Skip to content

Commit

Permalink
initial comanage-midpoint integration
Browse files Browse the repository at this point in the history
  • Loading branch information
@pcaskey
pcaskey committed Dec 21, 2020
1 parent e58c1cb commit 009deee
Show file tree
Hide file tree
Showing 8 changed files with 332 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Workbench/directory/container_files/etc/phpldapadmin/config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,7 @@
the directory for users (ie, if your LDAP server does not allow anonymous
binds. */
// $servers->setValue('login','bind_id','');
$servers->setValue('login','bind_id','cn=admin,dc=internet2,dc=edu');
$servers->setValue('login','bind_id','cn=Directory Manager');

/* Your LDAP password. If you specified an empty bind_id above, this MUST also
be blank. */
Expand Down
1 change: 1 addition & 0 deletions Workbench/directory/container_files/seed-data/data.ldif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ objectClass: person
objectClass: top
cn: Andy Guest
sn: Aguest
mail: andyaguestcspuser@workbench.incommon.org
givenName: Andy
userPassword: password
description: A guest user
25 changes: 25 additions & 0 deletions ...er/container_files/mp-home/post-initial-objects/archetypes/400-archetype-guest-person.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<archetype oid="3d290ffd-35d6-40d5-9b20-964f891f569c"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:org='http://midpoint.evolveum.com/xml/ns/public/common/org-3'>
<name>Guest</name>
<description>Non-academic person from the Guest system</description>
<archetypePolicy>
<display>
<label>Guest</label>
<pluralLabel>Guests</pluralLabel>
<tooltip>Person imported from the Guest System</tooltip>
<icon>
<cssClass>fa fa-plus-square</cssClass>
<color>blue</color>
</icon>
</display>
</archetypePolicy>
<assignment>
<assignmentRelation>
<holderType>UserType</holderType>
</assignmentRelation>
</assignment>
</archetype>
2 changes: 1 addition & 1 deletion ...erver/container_files/mp-home/post-initial-objects/archetypes/500-archetype-hr-person.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<pluralLabel>HRs</pluralLabel>
<tooltip>Person imported from the HR CSV</tooltip>
<icon>
<cssClass>fa fa-space-shuttle</cssClass>
<cssClass>fa fa-user-circle</cssClass>
<color>olive</color>
</icon>
</display>
Expand Down
13 changes: 13 additions & 0 deletions ...h/midpoint_server/container_files/mp-home/post-initial-objects/orgs/600-org-guest-sor.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0"?>
<!--
~ Copyright (c) 2019 Evolveum and contributors
~
~ This work is dual-licensed under the Apache License 2.0
~ and European Union Public License. See LICENSE file for details.
-->

<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
oid="55ced112-264c-4c77-a1bf-9e32d8a138b0">
<name>guest</name>
<displayName>Guest SOR</displayName>
</org>
252 changes: 252 additions & 0 deletions ...midpoint_server/container_files/mp-home/post-initial-objects/resources/100-guest-ldap.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,252 @@
<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="7b40819f-2fec-4243-9d5d-355300acd312" version="110">
<name>Guest LDAP</name>
<description>LDAP guests provisioned by COmanage</description>
<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.LdapConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
<icfc:configurationProperties xmlns:gen956="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
<gen956:host>directory</gen956:host>
<gen956:port>389</gen956:port>
<gen956:bindDn>cn=Directory Manager</gen956:bindDn>
<gen956:bindPassword>
<t:clearValue>password</t:clearValue>
</gen956:bindPassword>
<gen956:uidAttribute>nsUniqueId</gen956:uidAttribute>
<gen956:pagingStrategy>spr</gen956:pagingStrategy>
<gen956:baseContext>ou=Guests,dc=internet2,dc=edu</gen956:baseContext>
<!--<gen956:passwordHashAlgorithm>SSHA</gen956:passwordHashAlgorithm>-->
<gen956:pagingStrategy>spr</gen956:pagingStrategy>
<!--<gen956:vlvSortAttribute>uid</gen956:vlvSortAttribute>
<gen956:vlvSortOrderingRule>2.5.13.3</gen956:vlvSortOrderingRule>-->
<gen956:operationalAttributes>memberOf</gen956:operationalAttributes>
<gen956:operationalAttributes>createTimestamp</gen956:operationalAttributes>
<gen956:allowUnknownAttributes>true</gen956:allowUnknownAttributes>
<!--<gen956:usePermissiveModify>always</gen956:usePermissiveModify>-->
</icfc:configurationProperties>
</connectorConfiguration>
<schema>
<generationConstraints>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:eduPerson</generateObjectClass>
<generateObjectClass>ri:organizationalPerson</generateObjectClass>
<generateObjectClass>ri:person</generateObjectClass>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:organizationalUnit</generateObjectClass>
</generationConstraints>
</schema>
<schemaHandling>
<objectType id="2">
<kind>account</kind>
<intent>default</intent>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
<attribute id="4">
<c:ref>ri:dn</c:ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<matchingRule xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3">mr:stringIgnoreCase</matchingRule>
</attribute>
<attribute id="7">
<c:ref>ri:sn</c:ref>
<displayName>Surname</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<inbound id="14">
<target>
<c:path>familyName</c:path>
</target>
</inbound>
<inbound>
<source>
<path>$projection/attributes/ri:givenName</path>
<name>givenname</name>
</source>
<expression>
<script>
<code>basic.concatName(givenname, input)</code>
</script>
</expression>
<target>
<path>fullName</path>
</target>
</inbound>
</attribute>
<attribute id="8">
<c:ref>ri:givenName</c:ref>
<displayName>Given Name</displayName>
<inbound id="15">
<target>
<c:path>$c:user/c:givenName</c:path>
</target>
</inbound>
</attribute>
<attribute id="31">
<c:ref>ri:mail</c:ref>
<inbound id="32">
<target>
<c:path>$c:user/c:emailAddress</c:path>
</target>
</inbound>
</attribute>
<attribute id="33">
<c:ref>ri:uid</c:ref>
<inbound id="34">
<target>
<c:path>name</c:path>
</target>
</inbound>
<inbound>
<description>Assignment of Guest SOR archetype</description>
<strength>strong</strength>
<expression>
<assignmentTargetSearch>
<targetType>c:ArchetypeType</targetType>
<oid>3d290ffd-35d6-40d5-9b20-964f891f569c</oid>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
<inbound>
<description>Assignment of Guest SOR organization</description>
<strength>strong</strength>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<oid>55ced112-264c-4c77-a1bf-9e32d8a138b0</oid>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
<inbound>
<description>Assignment of role-ldap-basic role</description>
<strength>strong</strength>
<expression>
<assignmentTargetSearch>
<targetType>c:RoleType</targetType>
<oid>c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f</oid>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</inbound>
</attribute>
<iteration>
<maxIterations>5</maxIterations>
</iteration>
<protected>
<filter>
<q:equal>
<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#stringIgnoreCase</q:matching>
<q:path>attributes/ri:dn</q:path>
<q:value>cn=admin,dc=internet2,dc=edu</q:value>
</q:equal>
</filter>
</protected>
<activation>
<administrativeStatus>
<outbound id="18"/>
<inbound id="19">
<strength>weak</strength>
<expression>
<asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</inbound>
</administrativeStatus>
</activation>
<credentials>
<password xsi:type="c:ResourcePasswordDefinitionType">
<outbound>
<expression>
<asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</outbound>
<inbound>
<strength>weak</strength>
<expression>
<generate xsi:type="c:GenerateExpressionEvaluatorType"/>
</expression>
</inbound>
</password>
</credentials>
</objectType>
</schemaHandling>
<synchronization>
<objectSynchronization>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<path>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
$account/attributes/ri:uid
</path>
</expression>
</q:equal>
<q:description>
Correlation expression is a search query.
Following search query will look for users that have "name"
equal to the "eduPersonPrincipalName" attribute of the account. Simply speaking,
it will look for a match in usernames in the IDM and the resource.
The correlation rule always looks for users, so it will not match
any other object type.
</q:description>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>
<consistency>
<avoidDuplicateValues>true</avoidDuplicateValues>
</consistency>
</resource>
2 changes: 2 additions & 0 deletions .../midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@
<generationConstraints>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:eduPerson</generateObjectClass>
<generateObjectClass>ri:organizationalPerson</generateObjectClass>
<generateObjectClass>ri:person</generateObjectClass>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:organizationalUnit</generateObjectClass>
Expand Down
37 changes: 37 additions & 0 deletions ..._server/container_files/mp-home/post-initial-objects/tasks/994-task-guest-ldap-import.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
oid="9ddfc0ff-6293-4f34-8eb7-5a049c21480f">
<name>Import from Guest LDAP</name>
<extension xmlns:mext="http://midpoint.evolveum.com/xml/ns/public/model/extension-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ExtensionType">
<mext:kind>account</mext:kind>
<mext:objectclass>ri:AccountObjectClass</mext:objectclass>
<!--
<mext:tracing>
<interval>500</interval>
</mext:tracing> -->
</extension>
<assignment>
<targetRef oid="00000000-0000-0000-0000-000000000503" type="ArchetypeType" /> <!--Import task-->
</assignment>
<taskIdentifier>df940655-2167-455d-a735-a5e8c234e289</taskIdentifier>
<ownerRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default"
type="c:UserType"><!-- administrator --></ownerRef>
<executionStatus>runnable</executionStatus>
<category>ImportingAccounts</category>
<objectRef oid="7b40819f-2fec-4243-9d5d-355300acd312"
relation="org:default"
type="c:ResourceType"><!-- Guest LDAP --></objectRef>
<recurrence>recurring</recurrence>
<schedule>
<interval>60</interval>
</schedule>
<binding>loose</binding>
</task>

0 comments on commit 009deee

Please sign in to comment.