[midPoint] programmatically "reconcile a user"

Dharmendra Parakh dharmendra at confluxsys.com
Thu Feb 12 14:01:36 CET 2015 

HI

I tried it but didn't work for me, I am using following code:

private static List<UserType> searchRoleMembers(ModelPortType modelPort,
String roleOid) throws SAXException, IOException, FaultMessage,
JAXBException {
// WARNING: in a real case make sure that the username is properly
// escaped before putting it in XML
SearchFilterType filter = ModelClientUtil
.parseSearchFilterType("<equal xmlns='
http://prism.evolveum.com/xml/ns/public/query-3' xmlns:c='
http://midpoint.evolveum.com/xml/ns/public/common/common-3' >"
+ "<path>assignment/targetRef</path>" + "<value><oid>" + roleOid + "</oid>
<type>RoleType</type> </value>" + "</equal>");
QueryType query = new QueryType();
query.setFilter(filter);
SelectorQualifiedGetOptionsType options = new
SelectorQualifiedGetOptionsType();
Holder<ObjectListType> objectListHolder = new Holder<ObjectListType>();
Holder<OperationResultType> resultHolder = new
Holder<OperationResultType>();

modelPort.searchObjects(ModelClientUtil.getTypeQName(UserType.class),
query, options, objectListHolder, resultHolder);

ObjectListType objectList = objectListHolder.value;
List<ObjectType> objects = objectList.getObject();
if (objects.isEmpty()) {
return null;
}
List<UserType> result = new ArrayList<>(objects.size());
for(ObjectType object: objects ){
result.add((UserType) object);
}
return result;
}
Am i doing anything wrong?

Thanks!


On Thu, Feb 12, 2015 at 4:36 PM, Pavol Mederly <mederly at evolveum.com> wrote:

>  You can easily get all users that have *directly* assigned a role - it
> is a search on UserType using the following criteria:
>
> <ref>
>     <path>assignment/targetRef</path>
>     <value>
>         <oid>00000000-0000-0000-0000-000000000004</oid>
>         <type>RoleType</type>
>     </value>
> </ref>
>
> (replace 00000000-0000-0000-0000-000000000004 with the OID of your role)
>
> However, this does not find users that have such a role assigned
> indirectly (e.g. as inducement in another role). This is not currently
> supported.
>
> Best regards,
> Pavol
>
>  HI
>
>  Thanks for the information, this works.
>
>  One more thing Our requirement is to reconcile users associated to some
> specific role, So is there a way to get the users associated to a role
> without iterating all the users.
>
>
>  Thanks!
>
> On Thu, Feb 12, 2015 at 3:27 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>>  Hello Manish,
>>
>> I've just pushed a sample code that demonstrates this.
>>
>> Here is the java code - actually, it's an empty modification with
>> RECONCILE option set (see red lines):
>>
>>     private static void reconcileUser(ModelPortType modelPort, String
>> oid) throws FaultMessage {
>>
>>
>>         ObjectDeltaType userDelta = new ObjectDeltaType();
>>
>>         userDelta.setOid(oid);
>>
>>
>> userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));
>>
>>         userDelta.setChangeType(ChangeTypeType.MODIFY);
>>
>>
>>
>>         ObjectDeltaListType deltaList = new ObjectDeltaListType();
>>
>>         deltaList.getDelta().add(userDelta);
>>
>>
>>
>>         ModelExecuteOptionsType optionsType = new
>> ModelExecuteOptionsType();
>>
>>         optionsType.setReconcile(true);
>>
>>         modelPort.executeChanges(deltaList, optionsType);
>>
>>     }
>>
>> This is how it looks like in XML:
>>
>> <soap:Body>
>>         <ns8:executeChanges
>>             xmlns:ns2="http://prism.evolveum.com/xml/ns/public/types-3"
>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>             xmlns:ns3=
>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>             xmlns:ns8=
>> "http://midpoint.evolveum.com/xml/ns/public/model/model-3"
>> <http://midpoint.evolveum.com/xml/ns/public/model/model-3>
>>             xmlns:ns9=
>> "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>>
>>
>>             <ns8:deltaList>
>>                 <ns9:delta>
>>                     <ns2:changeType>modify</ns2:changeType>
>>                     <ns2:objectType>ns3:UserType</ns2:objectType>
>>
>> <ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid>
>>                 </ns9:delta>
>>             </ns8:deltaList>
>>             <ns8:options>
>>                 <ns3:reconcile>true</ns3:reconcile>
>>             </ns8:options>
>>         </ns8:executeChanges>
>>     </soap:Body>
>>
>> Hope this helps.
>> Pavol
>>
>>
>> On 10. 2. 2015 22:40, Manish Baid wrote:
>>
>>   Hi,
>> Using webservice client, can you please share some pointers on how to:
>> programmatically "reconcile a user"?
>>
>>  Basically, we are trying to re-enforce role-inducement updates to
>> "affected" users.
>>
>>
>>  Thanks
>>
>>
>>
>>  _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/be1898c4/attachment.htm>

More information about the midPoint mailing list