{"id":457446,"date":"2025-04-25T21:00:54","date_gmt":"2025-04-25T21:00:54","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=457446"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=457446","title":{"rendered":"<span>\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 \u0421\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a-\u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e-\u041d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u044c \u0432 IDM Midpoint part 2<\/span>"},"content":{"rendered":"<div><!--[--><!--]--><\/div>\n<div id=\"post-content-body\">\n<div>\n<div class=\"article-formatted-body article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<p>\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438  \u0421\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a-\u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e-\u041d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u044c \u0432 IDM Midpoint. \u0412 \u043f\u0435\u0440\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043c\u044b \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b\u0438 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043f\u0443\u0442\u0438 \u0435\u0451 \u043f\u0435\u0440\u0435\u0442\u0435\u043a\u0430\u043d\u0438\u044f \u0438\u0437 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430 \u0432 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0438\u0437 \u043a\u0430\u0434\u0440\u043e\u0432\u043e\u0433\u043e \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430. \u0422\u0435\u043f\u0435\u0440\u044c \u0431\u0443\u0434\u0435\u043c \u0434\u0435\u043b\u0430\u0442\u044c \u0442\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u0441 \u0440\u043e\u043b\u044f\u043c\u0438. \u041d\u0430\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0435\u0449\u0435 \u0434\u0432\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438  Forward \u0440\u043e\u043b\u0438 \u0438 nickName \u043a\u0430\u043a \u0440\u043e\u043b\u044c.<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/aaf\/638\/2ef\/aaf6382ef2ec05e94aa6dfaa8edc9004.png\" width=\"1375\" height=\"1329\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/aaf\/638\/2ef\/aaf6382ef2ec05e94aa6dfaa8edc9004.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/aaf\/638\/2ef\/aaf6382ef2ec05e94aa6dfaa8edc9004.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0427\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 \u043a\u043e\u043d\u0446\u0435: \u0412\u044b\u0434\u0430\u0447\u0430 \u0440\u043e\u043b\u0435\u0439 \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u0412\u044b\u0434\u0430\u0447\u0430 \u0443\u0447\u0435\u0442\u043e\u043a AD \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u041e\u0442\u0431\u043e\u0440 AD \u0433\u0440\u0443\u043f\u043f \u043f\u0440\u0438\u0448\u0435\u0434\u0448\u0438\u0445 \u0432 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0442 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438 \u0432\u044b\u0434\u0430\u0447\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e AD \u0443\u0447\u0435\u0442\u043a\u0438. \u0420\u043e\u043b\u044c \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u043b\u043e\u0433\u0438\u043d \u0438 \u0440\u0430\u0437\u0434\u0430\u044e\u0449\u0430\u044f \u0435\u0433\u043e \u0432\u0441\u0435\u043c \u0443\u0447\u0435\u0442\u043a\u0430\u043c.<\/p>\n<p><strong>\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f  Forward \u0440\u043e\u043b\u0438<\/strong><\/p>\n<p>\u0412  Midpoint \u0432\u0448\u0438\u0442\u044b \u0438 \u043c\u0430\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c\u044b, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u044f\u0437\u0430\u043d\u044b \u043a \u043e\u0434\u043d\u043e\u043c\u0443 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0443, \u043d\u043e \u0446\u0435\u043d\u043d\u044b \u043a\u0430\u043a \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0442\u0438\u043f\u044b \u0440\u043e\u043b\u0435\u0439:<\/p>\n<ul>\n<li>\n<p>\u0411\u0438\u0437\u043d\u0435\u0441 \u0440\u043e\u043b\u044c &#8212; \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0440\u043e\u043b\u0438 &#8212; \u0432\u044b\u0434\u0430\u044e\u0442 \u0447\u0442\u043e-\u0442\u043e \u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u0435<\/p>\n<\/li>\n<\/ul>\n<p>\u0412 Midpoint \u0432 GUI \u043e\u043d\u0438 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0438 \u0440\u0430\u0441\u043a\u0440\u0430\u0448\u0435\u043d\u044b &#8212; \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u043e \u043a\u0430\u043a \u0442\u0438\u043f-\u043f\u043e\u0434\u0445\u043e\u0434-\u0444\u043e\u0440\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u043a\u0443 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c! \u041d\u0430\u043c \u043d\u0443\u0436\u0435\u043d \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u0442\u0438\u043f Forward \u0440\u043e\u043b\u0438, \u043e\u043d\u0438 \u043f\u043e \u0430\u043d\u0430\u043b\u043e\u0433\u0438 \u0441 Forward Contract \u0438\u0437 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0441\u0444\u0435\u0440\u044b, \u0431\u0443\u0434\u0443\u0442 \u043d\u0430\u043c \u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0442\u0435\u0445 \u0440\u043e\u043b\u0435\u0439 \u043a\u043e\u0442\u043e\u0440\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0438. \u0422\u0430\u043a\u043e\u0439 \u0437\u0430\u044f\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u043e\u0440\u043c\u0430\u0442 \u043f\u0440\u0430\u0432 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u043c \u0438\u0445 \u043f\u0440\u0438\u0432\u044f\u0437\u0430\u0442\u044c \u043a \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0442\u044c \u0438\u0445 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0441\u0447\u0435\u0437\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u043d\u044b\u0445.<\/p>\n<p>\u0418 \u0442\u043e\u0433\u0434\u0430 \u043f\u043e \u0442\u0438\u043f\u0430\u043c \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0443\u0442 \u0442\u0430\u043a\u0438\u0435 \u0440\u043e\u043b\u0438:<\/p>\n<ul>\n<li>\n<p>\u0411\u0438\u0437\u043d\u0435\u0441 \u0440\u043e\u043b\u044c &#8212; \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439 \u0438\u043b\u0438 Forward \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>Forward \u0440\u043e\u043b\u0438 &#8212; \u043f\u0438\u0448\u0443\u0442 \u0432 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044f \u0447\u0442\u043e \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0440\u043e\u043b\u0438 &#8212; \u0432\u044b\u0434\u0430\u044e\u0442 \u0447\u0442\u043e-\u0442\u043e \u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u0435<\/p>\n<\/li>\n<\/ul>\n<p>\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0434\u043b\u044f MS AD group \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0432\u0435 \u0440\u043e\u043b\u0438 \u0438 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0438 Forward. Forward \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a, \u0430 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0435\u0433\u043e \u0410\u043a\u043a\u0430\u0443\u043d\u0442 \u043a\u0430\u043a User.  <\/p>\n<p>\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0434\u043e\u0431\u0430\u0432\u0438\u043c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u0432 Midpoint. \u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e \u0432 \u043f\u0430\u043f\u043a\u0443 \/opt\/midpoint\/var\/schema \u0444\u0430\u0439\u043b employment_part2.xsd<\/p>\n<pre><code class=\"xml\">&lt;xsd:schema elementFormDefault=\"qualified\" targetNamespace=\"http:\/\/example.com\/xml\/ns\/mySchema\"   xmlns:tns=\"http:\/\/example.com\/xml\/ns\/mySchema\"   xmlns:a=\"http:\/\/prism.evolveum.com\/xml\/ns\/public\/annotation-3\"   xmlns:c=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/common-3\"   xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\"&gt;   &lt;xsd:complexType name=\"RoleExtensionType\"&gt;     &lt;xsd:annotation&gt;       &lt;xsd:appinfo&gt;         &lt;a:extension ref=\"c:RoleType\"\/&gt;       &lt;\/xsd:appinfo&gt;     &lt;\/xsd:annotation&gt;     &lt;xsd:sequence&gt;       &lt;xsd:element name=\"role_purpose_type\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Purpose type&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;156&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"role_root_system\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Root system&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;156&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_forward_roles\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Users Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;138&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_forward_roles_inherited\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Users Inherited Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;139&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_account_number\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Account Number&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;148&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;     &lt;\/xsd:sequence&gt;   &lt;\/xsd:complexType&gt;     &lt;xsd:complexType name=\"UserExtensionType\"&gt;     &lt;xsd:annotation&gt;       &lt;xsd:appinfo&gt;         &lt;a:extension ref=\"c:UserType\"\/&gt;       &lt;\/xsd:appinfo&gt;     &lt;\/xsd:annotation&gt;     &lt;xsd:sequence&gt;       &lt;xsd:element name=\"person_forward_roles\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;138&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"person_forward_roles_inherited\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Inherited Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;139&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"person_account_number\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Account Number&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;148&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;     &lt;\/xsd:sequence&gt;   &lt;\/xsd:complexType&gt; &lt;\/xsd:schema&gt;<\/code><\/pre>\n<p>\u041f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Midpoint<\/p>\n<p>\u0418 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443 \u043d\u0430\u0441 \u0432 \/opt\/midpoint\/var\/info\/POC_EMPLOYMENT_DATA.csv<\/p>\n<p>\u0442\u0430\u043a\u0438\u0435<\/p>\n<pre><code>number_poce;type_poce;main_id;parent_id;members_poce;member_of_poce;name_poce;grade_poce;title_poce;department_poce;subordinate_to_poce;status_poce;info_01;info_02;info_03 1;user;600667;;;EMP002001,EMP002002;;;;;;active;;; 2;employment;EMP002001;EMP001001;600667;POS100995,POS100996,POS000101,POS100108,POS100171,POS100345;;;\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0435;;;active;;; 3;employment;EMP002002;EMP001002;600667;POS000125,POS000124;;;\u0421\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e;;;disabled;;; 4;position;POS000101;EMP002001;;;;;\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440;;600110;active;;; 5;position;POS000125;EMP002002;;;;;\u0423\u0431\u043e\u0440\u0449\u0438\u043a;;;disabled;;; 6;position;POS000124;EMP002002;;;;;\u0413\u0440\u0443\u0437\u0447\u0438\u043a;;;disabled;;; 7;position;POS100108;EMP002001;;;;;\u041f\u0440\u0438\u043d\u0435\u0441\u0438 \u0432\u043e\u0434\u044b;;;disabled;;; 8;position;POS100171;EMP002001;;;;;\u041a\u0443\u0440\u044c\u0435\u0440;;;active;;; 9;position;POS100345;EMP002001;;;;;\u0421\u0431\u043e\u0440\u0449\u0438\u043a \u043c\u0435\u0431\u0435\u043b\u0438;;;active;;; 10;position;POS100995;EMP002001;;;;;\u0411\u0443\u0445\u0433\u0430\u043b\u0442\u0435\u0440;;;active;;; 11;position;POS100996;EMP002001;;;;;\u041a\u0430\u0441\u0441\u0438\u0440;;;disabled;;; 12;employment;EMP002003;EMP001001;600110;POS100885,POS100886;;;\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0435;;;active;;; 13;user;600110;;;EMP002003;;;;;;active;;; 14;position;POS100885;EMP002003;;;;;\u0411\u0438\u0433 \u0411\u043e\u0441\u0441;;;active;;; 15;position;POS100886;EMP002003;;;;;\u041a\u0430\u0441\u0441\u0438\u0440;;;active;;;<\/code><\/pre>\n<p>\u041d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e Forward \u0440\u043e\u043b\u044c \u0431\u0443\u0434\u0443\u0442 \u043d\u0430\u0432\u0435\u0448\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043a\u0430\u043a \u043e\u043d\u0430 \u0441\u0435\u0431\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u0435\u0441\u0442\u0438 &#8212; \u043a\u043e\u043c\u0443 \u043e\u0442\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043f\u0438\u0441\u0430\u0442\u044c.<\/p>\n<p>\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u044d\u0442\u0438 \u0440\u043e\u043b\u0438<\/p>\n<p>\u0412 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role for Employment  in EMP01001 Company<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have same Company&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"3\"&gt;                     &lt;targetRef oid=\"e23bf649-5d84-440f-9993-818b4960bfcf\" relation=\"org:default\" type=\"c:RoleType\"&gt;                         &lt;!-- EMP001001 --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Send ERROR&lt;\/name&gt;                 &lt;\/enforcement&gt;             &lt;\/policyActions&gt;             &lt;evaluationTarget&gt;assignment&lt;\/evaluationTarget&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u041f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u044b\u0431\u043e\u0440 \u0435\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u043b\u0438 \u0432\u044b\u0434\u0430\u0451\u0442\u0441\u044f Forward \u0440\u043e\u043b\u044c \u0442\u0440\u0443\u0434\u043e\u0443\u0442\u0441\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0443 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0435\u0442 \u0440\u043e\u043b\u0438 \u043a\u0430\u0440\u0442\u043e\u0447\u043a\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.<\/p>\n<p>\u0427\u0442\u043e\u0431\u044b \u044d\u0442\u0430 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0432\u0441\u0435\u043c \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c-\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f\u043c \u0432\u044b\u0434\u0430\u0442\u044c \u0440\u043e\u043b\u044c \u0438\u0437 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.<\/p>\n<p>\u0412 Configuration\\Object Template\\ \u0434\u043e\u0431\u0430\u0432\u044f\u043b\u0435\u043c \u0432 POCE Position User Object Template \u0438 \u0432 POCE Employment User Object Template<\/p>\n<p>\u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;item id=\"3\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment to Organization Role&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;source&gt;                 &lt;path&gt;organization&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;identifier = $organization and archetypeRef matches (oid = \"f44dc355-31d3-499b-9854-e0ae277a60dc\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p>\u0417\u0434\u0435\u0441\u044c \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0447\u0442\u043e \u0443 \u043d\u0430\u0441 \u0432  assignmentTargetSearch \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0430 \u0440\u043e\u043b\u0435\u0439 \u043a\u0430\u0440\u0442\u043e\u0447\u0435\u043a \u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e, \u0440\u0430\u043d\u0435\u0435 \u044f \u043f\u0440\u043e\u0441\u0442\u043e \u0438\u0441\u043a\u0430\u043b \u043f\u043e identifier \u0432 \u043d\u0430\u0434\u0435\u0436\u0434\u0435 \u0447\u0442\u043e \u043e\u043d \u0443\u043d\u0438\u043a\u0430\u043b\u0435\u043d, \u0445\u043e\u0442\u044f \u043e\u043d \u043d\u0435 name \u0438 \u043d\u0435 \u043e\u0431\u044f\u0437\u0430\u043d.<\/p>\n<p>\u0414\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0443\u0436\u043d\u0430 \u0442\u0430\u043a\u0430\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u0432 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role for Employment  in EMP01002 Company<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have same Company&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"3\"&gt;                     &lt;targetRef oid=\"9fad33eb-d7cb-4aea-a828-835665d6ce9b\" relation=\"org:default\" type=\"c:RoleType\"&gt;                         &lt;!-- EMP001002 --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Enf&lt;\/name&gt;                 &lt;\/enforcement&gt;             &lt;\/policyActions&gt;             &lt;evaluationTarget&gt;assignment&lt;\/evaluationTarget&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0422\u0430\u043a \u0436\u0435 \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0443\u0442 \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044e\u0449\u0438\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0430\u0442\u044c \u0440\u043e\u043b\u044c \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043d\u0430\u0431\u043e\u043e\u0440\u043e\u0442.<\/p>\n<p>\u0412 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role only for Position User<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434  <\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"30\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have archetype POCE Position User ArcgeType&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"31\"&gt;                     &lt;targetRef oid=\"0d1b1269-0011-49e6-b9f1-e62e7827dfed\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                         &lt;!-- POCE Position User ArcheType --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Enf&lt;\/name&gt;                 &lt;\/enforcement&gt;             &lt;\/policyActions&gt;             &lt;evaluationTarget&gt;assignment&lt;\/evaluationTarget&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>oid \u0443 \u0432\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u0434\u0440\u0443\u0433\u043e\u0439, \u0434\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Midpoint oid`\u044b \u0441\u0432\u043e\u0438<\/p>\n<p>\u0412 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role only for Employment User<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434  <\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have archetype POCE Employment User ArcgeType&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"3\"&gt;                     &lt;targetRef oid=\"441f8e23-33cd-41f2-bbb6-beea20feeaee\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                         &lt;!-- POCE Employment User ArcheType --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Enf&lt;\/name&gt;                 &lt;\/enforcement&gt;             &lt;\/policyActions&gt;             &lt;evaluationTarget&gt;assignment&lt;\/evaluationTarget&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0422\u0430\u043a \u0436\u0435 \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u0430\u044f \u0440\u043e\u043b\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u0443\u0434\u0435\u0442 \u043f\u0438\u0441\u0430\u0442\u044c \u0432 User \u043a\u0430\u043a\u0430\u044f \u0440\u043e\u043b\u044c \u0443 \u043d\u0435\u0433\u043e \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c<\/p>\n<p>\u0412 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE POLICY: identifier from Forward Role to User Forward Roles List<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434  <\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"3\"&gt;         &lt;identifier&gt;write to User from Role&lt;\/identifier&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"4\"&gt;                 &lt;name&gt;01 some&lt;\/name&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;source&gt;                     &lt;path&gt;name&lt;\/path&gt;                 &lt;\/source&gt;                 &lt;source&gt;                     &lt;path&gt;extension\/person_account_number&lt;\/path&gt;                 &lt;\/source&gt;                 &lt;source&gt;                     &lt;path&gt;extension\/person_employment_parent&lt;\/path&gt;                 &lt;\/source&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;code&gt;import com.evolveum.midpoint.xml.ns._public.common.common_3.* forward_role = midpoint.getObject(RoleType.class, assignmentPath[0].target.oid) return ( basic.stringify(basic.getExtensionPropertyValue(forward_role, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"role_root_system\"))   + \"|\" + basic.stringify(basic.getExtensionPropertyValue(forward_role, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"user_employment_parent\"))   + \"|\" +   basic.stringify(assignmentPath[0].target.identifier + \"|\" + name + \"|\" + person_employment_parent + \"|\" + person_account_number))&lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;$user\/extension\/person_forward_roles&lt;\/path&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;         &lt;focusType&gt;c:UserType&lt;\/focusType&gt;         &lt;condition&gt;             &lt;source&gt;                 &lt;path&gt;$user\/activation\/administrativeStatus&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;script&gt;                     &lt;code&gt;                         if (basic.stringify(administrativeStatus) == \"DISABLED\") {return false} else {return true} &lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/expression&gt;         &lt;\/condition&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0422\u0443\u0442 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0443\u0441\u043b\u043e\u0432\u0438\u0435 \u0447\u0442\u043e \u043f\u0438\u0448\u0435\u043c \u0435\u0441\u043b\u0438 User \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e-\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0435 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d, \u044d\u0442\u043e \u0441\u0440\u0430\u0437\u0443(\u043f\u0440\u0438 \u0440\u0435\u043a\u043e\u043d\u0441\u0438\u043b\u044f\u0446\u0438\u0438) \u043e\u0442\u0431\u0438\u0440\u0430\u0435\u0442 \u0440\u043e\u043b\u044c \u0435\u0441\u043b\u0438 \u0432 \u043a\u0430\u0434\u0440\u043e\u0432\u043e\u043c \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0432\u0434\u0440\u0443\u0433 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043e.<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0410\u0440\u0445\u0435\u0442\u0438\u043f \u043f\u043e\u0434 Forward \u0440\u043e\u043b\u0438<\/p>\n<p>\u0412 Configuration\\ArchyTypes \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0430\u0440\u0445\u0435\u0442\u0438\u043f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Forward Role ArcheType<\/p>\n<p>\u0432 \u043d\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;assignment id=\"1\"&gt;         &lt;identifier&gt;holderType&lt;\/identifier&gt;         &lt;activation&gt;             &lt;effectiveStatus&gt;enabled&lt;\/effectiveStatus&gt;         &lt;\/activation&gt;         &lt;assignmentRelation id=\"2\"&gt;             &lt;holderType&gt;RoleType&lt;\/holderType&gt;         &lt;\/assignmentRelation&gt;     &lt;\/assignment&gt; ... &lt;archetypePolicy&gt;         &lt;display&gt;             &lt;icon&gt;                 &lt;cssClass&gt;fa fa-clipboard-check&lt;\/cssClass&gt;                 &lt;color&gt;#d88222&lt;\/color&gt;             &lt;\/icon&gt;         &lt;\/display&gt; ...     &lt;\/archetypePolicy&gt; &lt;\/archetype&gt;<\/code><\/pre>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template \u0434\u043b\u044f \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0430 POCE Forward Role ArcheType<\/p>\n<p>\u0412 Configuration\\Object Template\\  \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c POCE Forward Role Object Template<\/p>\n<p>\u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;item id=\"13\"&gt;         &lt;ref&gt;inducement&lt;\/ref&gt;         &lt;displayName&gt;Auto inducement to POCE: identifier from Forward Role to User Forward Roles List&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:role_root_system&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;d7763c65-c038-432f-9a12-01d99d0f38ce&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;                                          if (role_root_system) {return true} else{return false}  &lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"14\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment to POCE Policy: Forward Role only for Position User&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:role_purpose_type&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;1a4b2799-1357-4e23-bbbf-ab8031de889f&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;if (role_purpose_type == \"Position\") {return true} else{return false}&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"15\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment to POCE Policy: Forward Role only for Employment User&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:role_purpose_type&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;971c7f3e-4c00-4ba4-ad66-27aca05f742f&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;if (role_purpose_type == \"Employment\") {return true} else{return false}&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"16\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment to POCE Policy: Forward Role for Employment in EMP01001 Company&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:user_employment_parent&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;8e4b4ea4-22b7-4b09-98ce-aa8fd5ace849&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;if (user_employment_parent == \"EMP001001\") {return true} else{return false}&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"17\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment to POCE Policy: Forward Role for Employment in EMP01002 Company&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:user_employment_parent&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;047dcf56-3555-4940-aac4-50b15b9071a3&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;if (user_employment_parent == \"EMP001002\") {return true} else{return false}&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p> oid \u043c\u0435\u043d\u044f\u0442\u0435 \u043d\u0430 \u0441\u0432\u043e\u0438<\/p>\n<p>\u0422\u0443\u0442 \u043f\u0440\u044f\u043c\u043e\u043b\u0438\u043d\u0435\u0439\u043d\u043e \u0440\u0430\u0441\u043f\u0438\u0441\u0430\u043d\u043e \u0447\u0442\u043e \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0430\u0442\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 Forward \u0440\u043e\u043b\u0438<\/p>\n<p>\u0423\u0442\u044b\u043a\u0430\u0435\u043c \u044d\u0442\u043e\u0442 Object Template \u0432  \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Forward Role ArcheType\u0432 AcrheType Policy\\ArcheType Policy<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441 \u043d\u0430 \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u0435 ConnId com.evolveum.polygon.connector.ldap.LdapConnector v3.8 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c Windows MS AD OOO ODIN Forward Roles \u044f \u0435\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u0443\u044e \u0438\u0437 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e  Windows MS AD OOO ODIN \u0442\u0443\u0442 \u043d\u0443\u0436\u043d\u044b \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f, \u0432\u0441\u0435 Schema Handler \u0443\u0434\u0430\u043b\u044f\u0435\u043c<\/p>\n<p>\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0432\u043e\u0439 Schema Handler<\/p>\n<pre><code class=\"xml\">&lt;schemaHandling&gt;                &lt;objectType id=\"6\"&gt;             &lt;kind&gt;entitlement&lt;\/kind&gt;             &lt;intent&gt;innie MS AD OOO ODIN Groups to Forward Roles&lt;\/intent&gt;             &lt;displayName&gt;MS AD OOO ODIN Groups to Forward Roles&lt;\/displayName&gt;             &lt;delineation&gt;                 &lt;objectClass&gt;ri:group&lt;\/objectClass&gt;             &lt;\/delineation&gt;             &lt;focus&gt;                 &lt;type&gt;c:RoleType&lt;\/type&gt;                 &lt;archetypeRef oid=\"b527aa8f-9097-45d7-94c9-8c2d79e53832\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                     &lt;!-- POCE Forward Role ArcheType --&gt;                 &lt;\/archetypeRef&gt;             &lt;\/focus&gt;             &lt;attribute id=\"8\"&gt;                 &lt;ref&gt;ri:cn&lt;\/ref&gt;                 &lt;inbound id=\"9\"&gt;                     &lt;name&gt;01 name&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;\"OOO ODIN FR:\" + basic.stringify(input)&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;name&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;                 &lt;inbound id=\"14\"&gt;                     &lt;name&gt;03 system type&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return \"MSAD\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;extension\/role_root_system&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;                 &lt;inbound id=\"15\"&gt;                     &lt;name&gt;04 purpose Position or Employment&lt;\/name&gt;                     &lt;strength&gt;weak&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return \"Position\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;extension\/role_purpose_type&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;                 &lt;inbound id=\"16\"&gt;                     &lt;name&gt;05 root company&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return \"EMP001001\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;extension\/user_employment_parent&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;                 &lt;inbound id=\"30\"&gt;                     &lt;name&gt;06&lt;\/name&gt;                     &lt;strength&gt;weak&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return \"5\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;riskLevel&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"11\"&gt;                 &lt;ref&gt;ri:distinguishedName&lt;\/ref&gt;                 &lt;inbound id=\"12\"&gt;                     &lt;name&gt;02&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;target&gt;                         &lt;path&gt;identifier&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;correlation&gt;                 &lt;correlators&gt;                     &lt;items id=\"26\"&gt;                         &lt;item id=\"27\"&gt;                             &lt;ref&gt;identifier&lt;\/ref&gt;                         &lt;\/item&gt;                     &lt;\/items&gt;                 &lt;\/correlators&gt;             &lt;\/correlation&gt;             &lt;synchronization&gt;                 &lt;reaction id=\"19\"&gt;                     &lt;situation&gt;unmatched&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;addFocus id=\"20\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;                 &lt;reaction id=\"21\"&gt;                     &lt;situation&gt;linked&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;synchronize id=\"22\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;                 &lt;reaction id=\"23\"&gt;                     &lt;situation&gt;unlinked&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;link id=\"32\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;             &lt;\/synchronization&gt;         &lt;\/objectType&gt;         &lt;\/objectType&gt;     &lt;\/schemaHandling&gt; ... &lt;\/resource&gt;<\/code><\/pre>\n<p>\u0422\u0430\u043a \u043a\u0430\u043a \u043c\u044b \u0437\u043d\u0430\u0435\u043c \u0447\u0442\u043e \u044d\u0442\u0438 Forward \u0440\u043e\u043b\u0438 \u043e\u0442 \u043a\u043e\u043c\u0430\u043f\u043d\u0438\u0438 OOO ODIN \u043f\u0440\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u0441\u0440\u0430\u0437\u0443 \u043a\u0430\u043a \u0437\u0430\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0430\u0442\u0440\u0438\u0431\u0443\u0442  extension\/user_employment_parent. \u0410 \u0442\u0430\u043a \u0436\u0435 \u0437\u0430\u043f\u043e\u043b\u043d\u044f\u0435\u043c  riskLevel \u0438  extension\/role_purpose_type \u043d\u043e \u043c\u0430\u043f\u043f\u0438\u043d\u0433 \u0434\u0435\u043b\u0430\u0435\u043c weak \u0447\u0442\u043e\u0431\u044b \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0432 Midpoint \u0438\u0445 \u043c\u0435\u043d\u044f\u0442\u044c(\u0443\u0442\u043e\u0447\u043d\u044f\u0442\u044c).<\/p>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0440\u0435\u043a\u043e\u043d\u0441\u0438\u043b\u044f\u0446\u0438\u044e \u043d\u0430\u0448\u0435\u0433\u043e Scheme Handler \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u043a\u0443\u0447\u0443 Forward \u0440\u043e\u043b\u0435\u0439<\/p>\n<p>\u0412\u043e\u0442 \u0442\u0430\u043a \u043e\u043d\u0438 \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u044b<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c07\/571\/82f\/c0757182f8d5ef0f04a17da7108bfe2a.png\" width=\"1375\" height=\"946\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/c07\/571\/82f\/c0757182f8d5ef0f04a17da7108bfe2a.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/c07\/571\/82f\/c0757182f8d5ef0f04a17da7108bfe2a.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412 Forward \u0440\u043e\u043b\u0438 \u0432 Assignment \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438&#8230;<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3c5\/e86\/e2b\/3c5e86e2b2139f0a01903c148ccc7f64.png\" width=\"1375\" height=\"628\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/3c5\/e86\/e2b\/3c5e86e2b2139f0a01903c148ccc7f64.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/3c5\/e86\/e2b\/3c5e86e2b2139f0a01903c148ccc7f64.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0410 \u0432 Inducement \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043d\u0430 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u0438 Forward \u0440\u043e\u043b\u0438!<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/95d\/54e\/fcc\/95d54efccb7b7c98997007bb8fdb7f10.png\" width=\"1375\" height=\"704\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/95d\/54e\/fcc\/95d54efccb7b7c98997007bb8fdb7f10.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/95d\/54e\/fcc\/95d54efccb7b7c98997007bb8fdb7f10.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u041d\u0430\u043a\u0438\u0434\u0430\u0435\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e Forward \u0440\u043e\u043b\u0435\u0439<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ba9\/77a\/c05\/ba977ac054a74c3e256dc5fda106bf05.png\" width=\"1834\" height=\"1311\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/ba9\/77a\/c05\/ba977ac054a74c3e256dc5fda106bf05.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ba9\/77a\/c05\/ba977ac054a74c3e256dc5fda106bf05.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0417\u0430\u043f\u043e\u043b\u043d\u0438\u043b\u0441\u044f \u0441\u043f\u0438\u0441\u043e\u043a Forward Roles, \u0432 \u0441\u0442\u0440\u043e\u043a\u0435 \u0432\u0441\u044f \u043d\u0443\u0436\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f, \u0441 \u043d\u0435\u0439 \u0438 \u0431\u0443\u0434\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u044c\u0448\u0435!<\/p>\n<p>\u042d\u0442\u043e\u0442 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430\u043c \u043d\u0430\u0434\u043e \u0432\u0442\u0430\u0449\u0438\u0442\u044c \u0432 \u0440\u043e\u043b\u0438 \u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u041d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u044c &#8212; \u043d\u0430\u0434\u043e \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0445\u0435\u043c\u0443 \u0438\u0437 \u043f\u0435\u0440\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u0438!<\/p>\n<p>\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Employment Role ArcheType<\/p>\n<p>\u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"1226\"&gt;         &lt;lifecycleState&gt;active&lt;\/lifecycleState&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"7\"&gt;                 &lt;documentation&gt;get Forward Roles from user employment&lt;\/documentation&gt;                 &lt;authoritative&gt;true&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                         &lt;code&gt; linkedDATA = midpoint.findLinkedSource('From role to Employment User') if (basic.isEmpty(linkedDATA)) {return \"NO CONNECTION\"}              else                { return basic.getExtensionPropertyValues(linkedDATA, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"person_forward_roles\") }                         &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;$focus\/extension\/user_forward_roles&lt;\/path&gt;                     &lt;set&gt;                         &lt;predefined&gt;all&lt;\/predefined&gt;                     &lt;\/set&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0410 \u0432 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Employment User ArcheType<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"1222\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Recompute Employment Role on Employment User Forward Roles change&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;or id=\"13\"&gt;                     &lt;modification id=\"14\"&gt;                         &lt;item xmlns:gen604=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen604:person_forward_roles&lt;\/item&gt;                     &lt;\/modification&gt;                 &lt;\/or&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"16\"&gt;                     &lt;object&gt;                         &lt;linkTarget id=\"17\"&gt;                             &lt;linkType&gt;from Employment Role to me&lt;\/linkType&gt;                         &lt;\/linkTarget&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:recompute\/&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0410 \u0442\u0430\u043a\u0436\u0435<\/p>\n<p>\u0412 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Position Role ArcheType<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"1226\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"7\"&gt;                 &lt;name&gt;11&lt;\/name&gt;                 &lt;documentation&gt;get Forward Roles from user&lt;\/documentation&gt;                 &lt;authoritative&gt;true&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;code&gt;linkedDATA = midpoint.findLinkedSource('from me Position Role to Position User') if (basic.isEmpty(linkedDATA)) {return \"NO CONNECTION\"}              else                {    return basic.getExtensionPropertyValues(linkedDATA, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"person_forward_roles\")}&lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;$focus\/extension\/user_forward_roles&lt;\/path&gt;                     &lt;set&gt;                         &lt;predefined&gt;all&lt;\/predefined&gt;                     &lt;\/set&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0410 \u0432 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Position User ArcheType<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"1222\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Recompute Position Role on Position User Forward Roles change&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;or id=\"13\"&gt;                     &lt;modification id=\"3342\"&gt;                         &lt;item&gt;c:activation\/c:administrativeStatus&lt;\/item&gt;                     &lt;\/modification&gt;                     &lt;modification id=\"3344\"&gt;                         &lt;item xmlns:gen26=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen26:person_forward_roles&lt;\/item&gt;                     &lt;\/modification&gt;                 &lt;\/or&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"16\"&gt;                     &lt;object&gt;                         &lt;linkTarget id=\"17\"&gt;                             &lt;linkType&gt;From Position Role to Position User&lt;\/linkType&gt;                         &lt;\/linkTarget&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:recompute\/&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0418 \u0435\u0449\u0435, \u044f \u0442\u0430\u043a \u0436\u0435 \u0445\u043e\u0447\u0443 \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u043f\u0438\u0441\u0438 \u043e Forward \u0440\u043e\u043b\u044f\u0445 \u0438\u0437 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0438 \u0432 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e.<\/p>\n<p> \u0412 \u0410\u0440\u0445\u0435\u0442\u0438\u043f\u0435 POCE Employment User ArcheType \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"122\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"8\"&gt;                 &lt;name&gt;01&lt;\/name&gt;                 &lt;authoritative&gt;false&lt;\/authoritative&gt;                 &lt;exclusive&gt;true&lt;\/exclusive&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;code&gt; fr_list = [] fr_postion_roles = midpoint.findLinkedTargets('from me to Position role').collect { basic.getExtensionPropertyValues(it, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"user_forward_roles\")}  for (i in fr_postion_roles) { fr_num = 0 for(ii in i) { if (ii.startsWith(\"NICKNAME\") or ii.startsWith(\"NO CONNECTION\")) fr_num = 1 }  if (fr_num !=1) {for (ii in i){fr_list.add(ii)}}     } return fr_list                                                       &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;extension\/person_forward_roles_inherited&lt;\/path&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0418 \u0432 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Position Role ArcheType<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"1234\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Recompute Users Employment&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;or id=\"13\"&gt;                     &lt;modification id=\"22\"&gt;                         &lt;item xmlns:gen365=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen365:user_forward_roles&lt;\/item&gt;                     &lt;\/modification&gt;                     &lt;modification id=\"222\"\/&gt;                     &lt;modification id=\"21227\"\/&gt;                 &lt;\/or&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"16\"&gt;                     &lt;object&gt;                         &lt;linkSource id=\"131\"&gt;                             &lt;name&gt;from Employment User to me&lt;\/name&gt;                         &lt;\/linkSource&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:recompute\/&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0440\u043e\u043b\u044c \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u0434\u0430\u0432\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043a\u0443 AD \u0434\u043b\u044f \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430<\/p>\n<p>\u041d\u0430\u0437\u043e\u0432\u0435\u043c \u0435\u0451 OOO ODIN FR: Employment MS AD Account \u0438 \u0431\u0443\u0434\u0435\u0442 \u043e\u043d\u0430 \u0441 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u043e\u043c POCE Forward Role ArcheType<\/p>\n<p>\u0417\u0430\u043f\u043e\u043b\u043d\u0438\u0435\u043c \u0435\u0451 \u0442\u0430\u043a<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/284\/b93\/afb\/284b93afbf057c64c21bee301b60ba14.png\" width=\"1375\" height=\"1129\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/284\/b93\/afb\/284b93afbf057c64c21bee301b60ba14.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/284\/b93\/afb\/284b93afbf057c64c21bee301b60ba14.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0417\u0430 \u0441\u0447\u0435\u0442 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0430 \u043d\u0430 \u043d\u0435\u0451 \u0441\u0440\u0430\u0437\u0443 \u043d\u0430\u0432\u0435\u0448\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0443\u0436\u043d\u044b\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438<\/p>\n<p>\u041d\u0435 \u0441\u0440\u0430\u0437\u0443 \u043d\u043e \u0431\u044b\u043b\u043e \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043e \u0447\u0442\u043e \u043c\u044b \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u0432 User \u0447\u0442\u043e-\u0442\u043e \u043f\u0438\u0441\u0430\u0442\u044c(\u043a\u0430\u043a \u0434\u0435\u043b\u0430\u044e\u0442 \u043d\u0430\u0448\u0438 Forward \u0440\u043e\u043b\u0438) \u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438\u0437 \u043d\u0435\u0433\u043e Persona \u0432\u0441\u0435 \u0441\u0432\u0435\u0440\u0448\u0430\u0435\u0442\u0441\u044f \u043d\u043e \u0432\u044b\u043b\u0435\u0437\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0430  <\/p>\n<p>Object with conflicting normalized name &#8216;600667 emp002001 employment ms ad account&#8217; already exists  <\/p>\n<p>\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 Persona \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0447\u0435\u0440\u043d\u0443\u044e \u0440\u043e\u043b\u044c POCE Persona Employment Account<\/p>\n<p>\u0432 \u043d\u0435\u0439 \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"4\"&gt;         &lt;personaConstruction&gt;             &lt;targetType&gt;UserType&lt;\/targetType&gt;             &lt;objectMappingRef oid=\"781070d6-01f0-45a9-aaa7-93a721b6f62c\" relation=\"org:default\" type=\"c:ObjectTemplateType\"&gt;                 &lt;!-- POCE Person Employment MS AD Account Object Template --&gt;             &lt;\/objectMappingRef&gt;             &lt;archetypeRef oid=\"48077d8a-7cce-4999-b7cb-d31620983c1d\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                 &lt;!-- POCE Employment MS AD Account --&gt;             &lt;\/archetypeRef&gt;         &lt;\/personaConstruction&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u042d\u0442\u043e\u0442 \u043a\u043e\u0434 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 Person User \u0442\u043e\u043c\u0443 User \u0441 \u044d\u0442\u043e\u0439 \u0440\u043e\u043b\u044c\u044e, \u0442\u0443\u0442 \u043c\u044b \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 OID \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u0443 Person \u0438 Object Template \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0445 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u043f\u0435\u0440\u0435\u0442\u0435\u043a\u0430\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445. \u0427\u0442\u043e\u0431\u044b \u044d\u0442\u0430 \u0440\u043e\u043b\u044c \u0432\u044b\u0434\u0430\u043b\u0430\u0441\u044c \u043d\u0430\u0434\u043e \u0432 Object Template  POCE Position User Object Template<\/p>\n<pre><code class=\"xml\">&lt;item id=\"16\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment Persona role for Employment Acount&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;name&gt;Name&lt;\/name&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path xmlns:gen569=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen569:person_forward_roles&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;22b6f13a-7275-4fe2-af4c-f5f8b13f6ca9&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                     &lt;code&gt; response = 0                        for (i in person_forward_roles) { if (i.startsWith(\"NICKNAME\")) {response = 1} } if (response == 0) {return false} else {return true}&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p>\u0420\u043e\u043b\u044c  OOO ODIN FR: Employment MS AD Account \u043f\u0438\u0448\u0435\u0442 \u043d\u0430\u043c \u0432 person_forward_roles \u0441\u0442\u0440\u043e\u043a\u0443 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0435\u044e\u0441\u044f \u043d\u0430 NICKNAME \u043d\u0430 \u044d\u0442\u043e\u043c \u043e\u0441\u043d\u0430\u0432\u0430\u043d\u0438\u0438 \u0432\u044b\u0434\u0430\u0435\u043c \u0440\u043e\u043b\u044c Persona \u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043f\u043e\u0442\u043e\u043a\u0438 \u043d\u0435 \u0442\u0443\u043f\u044f\u0442.<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template  <\/p>\n<p>\u0412 Configuration\\Object Template\\  \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c  POCE Person Employment MS AD Account Object Template<\/p>\n<pre><code class=\"xml\">&lt;mapping id=\"8\"&gt;         &lt;name&gt;01&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:givenName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:givenName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"9\"&gt;         &lt;name&gt;02&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:familyName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:familyName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"10\"&gt;         &lt;name&gt;03&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:additionalName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:additionalName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"11\"&gt;         &lt;name&gt;04&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"12\"&gt;         &lt;name&gt;05&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path&gt;c:organizationalUnit&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt;personalNumber + \" \" + organizationalUnit + \" Employment MS AD Account\"&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;c:name&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"13\"&gt;         &lt;name&gt;06&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:costCenter&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:costCenter&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"14\"&gt;         &lt;name&gt;07&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:organizationalUnit&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:organizationalUnit&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"15\"&gt;         &lt;name&gt;08&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:organization&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:organization&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"16\"&gt;         &lt;name&gt;09&lt;\/name&gt;         &lt;source&gt;             &lt;path xmlns:gen974=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen974:person_employment_type&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path xmlns:gen695=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen695:person_employment_type&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"17\"&gt;         &lt;name&gt;10&lt;\/name&gt;         &lt;exclusive&gt;true&lt;\/exclusive&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;_metadata id=\"136\"&gt;                 &lt;provenance&gt;                     &lt;acquisition id=\"137\"&gt;                         &lt;actorRef oid=\"00000000-0000-0000-0000-000000000002\" relation=\"org:default\" type=\"c:UserType\"&gt;                             &lt;!-- administrator --&gt;                         &lt;\/actorRef&gt;                         &lt;channel&gt;http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/channels-3#user&lt;\/channel&gt;                         &lt;timestamp&gt;2025-04-03T09:54:04.257Z&lt;\/timestamp&gt;                     &lt;\/acquisition&gt;                 &lt;\/provenance&gt;             &lt;\/_metadata&gt;             &lt;path xmlns:gen492=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen492:person_forward_roles_inherited&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                 &lt;code&gt;                 result = []   for (i in person_forward_roles) { if (i.startsWith(\"MSAD\")) {ii = i.tokenize( '|' ) result.add(ii[2])} } for (i in person_forward_roles_inherited) { if (i.startsWith(\"MSAD\")) {ii = i.tokenize( '|' ) if (ii[5] != \"1\") { result.add(ii[2]) } } }  return result.unique()&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"110\"&gt;         &lt;name&gt;adminStatus to persona&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:activation\/c:administrativeStatus&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:activation\/c:administrativeStatus&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"111\"&gt;         &lt;name&gt;11&lt;\/name&gt;         &lt;authoritative&gt;true&lt;\/authoritative&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt;'0'&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path xmlns:gen23=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen23:person_account_number&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;<\/code><\/pre>\n<p>\u0412 \u043c\u0430\u043f\u0438\u043d\u0433\u0435 10 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0447\u0442\u043e \u0432 Persona \u0438\u0437  extension\/person_forward_roles \u0431\u0443\u0434\u0443\u0442 \u043f\u043e\u043f\u0430\u0434\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0437\u0430\u043f\u0438\u0441\u0438 \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u043d\u0430  MSAD \u0438\u0437 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0438 \u0441 MSAD \u0438 person_account_number \u043d\u0435 1 \u0438\u0437 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439. \u041e\u0442\u0434\u0435\u043b\u044c\u043d\u043e \u043f\u0438\u0449\u0435\u043c 0 \u0432 person_account_number \u0432 \u043f\u0435\u0440\u0441\u043e\u043d\u0435, \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0432\u043b\u0438\u044f\u0442\u044c \u043d\u0430 \u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u043b\u043e\u0433\u0438\u043d\u0430 \u0432 AD.  <\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0410\u0440\u0445\u0435\u0442\u0438\u043f  <\/p>\n<p>\u0412 Configuration\\ArchyTypes \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0430\u0440\u0445\u0435\u0442\u0438\u043f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Employment MS AD Account<\/p>\n<p>\u0432 \u043d\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">...     &lt;archetypePolicy&gt;         &lt;display&gt;             &lt;icon&gt;                 &lt;cssClass&gt;fa fa-hard-hat&lt;\/cssClass&gt;                 &lt;color&gt;#d88222&lt;\/color&gt;             &lt;\/icon&gt;         &lt;\/display&gt;     &lt;\/archetypePolicy&gt; &lt;\/archetype&gt;<\/code><\/pre>\n<p> \u0422\u0443\u0442 \u043f\u043e\u043a\u0430 \u043f\u0443\u0441\u0442\u043e, \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0434\u043a\u0440\u0430\u0441\u0438\u043b\u0438<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template  <\/p>\n<p>\u0412 Configuration\\Object Template\\  \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c POCE Employment MS AD Account Object Template  <\/p>\n<p>\u0423\u0442\u044b\u043a\u0430\u0435\u043c \u044d\u0442\u043e\u0442 Object Template \u0432  \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Employment MS AD Account \u0432 AcrheType Policy\\ArcheType Policy<\/p>\n<p>  <\/p>\n<p>\u0414\u0430\u0435\u043c \u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 User \u0440\u043e\u043b\u044c OOO ODIN FR: Employment MS AD Account  <\/p>\n<p>\u041f\u0435\u0440\u0432\u044b\u043c \u0434\u0435\u043b\u043e\u043c \u043e\u043d\u0430 \u0432  extension\/person_forward_roles \u0443  \u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 User \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442<\/p>\n<p>NICKNAME|EMP001001|Employment MS AD Account<\/p>\n<p>\u041f\u043e\u0442\u043e\u043c \u0441\u043e\u0437\u0434\u0430\u0435\u0442 Person \u043a\u043e\u043f\u0438\u0440\u0443\u044f \u0432\u0441\u0435 \u0447\u0442\u043e \u0435\u0441\u0442\u044c \u0438 \u043d\u0443\u0436\u043d\u043e \u0438\u0437  \u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 User \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442\u0441\u044f \u0442\u0430\u043a<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2df\/ebd\/0c6\/2dfebd0c685f7756ff767175d9d86172.png\" width=\"1375\" height=\"1685\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/2df\/ebd\/0c6\/2dfebd0c685f7756ff767175d9d86172.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/2df\/ebd\/0c6\/2dfebd0c685f7756ff767175d9d86172.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0423 \u043d\u0430\u0441 \u0432 Forward Roles \u0432 User \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0434\u043b\u044f User \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441\u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043f\u043e Persona Object Template \u0432\u0441\u0435 AD \u0433\u0440\u0443\u043f\u043f\u044b \u043a\u0430\u043a\u0438\u0435 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u043d\u0430 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0435 \u043f\u043e \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438 \u0438\u0437 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439.  <\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ac8\/25f\/c40\/ac825fc40e97fdad1ad401a04c3bb6e8.png\" width=\"1375\" height=\"1185\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/ac8\/25f\/c40\/ac825fc40e97fdad1ad401a04c3bb6e8.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/ac8\/25f\/c40\/ac825fc40e97fdad1ad401a04c3bb6e8.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043d\u0438\u0437\u0443 \u0435\u0449\u0435 \u0434\u0432\u0430 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0432 EMP002001 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435<\/p>\n<p>\u0423 \u043d\u0430\u0441 \u043e\u0442 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u0432 \u0440\u043e\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u0437\u0438\u0446\u0438\u044e \u0441\u0442\u0430\u0442\u0443\u0441 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0442\u0440\u0443\u0434\u043e\u0439\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0432\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0435\u043c \u0442\u0443\u0434\u0430 \u0441\u0442\u0430\u0443\u0441 \u043e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u044c<\/p>\n<p>\u0412 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0435 POCE Position Role ArcheType<\/p>\n<p>\u043c\u0435\u043d\u0435\u043c \u043a\u043e\u0434 \u044d\u0442\u043e\u0442<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"56\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"7\"&gt;                 &lt;documentation&gt;administrativeStatus From User to Position Role&lt;\/documentation&gt;                 &lt;authoritative&gt;false&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;code&gt; import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType; linkedSource = midpoint.findLinkedSource('from Employment User to me') if (linkedSource != null) {return basic.stringify(linkedSource.activation.administrativeStatus)} else {return 'UNDEFIEND'}                           &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;$focus\/extension\/user_administrativeStatus&lt;\/path&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt; <\/code><\/pre>\n<p> \u043d\u0430 \u0432\u043e\u0442 \u044d\u0442\u043e\u0442  <\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"56\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"7\"&gt;                 &lt;documentation&gt;administrativeStatus From User Position to Position Role&lt;\/documentation&gt;                 &lt;authoritative&gt;false&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;code&gt; import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType linkedSource = midpoint.findLinkedSource('from me Position Role to Position User') if (basic.isEmpty(linkedSource)) {return 'NO CONNECTION'} else { if (basic.isEmpty(linkedSource.activation.effectiveStatus)) {return 'UNDIFIEND'} else {return basic.stringify(linkedSource.activation.effectiveStatus)}  }                         &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;$focus\/extension\/user_administrativeStatus&lt;\/path&gt;                 &lt;\/target&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u0412 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0435 POCE Position User ArcheType \u0432 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0435 Recompute Position Role on Position User Forward Roles change \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0438 administrativeStatus  \u0442\u043e\u0436\u0435!  <\/p>\n<p>  <\/p>\n<p><strong>\u0422\u0435\u043f\u0435\u0440\u044c nickName \u043a\u0430\u043a \u0440\u043e\u043b\u044c<\/strong><\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8b5\/f94\/f3a\/8b5f94f3a0588d65589a88d736699f9c.jpg\" width=\"651\" height=\"383\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/8b5\/f94\/f3a\/8b5f94f3a0588d65589a88d736699f9c.jpg 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8b5\/f94\/f3a\/8b5f94f3a0588d65589a88d736699f9c.jpg 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c nickName \u043d\u043e \u0445\u043e\u0440\u043e\u0448\u043e \u0431\u044b \u0435\u0433\u043e \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0441\u0435\u0439\u0447\u0430\u0441. \u042d\u0442\u043e\u0442 nickName \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u0447\u0435\u0442\u043a\u0430\u043c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430, \u0442\u0430\u043a \u0447\u0442\u043e \u043e\u043d \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0441\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u0438 \u043e\u043d \u0431\u0443\u0434\u0435\u0442 \u0440\u043e\u043b\u044c\u044e! \u0420\u043e\u043b\u044c \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u0441\u044f User \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0443, \u0432\u044b\u0442\u044f\u043d\u0435\u0442 \u0438\u0437 \u043d\u0435\u0433\u043e \u0424\u0418\u041e, \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c\u0441\u044f User \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0443, \u043e\u0442\u0434\u0430\u0441\u0442 \u0435\u043c\u0443 nickName. \u0422\u0443\u0442 \u0432\u0441\u0435 \u043d\u0443\u0436\u043d\u043e\u0435 \u0435\u0441\u0442\u044c, \u043a\u0440\u043e\u043c\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f, Midpoint \u044d\u0442\u043e\u0433\u043e \u043d\u0435 \u0434\u0435\u043b\u0430\u0435\u0442, \u0440\u043e\u043b\u044c \u043d\u0435 \u0437\u043d\u0430\u0435\u0442 \u043a\u043e\u043c\u0443 \u043e\u043d\u0430 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0430 \u0438 \u0432\u043e\u043e\u0431\u0449\u0435 \u043d\u0435 \u0441\u043b\u0435\u0434\u0438\u0442 \u0437\u0430 \u044d\u0442\u0438\u043c, \u043c\u043e\u0436\u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0440\u043e\u043b\u044c &#8212; \u0438 \u043f\u0440\u0438\u0434\u0451\u0442\u0441\u044f \u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u043e\u0439!(\u043a\u0441\u0442\u0430\u0442\u0438 \u0432 3-\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 \u044d\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u0434\u0435\u043b\u0430\u043d\u043e, \u0438\u0437-\u0437\u0430 \u043d\u0435\u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u0440\u0430\u0432 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u044d\u0442\u0443 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u043d\u0435 \u0430\u0434\u043c\u0438\u043d\u043e\u043c)<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0447\u0435\u0440\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c POCE POLICY: Assiment of User to Role from extension\\user_personalNumber<\/p>\n<p>\u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"9\"&gt;         &lt;_metadata id=\"8\"&gt;             &lt;storage&gt;                 &lt;modifyTimestamp&gt;2025-03-31T07:46:02.350Z&lt;\/modifyTimestamp&gt;                 &lt;modifierRef oid=\"00000000-0000-0000-0000-000000000002\" relation=\"org:default\" type=\"c:UserType\"&gt;                     &lt;!-- administrator --&gt;                 &lt;\/modifierRef&gt;                 &lt;modifyChannel&gt;http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/channels-3#user&lt;\/modifyChannel&gt;             &lt;\/storage&gt;         &lt;\/_metadata&gt;         &lt;policyRule&gt;             &lt;name&gt;Assiment of a User to Role&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;modification id=\"16\"&gt;                     &lt;name&gt;add&lt;\/name&gt;                     &lt;operation&gt;add&lt;\/operation&gt;                 &lt;\/modification&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"11\"&gt;                     &lt;name&gt;Some script&lt;\/name&gt;                     &lt;object&gt;                         &lt;currentObject&gt;                             &lt;type&gt;c:RoleType&lt;\/type&gt;                         &lt;\/currentObject&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:pipeline list=\"true\"&gt;                             &lt;s:action&gt;                                 &lt;s:type&gt;execute-script&lt;\/s:type&gt;                                 &lt;s:parameter&gt;                                     &lt;s:name&gt;script&lt;\/s:name&gt;                                     &lt;s:value&gt;                                         &lt;code&gt; import com.evolveum.midpoint.xml.ns._public.common.common_3.* import com.evolveum.midpoint.prism.delta.builder.* import com.evolveum.midpoint.model.api.*    role = midpoint.getObject(RoleType.class, input.oid) userId = basic.stringify(basic.getExtensionPropertyValue(role, \"http:\/\/example.com\/xml\/ns\/mySchema\", \"user_personalNumber\")) query_user = midpoint.queryFor(UserType.class, \"personalNumber = '$userId' and archetypeRef matches (oid = '00000000-0000-0000-0000-000000000702')\")  result_USER = midpoint.searchObjects(query_user)    if (result_USER) { user_oid = basic.stringify(result_USER.oid) user = midpoint.getObject(UserType.class, user_oid) assRole = new ObjectReferenceType() assRole.setOid(input.oid) assRole.setType(RoleType.COMPLEX_TYPE) addAssignment = new AssignmentType() addAssignment.setTargetRef(assRole) def delta = [] delta = prismContext.deltaFor(UserType.class).item(FocusType.F_ASSIGNMENT).add(addAssignment.asPrismContainerValue()).asObjectDelta(user.oid) midpoint.modifyObject(delta, ModelExecuteOptions.createRaw()) }      midpoint.recompute(UserType, user.oid) midpoint.recompute(RoleType, input.oid)  &lt;\/code&gt;                                     &lt;\/s:value&gt;                                 &lt;\/s:parameter&gt;                             &lt;\/s:action&gt;                         &lt;\/s:pipeline&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;         &lt;activation\/&gt;     &lt;\/inducement&gt; ... &lt;\/role&gt;<\/code><\/pre>\n<p>\u0421\u0442\u0440\u0430\u043d\u043d\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435, \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0432 \u043a\u043e\u0434\u0435 Assignment \u0432\u0440\u043e\u0434\u0435 \u0434\u0435\u043b\u0430\u0435\u0442 \u0441\u0432\u043e\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u043e \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 \u043d\u0430\u0434\u043e \u0435\u0449\u0435 \u043e\u0431\u043e\u0438\u0445 \u0440\u0435\u043a\u043e\u043c\u043f\u0443\u0442\u0438\u0442\u044c&#8230; \u0422\u043e\u0435\u0441\u0442\u044c \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435 \u0432 Assigment \u0432\u0441\u0435 \u0432\u044b\u0434\u0430\u043b\u043e\u0441\u044c, \u0430 \u0434\u043e All Access \u043d\u0435 \u0434\u043e\u0448\u043b\u043e!  <\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE nickName Object Template<\/p>\n<p>\u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;item id=\"17\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Auto assignment to POCE POLICY: Assiment of User to Role from extension\\user_personalNumber&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;oid&gt;7656e85c-0652-4a1a-839f-b823a8d7c246&lt;\/oid&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;mapping id=\"2\"&gt;         &lt;name&gt;generate-displayname&lt;\/name&gt;         &lt;description&gt;Generate displayName for nickName Role&lt;\/description&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;source&gt;             &lt;path&gt;extension\/user_personalNumber&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path&gt;emailAddress&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt; user_personalNumber + \" nickName [\" + emailAddress + \"]\"                 &lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;displayName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"2222\"&gt;         &lt;name&gt;Generate uniq nickName for AD and Midpoint&lt;\/name&gt;         &lt;lifecycleState&gt;active&lt;\/lifecycleState&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/user_givenName&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/user_familyName&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/user_additionalName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; import com.evolveum.midpoint.prism.query.OrderDirection; import com.evolveum.midpoint.prism.path.ItemPath; iterationToken = 0 is_it_ok = false resource_oid = \"b8618fba-cf8b-416c-8e3b-32ea34cf003d\" resource_kind = \"ACCOUNT\" resource_intent = \"intent  MS AD account\"  do { userGivenName = basic.stringify(user_givenName)?.tr(' ', '') userFamilyName = basic.stringify(user_familyName)?.tr(' ', '') useradditionalName = basic.stringify(user_additionalName)?.tr(' ', '') national_letters =['\u042f','\u044f','\u042e','\u044e','\u0427','\u0447','\u0428','\u0448','\u0429','\u0449','\u0416','\u0436','\u0410','\u0430','\u0411','\u0431','\u0412','\u0432','\u0413','\u0433','\u0414','\u0434','\u0415','\u0435','\u0401','\u0451','\u042d','\u044d','\u0417','\u0437','\u0418','\u0438','\u0419','\u0439','\u041a','\u043a','\u041b','\u043b','\u041c','\u043c','\u041d','\u043d', '\u041e','\u043e','\u041f','\u043f','\u0420','\u0440','\u0421','\u0441','\u0422','\u0442','\u0423','\u0443','\u0424','\u0444','\u0425','\u0445','\u0426','\u0446','\u042b','\u044b','\u042c','\u044c','\u042a','\u044a',' '] latin_letters =['Ya','ya','Yu','yu','Ch','ch','Sh','sh','Sh','sh','Zh','zh','A','a','B','b','V','v','G','g','D','d','E','e','E','e','E','e','Z','z','I','i','J','j','K','k','L','l','M','m','N','n', 'O','o','P','p','R','r','S','s','T','t','U','u','F','f','H','h','C','c','Y','y','','','','','']   for( i = 0; i &amp;lt; national_letters.size(); i++) { userGivenName  = userGivenName?.replace(national_letters[i],latin_letters[i]); userFamilyName  = userFamilyName?.replace(national_letters[i],latin_letters[i]); useradditionalName  = useradditionalName?.replace(national_letters[i],latin_letters[i]); }  if ((iterationToken.toInteger() &amp;amp; 1) == 0)  { second_letter = iterationToken.toInteger() \/ 2; first_letter = second_letter.toInteger() + 1; } else { first_letter = (iterationToken.toInteger() + 1) \/ 2; second_letter = first_letter; }   if(first_letter.toInteger() &amp;gt; userGivenName.length() &amp;amp;&amp;amp; second_letter.toInteger() &amp;gt; useradditionalName.length()) { user_number = iterationToken.toInteger() first_full = userGivenName.length() second_full = useradditionalName.length() if(useradditionalName.length() != 0) {     name_login_for_user = userGivenName.substring(0,first_letter.toInteger()) + useradditionalName.substring(0,second_letter.toInteger()) + userFamilyName          def query = midpoint.queryFor(ShadowType.class, \"resourceRef matches (oid = '\" + resource_oid + \"') and kind = '\" + resource_kind + \"' and intent = '\" + resource_intent + \"' and attributes\/cn = '\" + name_login_for_user + \"'\")      def result_ad_login = midpoint.searchObjects(query);           if (midpoint.isUniquePropertyValue(user, 'name', name_login_for_user.toString()) &amp;gt; !result_shadow_search)     {return name_login_for_user     is_it_ok = true}      }  else {return userGivenName.substring(0,first_full.toInteger()) + userFamilyName  + user_number} } else {if (first_letter.toInteger() &amp;gt; userGivenName.length()) {     first_letter = userGivenName.length(); } if (second_letter.toInteger() &amp;gt; useradditionalName.length()) {     second_letter = useradditionalName.length(); }  name_login_for_user = userGivenName.substring(0,first_letter.toInteger()) + useradditionalName.substring(0,second_letter.toInteger()) + userFamilyName   def query = midpoint.queryFor(ShadowType.class, \"resourceRef matches (oid = '\" + resource_oid + \"') and kind = '\" + resource_kind + \"' and intent = '\" + resource_intent + \"' and attributes\/sAMAccountName = '\" + name_login_for_user + \"'\")  def result_ad_login = midpoint.searchObjects(query);    if (midpoint.isUniquePropertyValue(user, 'name', name_login_for_user.toString()) &amp;amp;&amp;amp; !result_ad_login) {return name_login_for_user is_it_ok = true}  } iterationToken = iterationToken + 1 } while (!is_it_ok) &lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;emailAddress&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt; ... &lt;\/objectTemplate&gt;<\/code><\/pre>\n<p>oid \u0440\u043e\u043b\u0438 OCE POLICY: Assiment of User to Role from extension\\user_personalNumber<\/p>\n<p>\u041d\u0438\u043a\u043d\u0435\u0439\u043c \u0433\u0435\u043d\u0435\u0440\u044e \u0432 emailAddress \u0442\u0435\u043c \u0436\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u043c \u0447\u0442\u043e \u0438 \u0432 \u0441\u0442\u0430\u0442\u044c\u044f\u0445 \u0440\u0430\u043d\u0435\u0435.  <\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Arche Type \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE nickName Role archeType<\/p>\n<pre><code class=\"xml\">&lt;archetypePolicy&gt;         &lt;display&gt;             &lt;icon&gt;                 &lt;cssClass&gt;fa fa-passport&lt;\/cssClass&gt;                 &lt;color&gt;#d88222&lt;\/color&gt;             &lt;\/icon&gt;         &lt;\/display&gt; ...     &lt;\/archetypePolicy&gt; &lt;\/archetype&gt;<\/code><\/pre>\n<p> \u0423\u0442\u044b\u043a\u0430\u0435\u043c \u0435\u0433\u043e \u0432  Object Template \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE nickName Object Template<\/p>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0438\u0434\u0435\u043c \u0432 Object Template  \u0434\u043b\u044f User \u0410\u043a\u043a\u0430\u0443\u043d\u0442\u0430 POCE Employment MS AD Account Object Template<\/p>\n<p>\u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;item id=\"1\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment or creation of nickName role&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;source&gt;                 &lt;path&gt;personalNumber&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;extension\/user_personalNumber = $personalNumber and archetypeRef matches (oid = \"7f71dcf3-c89d-4e23-930b-215423af3849\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                     &lt;createOnDemand&gt;true&lt;\/createOnDemand&gt;                     &lt;populateObject&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;script&gt;                                     &lt;code&gt;                                                personalNumber + \" nickName\"                                             &lt;\/code&gt;                                 &lt;\/script&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;name&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;script&gt;                                     &lt;code&gt;                                                personalNumber                                             &lt;\/code&gt;                                 &lt;\/script&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;extension\/user_personalNumber&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;assignmentTargetSearch&gt;                                     &lt;targetType&gt;ArchetypeType&lt;\/targetType&gt;                                     &lt;oid&gt;7f71dcf3-c89d-4e23-930b-215423af3849&lt;\/oid&gt;                                 &lt;\/assignmentTargetSearch&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;assignment&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                     &lt;\/populateObject&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p> \u042d\u0442\u043e\u0442 \u0430\u0439\u0442\u0435\u043c \u0433\u043e\u0432\u043e\u0440\u0438\u0442 \u0434\u0430\u0439 \u043d\u0430\u043c \u0440\u043e\u043b\u044c nickName \u0438 \u0442\u0443\u0442 \u0436\u0435 \u0435\u0441\u043b\u0438 \u0435\u0451 \u043d\u0435\u0442 \u0442\u043e \u0441\u043e\u0437\u0434\u0430\u0439 \u0441 \u0442\u0430\u043a\u0438\u043c\u0438 \u0442\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0438 \u0442\u0430\u043a\u0438\u043c \u0442\u043e \u0410\u0440\u0445\u0435\u0442\u0438\u043f\u043e\u043c.<\/p>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u0432 \u0410\u0440\u0445\u0435\u0442\u0438\u043f\u0435 POCE Employment MS AD Account<\/p>\n<p>\u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"372\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"8\"&gt;                 &lt;authoritative&gt;false&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                         &lt;code&gt;      linkedDATA = midpoint.findLinkedTarget('from nickName Role to User Account AD Emp') return linkedDATA.emailAddress                                                       &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;nickName&lt;\/path&gt;                 &lt;\/target&gt;                 &lt;condition&gt;                     &lt;script&gt;                         &lt;code&gt;  linkedDATA = midpoint.findLinkedTarget('from nickName Role to User Account AD Emp') if (basic.isEmpty(linkedDATA)) {return false} else {return !basic.isEmpty(linkedDATA.emailAddress)}                           &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/condition&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt; ...             &lt;targetLink id=\"12\"&gt;                 &lt;name&gt;from nickName Role to User Account AD Emp&lt;\/name&gt;                 &lt;selector&gt;                     &lt;type&gt;c:RoleType&lt;\/type&gt;                     &lt;archetypeRef oid=\"7f71dcf3-c89d-4e23-930b-215423af3849\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                         &lt;!-- POCE nickName Role archeType --&gt;                     &lt;\/archetypeRef&gt;                 &lt;\/selector&gt;             &lt;\/targetLink&gt;         &lt;\/links&gt;     &lt;\/archetypePolicy&gt; &lt;\/archetype&gt;<\/code><\/pre>\n<p> \u0427\u0438\u0442\u0430\u0435\u043c emailAddress \u0438\u0437 \u0440\u043e\u043b\u0438 nickName \u0438 \u043f\u0438\u0448\u0438\u043c \u0432 nickName<\/p>\n<p>  <\/p>\n<p>\u0414\u0430\u0435\u043c \u043d\u0430\u0448\u0435\u043c\u0443 \u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0440\u043e\u043b\u044c OOO ODIN FR: Employment MS AD Account<\/p>\n<p>\u0412\u0438\u0434\u0438\u043c \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f User \u0430\u043a\u043a\u0430\u0443\u043d\u0442 600667 EMP002001 Employment MS AD Account<\/p>\n<p>\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0432 \u043d\u0435\u0433\u043e<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f84\/533\/ff5\/f84533ff5e3e70b9ee653905d9ab6be5.png\" width=\"1375\" height=\"1778\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/f84\/533\/ff5\/f84533ff5e3e70b9ee653905d9ab6be5.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/f84\/533\/ff5\/f84533ff5e3e70b9ee653905d9ab6be5.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412 Forward Roles \u0441\u043e\u0431\u0440\u0430\u043d\u043e \u0432\u0441\u0435 \u0447\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f MSAD \u0441 \u0442\u0440\u0443\u0434\u043e\u0443\u0442\u0441\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439. \u0423\u0436\u0435 \u0435\u0441\u0442\u044c nickName. \u0421\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u0432 Assignment \u0432\u0438\u0434\u0438\u043c \u0442\u0430\u043c \u0440\u043e\u043b\u044c 600667 nickName [ATigr] \u0443\u0436\u0435 \u0441 \u043d\u0438\u043a\u043d\u0435\u0439\u043c\u043e\u043c. \u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043a\u0442\u043e \u0443 \u043d\u0435\u0439 \u0432 member<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0d5\/db7\/0f9\/0d5db70f9769e2a0071b9eeb2f1d6ec8.png\" width=\"1375\" height=\"1061\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/0d5\/db7\/0f9\/0d5db70f9769e2a0071b9eeb2f1d6ec8.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/0d5\/db7\/0f9\/0d5db70f9769e2a0071b9eeb2f1d6ec8.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412\u0441\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0432 \u0447\u043b\u0435\u043d\u0430\u0445 &#8212; \u0438 User \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a \u0438 User \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e &#8212; \u0440\u043e\u043b\u044c nickName \u0438 \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u0435\u0442 \u0438 \u0433\u0435\u043d\u0435\u0440\u0438\u0442 nickName. \u041d\u0430 User \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0435 \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u043e\u043d \u0438\u0437 \u0431\u0443\u0434\u0443\u0449\u0435\u0433\u043e.<\/p>\n<p>\u041e\u0441\u0442\u0430\u043b\u043e\u0441\u044c \u0435\u0449\u0435 \u0447\u0443\u0442\u044c-\u0447\u0443\u0442\u044c &#8212; \u0441\u0434\u0435\u043b\u0430\u0442\u044c AD \u0443\u0447\u0435\u0442\u043a\u0443 \u0438 \u0432\u044b\u0434\u0430\u0442\u044c \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 AD \u0433\u0440\u0443\u043f\u043f\u044b \u0440\u043e\u043b\u0438!  <\/p>\n<p>\u0412 \u0430\u0440\u0445\u0435\u0442\u0438\u043f POCE Employment MS AD Account<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;construction&gt;             &lt;resourceRef oid=\"b8618fba-cf8b-416c-8e3b-32ea34cf003d\" relation=\"org:default\" type=\"c:ResourceType\"&gt;                 &lt;!-- Windows MS AD OOO ODIN --&gt;             &lt;\/resourceRef&gt;             &lt;kind&gt;account&lt;\/kind&gt;             &lt;intent&gt;intent  MS AD account&lt;\/intent&gt;         &lt;\/construction&gt;         &lt;focusType&gt;c:UserType&lt;\/focusType&gt;         &lt;condition&gt;             &lt;source&gt;                 &lt;path&gt;nickName&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;script&gt;                     &lt;code&gt;!basic.isEmpty(nickName)&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/expression&gt;         &lt;\/condition&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0414\u0435\u043b\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043a\u0443 nickName \u0435\u0441\u043b\u0438 \u0442\u0430\u043c \u043d\u0435 \u043f\u0443\u0441\u0442\u043e<\/p>\n<p>  \u0418 \u0440\u0435\u043a\u043e\u043c\u043f\u0443\u0442\u0438\u043c \u0435\u0441\u043b\u0438 nickName \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u0438\u043b\u0438 \u043f\u043e\u043c\u0435\u043d\u044f\u043b\u0441\u044f<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"375\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Recompute on nickName change&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;or id=\"384\"&gt;                     &lt;modification id=\"3815\"&gt;                         &lt;operation&gt;add&lt;\/operation&gt;                         &lt;item&gt;c:nickName&lt;\/item&gt;                     &lt;\/modification&gt;                                         &lt;modification id=\"3816\"&gt;                         &lt;operation&gt;modify&lt;\/operation&gt;                         &lt;item&gt;c:nickName&lt;\/item&gt;                     &lt;\/modification&gt;                 &lt;\/or&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"377\"&gt;                     &lt;name&gt;Script&lt;\/name&gt;                     &lt;object&gt;                         &lt;currentObject&gt;                             &lt;type&gt;c:UserType&lt;\/type&gt;                         &lt;\/currentObject&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:recompute\/&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0412 \u0440\u0435\u0441\u0443\u0440\u0435 AD \u043d\u0430\u0448 \u0441\u0442\u0430\u0440\u044b\u0439 Schema Handler  MS AD account \u043f\u0435\u0440\u0435\u0434\u0435\u043b\u044b\u0432\u0430\u0435\u043c \u043d\u0430 \u044d\u0442\u043e\u0442<\/p>\n<pre><code class=\"xml\">&lt;schemaHandling&gt;         &lt;objectType id=\"5\"&gt;             &lt;kind&gt;account&lt;\/kind&gt;             &lt;intent&gt;intent  MS AD account&lt;\/intent&gt;             &lt;displayName&gt;MS AD account&lt;\/displayName&gt;             &lt;default&gt;true&lt;\/default&gt;             &lt;delineation&gt;                 &lt;objectClass&gt;ri:user&lt;\/objectClass&gt;                 &lt;filter&gt;                     &lt;_metadata id=\"11539\"&gt;                         &lt;provenance&gt;                             &lt;acquisition id=\"11540\"&gt;                                 &lt;actorRef oid=\"00000000-0000-0000-0000-000000000002\" relation=\"org:default\" type=\"c:UserType\"&gt;                                     &lt;!-- administrator --&gt;                                 &lt;\/actorRef&gt;                                 &lt;channel&gt;http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/channels-3#user&lt;\/channel&gt;                                 &lt;timestamp&gt;2024-12-04T07:28:42.043Z&lt;\/timestamp&gt;                             &lt;\/acquisition&gt;                         &lt;\/provenance&gt;                     &lt;\/_metadata&gt;                     &lt;q:text&gt;attributes\/sAMAccountName not startsWith \"virt-\"&lt;\/q:text&gt;                 &lt;\/filter&gt;             &lt;\/delineation&gt;             &lt;focus&gt;                 &lt;type&gt;c:UserType&lt;\/type&gt;             &lt;\/focus&gt;             &lt;attribute id=\"18\"&gt;                 &lt;ref&gt;ri:sn&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;03 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;familyName&lt;\/path&gt;                     &lt;\/source&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"20\"&gt;                 &lt;ref&gt;ri:givenName&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;01 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;givenName&lt;\/path&gt;                     &lt;\/source&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"24\"&gt;                 &lt;ref&gt;ri:employeeNumber&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;10 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;personalNumber&lt;\/path&gt;                     &lt;\/source&gt;                 &lt;\/outbound&gt;                 &lt;inbound id=\"742\"&gt;                     &lt;name&gt;01 in&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;target&gt;                         &lt;path&gt;personalNumber&lt;\/path&gt;                     &lt;\/target&gt;                     &lt;use&gt;correlation&lt;\/use&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"37\"&gt;                 &lt;ref&gt;ri:cn&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;04 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;nickName&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;source&gt;                         &lt;path&gt;extension\/person_account_number&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;na_person_account_number = basic.getExtensionPropertyValue(user, 'http:\/\/example.com\/xml\/ns\/mySchema', 'person_account_number')  if (basic.isEmpty(na_person_account_number)) {return nickName} else {if (na_person_account_number == '0') {return nickName} else  {    result = basic.stringify(nickName) + \"--\" + iterationToken return result} }&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                 &lt;\/outbound&gt;                 &lt;inbound id=\"3066513\"&gt;                     &lt;name&gt;02 in&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return \"AD login is:\" + input&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;fullName&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"104\"&gt;                 &lt;ref&gt;ri:sAMAccountName&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;05 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;nickName&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;na_person_account_number = basic.getExtensionPropertyValue(user, 'http:\/\/example.com\/xml\/ns\/mySchema', 'person_account_number')  if (basic.isEmpty(na_person_account_number)) {return nickName} else {if (na_person_account_number == '0') {return nickName} else  {    result = basic.stringify(nickName) + \"--\" + iterationToken return result} }&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"105\"&gt;                 &lt;ref&gt;ri:dn&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;06 out new script for OU&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;locality&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;source&gt;                         &lt;path&gt;nickName&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;na_person_account_number = basic.getExtensionPropertyValue(user, 'http:\/\/example.com\/xml\/ns\/mySchema', 'person_account_number')  if (basic.isEmpty(na_person_account_number)) {its_nickName = nickName} else {if (na_person_account_number == '0') {its_nickName = nickName} else  {    result = basic.stringify(nickName) + \"--\" + iterationToken its_nickName = result     } }   if (locality)  { dn_value = 'CN=' + its_nickName + ',' + locality } else { baseContext = basic.getResourceIcfConfigurationPropertyValue(resource, 'baseContext') dn_value = 'CN=' + its_nickName + ',OU=New_Employees,' + baseContext } return dn_value&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                 &lt;\/outbound&gt;                 &lt;inbound id=\"775\"&gt;                     &lt;name&gt;04 in write OU to locality&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return ((basic.stringify(input).split(',')).tail()).join(',');&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;locality&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"106\"&gt;                 &lt;ref&gt;ri:displayName&lt;\/ref&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"328\"&gt;                 &lt;ref&gt;ri:middleName&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;02 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;additionalName&lt;\/path&gt;                     &lt;\/source&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"554\"&gt;                 &lt;ref&gt;ri:pwdLastSet&lt;\/ref&gt;                 &lt;limitations id=\"557\"&gt;                     &lt;access&gt;                         &lt;read&gt;true&lt;\/read&gt;                         &lt;add&gt;true&lt;\/add&gt;                         &lt;modify&gt;false&lt;\/modify&gt;                     &lt;\/access&gt;                 &lt;\/limitations&gt;                 &lt;fetchStrategy&gt;explicit&lt;\/fetchStrategy&gt;                 &lt;outbound&gt;                     &lt;name&gt;08 out change pass on next login&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;\/\/ -1 next logon reset password required \/\/ 0 no previous loggon return \"0\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                     &lt;condition&gt;                         &lt;script&gt;                             &lt;code&gt;\"add\".equals(operation.toString()) &amp;amp;&amp;amp; midpoint.isEvaluateNew()&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/condition&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"699\"&gt;                 &lt;ref&gt;ri:userPrincipalName&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;09 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;nickName&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;return nickName + \"@168testserverhome.com\"&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                 &lt;\/outbound&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"770\"&gt;                 &lt;ref&gt;ri:distinguishedName&lt;\/ref&gt;             &lt;\/attribute&gt;             &lt;attribute id=\"3066489\"&gt;                 &lt;ref&gt;ri:employeeType&lt;\/ref&gt;                 &lt;outbound&gt;                     &lt;name&gt;11 out&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;source&gt;                         &lt;path&gt;personalNumber&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;source&gt;                         &lt;path&gt;organizationalUnit&lt;\/path&gt;                     &lt;\/source&gt;                     &lt;expression&gt;                         &lt;script&gt;                             &lt;code&gt;if (basic.isEmpty(organizationalUnit)) {return personalNumber} else {return organizationalUnit}&lt;\/code&gt;                         &lt;\/script&gt;                     &lt;\/expression&gt;                 &lt;\/outbound&gt;                 &lt;inbound id=\"3066491\"&gt;                     &lt;name&gt;06 in&lt;\/name&gt;                     &lt;strength&gt;strong&lt;\/strength&gt;                     &lt;target&gt;                         &lt;path&gt;organizationalUnit&lt;\/path&gt;                     &lt;\/target&gt;                     &lt;use&gt;correlation&lt;\/use&gt;                 &lt;\/inbound&gt;             &lt;\/attribute&gt;             &lt;association id=\"306\"&gt;                 &lt;ref&gt;AD shared group membership to Midpoint&lt;\/ref&gt;                 &lt;inbound id=\"4781\"&gt;                     &lt;strength&gt;normal&lt;\/strength&gt;                     &lt;channel&gt;http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/channels-3#reconciliation&lt;\/channel&gt;                     &lt;expression&gt;                         &lt;assignmentTargetSearch&gt;                             &lt;targetType&gt;RoleType&lt;\/targetType&gt;                             &lt;filter&gt;                                 &lt;q:equal&gt;                                     &lt;q:path&gt;identifier&lt;\/q:path&gt;                                     &lt;expression&gt;                                         &lt;script&gt;                                             &lt;code&gt;                                                 return basic.getAttributeValue(entitlement, 'dn')                                             &lt;\/code&gt;                                         &lt;\/script&gt;                                     &lt;\/expression&gt;                                 &lt;\/q:equal&gt;                             &lt;\/filter&gt;                             &lt;createOnDemand&gt;true&lt;\/createOnDemand&gt;                             &lt;populateObject&gt;                                 &lt;populateItem&gt;                                     &lt;expression&gt;                                         &lt;script&gt;                                             &lt;code&gt;                                                 basic.getAttributeValue(entitlement, 'cn')                                             &lt;\/code&gt;                                         &lt;\/script&gt;                                     &lt;\/expression&gt;                                     &lt;target&gt;                                         &lt;path&gt;name&lt;\/path&gt;                                     &lt;\/target&gt;                                 &lt;\/populateItem&gt;                                 &lt;populateItem&gt;                                     &lt;expression&gt;                                         &lt;script&gt;                                             &lt;code&gt;                                                 basic.getAttributeValue(entitlement, 'dn')                                             &lt;\/code&gt;                                         &lt;\/script&gt;                                     &lt;\/expression&gt;                                     &lt;target&gt;                                         &lt;path&gt;identifier&lt;\/path&gt;                                     &lt;\/target&gt;                                 &lt;\/populateItem&gt;                                 &lt;populateItem&gt;                                     &lt;expression&gt;                                         &lt;assignmentTargetSearch&gt;                                             &lt;targetType&gt;ArchetypeType&lt;\/targetType&gt;                                             &lt;filter&gt;                                                 &lt;q:equal&gt;                                                     &lt;q:path&gt;name&lt;\/q:path&gt;                                                     &lt;expression&gt;                                                         &lt;value&gt;AD Group Shared ArcheType&lt;\/value&gt;                                                     &lt;\/expression&gt;                                                 &lt;\/q:equal&gt;                                             &lt;\/filter&gt;                                         &lt;\/assignmentTargetSearch&gt;                                     &lt;\/expression&gt;                                     &lt;target&gt;                                         &lt;path&gt;assignment&lt;\/path&gt;                                     &lt;\/target&gt;                                 &lt;\/populateItem&gt;                             &lt;\/populateObject&gt;                         &lt;\/assignmentTargetSearch&gt;                     &lt;\/expression&gt;                     &lt;target&gt;                         &lt;path&gt;assignment&lt;\/path&gt;                     &lt;\/target&gt;                 &lt;\/inbound&gt;                 &lt;kind&gt;entitlement&lt;\/kind&gt;                 &lt;intent&gt;intent Groups Shared Folder POC&lt;\/intent&gt;                 &lt;direction&gt;objectToSubject&lt;\/direction&gt;                 &lt;associationAttribute&gt;ri:member&lt;\/associationAttribute&gt;                 &lt;valueAttribute&gt;ri:dn&lt;\/valueAttribute&gt;             &lt;\/association&gt;             &lt;association id=\"307\"&gt;                 &lt;ref&gt;AD group membership to Midpoint&lt;\/ref&gt;                 &lt;tolerant&gt;false&lt;\/tolerant&gt;                 &lt;kind&gt;entitlement&lt;\/kind&gt;                 &lt;intent&gt;intent MS AD group&lt;\/intent&gt;                 &lt;direction&gt;objectToSubject&lt;\/direction&gt;                 &lt;associationAttribute&gt;ri:member&lt;\/associationAttribute&gt;                 &lt;valueAttribute&gt;ri:dn&lt;\/valueAttribute&gt;                 &lt;explicitReferentialIntegrity&gt;false&lt;\/explicitReferentialIntegrity&gt;             &lt;\/association&gt;             &lt;iteration&gt;                 &lt;maxIterations&gt;15&lt;\/maxIterations&gt;                 &lt;tokenExpression&gt;                     &lt;script&gt;                         &lt;code&gt;                         return iteration + 1                         &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/tokenExpression&gt;             &lt;\/iteration&gt;             &lt;activation&gt;                 &lt;administrativeStatus&gt;                     &lt;outbound id=\"794\"&gt;                         &lt;name&gt;Just Block&lt;\/name&gt;                         &lt;strength&gt;strong&lt;\/strength&gt;                         &lt;source&gt;                             &lt;path&gt;activation\/administrativeStatus&lt;\/path&gt;                         &lt;\/source&gt;                     &lt;\/outbound&gt;                 &lt;\/administrativeStatus&gt;                 &lt;lockoutStatus\/&gt;             &lt;\/activation&gt;             &lt;credentials&gt;                 &lt;password&gt;                     &lt;outbound id=\"765\"&gt;                         &lt;name&gt;initial&lt;\/name&gt;                         &lt;strength&gt;weak&lt;\/strength&gt;                         &lt;expression&gt;                             &lt;generate&gt;                                 &lt;mode&gt;policy&lt;\/mode&gt;                                 &lt;valuePolicyRef oid=\"00000000-0000-0000-0000-000000000003\" type=\"c:ValuePolicyType\" xsi:type=\"c:ObjectReferenceType\"\/&gt;                             &lt;\/generate&gt;                         &lt;\/expression&gt;                     &lt;\/outbound&gt;                 &lt;\/password&gt;             &lt;\/credentials&gt;             &lt;correlation&gt;                 &lt;correlators&gt;                     &lt;items id=\"820\"&gt;                         &lt;name&gt;personalNumber correlation&lt;\/name&gt;                         &lt;item id=\"821\"&gt;                             &lt;ref&gt;personalNumber&lt;\/ref&gt;                         &lt;\/item&gt;                         &lt;item id=\"3066493\"&gt;                             &lt;ref&gt;organizationalUnit&lt;\/ref&gt;                         &lt;\/item&gt;                         &lt;composition\/&gt;                     &lt;\/items&gt;                 &lt;\/correlators&gt;             &lt;\/correlation&gt;             &lt;synchronization&gt;                 &lt;reaction id=\"755\"&gt;                     &lt;situation&gt;linked&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;synchronize id=\"756\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;                 &lt;reaction id=\"757\"&gt;                     &lt;situation&gt;unlinked&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;link id=\"758\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;                 &lt;reaction id=\"835\"&gt;                     &lt;situation&gt;deleted&lt;\/situation&gt;                     &lt;actions&gt;                         &lt;deleteResourceObject id=\"836\"\/&gt;                     &lt;\/actions&gt;                 &lt;\/reaction&gt;             &lt;\/synchronization&gt;         &lt;\/objectType&gt; ... &lt;schemaHandling&gt;<\/code><\/pre>\n<p>\u0415\u0441\u043b\u0438 \u0443 User \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 \u0432 person_account_number 0 \u0442\u043e \u0432\u044b\u0434\u0430\u0435\u0442\u0441\u044f \u043b\u043e\u0433\u0438\u043d \u043a\u0430\u043a nickName, \u0435\u0441\u043b\u0438 1 \u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0431\u043e\u0440 \u0438 \u043b\u043e\u0433\u0438\u043d \u0432\u0438\u0434\u0430 nickName&#8212;1<\/p>\n<p>\u0418 \u043d\u0430\u0432\u0435\u0448\u0438\u0432\u0430\u0435\u043c \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0435 AD \u0440\u043e\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u044b \u043e\u043d\u0438 \u0436\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435. \u0412 \u043e\u0431\u0436\u0435\u043a\u0442 \u0442\u0435\u043f\u043b\u0435\u0439\u0442 POCE Employment MS AD Account Object Template \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n<pre><code class=\"xml\">&lt;item id=\"33\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment to AD group Roles&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;name&gt;Mapping&lt;\/name&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;             &lt;\/source&gt;             &lt;source&gt;                 &lt;path&gt;c:nickName&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;identifier = $person_forward_roles and archetypeRef matches (oid = \"e9eda47b-b097-4814-9605-7177a2482fa1\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;!basic.isEmpty(nickName)&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p>\u041d\u0435 \u0431\u0443\u0434\u0443 \u0442\u0443\u0442 \u043e\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c\u0441\u044f, \u044d\u0442\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0430 \u0442\u0435\u043f\u0435\u0440\u044c \u0447\u0442\u043e \u0435\u0441\u043b\u0438 \u043c\u044b \u0445\u043e\u0442\u0438\u043c \u043d\u0430 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u0437\u0438\u0446\u0438\u0438 \u0442\u043e\u0436\u0435 \u0434\u0435\u043b\u0430\u0442\u044c AD \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0438 \u0442\u0430\u043a \u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 AD \u0433\u0440\u0443\u043f\u043f\u044b \u0432 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0432 AD \u0430\u043a\u043a\u0443\u043d\u0442 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430? \u041c\u043e\u0436\u043d\u043e!<\/p>\n<p>\u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c POCE Person Position MS AD Account Object Template<\/p>\n<p>\u0432 \u043d\u0435\u043c \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;mapping id=\"4\"&gt;         &lt;name&gt;01&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:givenName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:givenName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"5\"&gt;         &lt;name&gt;02&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:familyName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:familyName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"6\"&gt;         &lt;name&gt;03&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:additionalName&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:additionalName&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"7\"&gt;         &lt;name&gt;04&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"8\"&gt;         &lt;name&gt;05&lt;\/name&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;source&gt;             &lt;path&gt;c:personalNumber&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path&gt;c:name&lt;\/path&gt;         &lt;\/source&gt;         &lt;source&gt;             &lt;path xmlns:gen974=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen974:person_employment_parent&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt;personalNumber + \" \" + person_employment_parent + \" \" + name + \" Position MS AD Account\"&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;c:name&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"9\"&gt;         &lt;name&gt;06&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:costCenter&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:costCenter&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"10\"&gt;         &lt;name&gt;07&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/person_employment_parent&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:extension\/person_employment_parent&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"11\"&gt;         &lt;name&gt;08&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:organization&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:organization&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"12\"&gt;         &lt;name&gt;09&lt;\/name&gt;         &lt;source&gt;             &lt;path xmlns:gen974=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen974:person_employment_type&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path xmlns:gen695=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen695:person_employment_type&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"13\"&gt;         &lt;name&gt;10&lt;\/name&gt;         &lt;exclusive&gt;true&lt;\/exclusive&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                 &lt;code&gt;                 result = []  for (i in person_forward_roles) { if (i.startsWith(\"MSAD\")) {ii = i.tokenize( '|' ) result.add(ii[2])} }  return result&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"14\"&gt;         &lt;name&gt;adminStatus to persona&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:activation\/c:administrativeStatus&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:activation\/c:administrativeStatus&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"15\"&gt;         &lt;name&gt;11&lt;\/name&gt;         &lt;authoritative&gt;true&lt;\/authoritative&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;code&gt;'1'&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path xmlns:gen23=\"http:\/\/example.com\/xml\/ns\/mySchema\"&gt;c:extension\/gen23:person_account_number&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;     &lt;mapping id=\"112\"&gt;         &lt;name&gt;088&lt;\/name&gt;         &lt;source&gt;             &lt;path&gt;c:name&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression\/&gt;         &lt;target&gt;             &lt;path&gt;c:organizationalUnit&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;<\/code><\/pre>\n<p> \u0421\u043e\u0437\u0434\u0430\u0435\u043c Object Template \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c POCE Position MS AD Account Object Template<\/p>\n<p>\u0432 \u043d\u0435\u043c \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434  <\/p>\n<pre><code class=\"xml\">&lt;item id=\"2\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment to Position Roles&lt;\/displayName&gt;         &lt;mapping id=\"3\"&gt;             &lt;source&gt;                 &lt;path&gt;c:organizationalUnit&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;locality = $organizationalUnit and archetypeRef matches (oid = \"47374624-553c-4661-b116-d07952900451\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"6\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment to AD group Roles&lt;\/displayName&gt;         &lt;mapping id=\"7\"&gt;             &lt;name&gt;Mapping&lt;\/name&gt;             &lt;authoritative&gt;true&lt;\/authoritative&gt;             &lt;strength&gt;strong&lt;\/strength&gt;             &lt;source&gt;                 &lt;path&gt;c:extension\/person_forward_roles&lt;\/path&gt;             &lt;\/source&gt;             &lt;source&gt;                 &lt;path&gt;c:nickName&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;identifier = $person_forward_roles and archetypeRef matches (oid = \"e9eda47b-b097-4814-9605-7177a2482fa1\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;             &lt;condition&gt;                 &lt;script&gt;                     &lt;code&gt;!basic.isEmpty(nickName)&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/condition&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;     &lt;item id=\"4\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment or creation of nickName role&lt;\/displayName&gt;         &lt;lifecycleState&gt;active&lt;\/lifecycleState&gt;         &lt;mapping id=\"5\"&gt;             &lt;source&gt;                 &lt;path&gt;personalNumber&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;extension\/user_personalNumber = $personalNumber and archetypeRef matches (oid = \"7f71dcf3-c89d-4e23-930b-215423af3849\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                     &lt;createOnDemand&gt;true&lt;\/createOnDemand&gt;                     &lt;populateObject&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;script&gt;                                     &lt;code&gt;                                                personalNumber + \" nickName\"                                             &lt;\/code&gt;                                 &lt;\/script&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;name&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;script&gt;                                     &lt;code&gt;                                                personalNumber                                             &lt;\/code&gt;                                 &lt;\/script&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;extension\/user_personalNumber&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                         &lt;populateItem&gt;                             &lt;expression&gt;                                 &lt;assignmentTargetSearch&gt;                                     &lt;targetType&gt;ArchetypeType&lt;\/targetType&gt;                                     &lt;oid&gt;7f71dcf3-c89d-4e23-930b-215423af3849&lt;\/oid&gt;                                 &lt;\/assignmentTargetSearch&gt;                             &lt;\/expression&gt;                             &lt;target&gt;                                 &lt;path&gt;assignment&lt;\/path&gt;                             &lt;\/target&gt;                         &lt;\/populateItem&gt;                     &lt;\/populateObject&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p> \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0410\u0440\u0445\u0435\u0442\u0438\u043f \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Position MS AD Account<\/p>\n<p>\u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;lifecycleState&gt;active&lt;\/lifecycleState&gt;         &lt;construction&gt;             &lt;resourceRef oid=\"b8618fba-cf8b-416c-8e3b-32ea34cf003d\" relation=\"org:default\" type=\"c:ResourceType\"&gt;                 &lt;!-- Windows MS AD OOO ODIN --&gt;             &lt;\/resourceRef&gt;             &lt;kind&gt;account&lt;\/kind&gt;             &lt;intent&gt;intent  MS AD account&lt;\/intent&gt;         &lt;\/construction&gt;         &lt;focusType&gt;c:UserType&lt;\/focusType&gt;         &lt;condition&gt;             &lt;source&gt;                 &lt;path&gt;nickName&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;script&gt;                     &lt;code&gt;!basic.isEmpty(nickName)&lt;\/code&gt;                 &lt;\/script&gt;             &lt;\/expression&gt;         &lt;\/condition&gt;     &lt;\/inducement&gt;     &lt;inducement id=\"372\"&gt;         &lt;focusMappings&gt;             &lt;mapping id=\"8\"&gt;                 &lt;authoritative&gt;false&lt;\/authoritative&gt;                 &lt;strength&gt;strong&lt;\/strength&gt;                 &lt;expression&gt;                     &lt;script&gt;                         &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                         &lt;code&gt;      linkedDATA = midpoint.findLinkedTarget('from nickName Role to User Account AD Pos') return linkedDATA.emailAddress                                                       &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/expression&gt;                 &lt;target&gt;                     &lt;path&gt;nickName&lt;\/path&gt;                 &lt;\/target&gt;                 &lt;condition&gt;                     &lt;script&gt;                         &lt;code&gt;  linkedDATA = midpoint.findLinkedTarget('from nickName Role to User Account AD Pos') if (basic.isEmpty(linkedDATA)) {return false} else {return !basic.isEmpty(linkedDATA.emailAddress)}                           &lt;\/code&gt;                     &lt;\/script&gt;                 &lt;\/condition&gt;             &lt;\/mapping&gt;         &lt;\/focusMappings&gt;     &lt;\/inducement&gt;     &lt;inducement id=\"375\"&gt;         &lt;lifecycleState&gt;active&lt;\/lifecycleState&gt;         &lt;policyRule&gt;             &lt;name&gt;Recompute on nickName change&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;or id=\"384\"&gt;                     &lt;modification id=\"3815\"&gt;                         &lt;operation&gt;add&lt;\/operation&gt;                         &lt;item&gt;c:nickName&lt;\/item&gt;                     &lt;\/modification&gt;                     &lt;modification id=\"3816\"&gt;                         &lt;operation&gt;modify&lt;\/operation&gt;                         &lt;item&gt;c:nickName&lt;\/item&gt;                     &lt;\/modification&gt;                 &lt;\/or&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;scriptExecution id=\"377\"&gt;                     &lt;name&gt;Script&lt;\/name&gt;                     &lt;object&gt;                         &lt;currentObject&gt;                             &lt;type&gt;c:UserType&lt;\/type&gt;                         &lt;\/currentObject&gt;                     &lt;\/object&gt;                     &lt;executeScript xmlns:s=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/model\/scripting-3\"&gt;                         &lt;s:recompute\/&gt;                     &lt;\/executeScript&gt;                 &lt;\/scriptExecution&gt;             &lt;\/policyActions&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;     &lt;archetypePolicy&gt;         &lt;display&gt;             &lt;icon&gt;                 &lt;cssClass&gt;fa fa-hard-hat&lt;\/cssClass&gt;                 &lt;color&gt;#2d860a&lt;\/color&gt;             &lt;\/icon&gt;         &lt;\/display&gt;         &lt;objectTemplateRef oid=\"d7845c6d-ca3c-4afd-bfda-e48f66c5968b\" relation=\"org:default\" type=\"c:ObjectTemplateType\"&gt;             &lt;!-- POCE Position MS AD Account Object Template --&gt;         &lt;\/objectTemplateRef&gt;         &lt;links&gt;             &lt;targetLink id=\"5\"&gt;                 &lt;name&gt;from nickName Role to User Account AD Pos&lt;\/name&gt;                 &lt;selector&gt;                     &lt;type&gt;c:RoleType&lt;\/type&gt;                     &lt;archetypeRef oid=\"7f71dcf3-c89d-4e23-930b-215423af3849\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                         &lt;!-- POCE nickName Role archeType --&gt;                     &lt;\/archetypeRef&gt;                 &lt;\/selector&gt;             &lt;\/targetLink&gt;             &lt;targetLink id=\"3826\"&gt;                 &lt;name&gt;3545345&lt;\/name&gt;                 &lt;selector&gt;                     &lt;type&gt;c:RoleType&lt;\/type&gt;                     &lt;archetypeRef oid=\"47374624-553c-4661-b116-d07952900451\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                         &lt;!-- POCE Position Role ArcheType --&gt;                     &lt;\/archetypeRef&gt;                 &lt;\/selector&gt;             &lt;\/targetLink&gt;         &lt;\/links&gt;     &lt;\/archetypePolicy&gt; &lt;\/archetype&gt;<\/code><\/pre>\n<p> \u0421\u043e\u0437\u0434\u0430\u0435\u043c Forward \u0440\u043e\u043b\u044c \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c  OOO ODIN FR: Position MS AD Account<\/p>\n<p>\u0437\u0430\u043f\u043e\u043b\u043d\u044f\u0435\u043c<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/882\/4c3\/591\/8824c359118c1a35f6f2b616bb16646d.png\" width=\"1375\" height=\"1129\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/882\/4c3\/591\/8824c359118c1a35f6f2b616bb16646d.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/882\/4c3\/591\/8824c359118c1a35f6f2b616bb16646d.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> O\u043d\u0430 indicement \u0432 \u0440\u043e\u043b\u044c \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043f\u0435\u0440\u0441\u043e\u043d\u044b \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Persona Position Account<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"125\"&gt;         &lt;personaConstruction&gt;             &lt;targetType&gt;UserType&lt;\/targetType&gt;             &lt;objectMappingRef oid=\"3ac53f67-f1c9-4051-8991-8f935145f1b7\" relation=\"org:default\" type=\"c:ObjectTemplateType\"&gt;                 &lt;!-- POCE Person Position MS AD Account Object Template --&gt;             &lt;\/objectMappingRef&gt;             &lt;archetypeRef oid=\"87471a3d-2d25-4309-b58a-af261683adfa\" relation=\"org:default\" type=\"c:ArchetypeType\"&gt;                 &lt;!-- POCE Position MS AD Account --&gt;             &lt;\/archetypeRef&gt;         &lt;\/personaConstruction&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p> \u0412 Object Template \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Position Role Object Template<\/p>\n<p>\u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c<\/p>\n<pre><code class=\"xml\">&lt;mapping id=\"5\"&gt;         &lt;name&gt;Account number property&lt;\/name&gt;         &lt;exclusive&gt;true&lt;\/exclusive&gt;         &lt;strength&gt;strong&lt;\/strength&gt;         &lt;source&gt;             &lt;path&gt;c:extension\/user_forward_roles&lt;\/path&gt;         &lt;\/source&gt;         &lt;expression&gt;             &lt;script&gt;                 &lt;relativityMode&gt;absolute&lt;\/relativityMode&gt;                 &lt;code&gt;for (i in user_forward_roles) { if (i.startsWith(\"NICKNAME\")) {return \"1\"} } return \"NONE\"&lt;\/code&gt;             &lt;\/script&gt;         &lt;\/expression&gt;         &lt;target&gt;             &lt;path&gt;c:extension\/user_account_number&lt;\/path&gt;         &lt;\/target&gt;     &lt;\/mapping&gt;<\/code><\/pre>\n<p> \u0425\u043e\u0442\u044f \u043e\u043d \u043f\u043e \u0441\u0443\u0442\u0438 \u043d\u0435 \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u0435\u0442, \u043d\u043e \u0437\u0430\u0442\u043e \u0432\u0438\u0434\u043d\u043e<\/p>\n<p>\u041a\u0430\u0436\u0435\u0442\u0441\u044f \u0432\u0441\u0435 \u043e\u043f\u0438\u0441\u0430\u043b, \u043c\u043e\u0433 \u0447\u0442\u043e \u0442\u043e \u0443\u043f\u0443\u0441\u0442\u0438\u0442\u044c, \u043c\u043d\u043e\u0433\u043e \u0440\u0430\u0437 \u0434\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u043b \u0438 \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u0432\u0430\u043b, \u0432\u043e\u0442 \u0441\u0445\u0435\u043c\u043a\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d27\/970\/94c\/d2797094c5630e155a0c11215427c1ca.png\" width=\"3372\" height=\"2315\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/d27\/970\/94c\/d2797094c5630e155a0c11215427c1ca.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/d27\/970\/94c\/d2797094c5630e155a0c11215427c1ca.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p><strong>\u0422\u0435\u0441\u0442<\/strong><\/p>\n<p>\u0418\u043c\u0435\u0435\u043c \u043f\u043e \u0443\u0447\u0435\u0442\u043a\u0430\u043c<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8d8\/a89\/7d5\/8d8a897d5e40c0c6bd20ae6e7c2517aa.png\" width=\"1375\" height=\"1089\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/8d8\/a89\/7d5\/8d8a897d5e40c0c6bd20ae6e7c2517aa.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8d8\/a89\/7d5\/8d8a897d5e40c0c6bd20ae6e7c2517aa.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0421\u043c\u043e\u0442\u0440\u0438\u043c \u0432 \u043f\u0440\u043e\u044d\u043a\u0446\u0438\u044e \u0432 AD \u0443 600667 EMP002001 Employment MS AD Account \u0447\u0442\u043e \u0435\u043c\u0443 \u0432\u044b\u0434\u0430\u043d\u043e \u0438\u0437 AD \u0433\u0440\u0443\u043f\u043f\u044b<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8cd\/af6\/b4b\/8cdaf6b4b78496cd4bc230220917a66c.png\" width=\"1521\" height=\"830\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/8cd\/af6\/b4b\/8cdaf6b4b78496cd4bc230220917a66c.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/8cd\/af6\/b4b\/8cdaf6b4b78496cd4bc230220917a66c.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u0412\u044b\u0434\u0430\u0435\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e POS000101 \u0440\u043e\u043b\u044c OOO ODIN FR: Position MS AD Account \u0438 \u043f\u043e \u0433\u0440\u0443\u043f\u043f\u0430\u043c \u0441\u0440\u0430\u0437\u0443 \u0432\u0441\u0435 \u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f. \u0423  600667 EMP002001 Employment MS AD Account \u0442\u0435\u043f\u0435\u0440\u044c<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/373\/1cc\/c96\/3731ccc96f2c7ff985c4a5d2254a5685.png\" width=\"1521\" height=\"830\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/373\/1cc\/c96\/3731ccc96f2c7ff985c4a5d2254a5685.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/373\/1cc\/c96\/3731ccc96f2c7ff985c4a5d2254a5685.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p>\u041d\u0430 \u0434\u0432\u0435 AD \u0433\u0440\u0443\u043f\u043f\u044b \u043c\u0435\u043d\u044c\u0448\u0435,  \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 POS000101 \u0438\u0445 \u0442\u0435\u043f\u0435\u0440\u044c \u043d\u0435 \u043e\u0442\u0434\u0430\u0435\u0442 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443, \u0430 \u0432\u044b\u0434\u0430\u0435\u0442 \u0441\u0432\u043e\u0435\u0439 \u0443\u0447\u0435\u0442\u043a\u0435 600667 EMP002001 POS000101 Position MS AD Account<\/p>\n<figure class=\"full-width\"><img decoding=\"async\" src=\"https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/dc7\/a3d\/b47\/dc7a3db47cd35ffb1dec37df10a1d716.png\" width=\"1521\" height=\"830\" sizes=\"auto, (max-width: 780px) 100vw, 50vw\" srcset=\"https:\/\/habrastorage.org\/r\/w780\/getpro\/habr\/upload_files\/dc7\/a3d\/b47\/dc7a3db47cd35ffb1dec37df10a1d716.png 780w,&#10;       https:\/\/habrastorage.org\/r\/w1560\/getpro\/habr\/upload_files\/dc7\/a3d\/b47\/dc7a3db47cd35ffb1dec37df10a1d716.png 781w\" loading=\"lazy\" decode=\"async\"\/><\/figure>\n<p> \u0412\u043e\u0442 \u0442\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u043e, \u0430 \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043f\u0440\u043e\u0441\u0442\u043e, \u0432 Midpoint \u043d\u0430\u0437\u043d\u0430\u0447\u0430\u0442\u044c \u0440\u043e\u043b\u0438 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f\u043c \u0432 \u0430\u0434\u043c\u0438\u043d\u043a\u0435!<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><!----><!----><\/div>\n<p><!----><!----><br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/articles\/904450\/\"> https:\/\/habr.com\/ru\/articles\/904450\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div><!--[--><!--]--><\/div>\n<div id=\"post-content-body\">\n<div>\n<div class=\"article-formatted-body article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<p>\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438  \u0421\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a-\u0422\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e-\u041d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u0434\u043e\u043b\u0436\u043d\u043e\u0441\u0442\u044c \u0432 IDM Midpoint. \u0412 \u043f\u0435\u0440\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043c\u044b \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b\u0438 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043f\u0443\u0442\u0438 \u0435\u0451 \u043f\u0435\u0440\u0435\u0442\u0435\u043a\u0430\u043d\u0438\u044f \u0438\u0437 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430 \u0432 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0438\u0437 \u043a\u0430\u0434\u0440\u043e\u0432\u043e\u0433\u043e \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430. \u0422\u0435\u043f\u0435\u0440\u044c \u0431\u0443\u0434\u0435\u043c \u0434\u0435\u043b\u0430\u0442\u044c \u0442\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435 \u0441 \u0440\u043e\u043b\u044f\u043c\u0438. \u041d\u0430\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0435\u0449\u0435 \u0434\u0432\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438  Forward \u0440\u043e\u043b\u0438 \u0438 nickName \u043a\u0430\u043a \u0440\u043e\u043b\u044c.<\/p>\n<figure class=\"full-width\"><\/figure>\n<p>\u0427\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0432 \u043a\u043e\u043d\u0446\u0435: \u0412\u044b\u0434\u0430\u0447\u0430 \u0440\u043e\u043b\u0435\u0439 \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u0412\u044b\u0434\u0430\u0447\u0430 \u0443\u0447\u0435\u0442\u043e\u043a AD \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u041e\u0442\u0431\u043e\u0440 AD \u0433\u0440\u0443\u043f\u043f \u043f\u0440\u0438\u0448\u0435\u0434\u0448\u0438\u0445 \u0432 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0442 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438 \u0432\u044b\u0434\u0430\u0447\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e AD \u0443\u0447\u0435\u0442\u043a\u0438. \u0420\u043e\u043b\u044c \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u043b\u043e\u0433\u0438\u043d \u0438 \u0440\u0430\u0437\u0434\u0430\u044e\u0449\u0430\u044f \u0435\u0433\u043e \u0432\u0441\u0435\u043c \u0443\u0447\u0435\u0442\u043a\u0430\u043c.<\/p>\n<p><strong>\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f  Forward \u0440\u043e\u043b\u0438<\/strong><\/p>\n<p>\u0412  Midpoint \u0432\u0448\u0438\u0442\u044b \u0438 \u043c\u0430\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c\u044b, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u044f\u0437\u0430\u043d\u044b \u043a \u043e\u0434\u043d\u043e\u043c\u0443 \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0443, \u043d\u043e \u0446\u0435\u043d\u043d\u044b \u043a\u0430\u043a \u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0442\u0438\u043f\u044b \u0440\u043e\u043b\u0435\u0439:<\/p>\n<ul>\n<li>\n<p>\u0411\u0438\u0437\u043d\u0435\u0441 \u0440\u043e\u043b\u044c &#8212; \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0440\u043e\u043b\u0438 &#8212; \u0432\u044b\u0434\u0430\u044e\u0442 \u0447\u0442\u043e-\u0442\u043e \u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u0435<\/p>\n<\/li>\n<\/ul>\n<p>\u0412 Midpoint \u0432 GUI \u043e\u043d\u0438 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u044b \u0438 \u0440\u0430\u0441\u043a\u0440\u0430\u0448\u0435\u043d\u044b &#8212; \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043d\u043e \u043a\u0430\u043a \u0442\u0438\u043f-\u043f\u043e\u0434\u0445\u043e\u0434-\u0444\u043e\u0440\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u043a\u0443 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c! \u041d\u0430\u043c \u043d\u0443\u0436\u0435\u043d \u0435\u0449\u0435 \u043e\u0434\u0438\u043d \u0442\u0438\u043f Forward \u0440\u043e\u043b\u0438, \u043e\u043d\u0438 \u043f\u043e \u0430\u043d\u0430\u043b\u043e\u0433\u0438 \u0441 Forward Contract \u0438\u0437 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e\u0439 \u0441\u0444\u0435\u0440\u044b, \u0431\u0443\u0434\u0443\u0442 \u043d\u0430\u043c \u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0442\u0435\u0445 \u0440\u043e\u043b\u0435\u0439 \u043a\u043e\u0442\u043e\u0440\u044b \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u043d\u0430 \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0438. \u0422\u0430\u043a\u043e\u0439 \u0437\u0430\u044f\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u043e\u0440\u043c\u0430\u0442 \u043f\u0440\u0430\u0432 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u043c \u0438\u0445 \u043f\u0440\u0438\u0432\u044f\u0437\u0430\u0442\u044c \u043a \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0442\u044c \u0438\u0445 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0441\u0447\u0435\u0437\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u043d\u044b\u0445.<\/p>\n<p>\u0418 \u0442\u043e\u0433\u0434\u0430 \u043f\u043e \u0442\u0438\u043f\u0430\u043c \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0443\u0442 \u0442\u0430\u043a\u0438\u0435 \u0440\u043e\u043b\u0438:<\/p>\n<ul>\n<li>\n<p>\u0411\u0438\u0437\u043d\u0435\u0441 \u0440\u043e\u043b\u044c &#8212; \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439 \u0438\u043b\u0438 Forward \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>Forward \u0440\u043e\u043b\u0438 &#8212; \u043f\u0438\u0448\u0443\u0442 \u0432 \u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044f \u0447\u0442\u043e \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0438\u0437 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u0440\u043e\u043b\u0435\u0439<\/p>\n<\/li>\n<li>\n<p>\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0440\u043e\u043b\u0438 &#8212; \u0432\u044b\u0434\u0430\u044e\u0442 \u0447\u0442\u043e-\u0442\u043e \u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u0435<\/p>\n<\/li>\n<\/ul>\n<p>\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0434\u043b\u044f MS AD group \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u0434\u0435\u043b\u0430\u0442\u044c \u0434\u0432\u0435 \u0440\u043e\u043b\u0438 \u0438 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u0438 Forward. Forward \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a, \u0430 \u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0435\u0433\u043e \u0410\u043a\u043a\u0430\u0443\u043d\u0442 \u043a\u0430\u043a User.  <\/p>\n<p>\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u0434\u043e\u0431\u0430\u0432\u0438\u043c \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u0432 Midpoint. \u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e \u0432 \u043f\u0430\u043f\u043a\u0443 \/opt\/midpoint\/var\/schema \u0444\u0430\u0439\u043b employment_part2.xsd<\/p>\n<pre><code class=\"xml\">&lt;xsd:schema elementFormDefault=\"qualified\" targetNamespace=\"http:\/\/example.com\/xml\/ns\/mySchema\"   xmlns:tns=\"http:\/\/example.com\/xml\/ns\/mySchema\"   xmlns:a=\"http:\/\/prism.evolveum.com\/xml\/ns\/public\/annotation-3\"   xmlns:c=\"http:\/\/midpoint.evolveum.com\/xml\/ns\/public\/common\/common-3\"   xmlns:xsd=\"http:\/\/www.w3.org\/2001\/XMLSchema\"&gt;   &lt;xsd:complexType name=\"RoleExtensionType\"&gt;     &lt;xsd:annotation&gt;       &lt;xsd:appinfo&gt;         &lt;a:extension ref=\"c:RoleType\"\/&gt;       &lt;\/xsd:appinfo&gt;     &lt;\/xsd:annotation&gt;     &lt;xsd:sequence&gt;       &lt;xsd:element name=\"role_purpose_type\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Purpose type&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;156&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"role_root_system\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Root system&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;156&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_forward_roles\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Users Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;138&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_forward_roles_inherited\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Users Inherited Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;139&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"user_account_number\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Account Number&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;148&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;     &lt;\/xsd:sequence&gt;   &lt;\/xsd:complexType&gt;     &lt;xsd:complexType name=\"UserExtensionType\"&gt;     &lt;xsd:annotation&gt;       &lt;xsd:appinfo&gt;         &lt;a:extension ref=\"c:UserType\"\/&gt;       &lt;\/xsd:appinfo&gt;     &lt;\/xsd:annotation&gt;     &lt;xsd:sequence&gt;       &lt;xsd:element name=\"person_forward_roles\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;138&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"person_forward_roles_inherited\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"unbounded\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Inherited Forward Roles&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;139&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;       &lt;xsd:element name=\"person_account_number\" type=\"xsd:string\" minOccurs=\"0\" maxOccurs=\"1\"&gt;         &lt;xsd:annotation&gt;           &lt;xsd:appinfo&gt;             &lt;a:indexed&gt;true&lt;\/a:indexed&gt;             &lt;a:displayName&gt;Account Number&lt;\/a:displayName&gt;             &lt;a:displayOrder&gt;148&lt;\/a:displayOrder&gt;             &lt;a:help&gt;ToDo&lt;\/a:help&gt;           &lt;\/xsd:appinfo&gt;         &lt;\/xsd:annotation&gt;       &lt;\/xsd:element&gt;     &lt;\/xsd:sequence&gt;   &lt;\/xsd:complexType&gt; &lt;\/xsd:schema&gt;<\/code><\/pre>\n<p>\u041f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Midpoint<\/p>\n<p>\u0418 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443 \u043d\u0430\u0441 \u0432 \/opt\/midpoint\/var\/info\/POC_EMPLOYMENT_DATA.csv<\/p>\n<p>\u0442\u0430\u043a\u0438\u0435<\/p>\n<pre><code>number_poce;type_poce;main_id;parent_id;members_poce;member_of_poce;name_poce;grade_poce;title_poce;department_poce;subordinate_to_poce;status_poce;info_01;info_02;info_03 1;user;600667;;;EMP002001,EMP002002;;;;;;active;;; 2;employment;EMP002001;EMP001001;600667;POS100995,POS100996,POS000101,POS100108,POS100171,POS100345;;;\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0435;;;active;;; 3;employment;EMP002002;EMP001002;600667;POS000125,POS000124;;;\u0421\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e;;;disabled;;; 4;position;POS000101;EMP002001;;;;;\u0421\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0439 \u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440;;600110;active;;; 5;position;POS000125;EMP002002;;;;;\u0423\u0431\u043e\u0440\u0449\u0438\u043a;;;disabled;;; 6;position;POS000124;EMP002002;;;;;\u0413\u0440\u0443\u0437\u0447\u0438\u043a;;;disabled;;; 7;position;POS100108;EMP002001;;;;;\u041f\u0440\u0438\u043d\u0435\u0441\u0438 \u0432\u043e\u0434\u044b;;;disabled;;; 8;position;POS100171;EMP002001;;;;;\u041a\u0443\u0440\u044c\u0435\u0440;;;active;;; 9;position;POS100345;EMP002001;;;;;\u0421\u0431\u043e\u0440\u0449\u0438\u043a \u043c\u0435\u0431\u0435\u043b\u0438;;;active;;; 10;position;POS100995;EMP002001;;;;;\u0411\u0443\u0445\u0433\u0430\u043b\u0442\u0435\u0440;;;active;;; 11;position;POS100996;EMP002001;;;;;\u041a\u0430\u0441\u0441\u0438\u0440;;;disabled;;; 12;employment;EMP002003;EMP001001;600110;POS100885,POS100886;;;\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0435;;;active;;; 13;user;600110;;;EMP002003;;;;;;active;;; 14;position;POS100885;EMP002003;;;;;\u0411\u0438\u0433 \u0411\u043e\u0441\u0441;;;active;;; 15;position;POS100886;EMP002003;;;;;\u041a\u0430\u0441\u0441\u0438\u0440;;;active;;;<\/code><\/pre>\n<p>\u041d\u0430 \u043a\u0430\u0436\u0434\u0443\u044e Forward \u0440\u043e\u043b\u044c \u0431\u0443\u0434\u0443\u0442 \u043d\u0430\u0432\u0435\u0448\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043a\u0430\u043a \u043e\u043d\u0430 \u0441\u0435\u0431\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u0435\u0441\u0442\u0438 &#8212; \u043a\u043e\u043c\u0443 \u043e\u0442\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043f\u0438\u0441\u0430\u0442\u044c.<\/p>\n<p>\u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u044d\u0442\u0438 \u0440\u043e\u043b\u0438<\/p>\n<p>\u0412 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role for Employment  in EMP01001 Company<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have same Company&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"3\"&gt;                     &lt;targetRef oid=\"e23bf649-5d84-440f-9993-818b4960bfcf\" relation=\"org:default\" type=\"c:RoleType\"&gt;                         &lt;!-- EMP001001 --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Send ERROR&lt;\/name&gt;                 &lt;\/enforcement&gt;             &lt;\/policyActions&gt;             &lt;evaluationTarget&gt;assignment&lt;\/evaluationTarget&gt;         &lt;\/policyRule&gt;     &lt;\/inducement&gt;<\/code><\/pre>\n<p>\u041f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u044b\u0431\u043e\u0440 \u0435\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0438\u043b\u0438 \u0432\u044b\u0434\u0430\u0451\u0442\u0441\u044f Forward \u0440\u043e\u043b\u044c \u0442\u0440\u0443\u0434\u043e\u0443\u0442\u0441\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0438\u043b\u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044e \u0443 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043d\u0435\u0442 \u0440\u043e\u043b\u0438 \u043a\u0430\u0440\u0442\u043e\u0447\u043a\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.<\/p>\n<p>\u0427\u0442\u043e\u0431\u044b \u044d\u0442\u0430 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0432\u0441\u0435\u043c \u0442\u0440\u0443\u0434\u043e\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c-\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f\u043c \u0432\u044b\u0434\u0430\u0442\u044c \u0440\u043e\u043b\u044c \u0438\u0437 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.<\/p>\n<p>\u0412 Configuration\\Object Template\\ \u0434\u043e\u0431\u0430\u0432\u044f\u043b\u0435\u043c \u0432 POCE Position User Object Template \u0438 \u0432 POCE Employment User Object Template<\/p>\n<p>\u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;item id=\"3\"&gt;         &lt;ref&gt;assignment&lt;\/ref&gt;         &lt;displayName&gt;Assignment to Organization Role&lt;\/displayName&gt;         &lt;mapping id=\"9\"&gt;             &lt;source&gt;                 &lt;path&gt;organization&lt;\/path&gt;             &lt;\/source&gt;             &lt;expression&gt;                 &lt;assignmentTargetSearch&gt;                     &lt;targetType&gt;RoleType&lt;\/targetType&gt;                     &lt;filter&gt;                         &lt;q:text&gt;identifier = $organization and archetypeRef matches (oid = \"f44dc355-31d3-499b-9854-e0ae277a60dc\")&lt;\/q:text&gt;                     &lt;\/filter&gt;                 &lt;\/assignmentTargetSearch&gt;             &lt;\/expression&gt;         &lt;\/mapping&gt;     &lt;\/item&gt;<\/code><\/pre>\n<p>\u0417\u0434\u0435\u0441\u044c \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0447\u0442\u043e \u0443 \u043d\u0430\u0441 \u0432  assignmentTargetSearch \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u0430\u0440\u0445\u0435\u0442\u0438\u043f\u0430 \u0440\u043e\u043b\u0435\u0439 \u043a\u0430\u0440\u0442\u043e\u0447\u0435\u043a \u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u0442\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e, \u0440\u0430\u043d\u0435\u0435 \u044f \u043f\u0440\u043e\u0441\u0442\u043e \u0438\u0441\u043a\u0430\u043b \u043f\u043e identifier \u0432 \u043d\u0430\u0434\u0435\u0436\u0434\u0435 \u0447\u0442\u043e \u043e\u043d \u0443\u043d\u0438\u043a\u0430\u043b\u0435\u043d, \u0445\u043e\u0442\u044f \u043e\u043d \u043d\u0435 name \u0438 \u043d\u0435 \u043e\u0431\u044f\u0437\u0430\u043d.<\/p>\n<p>\u0414\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0443\u0436\u043d\u0430 \u0442\u0430\u043a\u0430\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430 \u0432 Administration\\Roles \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043e\u0431\u044b\u0447\u043d\u0443\u044e \u0440\u043e\u043b\u044c \u0447\u0435\u0440\u043d\u0443\u044e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c POCE Policy: Forward Role for Employment  in EMP01002 Company<\/p>\n<p>\u0432 \u043d\u0435\u0451 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043a\u043e\u0434<\/p>\n<pre><code class=\"xml\">&lt;inducement id=\"2\"&gt;         &lt;policyRule&gt;             &lt;name&gt;Member must have same Company&lt;\/name&gt;             &lt;policyConstraints&gt;                 &lt;requirement id=\"3\"&gt;                     &lt;targetRef oid=\"9fad33eb-d7cb-4aea-a828-835665d6ce9b\" relation=\"org:default\" type=\"c:RoleType\"&gt;                         &lt;!-- EMP001002 --&gt;                     &lt;\/targetRef&gt;                 &lt;\/requirement&gt;             &lt;\/policyConstraints&gt;             &lt;policyActions&gt;                 &lt;enforcement&gt;                     &lt;name&gt;Enf&lt;\/name&gt;   <\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-457446","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/457446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=457446"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/457446\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=457446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=457446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=457446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}