[midPoint] Help with condition in Synchonization

Jason Everling jeverling at bshp.edu
Sat Dec 6 00:13:34 CET 2014


omg... I feel so dumb, I swear I looked at that a million times! I had a
typo for familyNam , I was missing the 'e' ...I swear I checked that!!

It is all working now, Users from DBTable are created and synced,

JASON

On Fri, Dec 5, 2014 at 4:59 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

>  Jason,
>
> how does the mapping for icfs:name in Active Directory resource look like?
>
> I.
>
>
>
> On 12/05/2014 11:40 PM, Jason Everling wrote:
>
> Yes, I changed to instance-3 and it is working, I have another error
> though now, seems that when it get created in Midpoint and the roles are
> assigned it gets stuck and errors on the AD Provisioning with
>
>  Caused by: com.evolveum.midpoint.util.exception.SystemException:
> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
> groovy.lang.MissingPropertyException: No such property: familyName for
> class: Script75 expression in mapping in outbound mapping for
> {.../connector/icf-1/resource-schema-3}name in
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)(organization=PPV(PolyString:OU=SHP
> Students,DC=TEST,DC=LOCAL); familyNam=null; givenName=PPV(PolyString:John);
> ) in expression in mapping in outbound mapping for
> {.../connector/icf-1/resource-schema-3}name in
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef(Active Directory: Office
> 365, Google Apps, Moodle)
>
>  Why familyName error? If I look at the created user in Midpoint the user
> account has a correct lastname and all the other attributes look fine.
>
>  JASON
>
> On Fri, Dec 5, 2014 at 4:34 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Yeah, the namespace...
>>
>> It needs to be the namespace of the resource attributes. That's the same
>> as in schema handling (by default named "ri").
>>
>> basic.getAttributeValue(shadow, '
>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3',
>> 'level_')
>>
>> But according to the production object I'm just looking at, it should
>> even work:
>>
>> *basic.getAttributeValue(shadow, 'level_')*
>>
>> This defaults to "ri" namespace.
>>
>> For example in one of our deployments, in one of our sync configurations,
>> we have condition with:
>>
>> <code>
>> sam = basic.getAttributeValue(shadow, 'samAccountName')
>> . . .
>> (and then we process "sam" variable...)
>> </code>
>>
>> Sorry, I didn't check the namespace in the original mail.
>>
>> Regards,
>> Ivan
>>
>>
>> On 12/05/2014 10:46 PM, Jason Everling wrote:
>>
>> It is still the same, I even tried other ways pulling ideas from github,
>>
>>  I tried adding the single quotes, midpoint sees the shadow user under
>> shadow details but does not create the accounts. If I remove the condition
>> then the accounts get created. Somehow it is not liking the condition,
>>
>>   <code>
>>  tmp = basic.getAttributeValue(shadow, '
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_');
>>  return (tmp == '2' || tmp == '3' || tmp == '4' || tmp == '5' || tmp ==
>> 'A' || tmp == 'B' || tmp == 'C' || tmp == 'H')
>>  </code>
>>
>>  Is the shadow part and namespace correct? this is a DBTable Resource
>> and the column name is level_ and it is a single value. Does this attribute
>> need to have a mapping? I am currently not mapping the value in midpoint,
>>  really wouldn't know what to map it to.
>>
>>  basic.getAttributeValue(shadow, '
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_')
>>
>>  Here is the full sync object
>>
>>    <synchronization> <objectSynchronization> <enabled>true</enabled>
>> <condition> <script> <code> tmp = basic.getAttributeValue(shadow, '
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>> 'level_'); return (tmp == '2' || tmp == '3' || tmp == '4' || tmp == '5' ||
>> tmp == 'A' || tmp == 'B' || tmp == 'C' || tmp == 'H') </code> </script>
>> </condition> <correlation> <q:equal> <q:path>c:employeeNumber</q:path>
>> <expression> <path> declare namespace icfs="
>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
>> $account/attributes/icfs:name </path> </expression> </q:equal>
>> </correlation> <reaction> <situation>linked</situation> <action ref="
>> http://midpoint.evolveum.com/xml/ns/public/model/action-3#modifyUser"/>
>> </reaction> <reaction> <situation>deleted</situation> <action ref="
>> http://midpoint.evolveum.com/xml/ns/public/model/action-3#inactivateFocus"/>
>> </reaction> <reaction> <situation>unlinked</situation> <action ref="
>> http://midpoint.evolveum.com/xml/ns/public/model/action-3#linkAccount"/>
>> </reaction> <reaction> <situation>unmatched</situation> <objectTemplateRef
>> oid="10000000-0000-0000-0000-000000000203"/> <action ref="
>> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser"/>
>> </reaction> </objectSynchronization> </synchronization>
>>
>>
>>
>>
>>
>> On Fri, Dec 5, 2014 at 3:20 PM, Ivan Noris <ivan.noris at evolveum.com>
>> wrote:
>>
>>>  So if it's string, try to use single quotes.
>>>
>>> ... tmp == '2' || ...
>>>
>>>
>>> On 12/05/2014 07:02 PM, Jason Everling wrote:
>>>
>>> It was because the A, B, C, H didnt exist in the database, when I
>>> removed those levels it doesn't error but it also does not create accounts
>>> for the ones that have a matching level like 2 or 3
>>>
>>>  JASON
>>>
>>> On Fri, Dec 5, 2014 at 11:46 AM, Jason Everling <jeverling at bshp.edu>
>>> wrote:
>>>
>>>> I was trying something like that but didnt get anywhere,
>>>>
>>>>  I have,
>>>>
>>>>   <condition>
>>>>  <script>
>>>>  <code>
>>>>  tmp = basic.getAttributeValue(shadow, '
>>>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>>> 'level_');
>>>>  return (tmp == 2 || tmp == 3 || tmp == 4 || tmp == 5 || tmp == A ||
>>>> tmp == B || tmp == C || tmp == H)
>>>>  </code>
>>>>  </script>
>>>>  </condition>
>>>>
>>>>  And get error,
>>>>
>>>>  ERROR (com.evolveum.midpoint.model.common.expression.Expression):
>>>> Error evaluating expression in condition in object synchronization null:
>>>> groovy.lang.MissingPropertyException: No such property: A for class:
>>>> Script42 (new) condition in object synchronization null
>>>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>>>> groovy.lang.MissingPropertyException: No such property: A for class:
>>>> Script42 (new) condition in object synchronization null
>>>>
>>>> On Fri, Dec 5, 2014 at 11:19 AM, Ivan Noris <ivan.noris at evolveum.com>
>>>> wrote:
>>>>
>>>>>  Hi Jason,
>>>>>
>>>>> I would do this:
>>>>>
>>>>> . . .
>>>>> <code>
>>>>> tmp = basic.getAttributeValue(shadow, '
>>>>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>>>> 'level_');
>>>>>
>>>>> return (tmp == 2 || tmp == 3 || tmp == 4 | ...)
>>>>> </code>
>>>>> . . .
>>>>>
>>>>> Regards,
>>>>> I.
>>>>>
>>>>>
>>>>> On 12/05/2014 04:12 PM, Jason Everling wrote:
>>>>>
>>>>>  I was trying to add a condition to the synchronization element,
>>>>>
>>>>>  Here is what I got, there is a column in the table level_ , I only
>>>>> want to sync users that have those specific values
>>>>>
>>>>>   <condition>
>>>>>  <script>
>>>>>  <code>
>>>>>  basic.getAttributeValue(shadow, '
>>>>> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3',
>>>>> 'level_') = (2 || 3 || 4 || 5 || A || B || C || H)
>>>>>  </code>
>>>>>  </script>
>>>>>  </condition>
>>>>>
>>>>>  When it runs I get the following
>>>>>
>>>>>  1 error
>>>>>  (new) condition in object synchronization null
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.createCompiledScript(Jsr223ScriptEvaluator.java:176)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:117)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.script.ScriptExpression.evaluate(ScriptExpression.java:110)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.script.ScriptExpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:58)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateScriptExpression(AbstractValueTransformationExpressionEvaluator.java:276)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluateAbsoluteExpression(AbstractValueTransformationExpressionEvaluator.java:206)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.evaluator.AbstractValueTransformationExpressionEvaluator.evaluate(AbstractValueTransformationExpressionEvaluator.java:107)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.Expression.evaluate(Expression.java:136)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.ExpressionUtil.evaluateExpression(ExpressionUtil.java:500)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.common.expression.ExpressionUtil.evaluateCondition(ExpressionUtil.java:523)~[model-common-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.isPolicyApplicable(SynchronizationService.java:383)~[model-impl-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.determineSynchronizationPolicy(SynchronizationService.java:343)~[model-impl-3.0.1.jar:na]
>>>>>  at
>>>>> com.evolveum.midpoint.model.impl.sync.SynchronizationService.notifyChange_aroundBody0(SynchronizationService.java:205)~[model-impl-3.0.1.jar:na]
>>>>>  ... 54 common frames omitted
>>>>> Caused by: javax.script.ScriptException:
>>>>> org.codehaus.groovy.control.MultipleCompilationErrorsException: startup
>>>>> failed:
>>>>> Script37.groovy: 2:
>>>>> "basic.getAttributeValue(shadow,
>>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3,
>>>>> level_)" is a method call expression, but it should be a variable
>>>>> expression at line: 2 column: 116. File: Script37.groovy @ line 2, column
>>>>> 116.
>>>>>    source/instance-3', 'level_') = (2 || 3
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>> --
>>>>>   Ing. Ivan Noris
>>>>>   Senior Identity Management Engineer
>>>>>   evolveum.com     evolveum.com/blog/
>>>>>   _____________________________________________
>>>>>   "Semper Id(e)M Vix."
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer
>>>   evolveum.com     evolveum.com/blog/
>>>   _____________________________________________
>>>   "Semper Id(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com     evolveum.com/blog/
>>   _____________________________________________
>>   "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer
>   evolveum.com     evolveum.com/blog/
>   _____________________________________________
>   "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141205/04627985/attachment.htm>


More information about the midPoint mailing list