[midPoint] Trouble deleting user (v3.7.2)
Ivan Noris
ivan.noris at evolveum.com
Wed Jun 27 09:10:37 CEST 2018
Hi Wojciech,
until anyone with deeper code experience will have a chance to answer,
two things might help:
1) do you have stack trace for this problem? This would help to isolate
the problem in your expression or in midpoint library. Which midPoint
version is this?
2) the preIterationCondition could be modified to return true if the
$user is null (when user gets deleted). That could be the workaround for
the original problem.
>From what I see midPoint is trying to delete user, not account.
As for the other question that would require answers from developers.
Maybe the pre/post iteration expressions should not be executed when
user gets deleted, but maybe some customer will do account rename during
delete (e.g. moving to ou=disabled or something like that) and the
mechanism should be trigerred.
I don't see getAt() method either, so stack trace and midpoint version
should help us to search for the possible cause.
Best regards,
Ivan
On 26.06.2018 23:07, Wojciech Staszewski wrote:
> Hello!
>
> I try to delete user but I get an error.
> The error comes from pre-iteration expression of one of assigned resources.
>
> Error:
> Couldn't delete user.
> Message
> java.lang.NullPointerException: Cannot invoke method getAt() on null
> object in (new) pre-iteration expression in account(ID
> {.../connector/icf-1/resource-schema-3}uid = [ 94740706 ], type 'AAA',
> resource:xxx-oid-xxx(resource name))
> Parameters
> options
> [ModelExecuteOptions(executeImmediatelyAfterApproval=false,force=false,reconcile=false,reconcileAffected=false)]
> Error
> java.lang.NullPointerException: Cannot invoke method getAt() on null
> object in (new) pre-iteration expression in account(ID
> {.../connector/icf-1/resource-schema-3}uid = [ 94740706 ], type 'AAA',
> resource:xxx-oid-xxx(resource name))
>
> I have no "getAt()" method in the expression.
> The pre-iteration expression:
>
> <preIterationCondition>
> <variable>
> <name>firstname</name>
> <c:path>$shadow/attributes/ri:firstname</c:path>
> </variable>
> <variable>
> <name>surname</name>
> <c:path>$shadow/attributes/ri:surname</c:path>
> </variable>
> <variable>
> <name>login</name>
> <c:path>$shadow/attributes/ri:login</c:path>
> </variable>
> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="c:ScriptExpressionEvaluatorType">
> <code>
> def (firstfamilyname,secondfamilyname) =
> user?.getFamilyName()?.toString()?.tokenize('-');
> def templogin =
> basic.norm(user?.getGivenName()?.toString()?.replace("Ł","L")?.replace("ł","l")?.toString()?.take(1))?.toUpperCase()
> +
> basic.norm(firstfamilyname?.replace("Ł","L")?.replace("ł","l"))?.toString()?.toUpperCase()
> + iterationToken;
> return midpoint.isUniqueAccountValue(resource, shadow,
> 'login', templogin);
> </code>
> </script>
> </preIterationCondition>
>
> This expression takes first letter of the user given name, whole first
> family name (both normalized), example: Anna Smith-Wilson = ASMITH and
> checks if this calculated login exists in the resource.
>
> The resource has "disable instead delete" mechanism applied taken from
> training labs materials.
>
> Questions:
>
> 1) Why midPoint tries to delete account from this resource instead
> disable and unassign it (disable instead delete)?
> 2) Why midPoint runs the pre-iteration condition on delete operation?
> Isn't it a create operation specific expression?
> 3) Where to find getAt() method, as it is not present in the expression?
>
> Thanks!
> Wojciech Staszewski
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
More information about the midPoint
mailing list