </target>
-                                    </populateItem>
-                                    <populateItem>
-                                        <expression>
-                                            <script>
-                                                <code>
-                                                    input
-                                                </code>
-                                            </script>
-                                        </expression>
-                                        <target>
-                                            <path>displayName</path>
-                                        </target>
-                                    </populateItem>
-                                    <populateItem>
-                                        <expression>
-                                            <assignmentTargetSearch>
-                                                <targetType>OrgType</targetType>
-                                                <oid>bee44c51-2469-411d-bac7-695728e9c241</oid>
-                                            </assignmentTargetSearch>
-                                        </expression>
-                                        <target>
-                                            <path>assignment</path>
-                                        </target>
-                                    </populateItem>
-                                    <populateItem>
-                                        <expression>
-                                            <script>
-                                                <code>
-                                                    input
-                                                </code>
-                                            </script>
-                                        </expression>
-                                        <target>
-                                            <path>identifier</path>
-                                        </target>
-                                    </populateItem>
-                                    <populateItem>
-                                        <expression>
-                                            <value>department</value>
-                                        </expression>
-                                        <target>
-                                            <path>subtype</path>
-                                        </target>
-                                    </populateItem>
-                                </populateObject>
-                                <assignmentProperties>
-                                    <subtype>department</subtype>
-                                </assignmentProperties>
-                            </assignmentTargetSearch>       
-                        </expression>
-                        <target>
-                            <path>assignment</path>
-                            <set>
-                                <condition>
-                                    <script>
-                                        <code>
-                                            assignment.subtype.contains('department')
-                                        </code>
-                                    </script>
-                                </condition>
-                            </set>
-                        </target>
-                    </inbound>
-				</attribute>
-				<attribute>
-					<ref>ri:eduPersonAffiliation</ref>
-					<inbound>
-						<strength>strong</strength>
-				    	<expression>
-            				<assignmentTargetSearch>
-            					<targetType>RoleType</targetType>
-        						<filter>
-									<q:equal>
-										<q:path>name</q:path>						
-										<expression>
-											<script>
-												<code>
-													'affiliation_' + input
-												</code>
-											</script>
-										</expression>						
-									</q:equal>
-								</filter>
-								<createOnDemand>true</createOnDemand>
-								<populateObject>
-									<populateItem>
-										<expression>
-											<script>
-												<code>
-													'affiliation_' + input
-												</code>
-											</script>
-										</expression>
-										<target>
-											<path>name</path>
-										</target>
-									</populateItem>
-									<populateItem>
-										<expression>
-											<script>
-												<code>
-													'Affiliation: ' + input
-												</code>
-											</script>
-										</expression>
-										<target>
-											<path>displayName</path>
-										</target>
-									</populateItem>
-                                    <populateItem>
-                                        <expression>
-                                            <script>
-                                                <code>
-                                                    input
-                                                </code>
-                                            </script>
-                                        </expression>
-                                        <target>
-                                            <path>identifier</path>
-                                        </target>
-                                    </populateItem>
-									<populateItem>
-										<expression>
-								    		<value>affiliation</value>
-										</expression>
-										<target>
-											<path>subtype</path>
-										</target>
-									</populateItem>
-								</populateObject>
-								<assignmentProperties>
-									<subtype>affiliation</subtype>
-								</assignmentProperties>
-            				</assignmentTargetSearch>    	
-    					</expression>
-    					<target>
-    						<path>assignment</path>
-							<set>
-					            <condition>
-					                <script>
-					                    <code>
-					                    	assignment.subtype.contains('affiliation')
-					                    </code>
-					                </script>
-					            </condition>
-					        </set>
-    					</target>
-    				</inbound>
-				</attribute>
-				<protected>
-					<filter>
-						<q:equal>
-							<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
-							<q:path>attributes/ri:dn</q:path>
-							<q:value>cn=root,dc=internet2,dc=edu</q:value>
-						</q:equal>
-					</filter>
-				</protected>
-			</objectType>
-
-		</schemaHandling>
-
-		<synchronization>
-			<objectSynchronization>
-				<enabled>true</enabled>
-
-				<correlation>
-					<q:equal>
-						<q:path>name</q:path>
-						<expression>
-							<path>
-								declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
-								$account/attributes/ri:uid
-							</path>
-						</expression>
-					</q:equal>
-				</correlation>
-
-				<reaction>
-					<situation>linked</situation>
-					<synchronize>true</synchronize>
-				</reaction>
-				<reaction>
-					<situation>deleted</situation>
-					<synchronize>true</synchronize>
-					<action>
-						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
-					</action>
-				</reaction>
-				<reaction>
-					<situation>unlinked</situation>
-					<synchronize>true</synchronize>
-					<action>
-						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
-					</action>
-				</reaction>
-				<reaction>
-					<situation>unmatched</situation>
-					<synchronize>true</synchronize>
-					<action>
-						<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
-					</action>
-				</reaction>
-			</objectSynchronization>
-		</synchronization>
-
-	</resource>
-
-</objects>
diff --git a/grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml b/grouper-midpoint/midpoint-objects/resources/ldap-main.xml
similarity index 91%
rename from grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml
rename to grouper-midpoint/midpoint-objects/resources/ldap-main.xml
index e8b883e..0d8af80 100644
--- a/grouper-midpoint/midpoint-objects/resources/ldap-grouper.xml
+++ b/grouper-midpoint/midpoint-objects/resources/ldap-main.xml
@@ -20,7 +20,7 @@
 
 	<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272">
 
-		<name>OpenLDAP for Grouper (i-data)</name>
+		<name>OpenLDAP (directory)</name>
 
 		<connectorRef type="ConnectorType">
 			<filter>
@@ -36,8 +36,8 @@
 			xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
 			<icfc:configurationProperties
 				xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
-                <icfcldap:port>$(i-data.ldap.port)</icfcldap:port>
-                <icfcldap:host>$(i-data.ldap.host)</icfcldap:host>
+                <icfcldap:port>$(directory.ldap.port)</icfcldap:port>
+                <icfcldap:host>$(directory.ldap.host)</icfcldap:host>
 				<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
 				<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
 				<icfcldap:bindPassword>
@@ -80,14 +80,23 @@
 				<attribute>
 					<ref>ri:dn</ref>
 					<displayName>Distinguished Name</displayName>
-					<limitations>
-						<minOccurs>0</minOccurs>
-					</limitations>
+                    <limitations>
+                        <minOccurs>0</minOccurs>
+                    </limitations>
+                    <tolerant>false</tolerant>
 					<matchingRule>mr:stringIgnoreCase</matchingRule>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
-                            <path>extension/ldap_dn</path>
+                            <path>name</path>
                         </source>
+                        <expression>
+                            <script>
+                                <code>
+                                    'uid=' + name + ',ou=People,dc=internet2,dc=edu'
+                                </code>
+                            </script>
+                        </expression>
                     </outbound>
 				</attribute>
 				<attribute>
@@ -96,7 +105,9 @@
 					<limitations>
 						<minOccurs>0</minOccurs>
 					</limitations>
+                    <tolerant>false</tolerant>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>fullName</path>
                         </source>
@@ -105,10 +116,12 @@
 				<attribute>
 					<ref>ri:sn</ref>
 					<displayName>Surname</displayName>
-					<limitations>
-						<minOccurs>0</minOccurs>
-					</limitations>
+                    <limitations>
+                        <minOccurs>0</minOccurs>
+                    </limitations>
+                    <tolerant>false</tolerant>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>familyName</path>
                         </source>
@@ -117,7 +130,12 @@
 				<attribute>
 					<ref>ri:givenName</ref>
 					<displayName>Given Name</displayName>
+                    <limitations>
+                        <minOccurs>0</minOccurs>
+                    </limitations>
+                    <tolerant>false</tolerant>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>givenName</path>
                         </source>
@@ -126,8 +144,10 @@
 				<attribute>
 					<ref>ri:uid</ref>
 					<displayName>Login Name</displayName>
+                    <tolerant>false</tolerant>
 					<matchingRule>mr:stringIgnoreCase</matchingRule>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>name</path>
                         </source>
@@ -137,7 +157,9 @@
 					<ref>ri:mail</ref>
 					<displayName>Mail</displayName>
 					<matchingRule>mr:stringIgnoreCase</matchingRule>
+                    <tolerant>false</tolerant>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>emailAddress</path>
                         </source>
@@ -145,7 +167,9 @@
 				</attribute>
 				<attribute>
 					<ref>ri:employeeNumber</ref>
+                    <tolerant>false</tolerant>
                     <outbound>
+                        <strength>strong</strength>
                         <source>
                             <path>employeeNumber</path>
                         </source>
@@ -161,19 +185,9 @@
 				</attribute>
                 <association>
                     <tolerant>false</tolerant>
-                    <ref>ri:courseGroup</ref>
-                    <displayName>Course-related groups membership</displayName>
+                    <ref>ri:group</ref>
                     <kind>entitlement</kind>
                     <intent>course-group</intent>
-                    <direction>objectToSubject</direction>
-                    <associationAttribute>ri:uniqueMember</associationAttribute>
-                    <valueAttribute>ri:dn</valueAttribute>
-                </association>
-                <association>
-                    <tolerant>false</tolerant>
-                    <ref>ri:genericGroup</ref>
-                    <displayName>Generic groups membership</displayName>
-                    <kind>entitlement</kind>
                     <intent>generic-group</intent>
                     <direction>objectToSubject</direction>
                     <associationAttribute>ri:uniqueMember</associationAttribute>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
index 0405261..b3e97da 100644
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-grouper.xml
@@ -18,8 +18,8 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(g-data.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(g-data.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:host>$(grouper.db.host)</icscscriptedsql:host>
+			<icscscriptedsql:port>$(grouper.db.port)</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
 			<icscscriptedsql:password>
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
index caf6afd..8863b2a 100644
--- a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-courses.xml
@@ -18,14 +18,14 @@
 
 		<icfc:configurationProperties 
 			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
-			<icscscriptedsql:host>$(s-data.db.host)</icscscriptedsql:host>
-			<icscscriptedsql:port>$(s-data.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:host>$(sources.db.host)</icscscriptedsql:host>
+			<icscscriptedsql:port>$(sources.db.port)</icscscriptedsql:port>
 			<icscscriptedsql:quoting></icscscriptedsql:quoting>
 			<icscscriptedsql:user>root</icscscriptedsql:user>
 			<icscscriptedsql:password>
 				<clearValue></clearValue>
 			</icscscriptedsql:password>
-			<icscscriptedsql:database>grouper</icscscriptedsql:database>
+			<icscscriptedsql:database>sis</icscscriptedsql:database>
 			<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
 			<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
 
diff --git a/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml
new file mode 100644
index 0000000..c09d793
--- /dev/null
+++ b/grouper-midpoint/midpoint-objects/resources/scriptedsql-sis-persons.xml
@@ -0,0 +1,379 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<c:resource oid="4d70a0da-02dd-41cf-b0a1-00e75d3eaa15" 
+    xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+    xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
+	xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+    xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+    xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
+    xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
+
+	<c:name>SQL SIS persons (sources)</c:name>
+
+	<connectorRef type="ConnectorType">
+		<filter>
+			<q:equal>
+				<q:path>connectorType</q:path>
+				<q:value>net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector</q:value>
+			</q:equal>
+		</filter>
+	</connectorRef>
+
+	<c:connectorConfiguration>
+
+		<icfc:configurationProperties 
+			xmlns:icscscriptedsql="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/net.tirasa.connid.bundles.db.scriptedsql/net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector">
+			<icscscriptedsql:host>$(sources.db.host)</icscscriptedsql:host>
+			<icscscriptedsql:port>$(sources.db.port)</icscscriptedsql:port>
+			<icscscriptedsql:quoting></icscscriptedsql:quoting>
+			<icscscriptedsql:user>root</icscscriptedsql:user>
+			<icscscriptedsql:password>
+				<clearValue></clearValue>
+			</icscscriptedsql:password>
+			<icscscriptedsql:database>sis</icscscriptedsql:database>
+			<!-- >icscscriptedsql:clearTextPasswordToScript>true</icscscriptedsql:clearTextPasswordToScript -->
+			<icscscriptedsql:scriptingLanguage>GROOVY</icscscriptedsql:scriptingLanguage>
+
+			<icscscriptedsql:searchScriptFileName>/opt/midpoint/var/res/sis-persons/SearchScript.groovy</icscscriptedsql:searchScriptFileName>
+			<icscscriptedsql:testScriptFileName>/opt/midpoint/var/res/sis-persons/TestScript.groovy</icscscriptedsql:testScriptFileName>
+			<icscscriptedsql:schemaScriptFileName>/opt/midpoint/var/res/sis-persons/SchemaScript.groovy</icscscriptedsql:schemaScriptFileName>
+			
+			<icscscriptedsql:reloadScriptOnExecution>true</icscscriptedsql:reloadScriptOnExecution>
+			<!-- >icscscriptedsql:syncScriptFileName>/opt/midpoint/var/res/SyncScript.groovy</icscscriptedsql:syncScriptFileName -->
+
+			<icscscriptedsql:validConnectionQuery></icscscriptedsql:validConnectionQuery>
+			<icscscriptedsql:jndiProperties></icscscriptedsql:jndiProperties>
+
+			<icscscriptedsql:jdbcDriver>org.mariadb.jdbc.Driver</icscscriptedsql:jdbcDriver>
+			<icscscriptedsql:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscscriptedsql:jdbcUrlTemplate>
+			<icscscriptedsql:enableEmptyString>true</icscscriptedsql:enableEmptyString>
+			<icscscriptedsql:rethrowAllSQLExceptions>true</icscscriptedsql:rethrowAllSQLExceptions>
+			<icscscriptedsql:nativeTimestamps>false</icscscriptedsql:nativeTimestamps>
+			<icscscriptedsql:allNative>false</icscscriptedsql:allNative>
+			<!--<icscscriptedsql:changeLogColumn>timestamp</icscscriptedsql:changeLogColumn> -->
+			<icscscriptedsql:datasource></icscscriptedsql:datasource>
+		</icfc:configurationProperties>
+
+		<!-- Generic ICF configuration -->
+
+	</c:connectorConfiguration>
+
+	<schemaHandling>
+		<objectType>
+			<kind>account</kind>
+			<displayName>Normal Account</displayName>
+			<default>true</default>
+			<objectClass>ri:AccountObjectClass</objectClass>
+			<attribute>
+				<ref>ri:uid</ref>
+				<displayName>UID</displayName>
+                <inbound>
+                    <target>
+                        <path>name</path>
+                    </target>
+                </inbound>
+                <inbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>RoleType</targetType>
+                            <oid>c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f</oid>     <!--  role-grouper-basic -->
+                            <assignmentProperties>
+                                <subtype>grouper-basic</subtype>
+                            </assignmentProperties>
+                        </assignmentTargetSearch>
+                    </expression>                            
+                    <target>
+                        <path>assignment</path>
+                        <set>
+                            <condition>
+                                <script>
+                                    <code>
+                                        assignment.subtype.contains('grouper-basic')
+                                    </code>
+                                </script>
+                            </condition>
+                        </set>
+                    </target>
+                </inbound>
+			</attribute>
+            <attribute>
+                <ref>ri:fullName</ref>
+                <displayName>Full Name</displayName>
+                <inbound>
+                    <target>
+                        <path>fullName</path>
+                    </target>
+                </inbound>
+            </attribute>
+            <attribute>
+                <ref>ri:surname</ref>
+                <displayName>Surname</displayName>
+                <inbound>
+                    <target>
+                        <path>familyName</path>
+                    </target>
+                </inbound>
+            </attribute>
+            <attribute>
+                <ref>ri:givenName</ref>
+                <displayName>Given Name</displayName>
+                <inbound>
+                    <target>
+                        <path>givenName</path>
+                    </target>
+                </inbound>
+            </attribute>
+            <attribute>
+                <ref>ri:mail</ref>
+                <displayName>Mail</displayName>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+                <inbound>
+                    <target>
+                        <path>emailAddress</path>
+                    </target>
+                </inbound>
+            </attribute>
+            <!-- >attribute>
+                <ref>ri:employeeNumber</ref>
+                <inbound>
+                    <target>
+                        <path>employeeNumber</path>
+                    </target>
+                </inbound>
+            </attribute  -->
+            <attribute>
+                <ref>ri:department</ref>
+                <inbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>OrgType</targetType>
+                            <filter>
+                                <q:equal>
+                                    <q:path>name</q:path>                       
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'department_' + input
+                                            </code>
+                                        </script>
+                                    </expression>                       
+                                </q:equal>
+                            </filter>
+                            <createOnDemand>true</createOnDemand>
+                            <populateObject>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'department_' + input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>name</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>displayName</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <assignmentTargetSearch>
+                                            <targetType>OrgType</targetType>
+                                            <oid>bee44c51-2469-411d-bac7-695728e9c241</oid>
+                                        </assignmentTargetSearch>
+                                    </expression>
+                                    <target>
+                                        <path>assignment</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>identifier</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <value>department</value>
+                                    </expression>
+                                    <target>
+                                        <path>subtype</path>
+                                    </target>
+                                </populateItem>
+                            </populateObject>
+                            <assignmentProperties>
+                                <subtype>department</subtype>
+                            </assignmentProperties>
+                        </assignmentTargetSearch>       
+                    </expression>
+                    <target>
+                        <path>assignment</path>
+                        <set>
+                            <condition>
+                                <script>
+                                    <code>
+                                        assignment.subtype.contains('department')
+                                    </code>
+                                </script>
+                            </condition>
+                        </set>
+                    </target>
+                </inbound>
+            </attribute>
+            <attribute>
+                <ref>ri:affiliation</ref>
+                <inbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>RoleType</targetType>
+                            <filter>
+                                <q:equal>
+                                    <q:path>name</q:path>                       
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'affiliation_' + input
+                                            </code>
+                                        </script>
+                                    </expression>                       
+                                </q:equal>
+                            </filter>
+                            <createOnDemand>true</createOnDemand>
+                            <populateObject>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'affiliation_' + input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>name</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                'Affiliation: ' + input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>displayName</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <script>
+                                            <code>
+                                                input
+                                            </code>
+                                        </script>
+                                    </expression>
+                                    <target>
+                                        <path>identifier</path>
+                                    </target>
+                                </populateItem>
+                                <populateItem>
+                                    <expression>
+                                        <value>affiliation</value>
+                                    </expression>
+                                    <target>
+                                        <path>subtype</path>
+                                    </target>
+                                </populateItem>
+                            </populateObject>
+                            <assignmentProperties>
+                                <subtype>affiliation</subtype>
+                            </assignmentProperties>
+                        </assignmentTargetSearch>       
+                    </expression>
+                    <target>
+                        <path>assignment</path>
+                        <set>
+                            <condition>
+                                <script>
+                                    <code>
+                                        assignment.subtype.contains('affiliation')
+                                    </code>
+                                </script>
+                            </condition>
+                        </set>
+                    </target>
+                </inbound>
+            </attribute>
+		</objectType>
+	</schemaHandling>
+
+	<synchronization>
+		<objectSynchronization>
+			<enabled>true</enabled>
+
+			<correlation>
+				<q:equal>
+					<q:path>name</q:path>
+					<expression>
+						<path>
+							declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+							$account/attributes/ri:uid
+						</path>
+					</expression>
+				</q:equal>
+			</correlation>
+
+			<reaction>
+				<situation>linked</situation>
+				<synchronize>true</synchronize>
+			</reaction>
+			<reaction>
+				<situation>deleted</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
+				</action>
+			</reaction>
+
+			<reaction>
+				<situation>unlinked</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
+				</action>
+			</reaction>
+			<reaction>
+				<situation>unmatched</situation>
+				<synchronize>true</synchronize>
+				<action>
+					<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
+				</action>
+			</reaction>
+		</objectSynchronization>
+	</synchronization>
+
+</c:resource>
+
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-course.xml b/grouper-midpoint/midpoint-objects/roles/metarole-course.xml
index 094f92f..3e26105 100644
--- a/grouper-midpoint/midpoint-objects/roles/metarole-course.xml
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-course.xml
@@ -20,7 +20,7 @@
         <construction>
             <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
             <association>
-                <c:ref>ri:courseGroup</c:ref>
+                <c:ref>ri:group</c:ref>
                 <outbound>
                     <expression>
                         <associationFromLink>
diff --git a/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml b/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
index 3a6df91..f0e93c5 100644
--- a/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
+++ b/grouper-midpoint/midpoint-objects/roles/metarole-generic-group.xml
@@ -20,7 +20,7 @@
         <construction>
             <resourceRef oid="0a37121f-d515-4a23-9b6d-554c5ef61272" relation="org:default" type="c:ResourceType" />     <!-- OpenLDAP for Grouper (i-data) -->
             <association>
-                <c:ref>ri:genericGroup</c:ref>
+                <c:ref>ri:group</c:ref>
                 <outbound>
                     <expression>
                         <associationFromLink>