...
Code Block |
---|
language | xml |
---|
title | Sample Grouper resource object |
---|
linenumbers | true |
---|
|
<resource oid="1eff65de-5bb6-483d-9edf-8cc2c2ee0233"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:rest="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-grouper-rest/com.evolveum.polygon.connector.grouper.rest.GrouperConnector"
xmlns:conf="http://midpoint.evolveum.com/xml/ns/public/connector/builtin-1/bundle/com.evolveum.midpoint.provisioning.ucf.impl.builtin.async/AsyncUpdateConnector"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<name>Grouper Resource</name>
<connectorRef type="c:ConnectorType">
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>com.evolveum.polygon.connector.grouper.rest.GrouperConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration>
<icfc:configurationProperties>
<rest:baseUrl>https://grouper-ws:443</rest:baseUrl>
<rest:username>banderson</rest:username>
<rest:password>password</rest:password>
<rest:testStem>:<ignoreSslValidation>true</rest:testStem>
<!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
ignoreSslValidation>
<rest:baseStem>:</rest:baseStem>
<rest:groupIncludePattern>app:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>test:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
<rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
<rest:subjectSource>ldap</rest:subjectSource>
<rest:testStem>:ignoreSslValidation>true<</rest:ignoreSslValidation>testStem>
</icfc:configurationProperties>
<!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>true</icfc:enableFilteredResultsHandler>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>
<additionalConnector>
<name>AMQP async update connector</name>
<connectorRef type="c:ConnectorType">
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>AsyncUpdateConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration>
<conf:sources>
<amqp091>
<uri>amqp://mq:5672</uri>
<username>guest</username>
<password>guest</password>
<queue>sampleQueue</queue>
</amqp091>
</conf:sources>
<conf:transformExpression>
<script>
<code>
// ------------------ START OF CONFIGURATION ------------------
parameters = [
groupIncludePattern: [ 'app:.*', 'test:.*', 'ref:.*' ],
groupExcludePattern: [ '.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ],
relevantSourceId: 'ldap'
]
// ------------------ END OF CONFIGURATION ------------------
parameters.put('message', message)
grouper.execute('createUcfChange', parameters)
</code>
</script>
</conf:transformExpression>
</connectorConfiguration>
</additionalConnector>
<schemaHandling>
<objectType>
<kind>entitlement</kind>
<intent>group</intent>
<objectClass>ri:Group</objectClass>
<default>true</default>
<attribute>
<ref>ri:name</ref>
<inbound>
<strength>strong</strength>
<target>
<path>extension/grouperName</path>
</target>
</inbound>
<inbound>
<strength>strong</strength>
<expression>
<script>
<code>
import com.evolveum.midpoint.schema.util.*
import com.evolveum.midpoint.schema.constants.*
if (input == null) {
null
} else {
archetypeOid = '5f2b96d2-49b5-4a8a-9601-14457309a69b' // generic-grouper-group archetype
switch (input) {
case ~/ref:affiliation:.*/: archetypeOid = '56f53812-047d-4b69-83e8-519a73d161e1'; break; // affiliation archetype
case ~/ref:dept:.*/: archetypeOid = '1cec5f78-8fba-459b-9547-ef7485009f40'; break; // department archetype
case ~/ref:course:.*/: archetypeOid = '3dab9a72-118b-4e40-a138-bb691c335eca'; break; // course archetype
case ~/app:mailinglist:.*/: archetypeOid = '1645d1dc-1f7c-4508-b50b-97b501ccdee3'; break; // mailing-list archetype
}
ObjectTypeUtil.createAssignmentTo(archetypeOid, ObjectTypes.ARCHETYPE, prismContext)
}
</code>
</script>
</expression>
<target>
<path>assignment</path>
<set>
<predefined>all</predefined> <!-- we tolerate no other assignments -->
</set>
</target>
</inbound>
</attribute>
<attribute>
<ref>ri:member</ref>
<fetchStrategy>explicit</fetchStrategy>
<storageStrategy>indexOnly</storageStrategy>
</attribute>
</objectType>
</schemaHandling>
<synchronization>
<objectSynchronization>
<enabled>true</enabled>
<kind>entitlement</kind>
<intent>group</intent>
<objectClass>ri:Group</objectClass>
<focusType>OrgType</focusType>
<correlation>
<q:equal>
<q:path>extension/grouperName</q:path>
<expression>
<path>$projection/attributes/name</path>
</expression>
</q:equal>
</correlation>
<reaction>
<situation>linked</situation>
<channel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#asyncUpdate</channel>
<condition>
<script>
<code>import com.evolveum.midpoint.prism.path.ItemPath
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType
// member-only updates should _NOT_ be synchronized
resourceObjectDelta != null && resourceObjectDelta.isModify() &&
resourceObjectDelta.modifications.size() == 1 &&
ItemPath.create(ShadowType.F_ATTRIBUTES, 'member').equivalent(resourceObjectDelta.modifications.iterator().next().path)
</code>
</script>
</condition>
<synchronize>false</synchronize>
</reaction>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<!-- a separate task will take care of deleted groups -->
<!-- we don't even need to unlink the shadow -->
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>unlinked</situation>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>
<caching>
<cachingStategy>passive</cachingStategy>
</caching>
</resource> |
This resource uses combined REST + MQ connectors. The
REST connector configuration
Sample configuration for REST connector is here:
Code Block |
---|
language | xml |
---|
title | Sample configuration for Grouper REST connector |
---|
linenumbers | true |
---|
|
<icfc:configurationProperties>
<rest:baseUrl>https://grouper-ws:443</rest:baseUrl>
<rest:username>banderson</rest:username>
<rest:password>password</rest:password>
<rest:testStem>:<ignoreSslValidation>true</rest:testStem>ignoreSslValidation>
<!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
<rest:<rest:baseStem>:</rest:baseStem>
<rest:groupIncludePattern>app:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>test:.*</rest:groupIncludePattern>
<rest:groupIncludePattern>ref:.*</rest:groupIncludePattern>
<rest:groupExcludePattern>.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)</rest:groupExcludePattern>
<rest:subjectSource>ldap</rest:subjectSource>
<rest:ignoreSslValidation>true<testStem>:</rest:ignoreSslValidation>testStem>
</icfc:configurationProperties> <!-- no testGroup: we cannot be sure that banderson is a member of sysadmingroup when doing the first test -->
</icfc:configurationProperties> |
Let us describe individual items.
Item name | Meaning | Comment |
---|
baseUrl | URL on which the Grouper REST service can be accessed. | An example: https://localhost:9443. |
username | Name of the user that is used to access the Grouper REST service. |
|
password | Password of the user that is used to access the Grouper REST service. |
|
ignoreSslValidation | Whether to ignore SSL validation issues when connecting to the Grouper REST service. | Do not use in production. |
baseStem | The stem whose content is to be visible to this connector. | The default is ":" (the whole tree). |
groupIncludePattern | Groups that should be visible to this connector. Specify them using regular expressions like "ref:.*". You can specify multiple values of this item. | If nothing is specified, all groups under root stem are included. |
groupExcludePattern | Groups that should not be visible to this connector. Specify them using regular expressions like ".*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)". You can specify multiple values of this item. |
|
subjectSource | The source of subjects that will be visible by this connector. |
|
testStem | Stem whose accessibility is checked during Test connection operation (if specified). |
|
testGroup | Group whose accessibility is checked during Test connection operation (if specified). |
|
MQ connector configuration
Sample configuration for MQ connector is here:
Code Block |
---|
language | xml |
---|
title | Sample configuration for Grouper MQ connector |
---|
linenumbers | true |
---|
|
<connectorConfiguration>
<conf:sources>
<amqp091>
<uri>amqp://mq:5672</uri>
<username>guest</username>
<password>guest</password>
<queue>sampleQueue</queue>
</amqp091>
</conf:sources>
<conf:transformExpression>
<script>
<code>
// ------------------ START OF CONFIGURATION ------------------
parameters = [
groupIncludePattern: [ 'app:.*', 'test:.*', 'ref:.*' ],
groupExcludePattern: [ '.*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)' ],
relevantSourceId: 'ldap'
]
// ------------------ END OF CONFIGURATION ------------------
parameters.put('message', message)
grouper.execute('createUcfChange', parameters)
</code>
</script>
</conf:transformExpression>
</connectorConfiguration |
Let us describe individual items.
Item name | Meaning | Comment |
---|
conf:sources | Source(s) for asynchronous messages. These can be e.g. MQ or REST endpoints, although midPoint currently supports only AMQP 0.9.1 or custom (defined e.g. via overlay) sources. |
|
amqp091/uri | URI where AMQP 0.9.1 broker resides. |
|
amqp091/username | Name of the user that is used to access AMQP 0.9.1 broker. |
|
amqp091/password | Password of the user that is used to access AMQP 0.9.1 broker. |
|
amqp091/queue | Queue from where change notifications can be obtained. |
|
amqp091/virtualHost | AMQP virtual host. | The default value is "/". |
amqp091/prefetch | Number of messages to prefetch. | The default is 5. |
amqp091/connectionHandlingThreads | Number of connection handling threads. | The default is 10. |
transformExpression/script/code:parameters | Parameters related to the processing of asynchronous messages obtained from (e.g.) AMQP queue. |
|
groupIncludePattern | Groups that should be visible to this connector. Specify them using regular expressions like "ref:.*". You can specify multiple values of this item. Should be the same as groupIncludePattern in the REST part. | If nothing is specified, all groups under root stem are included. |
groupExcludePattern | Groups that should not be visible to this connector. Specify them using regular expressions like ".*_(includes|excludes|systemOfRecord|systemOfRecordAndIncludes)". You can specify multiple values of this item. Should be the same as groupExcludePattern in the REST part. |
|
relevantSubjectSource | The source of subjects that will be visible by this connector. Should be the same as subjectSource parameter in the REST part. |
|