[midPoint] Fw: URGENT ... Role inducements lost on role updates

Dharmendra Parakh dharmendra at confluxsys.com
Thu Feb 12 09:01:07 CET 2015 

HI Pavol

Quick Background:
My role had two inducements:
id=1: Role
id=2 Resource
I wanted to replace the resource inducement.

As per my understanding i was trying to replace the inducement with id=2.
and that does not means to delete the other inducement (like id=1).

If the replace does not work how can i individually add/delete
attributes/values ?

Thanks
Dharmendra


On Thu, Feb 12, 2015 at 1:22 PM, Pavol Mederly <mederly at evolveum.com> wrote:

>  Hello Dharmendra,
>
> looking at your WS request: it is of REPLACE type, see:
>
> <objectDelta ... >
> ...
>    <t:itemDelta>
>       <t:modificationType>*replace*</t:modificationType>
>          <t:path>c:*inducement*</t:path>
>          <t:value id="2">
>              ...
>          </t:value>
>    </t:itemDelta>
> ...
>
> So, basically you tell midPoint that you want to REPLACE the values of
> *inducement* item with the ones you have provided.
> And you've provided one value with id=2 and content of account
> construction on resource d0811790-1d80-11e4-86b2-3c970e467874.
> So after the operation, the original inducement with id=1 should be gone.
>
> Is this what you wanted to do? Perhaps no.
>
> If you want to replace only one value in multi-valued item, you have to
> 1) delete old value
> 2) add new value
>
> And, I'm not quite sure about your first mail (Manish Baid, received
> 01:14). Aren't the contents of files "original.xml" and
> "after_addRoleInducement.xml" swapped? Because original.xml corresponds to
> the state with only one inducement, while the file
> "after_addRoleInducement.xml" contains two inducements. Just opposite as I
> would expect, given the messages you wrote.
>
> Best regards,
> Pavol
>
>
>
> On 12. 2. 2015 8:39, Dharmendra Parakh wrote:
>
> Hi Ivan
>
> Thanks for your reply. jira you have pointed is might be related to UI
> only and what i observed is if i use model web service to modify one
> inducement it is deleting other inducements.
>
>  We are using the master branch so latest midpoint version.
>
>  Regards
> Dharmendra
>
> On Thu, Feb 12, 2015 at 1:01 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>>  Hi,
>>
>> I believe this is the issue: https://jira.evolveum.com/browse/MID-2113
>> and it should be fixed, but please see the comment in JIRA.
>>
>> Also, what version of midPoint are you using?
>>
>> Thanks,
>> regards
>> Ivan
>>
>>
>> On 02/12/2015 08:08 AM, Dharmendra Parakh wrote:
>>
>>  Hi Radovan
>>
>>  Additional Information:
>>
>>  We have a requirement to update the role inducement from web service
>> client, where we have to add/delete some resource attributes.
>>
>>  In our scenario we have a role with multiple inducements (let say one
>> role and one resource inducement). Now i want to add some additional
>> attribute-values in resource inducement. To do this we calculate the
>> correct inducement (AssignmentType) object with all current attributes and
>> try to replace this inducement.
>> Earlier this was working for us but now when we do this other inducement
>> information is lost (induced role is no longer available in role).
>>
>>  I am attaching the request xml with the mail...
>>
>>
>>
>>
>>  Regards
>> Dharmendra
>>
>>
>> On Thu, Feb 12, 2015 at 12:03 PM, Manish Baid <baid_manish at yahoo.com>
>> wrote:
>>
>>>  Hi Radovan,
>>> We are showing a demo to our clients, looks like with recent 3.1
>>> release, inducement update is behaving differently.
>>>
>>>  If you can work with Dharmendra to work through this (he is in India
>>> timezone, will be available in your mornings), it would be of great help.
>>>
>>>
>>>
>>>  Thanks
>>>
>>>   ----- Forwarded Message -----
>>>  *From:* Manish Baid <baid_manish at yahoo.com>
>>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Cc:* Dharmendra Parakh <dharmendra at confluxsys.com>; Indrajit Chauhan <
>>> indrajit at confluxsys.com>
>>> *Sent:* Wednesday, February 11, 2015 4:14 PM
>>> *Subject:* URGENT ... Role inducements lost on role updates
>>>
>>>   Hi,
>>> With 3.1 release code (and also after MID-2194), when inducement/s
>>> is/are updated in a role, other related indcuments are removed.
>>>
>>>  Here is an example:
>>>
>>>  * Role had an indcument: "LDAP Account" with 3 group memberships
>>> * Role is modified to add a role inducement (role hierarchy)
>>>
>>>  Observation: 3 group memberships that were part of "Ldap Account"
>>> inducments are removed.
>>>
>>>  Please see object XMLs of before and after.
>>>
>>>  Thanks
>>>
>>>
>>>
>>>
>>
>>
>>  _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer
>>   evolveum.com     evolveum.com/blog/
>>   _____________________________________________
>>   "Semper Id(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/97ff3b1f/attachment.htm>

More information about the midPoint mailing list