[midPoint] programmatically "reconcile a user"
Pavol Mederly
mederly at evolveum.com
Thu Feb 12 12:06:52 CET 2015
You can easily get all users that have *directly* assigned a role - it
is a search on UserType using the following criteria:
<ref>
<path>assignment/targetRef</path>
<value>
<oid>00000000-0000-0000-0000-000000000004</oid>
<type>RoleType</type>
</value>
</ref>
(replace 00000000-0000-0000-0000-000000000004 with the OID of your role)
However, this does not find users that have such a role assigned
indirectly (e.g. as inducement in another role). This is not currently
supported.
Best regards,
Pavol
> HI
>
> Thanks for the information, this works.
>
> One more thing Our requirement is to reconcile users associated to
> some specific role, So is there a way to get the users associated to a
> role without iterating all the users.
>
>
> Thanks!
>
> On Thu, Feb 12, 2015 at 3:27 PM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Hello Manish,
>
> I've just pushed a sample code that demonstrates this.
>
> Here is the java code - actually, it's an empty modification with
> RECONCILE option set (see red lines):
>
> private static void reconcileUser(ModelPortType modelPort, String
> oid) throws FaultMessage {
>
> ObjectDeltaType userDelta = new ObjectDeltaType();
>
> userDelta.setOid(oid);
>
> userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));
>
> userDelta.setChangeType(ChangeTypeType.MODIFY);
>
> ObjectDeltaListType deltaList = new ObjectDeltaListType();
>
> deltaList.getDelta().add(userDelta);
>
> ModelExecuteOptionsType optionsType = new ModelExecuteOptionsType();
>
> optionsType.setReconcile(true);
>
> modelPort.executeChanges(deltaList, optionsType);
>
> }
>
>
> This is how it looks like in XML:
>
> <soap:Body>
> <ns8:executeChanges
>
> xmlns:ns2="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
>
> xmlns:ns3="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>
> xmlns:ns8="http://midpoint.evolveum.com/xml/ns/public/model/model-3"
> <http://midpoint.evolveum.com/xml/ns/public/model/model-3>
> xmlns:ns9="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>>
>
> <ns8:deltaList>
> <ns9:delta>
> <ns2:changeType>modify</ns2:changeType>
> <ns2:objectType>ns3:UserType</ns2:objectType>
> <ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid>
> </ns9:delta>
> </ns8:deltaList>
> <ns8:options>
> <ns3:reconcile>true</ns3:reconcile>
> </ns8:options>
> </ns8:executeChanges>
> </soap:Body>
>
> Hope this helps.
> Pavol
>
>
> On 10. 2. 2015 22:40, Manish Baid wrote:
>> Hi,
>> Using webservice client, can you please share some pointers on
>> how to: programmatically "reconcile a user"?
>>
>> Basically, we are trying to re-enforce role-inducement updates to
>> "affected" users.
>>
>>
>> Thanks
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/ac654933/attachment.htm>
More information about the midPoint
mailing list