[midPoint] Sample notification for accounts that have been enabled

Jason Everling jeverling at bshp.edu
Fri Feb 27 17:45:43 CET 2015


I was actually going over all my user attributes and after looking at them
and thinking about how often they would be changed and if they would ever
be changed I am thinking I would only need to filter out phone number, the
other attributes should never really change.

JASON

On Fri, Feb 27, 2015 at 10:12 AM, Jason Everling <jeverling at bshp.edu> wrote:

> Yeah I basically only want to send a notification when their account is
> disabled or enabled, I already have notifications working for "ADD" new
> account notifications and it works fine. We do not delete accounts, once a
> username has been issued it will never be used again except by that same
> person if he/she returns to the school even if it is years down the road. I
> will probably create a generic delete notification sent to us admins just
> in-case someone deletes something.
>
> So the workaround would probably work, I would basically need to filter
> everything that is not relevant for the administrative status
> modifications. If you could write 1 filter for an attribute I could write
> the rest like if I wanted to filter out phone number changes.
>
> This notification is only going to be for when the student/faculty/ or
> staff's account is disabled or enabled. So when a student/faculty/staff
> leaves us they would get a notification letting them at least know that
> their account was disabled and why they are unable to login. Same for when
> they return, they would get an email with a custom body letting them know
> their accounts are re-enabled.
>
> JASON
>
> On Fri, Feb 27, 2015 at 9:52 AM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>>  Jason,
>>
>> I'm not quite sure I understand you correctly. But these things are clear:
>>
>> 1) If watchAuxiliaryAttributes = false, only "user visible" items are
>> taken into account (i.e. user/account attributes, account associations,
>> administrativeStatus and a few others).
>> 2) If watchAuxiliaryAttributes = true, all these PLUS also auxiliary
>> attributes are taken into account.
>> 3) If you edit the "bodyExpression", you can hide all the attributes you
>> don't want to be present in the message.
>> 4) BUT - as you correctly stated - even if you are interested only in the
>> activation part, the message would be generated for ALL changes (e.g.
>> modifying phone number)
>>
>> Just BTW, Ivan noticed this just today and created a jira issue MID-2237
>> <https://jira.evolveum.com/browse/MID-2237> for that. (Unfortunately
>> because of all the pressures it is currently scheduled for 3.3.)
>>
>> A workaround would be to filter out (via expressionFilter) all the
>> changes with attributes that are not relevant for you.
>> I'm not sure about what midPoint method would be the most convenient to
>> use. Maybe it does not exist yet.
>>
>> But if you confirm that I understand you correctly, and if you would send
>> here a specific list of attributes to be watched, I could find/provide such
>> a method.
>>
>> BTW, what about ADD and DELETE operations? Should they generate any
>> messages?
>>
>> Best regards,
>> Pavol
>>
>>   Thanks for the clarification,
>>
>>  So is it on the modify operation I am assuming. Wouldn't that send a
>> notification for every modify like phone or department, I just really want
>> the activation part of it, the enable/disable and if any of the other
>> auxiliaries are changed. I would use a body expression to specify the
>> message so that the un-needed items are not present, something like this
>> but wouldn't it send for every modify like stated above?
>>
>>      <handler>
>>         <expressionFilter>
>>             <script>
>>  <code>
>>  event.isUserRelated() &&
>>  requestee.getCostCenter() == 'ASHIT'
>>                 </code>
>>             </script>
>>         </expressionFilter>
>>         <simpleUserNotifier>
>>             <name>Account Modified</name>
>>             <operation>modify</operation>
>>             <status>success</status>
>>             <recipientExpression>
>>                  <script>
>>                     <code>
>>                        basic.getExtensionPropertyValue(requestee, '
>> http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox')
>>             </code>
>>                 </script>
>>              </recipientExpression>
>>             <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>
>>             <subjectExpression>
>>                 <script>
>>                     <code>"Your Account has been modified"</code>
>>                 </script>
>>             </subjectExpression>
>>             <bodyExpression>
>>                 <script>
>>                     <code>
>>                         "Some message to the student/faculty or staff" +
>>
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Feb 27, 2015 at 4:39 AM, Pavol Mederly <mederly at evolveum.com>
>> wrote:
>>
>>>  Hello Jason,
>>>
>>> activation/administrativeStatus is among attributes that are "watched"
>>> by default.
>>>
>>> So, if you change it, you'll get a notification - like this:
>>>
>>> ============================================ Fri Feb 27 11:30:45 CET 2015
>>> Message{to='[aaa at aaa.sk]', subject='Account modification notification',
>>> contentType='null', body='Notification about account-related operation
>>>
>>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>> Notification created on: Fri Feb 27 11:30:45 CET 2015
>>>
>>> Resource: Localhost CSVfile (oid ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>> Account: boss1
>>>
>>> The account has been successfully modified on the resource. Modified
>>> attributes are:
>>>  - Activation/Administrative Status:
>>>    - REPLACE: DISABLED
>>>
>>> '}
>>>
>>> Actually, you can use watchAuxiliaryAttributes, but this would lead to
>>> providing unimportant messages and/or attributes in them. For example, when
>>> I enabled it, like this:
>>>
>>>   <notificationConfiguration>
>>>       <handler>
>>>          <simpleResourceObjectNotifier>
>>>             <recipientExpression>
>>>                <value>aaa at aaa.sk</value>
>>>             </recipientExpression>
>>> *            <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>*
>>>             <transport>mail</transport>
>>>          </simpleResourceObjectNotifier>
>>>       </handler>
>>>       <mail>
>>>          <debug>false</debug>
>>>          <redirectToFile>notifications.txt</redirectToFile>
>>>       </mail>
>>>    </notificationConfiguration>
>>>
>>> I'll get the following notification after re-enabling the account again:
>>>
>>> ============================================ Fri Feb 27 11:31:40 CET 2015
>>> Message{to='[aaa at aaa.sk]', subject='Account modification notification',
>>> contentType='null', body='Notification about account-related operation
>>>
>>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>> Notification created on: Fri Feb 27 11:31:40 CET 2015
>>>
>>> Resource: Localhost CSVfile (oid ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>> Account: boss1
>>>
>>> The account has been successfully modified on the resource. Modified
>>> attributes are:
>>>  - Activation/Administrative Status:
>>>    - REPLACE: ENABLED
>>>  - Activation/enableTimestamp:
>>>    - REPLACE: 27.2.2015 11:31:40
>>>  - Metadata/modifyChannel:
>>>    - REPLACE:
>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>>  - Metadata/modifyTimestamp:
>>>    - REPLACE: 27.2.2015 11:31:40
>>>  - Metadata/modifierRef:
>>>    - REPLACE: administrator (user)
>>>
>>> '}
>>>
>>> Just BTW, these attributes are currently considered auxiliary:
>>>
>>> - metadata container
>>> - activation/validityStatus
>>> - activation/validityChangeTimestamp
>>> - activation/effectiveStatus (this is not the same as
>>> administrativeStatus!)
>>> - activation/disableTimestamp
>>> - activation/enableTimestamp
>>> - activation/archiveTimestamp
>>> - iteration
>>> - iterationToken
>>> - linkRef (for focal objects)
>>> - trigger
>>>
>>> And these are considered synchronization-related (notifications for them
>>> are also disabled by default):
>>>
>>> - synchronizationSituation
>>> - synchronizationSituationDescription
>>> - synchronizationTimestamp
>>> - fullSynchronizationTimestamp
>>>
>>> Hope this helps,
>>> Pavol
>>>
>>>
>>> On 26. 2. 2015 15:36, Jason Everling wrote:
>>>
>>>   Would you happen to have a sample or provide one for use the watchAuxiliaryAttributes in a notification?
>>>
>>> What I was mainly looking for is a way to send a notification when the activation/administrativeStatus has changed for an account. I have my other notifiers for account adds but this would make a wonderful addition so when withdrawn students return they would get a notification letting them know their accounts have been re-enabled.
>>>
>>> JASON
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150227/4c4af4d1/attachment.htm>


More information about the midPoint mailing list