Reworked ldapGroups attribute to proper associations. Replaced assign…

…ment with inducement
Evolveum · Feb 19, 2015 · 7b51b06 · 7b51b06
1 parent 7737d92
commit 7b51b06
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 2 deletions.
diff --git a/samples/demo/opendj.xml b/samples/demo/opendj.xml
@@ -23,6 +23,7 @@
          xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
          xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
          xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
+         xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
          xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
 
 
@@ -436,6 +437,18 @@
 				</inbound>
 			</attribute>
 
+			<association>
+				<ref>ri:ldapGroups</ref>
+				<tolerant>true</tolerant>
+				<matchingRule>mr:stringIgnoreCase</matchingRule>
+				<displayName>Group Membership</displayName>
+				<kind>entitlement</kind>
+				<intent>group</intent>
+				<direction>objectToSubject</direction>
+				<associationAttribute>ri:uniqueMember</associationAttribute>
+				<valueAttribute>icfs:name</valueAttribute>
+				<explicitReferentialIntegrity>false</explicitReferentialIntegrity>
+			</association>
 			<protected>
                 <icfs:name>uid=idm,ou=Administrators,dc=example,dc=com</icfs:name>
             </protected>
@@ -468,6 +481,13 @@
                 </password>
             </credentials>
 		</objectType>
+			<objectType>
+				<displayName>Group</displayName>
+				<default>true</default>
+				<objectClass>ri:GroupObjectClass</objectClass>
+				<kind>entitlement</kind>
+				<intent>group</intent>
+</objectType>
 	</schemaHandling>
 
     <capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">

diff --git a/samples/demo/org.xml b/samples/demo/org.xml
@@ -70,7 +70,7 @@
 		<name>F0200</name>
 		<description>Everything that moves or otherwise.</description>
 		<parentOrgRef oid="c74a7d86-7798-11e2-964e-100000000000" type="c:OrgType"/>
-		<assignment>
+		<inducement>
 			<description>Access to engineering library</description>
 			<construction>
 		    		<resourceRef oid="12c78a70-76b7-11e2-9cb3-001e8c717e5b" type="c:ResourceType"/>
@@ -83,6 +83,7 @@
 		                    	</expression>
 		                    </outbound>
 		                </attribute>
+<!--
 				<attribute>
 		                    <ref>ri:ldapGroups</ref>
 		                    <outbound>
@@ -91,8 +92,30 @@
 		                    	</expression>
 		                    </outbound>
 		                </attribute>
+-->
+				<association>
+					<ref>ri:ldapGroups</ref>
+					<outbound>
+						<expression>
+							<associationTargetSearch>
+								<filter>
+									<q:equal>
+										<q:path>
+					declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
+					declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+					<!--attributes/icfs:name-->
+					attributes/ri:cn
+										</q:path>
+										<q:value>library</q:value>
+									</q:equal>
+								</filter>
+								<searchOnResource>true</searchOnResource>
+							</associationTargetSearch>
+						</expression>
+				</outbound>
+				</association>
 		    </construction>
-		</assignment>
+		</inducement>
 		<displayName>Department of Machines</displayName>
 		<identifier>0200</identifier>
 		<orgType>functional</orgType>

diff --git a/samples/demo/role-fte.xml b/samples/demo/role-fte.xml
@@ -17,6 +17,7 @@
 <role oid="abf3884a-7778-11e2-abb7-001e8c717e5b" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
 	xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
     <name>Full Time Employee</name>    
     <description>Basic role for full-time employee. It contains basic access rights that every employee should get automatically.</description>
@@ -40,6 +41,7 @@
     	<construction>
     		<!-- The c: prefix in type must be there due to a JAXB bug -->
     		<resourceRef oid="12c78a70-76b7-11e2-9cb3-001e8c717e5b" type="c:ResourceType"/>
+<!--
 		<attribute>
                     <ref>ri:ldapGroups</ref>
                     <outbound>
@@ -48,6 +50,29 @@
                     	</expression>
                     </outbound>
                 </attribute>
+-->
+				<association>
+					<ref>ri:ldapGroups</ref>
+					<outbound>
+						<expression>
+							<associationTargetSearch>
+								<filter>
+									<q:equal>
+										<q:path>
+					declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
+					declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
+					<!--attributes/icfs:name-->
+					attributes/ri:cn
+										</q:path>
+										<q:value>employees</q:value>
+									</q:equal>
+								</filter>
+								<searchOnResource>true</searchOnResource>
+							</associationTargetSearch>
+						</expression>
+				</outbound>
+				</association>
+
     	</construction>
     </inducement>
 </role>