[midPoint] Sample notification for accounts that have been enabled
Pavol Mederly
mederly at evolveum.com
Fri Feb 27 22:37:20 CET 2015
Jason,
I forgot to mention that you have to pull and build the latest master
for this to work, because I had to add a couple of methods to midPoint.
Thinking a bit about it, now I'm not sure if you use the master or
released 3.1 version... Because we have changed the repository structure
since 3.1 a bit.
What to do now depends what is your hibernateHbm2ddl setting in the
config.xml file. If it is nothing or
|||<||hibernateHbm2ddl||>update</||hibernateHbm2ddl||>|
it should work. But if it's
|||<||hibernateHbm2ddl||>validate</||hibernateHbm2ddl||>|
then you would need to run the migration script in the
config/sql/midpoint/3.1.1/<db> directory. But I'm not sure if anyone has
tested this...
So please use it in a /very/ testing environment. (Either if you have
update or validate option in your config.)
Best regards,
Pavol
On 27. 2. 2015 22:25, Jason Everling wrote:
> I was testing it out but I am sure I have a typo somewhere, i tried
> different combinations, but I am excited to see a way to get it going..
>
> "Could not find matching constructor for:
> com.evolveum.midpoint.prism.path.ItemPath(java.lang.String,
> java.lang.String) (new) event filter "
>
> <handler>
> <expressionFilter>
> <script>
> <code>
> event.isRelatedToItem(new
> com.evolveum.midpoint.prism.path.ItemPath("activation",
> "administrativeStatus"))
> </code>
> </script>
> </expressionFilter>
> <simpleUserNotifier>
> <name>Account Modified</name>
> <status>success</status>
> <recipientExpression>
> <script>
> <code>
> basic.getExtensionPropertyValue(requestee,
> 'http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox')
> </code>
> </script>
> </recipientExpression>
> <subjectExpression>
> <script>
> <code>"Your account has been modified"</code>
> </script>
> </subjectExpression>
> <transport>mail</transport>
> </simpleUserNotifier>
> </handler>
>
> On Fri, Feb 27, 2015 at 2:48 PM, Pavol Mederly
> <pavol.mederly at gmail.com <mailto:pavol.mederly at gmail.com>> wrote:
>
> Hello Jason,
>
> I quickly hacked a method event.isRelatedToItem(itemPath) that
> tells you if the event is somehow related to an item with a given
> path.
>
> It is to be used in the following way:
>
> <simpleResourceObjectNotifier>
> <expressionFilter>
> <script>
> <code>
> *event.isRelatedToItem(new
> com.evolveum.midpoint.prism.path.ItemPath("activation",
> "administrativeStatus"))*
> </code>
> </script>
> </expressionFilter>
> ....
> </simpleResourceObjectNotifier>
>
> You can use it with <simpleUserNotifier> as well.
>
> It seems to work, but I haven't had time to test it thoroughly. I
> leave this to you. :-)
>
> Generally, it is experimental implementation. Known situations
> where it does not work is deletion of values: for example, if you
> delete an object, this method does not know if there was
> activation/administrativeStatus set in that object or not (so it
> returns false). In a similar way, if there was a REPLACE delta,
> the method knows nothing about the values that were deleted by
> execution of such delta. Or, in a DELETE delta where the whole
> container (activation in this case) is deleted. Nevertheless, in
> your specific case, none of these should occur. :-)
>
> Hope this helps,
> Pavol
>
>> I was actually going over all my user attributes and after
>> looking at them and thinking about how often they would be
>> changed and if they would ever be changed I am thinking I would
>> only need to filter out phone number, the other attributes should
>> never really change.
>>
>> JASON
>>
>> On Fri, Feb 27, 2015 at 10:12 AM, Jason Everling
>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>
>> Yeah I basically only want to send a notification when their
>> account is disabled or enabled, I already have notifications
>> working for "ADD" new account notifications and it works
>> fine. We do not delete accounts, once a username has been
>> issued it will never be used again except by that same person
>> if he/she returns to the school even if it is years down the
>> road. I will probably create a generic delete notification
>> sent to us admins just in-case someone deletes something.
>>
>> So the workaround would probably work, I would basically need
>> to filter everything that is not relevant for the
>> administrative status modifications. If you could write 1
>> filter for an attribute I could write the rest like if I
>> wanted to filter out phone number changes.
>>
>> This notification is only going to be for when the
>> student/faculty/ or staff's account is disabled or enabled.
>> So when a student/faculty/staff leaves us they would get a
>> notification letting them at least know that their account
>> was disabled and why they are unable to login. Same for when
>> they return, they would get an email with a custom body
>> letting them know their accounts are re-enabled.
>>
>> JASON
>>
>> On Fri, Feb 27, 2015 at 9:52 AM, Pavol Mederly
>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>> Jason,
>>
>> I'm not quite sure I understand you correctly. But these
>> things are clear:
>>
>> 1) If watchAuxiliaryAttributes = false, only "user
>> visible" items are taken into account (i.e. user/account
>> attributes, account associations, administrativeStatus
>> and a few others).
>> 2) If watchAuxiliaryAttributes = true, all these PLUS
>> also auxiliary attributes are taken into account.
>> 3) If you edit the "bodyExpression", you can hide all the
>> attributes you don't want to be present in the message.
>> 4) BUT - as you correctly stated - even if you are
>> interested only in the activation part, the message would
>> be generated for ALL changes (e.g. modifying phone number)
>>
>> Just BTW, Ivan noticed this just today and created a jira
>> issue MID-2237
>> <https://jira.evolveum.com/browse/MID-2237> for that.
>> (Unfortunately because of all the pressures it is
>> currently scheduled for 3.3.)
>>
>> A workaround would be to filter out (via
>> expressionFilter) all the changes with attributes that
>> are not relevant for you.
>> I'm not sure about what midPoint method would be the most
>> convenient to use. Maybe it does not exist yet.
>>
>> But if you confirm that I understand you correctly, and
>> if you would send here a specific list of attributes to
>> be watched, I could find/provide such a method.
>>
>> BTW, what about ADD and DELETE operations? Should they
>> generate any messages?
>>
>> Best regards,
>> Pavol
>>
>>> Thanks for the clarification,
>>>
>>> So is it on the modify operation I am assuming. Wouldn't
>>> that send a notification for every modify like phone or
>>> department, I just really want the activation part of
>>> it, the enable/disable and if any of the other
>>> auxiliaries are changed. I would use a body expression
>>> to specify the message so that the un-needed items are
>>> not present, something like this but wouldn't it send
>>> for every modify like stated above?
>>>
>>> <handler>
>>> <expressionFilter>
>>> <script>
>>> <code>
>>> event.isUserRelated() &&
>>> requestee.getCostCenter() == 'ASHIT'
>>> </code>
>>> </script>
>>> </expressionFilter>
>>> <simpleUserNotifier>
>>> <name>Account Modified</name>
>>> <operation>modify</operation>
>>> <status>success</status>
>>> <recipientExpression>
>>> <script>
>>> <code>
>>> basic.getExtensionPropertyValue(requestee,
>>> 'http://www.bshp.edu/xml/ns/public/bshp',
>>> 'otherMailbox') </code>
>>> </script>
>>> </recipientExpression>
>>>
>>> <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>
>>> <subjectExpression>
>>> <script>
>>> <code>"Your Account has been modified"</code>
>>> </script>
>>> </subjectExpression>
>>> <bodyExpression>
>>> <script>
>>> <code>
>>> "Some message to the student/faculty or staff" +
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> *
>>> **
>>>
>>> On Fri, Feb 27, 2015 at 4:39 AM, Pavol Mederly
>>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>> Hello Jason,
>>>
>>> activation/administrativeStatus is among attributes
>>> that are "watched" by default.
>>>
>>> So, if you change it, you'll get a notification -
>>> like this:
>>>
>>> ============================================ Fri Feb
>>> 27 11:30:45 CET 2015
>>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>>> subject='Account modification notification',
>>> contentType='null', body='Notification about
>>> account-related operation
>>>
>>> User: Boss1 (boss1, oid
>>> 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>> Notification created on: Fri Feb 27 11:30:45 CET 2015
>>>
>>> Resource: Localhost CSVfile (oid
>>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>> Account: boss1
>>>
>>> The account has been successfully modified on the
>>> resource. Modified attributes are:
>>> - Activation/Administrative Status:
>>> - REPLACE: DISABLED
>>>
>>> '}
>>>
>>> Actually, you can use watchAuxiliaryAttributes, but
>>> this would lead to providing unimportant messages
>>> and/or attributes in them. For example, when I
>>> enabled it, like this:
>>>
>>> <notificationConfiguration>
>>> <handler>
>>> <simpleResourceObjectNotifier>
>>> <recipientExpression>
>>> <value>aaa at aaa.sk <mailto:aaa at aaa.sk></value>
>>> </recipientExpression>
>>> *<watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>*
>>> <transport>mail</transport>
>>> </simpleResourceObjectNotifier>
>>> </handler>
>>> <mail>
>>> <debug>false</debug>
>>> <redirectToFile>notifications.txt</redirectToFile>
>>> </mail>
>>> </notificationConfiguration>
>>>
>>> I'll get the following notification after
>>> re-enabling the account again:
>>>
>>> ============================================ Fri Feb
>>> 27 11:31:40 CET 2015
>>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>>> subject='Account modification notification',
>>> contentType='null', body='Notification about
>>> account-related operation
>>>
>>> User: Boss1 (boss1, oid
>>> 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>> Notification created on: Fri Feb 27 11:31:40 CET 2015
>>>
>>> Resource: Localhost CSVfile (oid
>>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>> Account: boss1
>>>
>>> The account has been successfully modified on the
>>> resource. Modified attributes are:
>>> - Activation/Administrative Status:
>>> - REPLACE: ENABLED
>>> - Activation/enableTimestamp:
>>> - REPLACE: 27.2.2015 11:31:40
>>> - Metadata/modifyChannel:
>>> - REPLACE:
>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>> - Metadata/modifyTimestamp:
>>> - REPLACE: 27.2.2015 11:31:40
>>> - Metadata/modifierRef:
>>> - REPLACE: administrator (user)
>>>
>>> '}
>>>
>>> Just BTW, these attributes are currently considered
>>> auxiliary:
>>>
>>> - metadata container
>>> - activation/validityStatus
>>> - activation/validityChangeTimestamp
>>> - activation/effectiveStatus (this is not the same
>>> as administrativeStatus!)
>>> - activation/disableTimestamp
>>> - activation/enableTimestamp
>>> - activation/archiveTimestamp
>>> - iteration
>>> - iterationToken
>>> - linkRef (for focal objects)
>>> - trigger
>>>
>>> And these are considered synchronization-related
>>> (notifications for them are also disabled by default):
>>>
>>> - synchronizationSituation
>>> - synchronizationSituationDescription
>>> - synchronizationTimestamp
>>> - fullSynchronizationTimestamp
>>>
>>> Hope this helps,
>>> Pavol
>>>
>>>
>>> On 26. 2. 2015 15:36, Jason Everling wrote:
>>>> Would you happen to have a sample or provide one for use thewatchAuxiliaryAttributes in a notification?
>>>> What I was mainly looking for is a way to send a notification when the activation/administrativeStatus has changed for an account. I have my other notifiers for account adds but this would make a wonderful addition so when withdrawn students return they would get a notification letting them know their accounts have been re-enabled.
>>>> JASON
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is
>>>> proprietary and confidential; intended for only the
>>>> recipient(s) named above and may contain
>>>> information that is privileged. You should not
>>>> retain, copy or use this e-mail or any attachments
>>>> for any purpose, or disclose all or any part of the
>>>> contents to any person. Any views or opinions
>>>> expressed in this e-mail are those of the author
>>>> and do not represent those of the Baptist School of
>>>> Health Professions. If you have received this
>>>> e-mail in error, or are not the named recipient(s),
>>>> you are hereby notified that any review,
>>>> dissemination, distribution or copying of this
>>>> communication is prohibited by the sender and to do
>>>> so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section
>>>> 2510-2521. Please immediately notify the sender and
>>>> delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary
>>> and confidential; intended for only the recipient(s)
>>> named above and may contain information that is
>>> privileged. You should not retain, copy or use this
>>> e-mail or any attachments for any purpose, or disclose
>>> all or any part of the contents to any person. Any views
>>> or opinions expressed in this e-mail are those of the
>>> author and do not represent those of the Baptist School
>>> of Health Professions. If you have received this e-mail
>>> in error, or are not the named recipient(s), you are
>>> hereby notified that any review, dissemination,
>>> distribution or copying of this communication is
>>> prohibited by the sender and to do so might constitute a
>>> violation of the Electronic Communications Privacy Act,
>>> 18 U.S.C. section 2510-2521. Please immediately notify
>>> the sender and delete this e-mail and any attachments
>>> from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150227/4439ba21/attachment.htm>
More information about the midPoint
mailing list