[midPoint] programmatically "reconcile a user"

Dharmendra Parakh dharmendra at confluxsys.com
Thu Feb 12 14:27:04 CET 2015 

Hey Pavol

I missed that equal thing.

Thanks, that worked like a charm.

Regards
Dharmendra


On Thu, Feb 12, 2015 at 6:34 PM, Pavol Mederly <mederly at evolveum.com> wrote:

>  Dharmendra,
>
> it is not supported to test references using <equal> condition. You have
> to use <ref> one.
>
> So I suggest to replace "<equal ..." section in .parseSearchFilterType()
> call with this one
>
> <ref>
>     <path>assignment/targetRef</path>
>     <value>
>         <oid>* ... put roleOid here ... *</oid>
>         <type>RoleType</type>
>     </value>
> </ref>
>
> It should work. :-) If not, please let me know.
>
> Best regards,
> Pavol
>
>  HI
>
>  I tried it but didn't work for me, I am using following code:
>
>   private static List<UserType> searchRoleMembers(ModelPortType
> modelPort, String roleOid) throws SAXException, IOException, FaultMessage,
> JAXBException {
>  // WARNING: in a real case make sure that the username is properly
>  // escaped before putting it in XML
>  SearchFilterType filter = ModelClientUtil
>  .parseSearchFilterType("<equal xmlns='
> http://prism.evolveum.com/xml/ns/public/query-3' xmlns:c='
> http://midpoint.evolveum.com/xml/ns/public/common/common-3' >"
>  + "<path>assignment/targetRef</path>" + "<value><oid>" + roleOid +
> "</oid> <type>RoleType</type> </value>" + "</equal>");
>  QueryType query = new QueryType();
>  query.setFilter(filter);
>  SelectorQualifiedGetOptionsType options = new
> SelectorQualifiedGetOptionsType();
>  Holder<ObjectListType> objectListHolder = new Holder<ObjectListType>();
>  Holder<OperationResultType> resultHolder = new
> Holder<OperationResultType>();
>
>  modelPort.searchObjects(ModelClientUtil.getTypeQName(UserType.class),
> query, options, objectListHolder, resultHolder);
>
>  ObjectListType objectList = objectListHolder.value;
>  List<ObjectType> objects = objectList.getObject();
>  if (objects.isEmpty()) {
>  return null;
>  }
>  List<UserType> result = new ArrayList<>(objects.size());
>  for(ObjectType object: objects ){
>  result.add((UserType) object);
>  }
>  return result;
>  }
>   Am i doing anything wrong?
>
>  Thanks!
>
>
> On Thu, Feb 12, 2015 at 4:36 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>>  You can easily get all users that have *directly* assigned a role - it
>> is a search on UserType using the following criteria:
>>
>> <ref>
>>     <path>assignment/targetRef</path>
>>     <value>
>>         <oid>00000000-0000-0000-0000-000000000004</oid>
>>         <type>RoleType</type>
>>     </value>
>> </ref>
>>
>> (replace 00000000-0000-0000-0000-000000000004 with the OID of your role)
>>
>> However, this does not find users that have such a role assigned
>> indirectly (e.g. as inducement in another role). This is not currently
>> supported.
>>
>> Best regards,
>> Pavol
>>
>>   HI
>>
>>  Thanks for the information, this works.
>>
>>  One more thing Our requirement is to reconcile users associated to some
>> specific role, So is there a way to get the users associated to a role
>> without iterating all the users.
>>
>>
>>  Thanks!
>>
>> On Thu, Feb 12, 2015 at 3:27 PM, Pavol Mederly <mederly at evolveum.com>
>> wrote:
>>
>>>  Hello Manish,
>>>
>>> I've just pushed a sample code that demonstrates this.
>>>
>>> Here is the java code - actually, it's an empty modification with
>>> RECONCILE option set (see red lines):
>>>
>>>     private static void reconcileUser(ModelPortType modelPort, String
>>> oid) throws FaultMessage {
>>>
>>>
>>>         ObjectDeltaType userDelta = new ObjectDeltaType();
>>>
>>>         userDelta.setOid(oid);
>>>
>>>
>>> userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));
>>>
>>>         userDelta.setChangeType(ChangeTypeType.MODIFY);
>>>
>>>
>>>
>>>         ObjectDeltaListType deltaList = new ObjectDeltaListType();
>>>
>>>         deltaList.getDelta().add(userDelta);
>>>
>>>
>>>
>>>         ModelExecuteOptionsType optionsType = new
>>> ModelExecuteOptionsType();
>>>
>>>         optionsType.setReconcile(true);
>>>
>>>         modelPort.executeChanges(deltaList, optionsType);
>>>
>>>     }
>>>
>>> This is how it looks like in XML:
>>>
>>> <soap:Body>
>>>         <ns8:executeChanges
>>>             xmlns:ns2="http://prism.evolveum.com/xml/ns/public/types-3"
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>>             xmlns:ns3=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>>             xmlns:ns8=
>>> "http://midpoint.evolveum.com/xml/ns/public/model/model-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/model/model-3>
>>>             xmlns:ns9=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/api-types-3>>
>>>
>>>             <ns8:deltaList>
>>>                 <ns9:delta>
>>>                     <ns2:changeType>modify</ns2:changeType>
>>>                     <ns2:objectType>ns3:UserType</ns2:objectType>
>>>
>>> <ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid>
>>>                 </ns9:delta>
>>>             </ns8:deltaList>
>>>             <ns8:options>
>>>                 <ns3:reconcile>true</ns3:reconcile>
>>>             </ns8:options>
>>>         </ns8:executeChanges>
>>>     </soap:Body>
>>>
>>> Hope this helps.
>>> Pavol
>>>
>>>
>>> On 10. 2. 2015 22:40, Manish Baid wrote:
>>>
>>>   Hi,
>>> Using webservice client, can you please share some pointers on how to:
>>> programmatically "reconcile a user"?
>>>
>>>  Basically, we are trying to re-enforce role-inducement updates to
>>> "affected" users.
>>>
>>>
>>>  Thanks
>>>
>>>
>>>
>>>  _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150212/bcfbafa5/attachment.htm>

More information about the midPoint mailing list