[midPoint] programmatically "reconcile a user"
Pavol Mederly
mederly at evolveum.com
Thu Feb 12 14:04:42 CET 2015
Dharmendra,
it is not supported to test references using <equal> condition. You have
to use <ref> one.
So I suggest to replace "<equal ..." section in .parseSearchFilterType()
call with this one
<ref>
<path>assignment/targetRef</path>
<value>
<oid>*... put roleOid here ... *</oid>
<type>RoleType</type>
</value>
</ref>
It should work. :-) If not, please let me know.
Best regards,
Pavol
> HI
>
> I tried it but didn't work for me, I am using following code:
>
> private static List<UserType> searchRoleMembers(ModelPortType
> modelPort, String roleOid) throws SAXException, IOException,
> FaultMessage, JAXBException {
> // WARNING: in a real case make sure that the username is properly
> // escaped before putting it in XML
> SearchFilterType filter = ModelClientUtil
> .parseSearchFilterType("<equal
> xmlns='http://prism.evolveum.com/xml/ns/public/query-3'
> xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3' >"
> + "<path>assignment/targetRef</path>" + "<value><oid>" + roleOid +
> "</oid> <type>RoleType</type> </value>" + "</equal>");
> QueryType query = new QueryType();
> query.setFilter(filter);
> SelectorQualifiedGetOptionsType options = new
> SelectorQualifiedGetOptionsType();
> Holder<ObjectListType> objectListHolder = new Holder<ObjectListType>();
> Holder<OperationResultType> resultHolder = new
> Holder<OperationResultType>();
>
> modelPort.searchObjects(ModelClientUtil.getTypeQName(UserType.class),
> query, options, objectListHolder, resultHolder);
>
> ObjectListType objectList = objectListHolder.value;
> List<ObjectType> objects = objectList.getObject();
> if (objects.isEmpty()) {
> return null;
> }
> List<UserType> result = new ArrayList<>(objects.size());
> for(ObjectType object: objects ){
> result.add((UserType) object);
> }
> return result;
> }
> Am i doing anything wrong?
>
> Thanks!
>
>
> On Thu, Feb 12, 2015 at 4:36 PM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> You can easily get all users that have *directly* assigned a role
> - it is a search on UserType using the following criteria:
>
> <ref>
> <path>assignment/targetRef</path>
> <value>
> <oid>00000000-0000-0000-0000-000000000004</oid>
> <type>RoleType</type>
> </value>
> </ref>
>
> (replace 00000000-0000-0000-0000-000000000004 with the OID of your
> role)
>
> However, this does not find users that have such a role assigned
> indirectly (e.g. as inducement in another role). This is not
> currently supported.
>
> Best regards,
> Pavol
>
>> HI
>>
>> Thanks for the information, this works.
>>
>> One more thing Our requirement is to reconcile users associated
>> to some specific role, So is there a way to get the users
>> associated to a role without iterating all the users.
>>
>>
>> Thanks!
>>
>> On Thu, Feb 12, 2015 at 3:27 PM, Pavol Mederly
>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>> Hello Manish,
>>
>> I've just pushed a sample code that demonstrates this.
>>
>> Here is the java code - actually, it's an empty modification
>> with RECONCILE option set (see red lines):
>>
>> private static void reconcileUser(ModelPortType modelPort,
>> String oid) throws FaultMessage {
>>
>> ObjectDeltaType userDelta = new ObjectDeltaType();
>>
>> userDelta.setOid(oid);
>>
>> userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));
>>
>> userDelta.setChangeType(ChangeTypeType.MODIFY);
>>
>> ObjectDeltaListType deltaList = new ObjectDeltaListType();
>>
>> deltaList.getDelta().add(userDelta);
>>
>> ModelExecuteOptionsType optionsType = new
>> ModelExecuteOptionsType();
>>
>> optionsType.setReconcile(true);
>>
>> modelPort.executeChanges(deltaList, optionsType);
>>
>> }
>>
>>
>> This is how it looks like in XML:
>>
>> <soap:Body>
>> <ns8:executeChanges
>>
>> xmlns:ns2="http://prism.evolveum.com/xml/ns/public/types-3"
>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>
>> xmlns:ns3="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>
>> xmlns:ns8="http://midpoint.evolveum.com/xml/ns/public/model/model-3"
>> <http://midpoint.evolveum.com/xml/ns/public/model/model-3>
>>
>> xmlns:ns9="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>>
>>
>> <ns8:deltaList>
>> <ns9:delta>
>> <ns2:changeType>modify</ns2:changeType>
>> <ns2:objectType>ns3:UserType</ns2:objectType>
>> <ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid>
>> </ns9:delta>
>> </ns8:deltaList>
>> <ns8:options>
>> <ns3:reconcile>true</ns3:reconcile>
>> </ns8:options>
>> </ns8:executeChanges>
>> </soap:Body>
>>
>> Hope this helps.
>> Pavol
>>
>>
>> On 10. 2. 2015 22:40, Manish Baid wrote:
>>> Hi,
>>> Using webservice client, can you please share some pointers
>>> on how to: programmatically "reconcile a user"?
>>>
>>> Basically, we are trying to re-enforce role-inducement
>>> updates to "affected" users.
>>>
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/c8723d8e/attachment.htm>
More information about the midPoint
mailing list