[midPoint] HA: Can't generate unique username while importing from resource
Radovan Semancik
radovan.semancik at evolveum.com
Thu May 14 16:34:14 CEST 2015
Hi Aleksey,
At the first sight it looks like your configuration is OK. This should
work well in midPoint, we use similar set-up in several deployments and
we also have automated tests. However, this may still mean that you are
hitting a bug. But my estimate is that this is a configuration problem.
Please enable finer logging and try to figure out where exactly it goes
wrong.
I have updated the Usual Troubleshooting Steps page in our wiki:
https://wiki.evolveum.com/display/midPoint/Usual+Troubleshooting+Steps
Especially look at the "Clockwork and Projector Troubleshooting"
section. This is the method that we use to find configuration bugs in
our deployments.
--
Radovan Semancik
Software Architect
evolveum.com
On 05/12/2015 12:17 PM, Алексей Ващенков wrote:
> I understend that it must be inbound mappings in resource configuration. Here it is.
> <schemaHandling>
> <objectType>
> <kind>account</kind>
> <displayName>Пользователь</displayName>
> <default>true</default>
> <objectClass xmlns:qn761="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn761:AccountObjectClass</objectClass>
> <attribute>
> <ref xmlns:schemaRef="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">schemaRef:uid</ref>
> <displayName>Идентификатор</displayName>
> <exclusiveStrong>false</exclusiveStrong>
> <tolerant>true</tolerant>
> <inbound>
> <name>Идентификатор</name>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/employeeNumber</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <ref xmlns:qn936="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn936:last_name</ref>
> <displayName>Фамилия</displayName>
> <exclusiveStrong>false</exclusiveStrong>
> <tolerant>true</tolerant>
> <inbound>
> <name>Фамилия</name>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <ref xmlns:qn969="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn969:middle_name</ref>
> <displayName>Отчество</displayName>
> <exclusiveStrong>false</exclusiveStrong>
> <tolerant>true</tolerant>
> <inbound>
> <name>Отчество</name>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/additionalName</c:path>
> </target>
> </inbound>
> </attribute>
> <attribute>
> <ref xmlns:qn652="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn652:first_name</ref>
> <displayName>Имя</displayName>
> <exclusiveStrong>false</exclusiveStrong>
> <tolerant>true</tolerant>
> <inbound>
> <name>Имя</name>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/givenName</c:path>
> </target>
> </inbound>
> </attribute>
> </objectType>
> </schemaHandling>
>
> In my case all the records in DB contains nonnull three columns first_name, last_name and middle_name.
> It seems if I set order to *before*, in this case attributes givenName, familyName, and additionalName is not set when user instance is creating. And in generation method they are comming sa nulls.
> ________________________________________
> От: midPoint [midpoint-bounces at lists.evolveum.com] от имени Ivan Noris [ivan.noris at evolveum.com]
> Отправлено: 12 мая 2015 г. 12:15
> Кому: midpoint at lists.evolveum.com
> Тема: Re: [midPoint] Can't generate unique username while importing from resource
>
> Hi Alexej,
>
> in object template you can only use midPoint (user) attributes.
>
> So, please check that you first define inbound mappings for your
> firstname, lastname, additionalname attributes and then you use them in
> object templates.
>
> So the point is, you first have the attributes in user object (in
> memory, because it's being created at the same time) and object template
> can use them to generate user's name attribute.
>
> The problem may be caused by your second question regarding correlation
> - there is no correlation expression defined in your code. Please see
> any of our resource examples with "-sync" in name. E.g.:
> . . .
> <correlation>
> <q:description>
> Correlation rule for default accounts where
> userPrincipalName matches $user/name in midPoint
> </q:description>
> <q:equal>
> <q:matching>polyStringNorm</q:matching>
> <q:path>c:name</q:path>
> <expression>
> <description>Matches using
> userPrincipalName</description>
> <path>
> declare namespace
> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
>
> $account/attributes/ri:userPrincipalName
> </path>
> </expression>
> </q:equal>
> </correlation>
> . . .
>
> Regards,
> Ivan
>
> On 05/12/2015 10:25 AM, Алексей Ващенков wrote:
>> Hello. I've configuared resource with next syncronization block.
>> <synchronization>
>> <objectSynchronization>
>> <name>Sync account</name>
>> <objectClass xmlns:qn835="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn835:AccountObjectClass</objectClass>
>> <kind>account</kind>
>> <focusType>UserType</focusType>
>> <enabled>true</enabled>
>> <reconcile>true</reconcile>
>> <opportunistic>false</opportunistic>
>> <reaction>
>> <name>Add user</name>
>> <situation>unmatched</situation>
>> <synchronize>true</synchronize>
>> <reconcile>false</reconcile>
>> <action>
>> <name>Add user</name>
>> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
>> <order>before</order>
>> <objectTemplateRef oid="4e7290dd-2fd3-4559-a6bc-aeae11da608c"/>
>> </action>
>> </reaction>
>> <reaction>
>> <name>Synchronize</name>
>> <situation>linked</situation>
>> <synchronize>true</synchronize>
>> <reconcile>false</reconcile>
>> </reaction>
>> </objectSynchronization>
>> </synchronization>
>> And I have next template object
>> <objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> oid="c0c010c0-d34d-b33f-f00d-777222222334"
>> version="19">
>> <name>Инициализация пользователя</name>
>> <description>
>> </description>
>> <metadata>
>> <createTimestamp>2015-05-08T12:08:08.644+03:00</createTimestamp>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002" type="UserType"><!-- administrator --></creatorRef>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>> </metadata>
>> <iteration>
>> <maxIterations>9999</maxIterations>
>> </iteration>
>> <mapping>
>> <source>
>> <name>familyName</name>
>> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
>> </source>
>> <source>
>> <name>givenName</name>
>> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/givenName</c:path>
>> </source>
>> <source>
>> <name>additionalName</name>
>> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/additionalName</c:path>
>> </source>
>> <expression>
>> <script>
>> <code>import com.evolveum.midpoint.common.policy.StringPolicyUtils;
>> StringPolicyUtils.transliterateFullName(givenName, familyName, additionalName) +iteration
>> </code>
>> </script>
>> </expression>
>> <target>
>> <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/name</c:path>
>> </target>
>> </mapping>
>> </objectTemplate>
>> If I use order set to before, then I have givenName, familyName, additionalName all are null. If I set order to after, then I have warning Correlation rule for resource 'resource:f01e18f2-3d14-4c25-bea0-268c209f1091(???????????? ? HR)' doesn't contain query, returning empty list of users.
>>
>> How can I properly configure generating username?
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper Id(e)M Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list