Resource Wizard: Advanced Object Type Mappings

Last modified 10 Jun 2025 12:50 +02:00
Since 4.9
This functionality is available since version 4.9.
Table of Contents

This describes advanced object mapping configuration.

For basic options and a general description of mappings, refer to Resource Wizard: Object Type Mappings.

Advanced Inbound Mappings

step 2 mappings inbound
Figure 1. Table of inbound mappings

In addition to the basic inbound mapping settings, you can use a more advanced configuration:

  1. Go to  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings.

  2. For an existing inbound mapping, click  Edit, and configure:

    • Strength: Defines how aggressively the mapping is applied:

      • Strong: Always enforces source values. For single-value attributes, the source value replaces the target value, while for multi-value attributes, source values are added to target values.

      • Normal: Applies source values only if they have changed (not during reconciliation). If the target was modified manually, then the source value does not overwrite the target value.

      • Weak: Applies the source value only if the target has no value.

    • Use for: Defines operations in which the mapping is applied. This enables you to define different mappings for different contexts. For example, when fetching user numbers from a resource, you may want to match them exactly during correlation, however, during synchronization, you may want to normalize them (e.g. strip prefixes).

    • Source: Defines a midPoint property that is used as input for the mapping. This complements the source property defined in From resource attribute, and provides you with more room for writing custom scripts by extending the range of usable objects also to midPoint properties.

    • Condition: Enables you to control the mapping usage dynamically with a custom script in which you can define a specific condition. The mapping is used if the condition evaluates to true. For example, you may want to apply your mapping only if a user has a specific role or status.

  3. Click Next: Optional and configure:

    • Authoritative: Controls how mapping treats changes in source values:

      • True: Always updates the target values with the source values, if they are different. This is typically used when there is only one source and you want your target values to always be up-to-date.

      • False: Does not update non-empty target values when source values change. Use this option if you have multiple sources, or if you want to retain custom changes of your target values.

    • Exclusive: Defines how many mappings a target property can have:

      • True: Treats the mapping as exclusive to the selected target property. Using the same target property in a different mapping would trigger an error.

      • False: Enables you to use the selected target property also in other mappings (default).

    • Channel: Limits the mapping to a specific channel in which it is applied. If no channels are entered, the mapping is applied for all channels.

    • Except channel: Defines a channel to which the mapping is not applied.

  4. Click  Done to save the changes.

The Undefined option that is available in various settings applies the default defined in the Resource Schema XSD.

Advanced Outbound Mappings

To set up your outbound mappings, go to  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings >  Outbound mappings (to Resource).

The available settings are the same as for inbound mappings. The difference is that while inbound mappings control data transfer between source systems and midPoint, outbound mappings control data transfer from midPoint to target systems, such as LDAP.

Advanced Attribute Override

In addition to the standard attribute override settings, you can use a more advanced configuration:

  1. Go to  Resources >  All resources > your_resource >  Accounts >  Configure >  Mappings.

  2. Select  Inbound mappings (to midPoint) or  Outbound mappings (to Resource).

  3. Click Attribute overrides.

  4. For an existing override, click  Edit.

  5. On the Main configuration page, configure:

    • Help: Defines the help text displayed via a tooltip icon whenever the attribute appears in midPoint, such as the user details screen for standard attributes like given name.

    • Exclusive strong: Defines how multi-value attributes are treated in the mapping.

      • True: If the attribute contains at least one strong value, only strong values are used. If there are no strong values, normal values are used.

      • False: Both strong and normal values are merged to produce the final set of values.

    • Read replace mode: Helps you workaround the connector behavior in case the add, delete, and replace operations are processed in a non-standard manner. For example, when a connector treats a replace operation as a merge operation instead, i.e. when it adds a new value but does not remove the old value.

      • True: Modifications to the attribute are executed only as a REPLACE operation. This means that if an ADD or DELETE VALUE operation is requested, midPoint fetches the object state, computes the expected result, and writes it to the resource object using a REPLACE VALUE operation.

      • False: The REPLACE operation is not forced.

    • Fetch strategy: Defines when and how midPoint fetches the attribute:

      • Implicit: MidPoint expects that the attribute is implicitly returned by the connector in each fetch request (default).

      • Explicit: MidPoint requests the attribute in each fetch request. Use this for attributes that the connector does not return by default but which you want to see in midPoint.

      • Minimal: Fetches the attribute only if it is necessary. Use this for values that may cause performance overhead, such as lists of members of large groups, or large binary attributes.

    • Matching rule: Selects a matching rule that compares attribute values. As the default matching rule is a case-sensitive literal comparison, this can be used to prevent unnecessary updating of values in resources that are case-insensitive. For example, as email addresses are often used as case-insensitive, you can use this option to treat email addresses from your input, where they are case-sensitive, as case-insensitive.

    • Volatility incoming operation: Defines for which operation (Add, Modify, or Delete) the attribute can change in midPoint without an explicit request from midPoint. Changes like these occur when the configured attribute depends on a different attribute. For example, if you construct email addresses from user names in midPoint, you can use this option to tell midPoint to expect a change in the email address attribute when a user name changes.

    • Volatility outgoing operation: Defines for which operation (Add, Modify, or Delete) a change in a midPoint attribute can cause a change in an attribute outside of midPoint.

  6. Click Next: Limitations, and on the Limitations page configure:

    • Read/Add/Modify: When set to False, disables the respective operation for the attribute. You can use these restrictions for example to prevent data corruption when working with a resource that may contain invalid data. By default (Undefined), these operations are allowed.

    • Min/Max occurs: Defines if the attribute is mandatory, and if it is single/multi-valued by overriding the resource schema definition of minOccurs and maxOccurs.

    • Processing: Specifies the depth of processing:

      • Ignore: The attribute is not processed at all.

      • Minimal: The attribute basic data structure is maintained and the attribute values can be logged. You can process the attribute and the underlying data structure using a custom code. However, all built-in automatic processing, presentation, transformation, or any similar processing is skipped.

  7. Click  Done to save the configuration.

The Undefined option that is available in various settings applies the default defined in the Resource Schema XSD.
Was this page helpful?
YES NO
Thanks for your feedback