[midPoint] Sample notification for accounts that have been enabled
Jason Everling
jeverling at bshp.edu
Fri Feb 27 23:05:36 CET 2015
I was on master before the 3.1 release then switched to the official 3.1
once it was released. Is that updated code going to be in 3.1.1? If so then
I could just wait until it is out, could I cherry pick those commits into
3.1.1?, if not then I am not to worried, I can wait patiently for it in an
official release.
I will though test it out and re-pull master into a new directory on my
workstation just to see how it works out.
BTW I have already tested the 3.1.1 upgrade scripts from 3.1 and it is
good, well for at least sql server 2008 r2 because that is what I would
use. It was either rebuild/upgrade our 5.5 MySQL Replication cluster to 5.6
since it is required version or deploy onto our SQL Server 2008 cluster
without any changes so that way seemed easier.
JASON
On Fri, Feb 27, 2015 at 3:37 PM, Pavol Mederly <mederly at evolveum.com> wrote:
> Jason,
>
> I forgot to mention that you have to pull and build the latest master for
> this to work, because I had to add a couple of methods to midPoint.
>
> Thinking a bit about it, now I'm not sure if you use the master or
> released 3.1 version... Because we have changed the repository structure
> since 3.1 a bit.
>
> What to do now depends what is your hibernateHbm2ddl setting in the
> config.xml file. If it is nothing or
>
> <hibernateHbm2ddl>update</hibernateHbm2ddl>
>
> it should work. But if it's
>
> <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>
> then you would need to run the migration script in the
> config/sql/midpoint/3.1.1/<db> directory. But I'm not sure if anyone has
> tested this...
>
> So please use it in a *very* testing environment. (Either if you have
> update or validate option in your config.)
>
> Best regards,
> Pavol
>
>
> On 27. 2. 2015 22:25, Jason Everling wrote:
>
> I was testing it out but I am sure I have a typo somewhere, i tried
> different combinations, but I am excited to see a way to get it going..
>
> "Could not find matching constructor for:
> com.evolveum.midpoint.prism.path.ItemPath(java.lang.String,
> java.lang.String) (new) event filter "
>
> <handler>
> <expressionFilter>
> <script>
> <code>
> event.isRelatedToItem(new
> com.evolveum.midpoint.prism.path.ItemPath("activation",
> "administrativeStatus"))
> </code>
> </script>
> </expressionFilter>
> <simpleUserNotifier>
> <name>Account Modified</name>
> <status>success</status>
> <recipientExpression>
> <script>
> <code>
> basic.getExtensionPropertyValue(requestee, '
> http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox')
> </code>
> </script>
> </recipientExpression>
> <subjectExpression>
> <script>
> <code>"Your account has been modified"</code>
> </script>
> </subjectExpression>
> <transport>mail</transport>
> </simpleUserNotifier>
> </handler>
>
> On Fri, Feb 27, 2015 at 2:48 PM, Pavol Mederly <pavol.mederly at gmail.com>
> wrote:
>
>> Hello Jason,
>>
>> I quickly hacked a method event.isRelatedToItem(itemPath) that tells you
>> if the event is somehow related to an item with a given path.
>>
>> It is to be used in the following way:
>>
>> <simpleResourceObjectNotifier>
>> <expressionFilter>
>> <script>
>> <code>
>> * event.isRelatedToItem(new
>> com.evolveum.midpoint.prism.path.ItemPath("activation",
>> "administrativeStatus"))*
>> </code>
>> </script>
>> </expressionFilter>
>> ....
>> </simpleResourceObjectNotifier>
>>
>> You can use it with <simpleUserNotifier> as well.
>>
>> It seems to work, but I haven't had time to test it thoroughly. I leave
>> this to you. :-)
>>
>> Generally, it is experimental implementation. Known situations where it
>> does not work is deletion of values: for example, if you delete an object,
>> this method does not know if there was activation/administrativeStatus set
>> in that object or not (so it returns false). In a similar way, if there was
>> a REPLACE delta, the method knows nothing about the values that were
>> deleted by execution of such delta. Or, in a DELETE delta where the whole
>> container (activation in this case) is deleted. Nevertheless, in your
>> specific case, none of these should occur. :-)
>>
>> Hope this helps,
>> Pavol
>>
>> I was actually going over all my user attributes and after looking at
>> them and thinking about how often they would be changed and if they would
>> ever be changed I am thinking I would only need to filter out phone number,
>> the other attributes should never really change.
>>
>> JASON
>>
>> On Fri, Feb 27, 2015 at 10:12 AM, Jason Everling <jeverling at bshp.edu>
>> wrote:
>>
>>> Yeah I basically only want to send a notification when their account is
>>> disabled or enabled, I already have notifications working for "ADD" new
>>> account notifications and it works fine. We do not delete accounts, once a
>>> username has been issued it will never be used again except by that same
>>> person if he/she returns to the school even if it is years down the road. I
>>> will probably create a generic delete notification sent to us admins just
>>> in-case someone deletes something.
>>>
>>> So the workaround would probably work, I would basically need to
>>> filter everything that is not relevant for the administrative status
>>> modifications. If you could write 1 filter for an attribute I could write
>>> the rest like if I wanted to filter out phone number changes.
>>>
>>> This notification is only going to be for when the student/faculty/ or
>>> staff's account is disabled or enabled. So when a student/faculty/staff
>>> leaves us they would get a notification letting them at least know that
>>> their account was disabled and why they are unable to login. Same for when
>>> they return, they would get an email with a custom body letting them know
>>> their accounts are re-enabled.
>>>
>>> JASON
>>>
>>> On Fri, Feb 27, 2015 at 9:52 AM, Pavol Mederly <mederly at evolveum.com>
>>> wrote:
>>>
>>>> Jason,
>>>>
>>>> I'm not quite sure I understand you correctly. But these things are
>>>> clear:
>>>>
>>>> 1) If watchAuxiliaryAttributes = false, only "user visible" items are
>>>> taken into account (i.e. user/account attributes, account associations,
>>>> administrativeStatus and a few others).
>>>> 2) If watchAuxiliaryAttributes = true, all these PLUS also auxiliary
>>>> attributes are taken into account.
>>>> 3) If you edit the "bodyExpression", you can hide all the attributes
>>>> you don't want to be present in the message.
>>>> 4) BUT - as you correctly stated - even if you are interested only in
>>>> the activation part, the message would be generated for ALL changes (e.g.
>>>> modifying phone number)
>>>>
>>>> Just BTW, Ivan noticed this just today and created a jira issue
>>>> MID-2237 <https://jira.evolveum.com/browse/MID-2237> for that.
>>>> (Unfortunately because of all the pressures it is currently scheduled for
>>>> 3.3.)
>>>>
>>>> A workaround would be to filter out (via expressionFilter) all the
>>>> changes with attributes that are not relevant for you.
>>>> I'm not sure about what midPoint method would be the most convenient to
>>>> use. Maybe it does not exist yet.
>>>>
>>>> But if you confirm that I understand you correctly, and if you would
>>>> send here a specific list of attributes to be watched, I could find/provide
>>>> such a method.
>>>>
>>>> BTW, what about ADD and DELETE operations? Should they generate any
>>>> messages?
>>>>
>>>> Best regards,
>>>> Pavol
>>>>
>>>> Thanks for the clarification,
>>>>
>>>> So is it on the modify operation I am assuming. Wouldn't that send a
>>>> notification for every modify like phone or department, I just really want
>>>> the activation part of it, the enable/disable and if any of the other
>>>> auxiliaries are changed. I would use a body expression to specify the
>>>> message so that the un-needed items are not present, something like this
>>>> but wouldn't it send for every modify like stated above?
>>>>
>>>> <handler>
>>>> <expressionFilter>
>>>> <script>
>>>> <code>
>>>> event.isUserRelated() &&
>>>> requestee.getCostCenter() == 'ASHIT'
>>>> </code>
>>>> </script>
>>>> </expressionFilter>
>>>> <simpleUserNotifier>
>>>> <name>Account Modified</name>
>>>> <operation>modify</operation>
>>>> <status>success</status>
>>>> <recipientExpression>
>>>> <script>
>>>> <code>
>>>> basic.getExtensionPropertyValue(requestee, '
>>>> http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox')
>>>> </code>
>>>> </script>
>>>> </recipientExpression>
>>>> <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>
>>>> <subjectExpression>
>>>> <script>
>>>> <code>"Your Account has been modified"</code>
>>>> </script>
>>>> </subjectExpression>
>>>> <bodyExpression>
>>>> <script>
>>>> <code>
>>>> "Some message to the student/faculty or staff" +
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Feb 27, 2015 at 4:39 AM, Pavol Mederly <mederly at evolveum.com>
>>>> wrote:
>>>>
>>>>> Hello Jason,
>>>>>
>>>>> activation/administrativeStatus is among attributes that are "watched"
>>>>> by default.
>>>>>
>>>>> So, if you change it, you'll get a notification - like this:
>>>>>
>>>>> ============================================ Fri Feb 27 11:30:45 CET
>>>>> 2015
>>>>> Message{to='[aaa at aaa.sk]', subject='Account modification
>>>>> notification', contentType='null', body='Notification about account-related
>>>>> operation
>>>>>
>>>>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>>>> Notification created on: Fri Feb 27 11:30:45 CET 2015
>>>>>
>>>>> Resource: Localhost CSVfile (oid ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>>>> Account: boss1
>>>>>
>>>>> The account has been successfully modified on the resource. Modified
>>>>> attributes are:
>>>>> - Activation/Administrative Status:
>>>>> - REPLACE: DISABLED
>>>>>
>>>>> '}
>>>>>
>>>>> Actually, you can use watchAuxiliaryAttributes, but this would lead to
>>>>> providing unimportant messages and/or attributes in them. For example, when
>>>>> I enabled it, like this:
>>>>>
>>>>> <notificationConfiguration>
>>>>> <handler>
>>>>> <simpleResourceObjectNotifier>
>>>>> <recipientExpression>
>>>>> <value>aaa at aaa.sk</value>
>>>>> </recipientExpression>
>>>>> * <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>*
>>>>> <transport>mail</transport>
>>>>> </simpleResourceObjectNotifier>
>>>>> </handler>
>>>>> <mail>
>>>>> <debug>false</debug>
>>>>> <redirectToFile>notifications.txt</redirectToFile>
>>>>> </mail>
>>>>> </notificationConfiguration>
>>>>>
>>>>> I'll get the following notification after re-enabling the account
>>>>> again:
>>>>>
>>>>> ============================================ Fri Feb 27 11:31:40 CET
>>>>> 2015
>>>>> Message{to='[aaa at aaa.sk]', subject='Account modification
>>>>> notification', contentType='null', body='Notification about account-related
>>>>> operation
>>>>>
>>>>> User: Boss1 (boss1, oid 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>>>> Notification created on: Fri Feb 27 11:31:40 CET 2015
>>>>>
>>>>> Resource: Localhost CSVfile (oid ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>>>> Account: boss1
>>>>>
>>>>> The account has been successfully modified on the resource. Modified
>>>>> attributes are:
>>>>> - Activation/Administrative Status:
>>>>> - REPLACE: ENABLED
>>>>> - Activation/enableTimestamp:
>>>>> - REPLACE: 27.2.2015 11:31:40
>>>>> - Metadata/modifyChannel:
>>>>> - REPLACE:
>>>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>>>> - Metadata/modifyTimestamp:
>>>>> - REPLACE: 27.2.2015 11:31:40
>>>>> - Metadata/modifierRef:
>>>>> - REPLACE: administrator (user)
>>>>>
>>>>> '}
>>>>>
>>>>> Just BTW, these attributes are currently considered auxiliary:
>>>>>
>>>>> - metadata container
>>>>> - activation/validityStatus
>>>>> - activation/validityChangeTimestamp
>>>>> - activation/effectiveStatus (this is not the same as
>>>>> administrativeStatus!)
>>>>> - activation/disableTimestamp
>>>>> - activation/enableTimestamp
>>>>> - activation/archiveTimestamp
>>>>> - iteration
>>>>> - iterationToken
>>>>> - linkRef (for focal objects)
>>>>> - trigger
>>>>>
>>>>> And these are considered synchronization-related (notifications for
>>>>> them are also disabled by default):
>>>>>
>>>>> - synchronizationSituation
>>>>> - synchronizationSituationDescription
>>>>> - synchronizationTimestamp
>>>>> - fullSynchronizationTimestamp
>>>>>
>>>>> Hope this helps,
>>>>> Pavol
>>>>>
>>>>>
>>>>> On 26. 2. 2015 15:36, Jason Everling wrote:
>>>>>
>>>>> Would you happen to have a sample or provide one for use the watchAuxiliaryAttributes in a notification?
>>>>>
>>>>> What I was mainly looking for is a way to send a notification when the activation/administrativeStatus has changed for an account. I have my other notifiers for account adds but this would make a wonderful addition so when withdrawn students return they would get a notification letting them know their accounts have been re-enabled.
>>>>>
>>>>> JASON
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150227/58ec6450/attachment.htm>
More information about the midPoint
mailing list