[midPoint] Org Tree Bug, Users not listed

Ivan Noris ivan.noris at evolveum.com
Tue Dec 2 16:05:44 CET 2014


Hi Jason,

(un)fortunately, it still works even with your mapping.

My scenario:

Object template referenced in unmatched situation:
<objectTemplate
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                oid="10000000-0000-0000-0000-000000000203"
                version="7">
   <name>User Template 3</name>
   <description>
            This object is used when creating a new account from
SonisWeb, only Active Students are pulled from CSV.
    </description>
   <mapping>
      <authoritative>true</authoritative>
      <source>
         <c:path
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">organization</c:path>
      </source>
      <expression>
         <assignmentTargetSearch>
            <targetType
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">c:OrgType</targetType>
            <filter
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3">
               <q:equal>
                  <q:path>name</q:path>
                  <expression>
                     <c:path
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$organization</c:path>
                  </expression>
               </q:equal>
            </filter>
         </assignmentTargetSearch>
      </expression>
      <target>
         <c:path
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">assignment</c:path>
      </target>
   </mapping>
</objectTemplate>

CSV has been extended by a new column "organization", added value of a
name for my existing organization (not root).

Livesync for new user works, user is created in midPoint, assigned
organization, visible in org. structure. ParentOrgRef element is present.

So it really seems to be fixed somewhere between 3.0.1 and the current
master.

Regards,
Ivan


On 12/02/2014 03:25 PM, Jason Everling wrote:
> Can you try to use my mapping, yours looks to be assigning a specific
> organization,
>
> My mapping in objectTemplate is assigning based on the "organization"
> attribute in the user profile
>
>     <mapping>
>         <authoritative>true</authoritative>
>         <source>
>             <path>organization</path>
>         </source>
>         <expression>
>             <assignmentTargetSearch>
>                 <targetType>c:OrgType</targetType>
>                 <filter>
>                     <q:equal>
>                         <q:path>name</q:path>
>                         <expression>
>                             <path>$organization</path>
>                         </expression>
>                     </q:equal>
>                 </filter>
>             </assignmentTargetSearch>
>         </expression>
>         <target>
>             <path>assignment</path>
>         </target>
>     </mapping>
>
> Thanks!
>
> On Tue, Dec 2, 2014 at 1:30 AM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
>     Jason,
>
>     first - thank you for detailed report.
>     I've just tested this, but couldn't reproduce with my midPoint
>     version. This is what I've tried to check with you:
>
>     1. using your Sonis Web resource (CSV), slightly modified: removed
>     schema extension inbounds and object template reference in
>     "unmatched" action - but tried also with it
>     2. create most simple object template with only 1 mapping and set
>     it as global user template:
>        <mapping>
>           <expression>
>              <assignmentTargetSearch>
>                 <targetType
>     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>     <http://midpoint.evolveum.com/xml/ns/public/common/common-3>>c:OrgType</targetType>
>                 <oid>00000000-dc00-dc00-0005-000000000001</oid>
>              </assignmentTargetSearch>
>           </expression>
>           <target>
>              <c:path
>     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>     <http://midpoint.evolveum.com/xml/ns/public/common/common-3>>assignment</c:path>
>           </target>
>        </mapping>
>
>     (the oid is one my root organizations I have in midPoint)
>     3. tried to do LiveSync for two accounts
>     4. both accounts appear in OrgStruct, and of course have parentOrgRef
>     5. then I've switched off the global user template and referenced
>     it directly in "unmatched" situation
>     6. created another account in CSV, livesynced
>     7. the account also works, appears in OrgStruct
>
>     So, unless I'm doing something different, it might as well as be
>     fixed in the devel version I'm running: git-v3.0.1devel-680-g89fbcf7
>
>     If I'm not making some obvious mistake by oversimplifying your
>     scenario, would it be possible to retest this with master? I'd
>     recommend to try it in separate DB repository (H2 is ok) as there
>     is a change in DB schema after 3.0.1 as well as in the connector
>     namespaces (so you would need to change connector references for
>     DB, CSV, LDAP resources for master).
>
>     Thank you.
>     Regards,
>     Ivan
>
>
>     On 12/02/2014 12:36 AM, Jason Everling wrote:
>>     Since I finished up the roles/groups testing I moved onto Orgs, I
>>     got my orgs mapped and working correctly so it is not a
>>     configuration question.
>>
>>     When a user is manually added in the midpoint GUI and the Org
>>     gets assigned manually the users shows up in the GUI in the Org Tree,
>>
>>     If a user is created automatically using a resource such as
>>     DBTable or CSV and the Org is assigned from a objectTemplate they
>>     do not show up in the Org tree under the Org but if I open the
>>     user, sure enough the Org is assigned.
>>
>>     The only thing I notice differently from a manual creation to a
>>     automatic creation is that the manual creation adds the below to
>>     the user object, the users that are automatically created are
>>     missing this item, if I manually add the item to the user then
>>     they show up in the Org Tree,
>>
>>     The below is what is missing from the auto created/assigned users
>>     objects,
>>
>>        <parentOrgRef oid="9c3facf5-fd01-46f5-9c28-8488403826be"
>>     type="OrgType"><!-- OU=SHP Staff,DC=TEST,DC=LOCAL --></parentOrgRef>
>>
>>     JASON
>>
>>
>>
>>     CONFIDENTIALITY NOTICE:
>>     This e-mail together with any attachments is proprietary and
>>     confidential; intended for only the recipient(s) named above and
>>     may contain information that is privileged. You should not
>>     retain, copy or use this e-mail or any attachments for any
>>     purpose, or disclose all or any part of the contents to any
>>     person. Any views or opinions expressed in this e-mail are those
>>     of the author and do not represent those of the Baptist School of
>>     Health Professions. If you have received this e-mail in error, or
>>     are not the named recipient(s), you are hereby notified that any
>>     review, dissemination, distribution or copying of this
>>     communication is prohibited by the sender and to do so might
>>     constitute a violation of the Electronic Communications Privacy
>>     Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>>     sender and delete this e-mail and any attachments from your
>>     computer.
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer
>       evolveum.com <http://evolveum.com>     evolveum.com/blog/ <http://evolveum.com/blog/>
>       _____________________________________________
>       "Semper Id(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141202/7eab45f9/attachment.htm>


More information about the midPoint mailing list