hogwarts config..

samples/hogwarts/accounts.csv

@@ -0,0 +1,70 @@
+§,firstname,lastname,memberOf,managerOf,disabled,password
+h.potter,Harry,Potter,Hogwarts/Students/Gryffindor,quiddich-griffindor,false,asd123
+h.granger,Hermione,Granger,Hogwarts/Students/Gryffindor,,false,huGHa
+r.weasley,Ron,Weasley,Hogwarts/Students/Gryffindor,,false,asd123
+f.weasley,Fred,Weasley,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,sLh5D
+ge.weasley,George,Weasley,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,Hhktd
+gi.weasley,Ginny,Weasley,Hogwarts/Students/Gryffindor,,false,HidpQ
+p.weasley,Percy,Weasley,Hogwarts/Students/Gryffindor,,false,BVzp7
+n.longbottom,Neville,Longbottom,Hogwarts/Students/Gryffindor,,false,4j91q
+s.finnigan,Seamus,Finnigan,Hogwarts/Students/Gryffindor,,false,X3rVs
+o.wood,Oliver,Wood,Hogwarts/Students/Gryffindor,quiddich-griffindor,false,He7jK
+k.bell,Katie,Bell,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,CStTz
+l.brown,Lavender,Brown,Hogwarts/Students/Gryffindor,,false,3PnNC
+c.creevey,Colin,Creevey,Hogwarts/Students/Gryffindor,,false,FxRQO
+d.creevey,Dennis,Creevey,Hogwarts/Students/Gryffindor,,false,O0Unq
+a.johnson,Angelina,Johnson,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,xwlPf
+l.jordan,Lee,Jordan,Hogwarts/Students/Gryffindor,,false,FeJKf
+c.mcLaggen,Cormac,McLaggen,Hogwarts/Students/Gryffindor,,false,WGV9Z
+p.patil,Parvati,Patil,Hogwarts/Students/Gryffindor,,false,L06xC
+a.spinnet,Alicia,Spinnet,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,3QyWK
+d.thomas,Dean,Thomas,Hogwarts/Students/Gryffindor;quiddich-griffindor,,false,7bUIs
+s.bones,Susan,Bones,Hogwarts/Students/Hufflepuff,,false,zzkzQ
+c.diggory,Cedric,Diggory,Hogwarts/Students/Hufflepuff,quiddich-hufflepuff,false,dDtXQ
+j.finchFletchley,Justin,Finch-Fletchley,Hogwarts/Students/Hufflepuff,,false,4hicr
+e.macmillan,Ernie,Macmillan,Hogwarts/Students/Hufflepuff,,false,o1vdP
+z.smith,Zacharias,Smith,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,wWytb
+m.oflaherty,Maxine,O'Flaherty,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,8zSQC
+a.rickett,Anthony,Rickett,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,aR5Qz
+m.mcManus,Michael,McManus,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,68oPS
+m.preece,Malcolm,Preece,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,SjkHQ
+h.macavoy,Heidi,Macavoy,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,jkxdA
+t.applebee,Tamsin,Applebee,Hogwarts/Students/Hufflepuff;quiddich-hufflepuff,,false,b5eaL
+l.lovegood,Luna,Lovegood,Hogwarts/Students/Ravenclaw,,false,gVpvc
+t.boot,Terry,Boot,Hogwarts/Students/Ravenclaw,,false,jMeJC
+ch.Chang,Cho,Chang,Hogwarts/Students/Ravenclaw;quiddich-ravenclaw,,false,MyNFI
+p.clearwater,Penelope,Clearwater,Hogwarts/Students/Ravenclaw,,false,beT2o
+m.corner,Michael,Corner,Hogwarts/Students/Ravenclaw,,false,SzZjR
+r.davies,Roger,Davies,Hogwarts/Students/Ravenclaw,quiddich-ravenclaw,false,1WPNp
+m.edgecombe,Marietta,Edgecombe,Hogwarts/Students/Ravenclaw,,false,9NXxc
+a.goldstein,Anthony,Goldstein,Hogwarts/Students/Ravenclaw,,false,QGLi0
+pa.patil,Padma,Patil,Hogwarts/Students/Ravenclaw,,false,L06xC
+j.stretton,Jeremy,Stretton,Hogwarts/Students/Ravenclaw;quiddich-ravenclaw,,false,Qo2kc
+r.burrow,Randolph,Burrow,Hogwarts/Students/Ravenclaw;quiddich-ravenclaw,,false,BtwrF
+d.inglebee,Duncan,Inglebee,Hogwarts/Students/Ravenclaw;quiddich-ravenclaw,,false,0hFEp
+d.malfoy,Draco,Malfoy,Hogwarts/Students/Slytherin;quiddich-slytherin,,false,lOBrZ
+m.bulstrode,Millicent,Bulstrode,Hogwarts/Students/Slytherin,,false,fzFmz
+v.crabbe,Vincent,Crabbe,Hogwarts/Students/Slytherin;quiddich-slytherin,,false,gFv53
+m.flint,Marcus,Flint,Hogwarts/Students/Slytherin,quiddich-slytherin,false,Iy6lp
+g.goyle,Gregory,Goyle,Hogwarts/Students/Slytherin;quiddich-slytherin,,false,wboNH
+g.montague,Graham,Montague,Hogwarts/Students/Slytherin;quiddich-slytherin,,false,H08hH
+t.nott,Theodore,Nott,Hogwarts/Students/Slytherin,,false,sOc81
+p.parkinson,Pansy,Parkinson,Hogwarts/Students/Slytherin,,false,wd7TU
+b.zabini,Blaise,Zabini,Hogwarts/Students/Slytherin,,false,bwdzH
+a.dumbledore,Albus,Dumbledore,Hogwarts/Staff/Professors,Hogwarts/Staff/Professors;Hogwarts/Staff/Auxiliary,false,asd123
+l.voldemort,Lord,Voldemort,Hogwarts/Staff/Professors,,false,w3Hn3
+m.mcGonagall,Minerva,McGonagall,Hogwarts/Staff/Professors,Hogwarts/Students/Gryffindor,false,LnwYb
+s.snape,Severus,Snape,Hogwarts/Staff/Professors,Hogwarts/Students/Slytherin,false,3p0AE
+p.sprout,Pomona,Sprout,Hogwarts/Staff/Professors,Hogwarts/Students/Hufflepuff,false,TPL2T
+f.flitwick,Filius,Flitwick,Hogwarts/Staff/Professors,Hogwarts/Students/Ravenclaw,false,3seVL
+s.trelawney,Sybill,Trelawney,Hogwarts/Staff/Professors,,false,irY4l
+ch.burbage,Charity,Burbage,Hogwarts/Staff/Professors,,false,JIZxz
+r.hooch,Rolanda,Hooch,Hogwarts/Staff/Professors,,false,VmbKi
+s.kettleburn,Silvanus,Kettleburn,Hogwarts/Staff/Professors,,false,tVxYS
+g.lockhart,Gilderoy,Lockhart,Hogwarts/Staff/Professors,,false,asd123
+a.sinistra,Aurora,Sinistra,Hogwarts/Staff/Professors,,false,top0f
+s.vector,Septima,Vector,Hogwarts/Staff/Professors,,false,NJFjE
+a.filch,Argus,Filch,Hogwarts/Staff/Auxiliary,,false,LUdDa
+r.hagrid,Rubeus,Hagrid,Hogwarts/Staff/Auxiliary;Hogwarts/Staff/Professors,,false,asd123
+i.pince,Irma,Pince,Hogwarts/Staff/Auxiliary,,false,ZnHa4
+p.pomfrey,Poppy,Pomfrey,Hogwarts/Staff/Auxiliary,,false,bvYIK

samples/hogwarts/groups.ldif

@@ -0,0 +1,73 @@
+version: 1
+
+dn: ou=groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: groups
+
+dn: cn=hogwarts,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: hogwarts
+member: uid=nobody,ou=People,dc=example,dc=com
+description: Hogwarts organization structure. Include all students, staff, t
+ eachers etc.
+
+dn: cn=Minister of magic,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: Minister of magic
+member: uid=nobody,ou=People,dc=example,dc=com
+member: uid=c.fudge,ou=People,dc=example,dc=com
+
+dn: cn=quiddich-griffindor,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: quiddich-griffindor
+member: uid=nobody,ou=People,dc=example,dc=com
+
+dn: cn=quiddich-ravenclaw,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: quiddich-ravenclaw
+member: uid=nobody,ou=People,dc=example,dc=com
+
+dn: cn=quiddich-slytherin,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: quiddich-slytherin
+member: uid=nobody,ou=People,dc=example,dc=com
+
+dn: cn=quiddich,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: quiddich
+member: uid=nobody,ou=People,dc=example,dc=com
+
+dn: cn=quiddich-hufflepuff,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+cn: quiddich-hufflepuff
+member: uid=nobody,ou=People,dc=example,dc=com
+
+dn: cn=herbologyTeacher,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: herbologyTeacher
+member: uid=nobody,dc=example,dc=com
+
+dn: cn=potionsTeacher,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: potionsTeacher
+member: uid=nobody,dc=example,dc=com
+
+dn: cn=defenceAgainstDarkArts,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: defenceAgainstDarkArts
+member: uid=nobody,dc=example,dc=com
+
+dn: cn=transfigurationTeacher,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: transfigurationTeacher
+member: uid=nobody,dc=example,dc=com
+
+dn: cn=duellingClassroomAccess,ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfNames
+cn: duellingClassroomAccess
+member: uid=nobody,dc=example,dc=com

samples/hogwarts/objects/accessCertificationDefinitions/access-certification-definition.xml

@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<accessCertificationDefinition
+        xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <name>User's assignemnts according to the manager</name>
+    <description>Certifies all users' assignments. Everything is certified by the administrator.</description>
+    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/certification/handlers-3#direct-assignment</handlerUri>
+    <stageDefinition>
+        <number>1</number>
+        <name>Manager's review</name>
+        <description>In this stage, the manager has to review all the assignments of users belonging to his org unit.</description>
+        <duration>P14D</duration>   <!-- 14 days -->
+        <notifyBeforeDeadline>PT48H</notifyBeforeDeadline> <!-- 48 hours -->
+        <notifyBeforeDeadline>PT12H</notifyBeforeDeadline>
+        <notifyOnlyWhenNoDecision>true</notifyOnlyWhenNoDecision>  <!-- this is the default -->
+        <reviewerSpecification>
+         <useObjectManager>
+            <allowSelf>false</allowSelf>
+         </useObjectManager>
+      </reviewerSpecification>
+        <timedActions>
+            <time>
+                <value>P7D</value>
+            </time>
+            <actions>
+                <escalate>
+                    <approverRef oid="00000000-0000-0000-0000-000000000002" type="UserType" />  <!-- administrator -->
+                    <delegationMethod>addAssignees</delegationMethod>
+                    <escalationLevelName>Level1</escalationLevelName>
+                </escalate>
+            </actions>
+        </timedActions>
+    </stageDefinition>
+    <scopeDefinition xsi:type="AccessCertificationAssignmentReviewScopeType">
+    <objectType>UserType</objectType>
+    <searchFilter>
+        <q:org>
+            <q:path>parentOrgRef</q:path>
+            <q:orgRef oid="00000000-0000-0org-0000-111111111111">      
+                <q:scope>SUBTREE</q:scope>
+            </q:orgRef>
+        </q:org>
+    </searchFilter>
+    <itemSelectionExpression>
+        <script>
+            <code>
+            	import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType
+
+            	log.info("####### assignment: " + assignment)
+            	if (assignment.targetRef.type.localPart.equals('RoleType')) {
+            		log.info("#### not a OrgType: " + assignment.targetRef.type.localPart)
+            		role = midpoint.resolveReferenceIfExists(assignment.targetRef)
+                	log.info("##### role: " + role)
+                	log.info("##### role type: " + role.roleType)
+                	return role != null &amp;&amp; role.requestable
+            	} 
+                org = midpoint.resolveReferenceIfExists(assignment.targetRef)
+                log.info("##### org: " + org)
+                log.info("##### org type: " + org.orgType)
+                return org != null &amp;&amp; org.orgType[0] == 'access' 
+
+            </code>
+        </script>
+    </itemSelectionExpression>
+    <includeRoles>true</includeRoles>
+    <includeOrgs>true</includeOrgs>
+    <includeResources>false</includeResources>
+</scopeDefinition>
+    <remediationDefinition>
+        <style>automated</style>
+    </remediationDefinition>
+</accessCertificationDefinition>

samples/hogwarts/objects/objectTemplates/object-template-create-org-struct.xml

@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2014 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<objectTemplate oid="10000000-0000-0000-0000-000000000231"
+   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+   xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+   xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+   xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
+   xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+   xmlns:ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext">
+    <name>Org Template</name>
+
+    <mapping>
+    	<name>Org-org mapping</name>
+    	<authoritative>true</authoritative>
+		<strength>strong</strength>
+    	<source>
+    		<path>identifier</path>
+    		<name>orgpath</name>
+    	</source>
+    	<source>
+    		<path>orgType</path>
+    	</source>
+    	<expression>
+    		<assignmentTargetSearch>
+            	<targetType>c:OrgType</targetType>
+        		<filter>
+					<q:equal>
+						<q:path>c:name</q:path>
+						<q:matching>polyStringNorm</q:matching>
+						<expression>
+							<script>
+								<code>
+									parent = orgpath?.tokenize('/').reverse()[0]
+									return parent
+								</code>
+							</script>
+						</expression>
+					</q:equal>
+				</filter>
+				<createOnDemand>true</createOnDemand>
+				<populateObject>
+					<populateItem>
+						<expression>
+							<script>
+								<code>
+									orgpath.tokenize('/').reverse()[0]
+								</code>
+							</script>
+						</expression>
+						<target>
+							<path>name</path>
+						</target>
+					</populateItem>
+					<populateItem>
+						<expression>
+							<value>access</value>
+						</expression>
+						<target>
+							<path>orgType</path>
+						</target>
+					</populateItem>
+					<populateItem>
+						<expression>
+							<script>
+								<code>
+									orgpath.tokenize('/').reverse()[1..-1].join('/').tokenize('/').reverse()[0..-1].join('/')
+								</code>
+							</script>
+						</expression>
+						<target>
+							<path>identifier</path>
+						</target>
+					</populateItem>
+					<populateItem>
+						<expression>
+							<assignmentTargetSearch>
+								<targetType>RoleType</targetType>
+								<oid>12345678-d34d-b33f-f00d-111111111222</oid>
+							</assignmentTargetSearch>
+						</expression>
+						<target>
+							<path>assignment</path>
+						</target>
+					</populateItem>
+				</populateObject>
+            </assignmentTargetSearch>    	
+    	</expression>
+    	<target>
+    		<path>assignment</path>
+    	</target>
+    	<condition>
+    		<script>
+    			<code>orgType != null &amp;&amp; orgType == 'access'</code>
+    		</script>
+    	</condition>
+    </mapping>
+
+
+  	<mapping>
+  		<name>Assign meta role</name>
+    	<authoritative>true</authoritative>
+		<strength>strong</strength>
+    	<expression>
+    		<assignmentTargetSearch>
+				<targetType>RoleType</targetType>
+				<oid>12345678-d34d-b33f-f00d-111111111222</oid>
+			</assignmentTargetSearch>
+		</expression>
+		<target>
+			<path>assignment</path>
+		</target>
+  	</mapping>
+
+</objectTemplate>