[midPoint] Sample notification for accounts that have been enabled
Pavol Mederly
mederly at evolveum.com
Fri Feb 27 23:13:00 CET 2015
> I was on master before the 3.1 release then switched to the official
> 3.1 once it was released. Is that updated code going to be in 3.1.1?
> If so then I could just wait until it is out, could I cherry pick
> those commits into 3.1.1?, if not then I am not to worried, I can wait
> patiently for it in an official release.
Yes, almost everything that is in master will be put into 3.1.1. This
particular hack for sure.
I think you could also cherry pick this commit into 3.1 - it should be
quite self-contained - but I'm not sure. [It's dark night here and so my
brain is slowing down a bit :-)]
> I will though test it out and re-pull master into a new directory on
> my workstation just to see how it works out.
Very well. If any problems, then just let me know. Next week I'm on
vacation but maybe from time to time I'll check mails.
> BTW I have already tested the 3.1.1 upgrade scripts from 3.1 and it is
> good, well for at least sql server 2008 r2 because that is what I
> would use. It was either rebuild/upgrade our 5.5 MySQL Replication
> cluster to 5.6 since it is required version or deploy onto our SQL
> Server 2008 cluster without any changes so that way seemed easier.
Ah, fine! That's a good news for me.
Best regards,
Pavol
>
> JASON
>
> On Fri, Feb 27, 2015 at 3:37 PM, Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>> wrote:
>
> Jason,
>
> I forgot to mention that you have to pull and build the latest
> master for this to work, because I had to add a couple of methods
> to midPoint.
>
> Thinking a bit about it, now I'm not sure if you use the master or
> released 3.1 version... Because we have changed the repository
> structure since 3.1 a bit.
>
> What to do now depends what is your hibernateHbm2ddl setting in
> the config.xml file. If it is nothing or
>
> |||<||hibernateHbm2ddl||>update</||hibernateHbm2ddl||>|
>
> it should work. But if it's
>
> |||<||hibernateHbm2ddl||>validate</||hibernateHbm2ddl||>|
>
> then you would need to run the migration script in the
> config/sql/midpoint/3.1.1/<db> directory. But I'm not sure if
> anyone has tested this...
>
> So please use it in a /very/ testing environment. (Either if you
> have update or validate option in your config.)
>
> Best regards,
> Pavol
>
>
> On 27. 2. 2015 22:25, Jason Everling wrote:
>> I was testing it out but I am sure I have a typo somewhere, i
>> tried different combinations, but I am excited to see a way to
>> get it going..
>>
>> "Could not find matching constructor for:
>> com.evolveum.midpoint.prism.path.ItemPath(java.lang.String,
>> java.lang.String) (new) event filter "
>>
>> <handler>
>> <expressionFilter>
>> <script>
>> <code>
>> event.isRelatedToItem(new
>> com.evolveum.midpoint.prism.path.ItemPath("activation",
>> "administrativeStatus"))
>> </code>
>> </script>
>> </expressionFilter>
>> <simpleUserNotifier>
>> <name>Account Modified</name>
>> <status>success</status>
>> <recipientExpression>
>> <script>
>> <code>
>> basic.getExtensionPropertyValue(requestee,
>> 'http://www.bshp.edu/xml/ns/public/bshp', 'otherMailbox') </code>
>> </script>
>> </recipientExpression>
>> <subjectExpression>
>> <script>
>> <code>"Your account has been modified"</code>
>> </script>
>> </subjectExpression>
>> <transport>mail</transport>
>> </simpleUserNotifier>
>> </handler>
>>
>> On Fri, Feb 27, 2015 at 2:48 PM, Pavol Mederly
>> <pavol.mederly at gmail.com <mailto:pavol.mederly at gmail.com>> wrote:
>>
>> Hello Jason,
>>
>> I quickly hacked a method event.isRelatedToItem(itemPath)
>> that tells you if the event is somehow related to an item
>> with a given path.
>>
>> It is to be used in the following way:
>>
>> <simpleResourceObjectNotifier>
>> <expressionFilter>
>> <script>
>> <code>
>> *event.isRelatedToItem(new
>> com.evolveum.midpoint.prism.path.ItemPath("activation",
>> "administrativeStatus"))*
>> </code>
>> </script>
>> </expressionFilter>
>> ....
>> </simpleResourceObjectNotifier>
>>
>> You can use it with <simpleUserNotifier> as well.
>>
>> It seems to work, but I haven't had time to test it
>> thoroughly. I leave this to you. :-)
>>
>> Generally, it is experimental implementation. Known
>> situations where it does not work is deletion of values: for
>> example, if you delete an object, this method does not know
>> if there was activation/administrativeStatus set in that
>> object or not (so it returns false). In a similar way, if
>> there was a REPLACE delta, the method knows nothing about the
>> values that were deleted by execution of such delta. Or, in a
>> DELETE delta where the whole container (activation in this
>> case) is deleted. Nevertheless, in your specific case, none
>> of these should occur. :-)
>>
>> Hope this helps,
>> Pavol
>>
>>> I was actually going over all my user attributes and after
>>> looking at them and thinking about how often they would be
>>> changed and if they would ever be changed I am thinking I
>>> would only need to filter out phone number, the other
>>> attributes should never really change.
>>>
>>> JASON
>>>
>>> On Fri, Feb 27, 2015 at 10:12 AM, Jason Everling
>>> <jeverling at bshp.edu <mailto:jeverling at bshp.edu>> wrote:
>>>
>>> Yeah I basically only want to send a notification when
>>> their account is disabled or enabled, I already have
>>> notifications working for "ADD" new account
>>> notifications and it works fine. We do not delete
>>> accounts, once a username has been issued it will never
>>> be used again except by that same person if he/she
>>> returns to the school even if it is years down the road.
>>> I will probably create a generic delete notification
>>> sent to us admins just in-case someone deletes something.
>>>
>>> So the workaround would probably work, I would basically
>>> need to filter everything that is not relevant for the
>>> administrative status modifications. If you could write
>>> 1 filter for an attribute I could write the rest like if
>>> I wanted to filter out phone number changes.
>>>
>>> This notification is only going to be for when the
>>> student/faculty/ or staff's account is disabled or
>>> enabled. So when a student/faculty/staff leaves us they
>>> would get a notification letting them at least know that
>>> their account was disabled and why they are unable to
>>> login. Same for when they return, they would get an
>>> email with a custom body letting them know their
>>> accounts are re-enabled.
>>>
>>> JASON
>>>
>>> On Fri, Feb 27, 2015 at 9:52 AM, Pavol Mederly
>>> <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>> Jason,
>>>
>>> I'm not quite sure I understand you correctly. But
>>> these things are clear:
>>>
>>> 1) If watchAuxiliaryAttributes = false, only "user
>>> visible" items are taken into account (i.e.
>>> user/account attributes, account associations,
>>> administrativeStatus and a few others).
>>> 2) If watchAuxiliaryAttributes = true, all these
>>> PLUS also auxiliary attributes are taken into account.
>>> 3) If you edit the "bodyExpression", you can hide
>>> all the attributes you don't want to be present in
>>> the message.
>>> 4) BUT - as you correctly stated - even if you are
>>> interested only in the activation part, the message
>>> would be generated for ALL changes (e.g. modifying
>>> phone number)
>>>
>>> Just BTW, Ivan noticed this just today and created a
>>> jira issue MID-2237
>>> <https://jira.evolveum.com/browse/MID-2237> for
>>> that. (Unfortunately because of all the pressures it
>>> is currently scheduled for 3.3.)
>>>
>>> A workaround would be to filter out (via
>>> expressionFilter) all the changes with attributes
>>> that are not relevant for you.
>>> I'm not sure about what midPoint method would be the
>>> most convenient to use. Maybe it does not exist yet.
>>>
>>> But if you confirm that I understand you correctly,
>>> and if you would send here a specific list of
>>> attributes to be watched, I could find/provide such
>>> a method.
>>>
>>> BTW, what about ADD and DELETE operations? Should
>>> they generate any messages?
>>>
>>> Best regards,
>>> Pavol
>>>
>>>> Thanks for the clarification,
>>>>
>>>> So is it on the modify operation I am assuming.
>>>> Wouldn't that send a notification for every modify
>>>> like phone or department, I just really want the
>>>> activation part of it, the enable/disable and if
>>>> any of the other auxiliaries are changed. I would
>>>> use a body expression to specify the message so
>>>> that the un-needed items are not present, something
>>>> like this but wouldn't it send for every modify
>>>> like stated above?
>>>>
>>>> <handler>
>>>> <expressionFilter>
>>>> <script>
>>>> <code>
>>>> event.isUserRelated() &&
>>>> requestee.getCostCenter() == 'ASHIT'
>>>> </code>
>>>> </script>
>>>> </expressionFilter>
>>>> <simpleUserNotifier>
>>>> <name>Account Modified</name>
>>>> <operation>modify</operation>
>>>> <status>success</status>
>>>> <recipientExpression>
>>>> <script>
>>>> <code>
>>>> basic.getExtensionPropertyValue(requestee,
>>>> 'http://www.bshp.edu/xml/ns/public/bshp',
>>>> 'otherMailbox') </code>
>>>> </script>
>>>> </recipientExpression>
>>>>
>>>> <watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>
>>>> <subjectExpression>
>>>> <script>
>>>> <code>"Your Account has been modified"</code>
>>>> </script>
>>>> </subjectExpression>
>>>> <bodyExpression>
>>>> <script>
>>>> <code>
>>>> "Some message to the student/faculty or staff" +
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> *
>>>> **
>>>>
>>>> On Fri, Feb 27, 2015 at 4:39 AM, Pavol Mederly
>>>> <mederly at evolveum.com
>>>> <mailto:mederly at evolveum.com>> wrote:
>>>>
>>>> Hello Jason,
>>>>
>>>> activation/administrativeStatus is among
>>>> attributes that are "watched" by default.
>>>>
>>>> So, if you change it, you'll get a notification
>>>> - like this:
>>>>
>>>> ============================================
>>>> Fri Feb 27 11:30:45 CET 2015
>>>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>>>> subject='Account modification notification',
>>>> contentType='null', body='Notification about
>>>> account-related operation
>>>>
>>>> User: Boss1 (boss1, oid
>>>> 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>>> Notification created on: Fri Feb 27 11:30:45
>>>> CET 2015
>>>>
>>>> Resource: Localhost CSVfile (oid
>>>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>>> Account: boss1
>>>>
>>>> The account has been successfully modified on
>>>> the resource. Modified attributes are:
>>>> - Activation/Administrative Status:
>>>> - REPLACE: DISABLED
>>>>
>>>> '}
>>>>
>>>> Actually, you can use watchAuxiliaryAttributes,
>>>> but this would lead to providing unimportant
>>>> messages and/or attributes in them. For
>>>> example, when I enabled it, like this:
>>>>
>>>> <notificationConfiguration>
>>>> <handler>
>>>> <simpleResourceObjectNotifier>
>>>> <recipientExpression>
>>>> <value>aaa at aaa.sk <mailto:aaa at aaa.sk></value>
>>>> </recipientExpression>
>>>> *<watchAuxiliaryAttributes>true</watchAuxiliaryAttributes>*
>>>> <transport>mail</transport>
>>>> </simpleResourceObjectNotifier>
>>>> </handler>
>>>> <mail>
>>>> <debug>false</debug>
>>>> <redirectToFile>notifications.txt</redirectToFile>
>>>> </mail>
>>>> </notificationConfiguration>
>>>>
>>>> I'll get the following notification after
>>>> re-enabling the account again:
>>>>
>>>> ============================================
>>>> Fri Feb 27 11:31:40 CET 2015
>>>> Message{to='[aaa at aaa.sk <mailto:aaa at aaa.sk>]',
>>>> subject='Account modification notification',
>>>> contentType='null', body='Notification about
>>>> account-related operation
>>>>
>>>> User: Boss1 (boss1, oid
>>>> 75f2806d-e31b-40c9-8133-85ed4d9e6252)
>>>> Notification created on: Fri Feb 27 11:31:40
>>>> CET 2015
>>>>
>>>> Resource: Localhost CSVfile (oid
>>>> ef2bc95b-76e0-48e2-86d6-3d4f02d3fafe)
>>>> Account: boss1
>>>>
>>>> The account has been successfully modified on
>>>> the resource. Modified attributes are:
>>>> - Activation/Administrative Status:
>>>> - REPLACE: ENABLED
>>>> - Activation/enableTimestamp:
>>>> - REPLACE: 27.2.2015 11:31:40
>>>> - Metadata/modifyChannel:
>>>> - REPLACE:
>>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>>> - Metadata/modifyTimestamp:
>>>> - REPLACE: 27.2.2015 11:31:40
>>>> - Metadata/modifierRef:
>>>> - REPLACE: administrator (user)
>>>>
>>>> '}
>>>>
>>>> Just BTW, these attributes are currently
>>>> considered auxiliary:
>>>>
>>>> - metadata container
>>>> - activation/validityStatus
>>>> - activation/validityChangeTimestamp
>>>> - activation/effectiveStatus (this is not the
>>>> same as administrativeStatus!)
>>>> - activation/disableTimestamp
>>>> - activation/enableTimestamp
>>>> - activation/archiveTimestamp
>>>> - iteration
>>>> - iterationToken
>>>> - linkRef (for focal objects)
>>>> - trigger
>>>>
>>>> And these are considered
>>>> synchronization-related (notifications for them
>>>> are also disabled by default):
>>>>
>>>> - synchronizationSituation
>>>> - synchronizationSituationDescription
>>>> - synchronizationTimestamp
>>>> - fullSynchronizationTimestamp
>>>>
>>>> Hope this helps,
>>>> Pavol
>>>>
>>>>
>>>> On 26. 2. 2015 15:36, Jason Everling wrote:
>>>>> Would you happen to have a sample or provide one for use thewatchAuxiliaryAttributes in a notification?
>>>>> What I was mainly looking for is a way to send a notification when the activation/administrativeStatus has changed for an account. I have my other notifiers for account adds but this would make a wonderful addition so when withdrawn students return they would get a notification letting them know their accounts have been re-enabled.
>>>>> JASON
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is
>>>>> proprietary and confidential; intended for
>>>>> only the recipient(s) named above and may
>>>>> contain information that is privileged. You
>>>>> should not retain, copy or use this e-mail or
>>>>> any attachments for any purpose, or disclose
>>>>> all or any part of the contents to any person.
>>>>> Any views or opinions expressed in this e-mail
>>>>> are those of the author and do not represent
>>>>> those of the Baptist School of Health
>>>>> Professions. If you have received this e-mail
>>>>> in error, or are not the named recipient(s),
>>>>> you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this
>>>>> communication is prohibited by the sender and
>>>>> to do so might constitute a violation of the
>>>>> Electronic Communications Privacy Act, 18
>>>>> U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and
>>>>> any attachments from your computer.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> <mailto:midPoint at lists.evolveum.com>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is
>>>> proprietary and confidential; intended for only the
>>>> recipient(s) named above and may contain
>>>> information that is privileged. You should not
>>>> retain, copy or use this e-mail or any attachments
>>>> for any purpose, or disclose all or any part of the
>>>> contents to any person. Any views or opinions
>>>> expressed in this e-mail are those of the author
>>>> and do not represent those of the Baptist School of
>>>> Health Professions. If you have received this
>>>> e-mail in error, or are not the named recipient(s),
>>>> you are hereby notified that any review,
>>>> dissemination, distribution or copying of this
>>>> communication is prohibited by the sender and to do
>>>> so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section
>>>> 2510-2521. Please immediately notify the sender and
>>>> delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above
>>> and may contain information that is privileged. You should
>>> not retain, copy or use this e-mail or any attachments for
>>> any purpose, or disclose all or any part of the contents to
>>> any person. Any views or opinions expressed in this e-mail
>>> are those of the author and do not represent those of the
>>> Baptist School of Health Professions. If you have received
>>> this e-mail in error, or are not the named recipient(s), you
>>> are hereby notified that any review, dissemination,
>>> distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of
>>> the Electronic Communications Privacy Act, 18 U.S.C. section
>>> 2510-2521. Please immediately notify the sender and delete
>>> this e-mail and any attachments from your computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150227/81dda828/attachment.htm>
More information about the midPoint
mailing list