[Midpoint-dev] Assistance with Resource/Account provisioning operations using Webservice client

Tue Jan 6 14:55:57 CET 2015

Hi Dharmendra,

I see several issues with your code:

You cannot add assignment to an account shadow. Shadows just reflect how 
the account looks on the resource. They follow the reality and they do 
NOT specify policy. See here: 
https://wiki.evolveum.com/display/midPoint/Assigning+vs+Linking

You need to add assignment to the user. MidPoint is a typical IDM 
product which means it is centered around the concept of a user. The 
assignment specifies a policy and policy is bound to the user. See here: 
https://wiki.evolveum.com/display/midPoint/Assignment and here: 
https://wiki.evolveum.com/display/midPoint/Assignment+Configuration

Your code is a bit confusing here. It sets the type of shadowDelta to 
RoleType. But both is wrong. You probably do not want to modify the 
assignment of a role either. You probably want to add or modify the 
assignment of user. The model-client-sample already has a code to do this.

But maybe I have not understood what you are trying to do correctly. If 
this is the case then it would be best if you describe what you are 
trying to achieve.

BTW: There is a way how to manipulate the account directly. But in that 
case you cannot use assignments. You need to directly modify account 
attributes or entitlements 
(https://wiki.evolveum.com/display/midPoint/Entitlements). But this is 
not what IDM systems are primarily designed to do.

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com

On 12/29/2014 12:30 PM, dharmendra parakh wrote:
> Hi
>
> Hope you all had a nice Christmas, I wish you all a very Happy new 
> year 2015 ahead.
>
> I have a requirement where i have to provision account/resource to a 
> role/user in midpoint using model web service. I was able to create 
> and search account using web service client (model-client-sample)
>
> - I need some pointers on how to update the account. I tried few 
> things some didn't work and some worked partially. can you help me 
> providing the right way or a code snippet to do it.
>
>     I have attached a code snippet which replaces the role assignment
>     and it works if i remove the attribute itself from construction
>     but when i try to remove some values of a multi-valued attribute
>     instead of removing those values it tries to add other value which
>     are already present
>
>
> - One more thing there is a method in web service to get the owner of 
> shadow account but that can be a user only, how we can get the owner 
> of a shadow if that owner is a role.
>
>     following is the method:
>
>         *findShadowOwner(shadowOid, user, result);*
>
>
>
> Thanks & regards
> Dharmendra
>
>
> _______________________________________________
> midPoint-dev mailing list
> midPoint-dev at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint-dev/attachments/20150106/e6a6ebe8/attachment.html>