[midPoint] Help with condition in Synchonization
Ivan Noris
ivan.noris at evolveum.com
Fri Dec 5 23:59:28 CET 2014
Jason,
how does the mapping for icfs:name in Active Directory resource look like?
I.
On 12/05/2014 11:40 PM, Jason Everling wrote:
> Yes, I changed to instance-3 and it is working, I have another error
> though now, seems that when it get created in Midpoint and the roles
> are assigned it gets stuck and errors on the AD Provisioning with
>
> Caused by: com.evolveum.midpoint.util.exception.SystemException:
> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
> groovy.lang.MissingPropertyException: No such property: familyName for
> class: Script75 expression in mapping in outbound mapping for
> {.../connector/icf-1/resource-schema-3}name in
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)(organization=PPV(PolyString:OU=SHP
> Students,DC=TEST,DC=LOCAL); familyNam=null;
> givenName=PPV(PolyString:John); ) in expression in mapping in outbound
> mapping for {.../connector/icf-1/resource-schema-3}name in
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)
>
> Why familyName error? If I look at the created user in Midpoint the
> user account has a correct lastname and all the other attributes look
> fine.
>
> JASON
>
> On Fri, Dec 5, 2014 at 4:34 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> Yeah, the namespace...
>
> It needs to be the namespace of the resource attributes. That's
> the same as in schema handling (by default named "ri").
>
> basic.getAttributeValue(shadow,
> 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3',
> 'level_')
>
> But according to the production object I'm just looking at, it
> should even work:
>
> *basic.getAttributeValue(shadow, 'level_')*
>
> This defaults to "ri" namespace.
>
> For example in one of our deployments, in one of our sync
> configurations, we have condition with:
>
> <code>
> sam = basic.getAttributeValue(shadow, 'samAccountName')
> . . .
> (and then we process "sam" variable...)
> </code>
>
> Sorry, I didn't check the namespace in the original mail.
>
> Regards,
> Ivan
>
>
> On 12/05/2014 10:46 PM, Jason Everling wrote:
>> It is still the same, I even tried other ways pulling ideas from
>> github,
>>
>> I tried adding the single quotes, midpoint sees the shadow user
>> under shadow details but does not create the accounts. If I
>> remove the condition then the accounts get created. Somehow it is
>> not liking the condition,
>>
>> <code>
>> tmp = basic.getAttributeValue(shadow,
>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_');
>> return (tmp == '2' || tmp == '3' || tmp == '4' || tmp == '5' ||
>> tmp == 'A' || tmp == 'B' || tmp == 'C' || tmp == 'H')
>> </code>
>>
>> Is the shadow part and namespace correct? this is a DBTable
>> Resource and the column name is level_ and it is a single value.
>> Does this attribute need to have a mapping? I am currently not
>> mapping the value in midpoint, really wouldn't know what to map
>> it to.
>>
>> basic.getAttributeValue(shadow,
>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_')
>>
>> Here is the full sync object
>>
>> <synchronization> <objectSynchronization>
>> <enabled>true</enabled> <condition> <script> <code> tmp =
>> basic.getAttributeValue(shadow,
>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_'); return (tmp == '2' || tmp == '3' || tmp == '4' || tmp
>> == '5' || tmp == 'A' || tmp == 'B' || tmp == 'C' || tmp == 'H')
>> </code> </script> </condition> <correlation> <q:equal>
>> <q:path>c:employeeNumber</q:path> <expression> <path> declare
>> namespace
>> icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
>> $account/attributes/icfs:name </path> </expression> </q:equal>
>> </correlation> <reaction> <situation>linked</situation> <action
>> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#modifyUser"/>
>> </reaction> <reaction> <situation>deleted</situation> <action
>> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#inactivateFocus"/>
>> </reaction> <reaction> <situation>unlinked</situation> <action
>> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount"/>
>> </reaction> <reaction> <situation>unmatched</situation>
>> <objectTemplateRef oid="10000000-0000-0000-0000-000000000203"/>
>> <action
>> ref="http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser"/>
>> </reaction> </objectSynchronization> </synchronization>
>>
>>
>>
>>
>>
>> On Fri, Dec 5, 2014 at 3:20 PM, Ivan Noris
>> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>>
>> So if it's string, try to use single quotes.
>>
>> ... tmp == '2' || ...
>>
>>
>> On 12/05/2014 07:02 PM, Jason Everling wrote:
>>> It was because the A, B, C, H didnt exist in the database,
>>> when I removed those levels it doesn't error but it also
>>> does not create accounts for the ones that have a matching
>>> level like 2 or 3
>>>
>>> JASON
>>>
>>> On Fri, Dec 5, 2014 at 11:46 AM, Jason Everling
>>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>>
>>> I was trying something like that but didnt get anywhere,
>>>
>>> I have,
>>>
>>> <condition>
>>> <script>
>>> <code>
>>> tmp = basic.getAttributeValue(shadow,
>>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>> 'level_');
>>> return (tmp == 2 || tmp == 3 || tmp == 4 || tmp == 5 ||
>>> tmp == A || tmp == B || tmp == C || tmp == H)
>>> </code>
>>> </script>
>>> </condition>
>>>
>>> And get error,
>>>
>>> ERROR
>>> (com.evolveum.midpoint.model.common.expression.Expression):
>>> Error evaluating expression in condition in object
>>> synchronization null:
>>> groovy.lang.MissingPropertyException: No such property:
>>> A for class: Script42 (new) condition in object
>>> synchronization null
>>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>>> groovy.lang.MissingPropertyException: No such property:
>>> A for class: Script42 (new) condition in object
>>> synchronization null
>>>
>>> On Fri, Dec 5, 2014 at 11:19 AM, Ivan Noris
>>> <ivan.noris at evolveum.com
>>> <mailto:ivan.noris at evolveum.com>> wrote:
>>>
>>> Hi Jason,
>>>
>>> I would do this:
>>>
>>> . . .
>>> <code>
>>> tmp = basic.getAttributeValue(shadow,
>>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>> 'level_');
>>>
>>> return (tmp == 2 || tmp == 3 || tmp == 4 | ...)
>>> </code>
>>> . . .
>>>
>>> Regards,
>>> I.
>>>
>>>
>>> On 12/05/2014 04:12 PM, Jason Everling wrote:
>>>> I was trying to add a condition to the
>>>> synchronization element,
>>>>
>>>> Here is what I got, there is a column in the table
>>>> level_ , I only want to sync users that have those
>>>> specific values
>>>>
>>>> <condition>
>>>> <script>
>>>> <code>
>>>> basic.getAttributeValue(shadow,
>>>> 'http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>>> 'level_') = (2 || 3 || 4 || 5 || A || B || C || H)
>>>> </code>
>>>> </script>
>>>> </condition>
>>>>
>>>> When it runs I get the following
>>>>
>>>> 1 error
>>>> (new) condition in object synchronization null
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.createCompiledScript(Jsr223ScriptEvaluator.java:176)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:117)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.script.ScriptExpression.evaluate(ScriptExpression.java:110)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:58)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateScriptExpression(AbstractValueTransformationExpressionEvaluator.java:276)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateAbsoluteExpression(AbstractValueTransformationExpressionEvaluator.java:206)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluate(AbstractValueTransformationExpressionEvaluator.java:107)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.Expression.evaluate(Expression.java:136)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.ExpressionUtil.evaluateExpression(ExpressionUtil.java:500)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.common.expression.ExpressionUtil.evaluateCondition(ExpressionUtil.java:523)~[model-common-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.isPolicyApplicable(SynchronizationService.java:383)~[model-impl-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.determineSynchronizationPolicy(SynchronizationService.java:343)~[model-impl-3.0.1.jar:na]
>>>> at
>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.notifyChange_aroundBody0(SynchronizationService.java:205)~[model-impl-3.0.1.jar:na]
>>>> ... 54 common frames omitted
>>>> Caused by: javax.script.ScriptException:
>>>> org.codehaus.groovy.control.MultipleCompilationErrorsException:
>>>> startup failed:
>>>> Script37.groovy: 2:
>>>> "basic.getAttributeValue(shadow,
>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3,
>>>> level_)" is a method call expression, but it should
>>>> be a variable expression at line: 2 column: 116.
>>>> File: Script37.groovy @ line 2, column 116.
>>>> source/instance-3', 'level_') = (2 || 3
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is
>>>> proprietary and confidential; intended for only the
>>>> recipient(s) named above and may contain
>>>> information that is privileged. You should not
>>>> retain, copy or use this e-mail or any attachments
>>>> for any purpose, or disclose all or any part of the
>>>> contents to any person. Any views or opinions
>>>> expressed in this e-mail are those of the author
>>>> and do not represent those of the Baptist School of
>>>> Health Professions. If you have received this
>>>> e-mail in error, or are not the named recipient(s),
>>>> you are hereby notified that any review,
>>>> dissemination, distribution or copying of this
>>>> communication is prohibited by the sender and to do
>>>> so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section
>>>> 2510-2521. Please immediately notify the sender and
>>>> delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> --
>>> Ing. Ivan Noris
>>> Senior Identity Management Engineer
>>> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
>>> _____________________________________________
>>> "Semper Id(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above
>>> and may contain information that is privileged. You should
>>> not retain, copy or use this e-mail or any attachments for
>>> any purpose, or disclose all or any part of the contents to
>>> any person. Any views or opinions expressed in this e-mail
>>> are those of the author and do not represent those of the
>>> Baptist School of Health Professions. If you have received
>>> this e-mail in error, or are not the named recipient(s), you
>>> are hereby notified that any review, dissemination,
>>> distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of
>>> the Electronic Communications Privacy Act, 18 U.S.C. section
>>> 2510-2521. Please immediately notify the sender and delete
>>> this e-mail and any attachments from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ing. Ivan Noris
>> Senior Identity Management Engineer
>> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
>> _____________________________________________
>> "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> _____________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com evolveum.com/blog/
_____________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141205/4a2cf7c2/attachment.htm>
More information about the midPoint
mailing list