Skip to content
Permalink
 
 
Cannot retrieve contributors at this time
341 lines (333 sloc) 12.8 KB
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2019 Evolveum and contributors
~
~ This work is dual-licensed under the Apache License 2.0
~ and European Union Public License. See LICENSE file for details.
-->
<resource oid="0a37121f-d515-4a23-9b6d-554c5ef61272"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3' xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:my="http://whatever.com/my" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
<name>LDAP (directory)</name>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
<icfc:configurationProperties
xmlns:icfcldap="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
<icfcldap:port>389</icfcldap:port>
<icfcldap:host>directory</icfcldap:host>
<!-- <icfcldap:host>192.168.56.101</icfcldap:host> -->
<icfcldap:baseContext>dc=internet2,dc=edu</icfcldap:baseContext>
<icfcldap:bindDn>cn=Directory Manager</icfcldap:bindDn>
<icfcldap:bindPassword>
<t:clearValue>password</t:clearValue>
</icfcldap:bindPassword>
<icfcldap:uidAttribute>nsUniqueId</icfcldap:uidAttribute>
<icfcldap:pagingStrategy>spr</icfcldap:pagingStrategy> <!-- spr? -->
<!-- <icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> -->
<icfcldap:operationalAttributes>memberOf</icfcldap:operationalAttributes>
<icfcldap:operationalAttributes>createTimestamp</icfcldap:operationalAttributes>
<icfcldap:operationalAttributes>nsAccountLock</icfcldap:operationalAttributes>
<!-- >icfcldap:usePermissiveModify>always</icfcldap:usePermissiveModify>
<icfcldap:passwordHashAlgorithm>SSHA</icfcldap:passwordHashAlgorithm -->
<!-- >icfcldap:vlvSortAttribute>uid</icfcldap:vlvSortAttribute> <icfcldap:vlvSortOrderingRule>2.5.13.3</icfcldap:vlvSortOrderingRule -->
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>
<schema>
<generationConstraints>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:eduPerson</generateObjectClass>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:organizationalUnit</generateObjectClass>
</generationConstraints>
</schema>
<schemaHandling>
<objectType>
<kind>account</kind>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
<attribute>
<ref>ri:dn</ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<tolerant>false</tolerant>
<matchingRule>mr:distinguishedName</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>name</path>
</source>
<expression>
<script>
<code>
'uid=' + name + ',ou=People,dc=internet2,dc=edu'
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<ref>ri:cn</ref>
<displayName>Common Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<tolerant>false</tolerant>
<outbound>
<strength>strong</strength>
<source>
<path>fullName</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:sn</ref>
<displayName>Surname</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<tolerant>false</tolerant>
<outbound>
<strength>strong</strength>
<source>
<path>familyName</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:givenName</ref>
<displayName>Given Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<tolerant>false</tolerant>
<outbound>
<strength>strong</strength>
<source>
<path>givenName</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:uid</ref>
<displayName>Login Name</displayName>
<tolerant>false</tolerant>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>name</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:mail</ref>
<displayName>Mail</displayName>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<tolerant>false</tolerant>
<outbound>
<strength>strong</strength>
<source>
<path>emailAddress</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:employeeNumber</ref>
<tolerant>false</tolerant>
<outbound>
<strength>strong</strength>
<source>
<path>employeeNumber</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:businessCategory</ref>
<tolerant>false</tolerant>
</attribute>
<!-- <attribute>
<ref>ri:eduPersonAffiliation</ref>
<outbound>
<strength>strong</strength>
<source>
<path>extension/rawAffiliation</path>
</source>
</outbound>
<tolerant>false</tolerant>
</attribute> -->
<association>
<tolerant>false</tolerant>
<ref>ri:group</ref>
<kind>entitlement</kind>
<intent>group</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:uniqueMember</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
</association>
<protected>
<filter>
<q:equal>
<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching>
<q:path>attributes/ri:dn</q:path>
<q:value>cn=root,dc=internet2,dc=edu</q:value>
</q:equal>
</filter>
</protected>
<credentials>
<password>
<outbound/>
</password>
</credentials>
</objectType>
<objectType>
<kind>entitlement</kind>
<intent>group</intent>
<displayName>LDAP Group</displayName>
<objectClass>ri:groupOfUniqueNames</objectClass>
<attribute>
<ref>ri:uniqueMember</ref>
<matchingRule>mr:distinguishedName</matchingRule>
<fetchStrategy>minimal</fetchStrategy>
</attribute>
<attribute>
<ref>ri:dn</ref>
<matchingRule>mr:distinguishedName</matchingRule>
<outbound>
<strength>strong</strength>
<source>
<path>extension/ldapDn</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:cn</ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>weak</strength>
<source>
<path>identifier</path>
</source>
</outbound>
</attribute>
<attribute>
<ref>ri:uniqueMember</ref>
<matchingRule>mr:distinguishedName</matchingRule>
<fetchStrategy>minimal</fetchStrategy>
</attribute>
</objectType>
</schemaHandling>
<synchronization>
<objectSynchronization>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<path>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
$projection/attributes/ri:uid
</path>
</expression>
</q:equal>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
</reaction>
</objectSynchronization>
<objectSynchronization>
<name>group sync</name>
<objectClass>ri:groupOfUniqueNames</objectClass>
<kind>entitlement</kind>
<intent>group</intent>
<focusType>OrgType</focusType>
<enabled>true</enabled>
<condition>
<script>
<code>
import javax.naming.ldap.*
dn = new LdapName(basic.getAttributeValue(projection, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'dn'))
dn.startsWith(new LdapName('ou=Affiliations,ou=Groups,dc=internet2,dc=edu')) ||
dn.startsWith(new LdapName('ou=Courses,ou=Groups,dc=internet2,dc=edu')) ||
dn.startsWith(new LdapName('ou=generic,ou=Groups,dc=internet2,dc=edu')) ||
dn.startsWith(new LdapName('ou=midpoint,ou=Groups,dc=internet2,dc=edu'))
</code>
</script>
</condition>
<correlation>
<q:equal>
<q:path>extension/ldapDn</q:path>
<expression>
<path>$projection/attributes/ri:dn</path>
</expression>
</q:equal>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
</reaction>
</objectSynchronization>
</synchronization>
<consistency>
<avoidDuplicateValues>true</avoidDuplicateValues>
</consistency>
</resource>
You can’t perform that action at this time.