[midPoint] Undeletable object
Viliam Repan
vilo.repan at evolveum.com
Tue Oct 1 13:47:05 CEST 2013
Hi Vincent,
I've just created Jira issue for this problem,
https://jira.evolveum.com/browse/MID-1624 , will be fixed in next
release (2.3) also in 2.2.1 if necessary.
Best regards,
vilo
On 09/30/2013 08:36 PM, Belleville-Rioux, Vincent wrote:
> Ok, I understand.
>
> I've been trying to set it up the way your suggest with limited success...
>
> For some reason, in one of my tests, I ended up with an undeletable
> object in the shadow object types... I think the only way to fix
> that for me would be to go into the h2db and do manual queries. Just
> wanted to share the problem :
>
>
> Object :
>
>
> <object
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> oid="f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8"
> version="6"
> xsi:type="ShadowType">
> <name>
> <orig
> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</orig>
> <norm
> xmlns="http://prism.evolveum.com/xml/ns/public/types-2">undeletableobject</norm>
> </name>
> <trigger id="1">
> <timestamp>2018-01-01T00:00:00.000-05:00</timestamp>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/trigger/recompute/handler-2</handlerUri>
> </trigger>
> <metadata>
> <createTimestamp>2013-09-30T14:23:23.817-04:00</createTimestamp>
> <creatorRef
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
> oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"/>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-2#discovery</createChannel>
> <modifyTimestamp>2013-09-30T14:26:27.965-04:00</modifyTimestamp>
> <modifierRef oid="00000000-0000-0000-0000-000000000002"/>
> <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-2#user</modifyChannel>
> </metadata>
> <resourceRef
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
> oid="af2bc95b-76e0-48e2-86d6-3d4f02d3fafe"
> type="c:ResourceType"/>
> <objectClass
> xmlns:qn363="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2">qn363:AccountObjectClass</objectClass>
> <c:kind
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-2"
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-2"
> xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-2"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-2"
> xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2"
> xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-2"
> xmlns:wfcf="http://midpoint.evolveum.com/xml/ns/model/workflow/common-forms-2"
> xmlns:m="http://midpoint.evolveum.com/xml/ns/public/model/model-context-2"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:enc="http://www.w3.org/2001/04/xmlenc#">account</c:kind>
> <intent>default</intent>
> <iteration>0</iteration>
> <iterationToken/>
> </object>
>
>
> -----------------------------
>
> Error when trying to delete it :
>
>
> *
> Couldn't delete object 'undeletableobject'.
>
> o
> Delete object (Gui)
> o _Cause:_
>
> Subresult
> com.evolveum.midpoint.provisioning.api.ProvisioningService.deleteObject
> of operation
> com.evolveum.midpoint.model.api.ModelService.executeChanges is
> still UNKNOWN during cleanup; during handling of exception
> com.evolveum.midpoint.util.exception.SystemException:
> Referential integrity constraint violation: "FK_TRIGGER_OWNER:
> PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID, OWNER_OID) REFERENCES
> PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
> delete from m_object where id=? and oid=? [23503-171]
>
> o
> [ SHOW ERROR STACK ]
> Collapse all Expand all Export to XML
> o Execute changes (Model)
> + Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
> delete from m_object where id=? and oid=? [23503-171]
> + _Param:_ options: com.evolveum.midpoint.model.api.ModelExecuteOptions at 4653a06c
> + _Cause:_
>
> Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN KEY(OWNER_ID,
> OWNER_OID) REFERENCES PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL statement:
> delete from m_object where id=? and oid=? [23503-171]
>
> [ SHOW ERROR STACK ]
> + Delete object (Provisioning)
> #
>
> # _Param:_ scripts:
> # _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
> # _Context:_ implementationClass: class
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl
> # Get object (Repository)
> # Delete object (Repository)
> * Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
> KEY(OWNER_ID, OWNER_OID) REFERENCES
> PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
> statement: delete from m_object where id=? and
> oid=? [23503-171]
> * _Param:_ oid: f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8
> * _Param:_ type: com.evolveum.midpoint.xml.ns._public.common.common_2a.ShadowType
> * _Cause:_
>
> Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
> KEY(OWNER_ID, OWNER_OID) REFERENCES
> PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
> statement:
> delete from m_object where id=? and oid=? [23503-171]
>
> [ HIDE ERROR STACK ]
> |
>
> org.hibernate.exception.ConstraintViolationException:
> Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
> KEY(OWNER_ID, OWNER_OID) REFERENCES
> PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
> statement:
> delete from m_object where id=? and oid=? [23503-171]
> at
> org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)
> at
> org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49)
> at
> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)
> at
> org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)
> at
> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)
> at
> org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)
> at com.sun.proxy.$Proxy113.executeUpdate(Unknown
> Source)
> at
> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3240)
> at
> org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3440)
> at
> org.hibernate.action.internal.EntityDeleteAction.execute(EntityDeleteAction.java:100)
> at
> org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:362)
> at
> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:354)
> at
> org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:280)
> at
> org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)
> at
> org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)
> at
> org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1210)
> at
> org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:399)
> at
> org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)
> at
> org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObjectAttempt(SqlRepositoryServiceImpl.java:651)
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject_aroundBody6(SqlRepositoryServiceImpl.java:609)
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl$AjcClosure7.run(SqlRepositoryServiceImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
> at
> com.evolveum.midpoint.repo.sql.SqlRepositoryServiceImpl.deleteObject(SqlRepositoryServiceImpl.java:590)
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject_aroundBody12(RepositoryCache.java:249)
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache$AjcClosure13.run(RepositoryCache.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processRepositoryNdc(MidpointAspect.java:59)
> at
> com.evolveum.midpoint.repo.cache.RepositoryCache.deleteObject(RepositoryCache.java:247)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject_aroundBody12(ProvisioningServiceImpl.java:870)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl$AjcClosure13.run(ProvisioningServiceImpl.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processProvisioningNdc(MidpointAspect.java:69)
> at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.deleteObject(ProvisioningServiceImpl.java:818)
> at
> com.evolveum.midpoint.model.controller.ModelController.executeChanges_aroundBody2(ModelController.java:363)
> at
> com.evolveum.midpoint.model.controller.ModelController$AjcClosure3.run(ModelController.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processModelNdc(MidpointAspect.java:79)
> at
> com.evolveum.midpoint.model.controller.ModelController.executeChanges(ModelController.java:313)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:434)
> at com.sun.proxy.$Proxy7.executeChanges(Unknown
> Source)
> at
> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.deleteObjectConfirmedPerformed(PageDebugList.java:515)
> at
> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList.access$3(PageDebugList.java:509)
> at
> com.evolveum.midpoint.web.page.admin.configuration.PageDebugList$1.yesPerformed(PageDebugList.java:141)
> at
> com.evolveum.midpoint.web.component.dialog.ConfirmationDialog$3.onClick(ConfirmationDialog.java:87)
> at
> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:86)
> at
> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:131)
> at
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:603)
> at
> sun.reflect.GeneratedMethodAccessor544.invoke(Unknown
> Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
> at
> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:247)
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:226)
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:840)
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:254)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:211)
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:282)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:244)
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:188)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:267)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter_aroundBody0(MidPointProfilingServletFilter.java:69)
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter$AjcClosure1.run(MidPointProfilingServletFilter.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.wrapSubsystem(MidpointAspect.java:169)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.ajc$inlineAccessMethod$com_evolveum_midpoint_util_aspect_MidpointAspect$com_evolveum_midpoint_util_aspect_MidpointAspect$wrapSubsystem(MidpointAspect.java:1)
> at
> com.evolveum.midpoint.util.aspect.MidpointAspect.processWebNdc(MidpointAspect.java:84)
> at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:65)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)
> at
> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:617)
> at
> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1760)
> at java.lang.Thread.run(Thread.java:724)
> Caused by: org.h2.jdbc.JdbcSQLException:
> Referential integrity constraint violation:
> "FK_TRIGGER_OWNER: PUBLIC.M_TRIGGER FOREIGN
> KEY(OWNER_ID, OWNER_OID) REFERENCES
> PUBLIC.M_OBJECT(ID, OID) (0,
> 'f17ab2a1-a6ce-4ad1-b057-6537bfc49cc8')"; SQL
> statement:
> delete from m_object where id=? and oid=? [23503-171]
> at
> org.h2.message.DbException.getJdbcSQLException(DbException.java:329)
> at
> org.h2.message.DbException.get(DbException.java:169)
> at
> org.h2.message.DbException.get(DbException.java:146)
> at
> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:414)
> at
> org.h2.constraint.ConstraintReferential.checkRowRefTable(ConstraintReferential.java:431)
> at
> org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:307)
> at org.h2.table.Table.fireConstraints(Table.java:873)
> at org.h2.table.Table.fireAfterRow(Table.java:890)
> at org.h2.command.dml.Delete.update(Delete.java:99)
> at
> org.h2.command.CommandContainer.update(CommandContainer.java:75)
> at
> org.h2.command.Command.executeUpdate(Command.java:230)
> at
> org.h2.server.TcpServerThread.process(TcpServerThread.java:334)
> at
> org.h2.server.TcpServerThread.run(TcpServerThread.java:150)
> at java.lang.Thread.run(Thread.java:724)
>
> at
> org.h2.engine.SessionRemote.done(SessionRemote.java:568)
> at
> org.h2.command.CommandRemote.executeUpdate(CommandRemote.java:181)
> at
> org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:156)
> at
> org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:142)
> at
> com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
> at
> sun.reflect.GeneratedMethodAccessor407.invoke(Unknown
> Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)
> ... 121 more
>
> |
>
> ------------------------------------------------------------------------
> *De :* midpoint-bounces at lists.evolveum.com
> [midpoint-bounces at lists.evolveum.com] de la part de Radovan Semancik
> [radovan.semancik at evolveum.com]
> *Date d'envoi :* 30 septembre 2013 11:15
> *À :* midpoint at lists.evolveum.com
> *Objet :* Re: [midPoint] RE : RE : RE : RE : RE : Namespace problem
>
> On 09/30/2013 04:10 PM, Belleville-Rioux, Vincent wrote:
>> We have about 10k new students each semester and also have about the
>> same number of students that get "offboarded" from some services due
>> to various reasons.
>>
>> What we're trying to evaluate is how we could automate such state
>> changes so we can do something like :
>>
>> - 1 month before the start of the semester, all students registered
>> to at least one class will get their account created / activated. A
>> notification message will be sent.
>>
>> - 12 months after the end of the last semester where the student had
>> at least one class, the account will be deactivated and a
>> notification message will be sent.
>
> This is quite common scenario both in enterprise and academia. And
> this was actually a reason to create time-based mappings. Therefore it
> should work even in v2.2 but the limitation is that is should be
> applied to the entire account and not just a single role. The basic
> idea is like this:
>
> MidPoint user will be created in midPoint as soon as we know about
> such record. E.g. it can be synchronized from HR (or any equivalent
> academic source system). The key idea is that user's validFrom date
> will be set to onboarding date (or hire date or sunrise date or
> whateverYouCallIt ;-). The activation administrativeStatus of the user
> should be empty (null). This will cause that midPoint will compute
> effective user activation status based on validFrom, validTo and
> current date.
>
> Assign any roles to the user, e.g. using an object template. The roles
> should represent a state of the user as it should look like during
> semester. You do not need to specify any conditions in the object
> template mappings nor any conditions in the role outbound mappings.
> The roles can be assigned anytime, even before semester.
>
> Define a time-based activation mapping for the resources that you want
> to "pre-provision" or for whose you want to delay de-provisioning. An
> example is here:
> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
> (see "Mapping Time Constraints" section).
>
> And that's it. Before the semester the user has all the roles, but as
> the time is before user's validFrom the activation mapping in the
> resource definitions will not be used and the accounts will not be
> created. When the semester starts the time passes through validFrom.
> MidPoint detects that (automatically) and the mapping will be
> evaluated differently. The accounts will get created. And similar
> mechanism also applies to delayed deprovisioning. The examples are
> actually slightly more complex than your requirement as they are set
> up to create a disabled account 5 days before onboarding and then
> enable it right on the onboarding date.
>
> The current limitation is that this applies to all accounts on the
> resource. If you want to apply it only to some accounts you have to
> play with the mapping conditions. This may be tricky but it should
> work. However, this is not the ideal way how to create maintainable
> system. Therefore we plan couple of improvements:
> 1: support account types (this is called "intent" in midPoint
> terminology), e.g. account type "user", "student", "admin", "tester",
> .... you can specify different mappings for each type. Most of the
> work on this feature is already done. But nobody stated that this is
> important enough to give us enough motivation to finally complete and
> test it. :-)
> 2: support similar time-based mappings in assignment/inducement
> conditions. In such a case you can specify this behaviour per role.
> This is slightly more difficult to finish, but still possible.
>
>> The startDate and endDate are properties we can read from an SQL
>> table (but I'm simulating that with a CSV file for now). I guess
>> we'll have to reconcile at least once a day because that table will
>> have updates to those dates as students use our online tools to
>> register / unregister themselves to classes.
>
> If it is really a DB table and it has a timestamp column you may rely
> on livesync instead. It is more efficient and much faster. Use
> reconciliation just as a "last instance" in case that livesync missed
> something (e.g. due to bug in mapping script, because the system was
> down for a long time, etc.)
> MidPoint is designed to use livesync as a primary mechanism as often
> as possible and use reconciliation only as a "safety net".
>
> Anyway, unlike some other IDM systems midPoint configuration is almost
> entirely the same whether you use livesync or reconciliation.
> Therefore it is easy to experiment with it and fine-tune the setup
> that works for you.
>
>> We should also have the ability to override those values with other
>> dates like "bannedOn" or "temporaryExtension" :
>>
>> The bannedOn date would make any student which has that date as a
>> non-null value be kept inactive for 7 years from that date.
>>
>> The temporaryExtension date would make any student account active for
>> 12 months from that date, regardless of the endDate imported from SQL.
>
> Interesting requirement. Really. I quite like it :-) And I guess you
> can implement this behaviour by using the correct conditions in
> activation mappings. I quite wonder how "clean" or maintainable the
> result will be though. Anyway, it is worth trying. And if you find
> that you cannot do it or that it is unreadable and confusing then let
> me know. Maybe we could think about some way how to improve our
> mapping code to make it better. Maintainability of the system is very
> important for me.
>
> It is also import for you to realize whether these rules apply to
> users (students as physical persons), to accounts, or to assignments
> (relation of user to an account). As far as I know it is usual that a
> person may be a student on faculty X and work on faculty Y while the
> onboarding dates may be different. Then is would be best to store the
> dates in assignments. If this is the case then midPoint is designed to
> handle situation like this quite well. The system of "assignments" is
> designed primarily for this purpose. While most of the functionality
> for assignments is already there some pieces of code may still be
> missing (e.g. the assignment activation mappings). Therefore it may be
> best for you to start with a partial solution such as storing the
> dates in users. This can work well for a first phase of your project.
> And you can work with us to plan the required features in the roadmap
> so you can have it ready for subsequent phases. IDM projects are not
> deployed overnight therefore I believe that we can agree on a
> reasonable delivery dates that can work for you.
>
>> So, as you can see, dates are really useful for our use cases. I
>> understand that this was added rather quickly to 2.2. Would you
>> suggest we upgrade our test environment to the latest snapshots and
>> try and follow the development from there on?
>
> Not yet :-) .. if you decide to use time-based activation mappings
> then it should work well in 2.2. If you find some bug in this part we
> will fix it in 2.2.1 as this is important feature. If you decide that
> you need more than activation mappings then there is no point to
> switching to the development branch yet. The code is not yet there. In
> such a case please let us know and we will figure out when we can
> deliver that. But I quite believe that activation mappings are almost
> entirely what you need now. And once you have your first version
> working we can talk about how to improve it in the future.
>
> --
>
> Radovan Semancik
> Software Architect
> evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Viliam Repán(
Evolveum, s.r.o.
tel: +421 910 797978
mail: vilo.repan at evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20131001/396a12a8/attachment.htm>
More information about the midPoint
mailing list