[midPoint] HA: HA: Can't generate unique username while importing from resource

Алексей Ващенков a.vashchenkov at solarsecurity.ru
Fri May 15 09:48:10 CEST 2015


I understood my error. I thougt that instnce created in one step. That was error.  When I take into consideration that instance may be created in several steps, it works fine. 
As I understend in the first step of creation, when objectTemplate is using all attributes are null. After "default" attributes a set then ObjectTemplate applies again an this step attributes not null and everethin is OK.
________________________________________
От: midPoint [midpoint-bounces at lists.evolveum.com] от имени Radovan Semancik [radovan.semancik at evolveum.com]
Отправлено: 14 мая 2015 г. 17:34
Кому: midpoint at lists.evolveum.com
Тема: Re: [midPoint] HA: Can't generate unique username while importing from resource

Hi Aleksey,

At the first sight it looks like your configuration is OK. This should
work well in midPoint, we use similar set-up in several deployments and
we also have automated tests. However, this may still mean that you are
hitting a bug. But my estimate is that this is a configuration problem.
Please enable finer logging and try to figure out where exactly it goes
wrong.

I have updated the Usual Troubleshooting Steps page in our wiki:
https://wiki.evolveum.com/display/midPoint/Usual+Troubleshooting+Steps

Especially look at the "Clockwork and Projector Troubleshooting"
section. This is the method that we use to find configuration bugs in
our deployments.

--
Radovan Semancik
Software Architect
evolveum.com



On 05/12/2015 12:17 PM, Алексей Ващенков wrote:
> I understend that it must be inbound mappings in resource configuration. Here it is.
>     <schemaHandling>
>        <objectType>
>           <kind>account</kind>
>           <displayName>Пользователь</displayName>
>           <default>true</default>
>           <objectClass xmlns:qn761="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn761:AccountObjectClass</objectClass>
>           <attribute>
>              <ref xmlns:schemaRef="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">schemaRef:uid</ref>
>              <displayName>Идентификатор</displayName>
>              <exclusiveStrong>false</exclusiveStrong>
>              <tolerant>true</tolerant>
>              <inbound>
>                 <name>Идентификатор</name>
>                 <authoritative>true</authoritative>
>                 <exclusive>false</exclusive>
>                 <strength>normal</strength>
>                 <target>
>                    <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/employeeNumber</c:path>
>                 </target>
>              </inbound>
>           </attribute>
>           <attribute>
>              <ref xmlns:qn936="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn936:last_name</ref>
>              <displayName>Фамилия</displayName>
>              <exclusiveStrong>false</exclusiveStrong>
>              <tolerant>true</tolerant>
>              <inbound>
>                 <name>Фамилия</name>
>                 <authoritative>true</authoritative>
>                 <exclusive>false</exclusive>
>                 <strength>normal</strength>
>                 <target>
>                    <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
>                 </target>
>              </inbound>
>           </attribute>
>           <attribute>
>              <ref xmlns:qn969="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn969:middle_name</ref>
>              <displayName>Отчество</displayName>
>              <exclusiveStrong>false</exclusiveStrong>
>              <tolerant>true</tolerant>
>              <inbound>
>                 <name>Отчество</name>
>                 <authoritative>true</authoritative>
>                 <exclusive>false</exclusive>
>                 <strength>normal</strength>
>                 <target>
>                    <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/additionalName</c:path>
>                 </target>
>              </inbound>
>           </attribute>
>           <attribute>
>              <ref xmlns:qn652="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn652:first_name</ref>
>              <displayName>Имя</displayName>
>              <exclusiveStrong>false</exclusiveStrong>
>              <tolerant>true</tolerant>
>              <inbound>
>                 <name>Имя</name>
>                 <authoritative>true</authoritative>
>                 <exclusive>false</exclusive>
>                 <strength>normal</strength>
>                 <target>
>                    <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/givenName</c:path>
>                 </target>
>              </inbound>
>           </attribute>
>        </objectType>
>     </schemaHandling>
>
> In my case all the records in DB contains nonnull three columns first_name, last_name and middle_name.
> It seems if I set order to *before*, in this case attributes givenName, familyName, and additionalName is not set when user instance is creating. And in generation method they are comming sa nulls.
> ________________________________________
> От: midPoint [midpoint-bounces at lists.evolveum.com] от имени Ivan Noris [ivan.noris at evolveum.com]
> Отправлено: 12 мая 2015 г. 12:15
> Кому: midpoint at lists.evolveum.com
> Тема: Re: [midPoint] Can't generate unique username while importing from resource
>
> Hi Alexej,
>
> in object template you can only use midPoint (user) attributes.
>
> So, please check that you first define inbound mappings for your
> firstname, lastname, additionalname attributes and then you use them in
> object templates.
>
> So the point is, you first have the attributes in user object (in
> memory, because it's being created at the same time) and object template
> can use them to generate user's name attribute.
>
> The problem may be caused by your second question regarding correlation
> - there is no correlation expression defined in your code. Please see
> any of our resource examples with "-sync" in name. E.g.:
> . . .
>                      <correlation>
>                          <q:description>
>                          Correlation rule for default accounts where
> userPrincipalName matches $user/name in midPoint
> </q:description>
>                          <q:equal>
>                                  <q:matching>polyStringNorm</q:matching>
>                                  <q:path>c:name</q:path>
>                                  <expression>
>                                          <description>Matches using
> userPrincipalName</description>
>                                          <path>
>                                                  declare namespace
> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
>
> $account/attributes/ri:userPrincipalName
>                                          </path>
>                                  </expression>
>                          </q:equal>
>                      </correlation>
> . . .
>
> Regards,
> Ivan
>
> On 05/12/2015 10:25 AM, Алексей Ващенков wrote:
>> Hello. I've configuared resource with next syncronization block.
>>     <synchronization>
>>        <objectSynchronization>
>>           <name>Sync account</name>
>>           <objectClass xmlns:qn835="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">qn835:AccountObjectClass</objectClass>
>>           <kind>account</kind>
>>           <focusType>UserType</focusType>
>>           <enabled>true</enabled>
>>           <reconcile>true</reconcile>
>>           <opportunistic>false</opportunistic>
>>           <reaction>
>>              <name>Add user</name>
>>              <situation>unmatched</situation>
>>              <synchronize>true</synchronize>
>>              <reconcile>false</reconcile>
>>              <action>
>>                 <name>Add user</name>
>>                 <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
>>                 <order>before</order>
>>                 <objectTemplateRef oid="4e7290dd-2fd3-4559-a6bc-aeae11da608c"/>
>>              </action>
>>           </reaction>
>>           <reaction>
>>              <name>Synchronize</name>
>>              <situation>linked</situation>
>>              <synchronize>true</synchronize>
>>              <reconcile>false</reconcile>
>>           </reaction>
>>        </objectSynchronization>
>>     </synchronization>
>> And I have next template object
>> <objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>                  oid="c0c010c0-d34d-b33f-f00d-777222222334"
>>                  version="19">
>>     <name>Инициализация пользователя</name>
>>     <description>
>>          </description>
>>     <metadata>
>>        <createTimestamp>2015-05-08T12:08:08.644+03:00</createTimestamp>
>>        <creatorRef oid="00000000-0000-0000-0000-000000000002" type="UserType"><!-- administrator --></creatorRef>
>>        <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>>     </metadata>
>>     <iteration>
>>        <maxIterations>9999</maxIterations>
>>     </iteration>
>>     <mapping>
>>        <source>
>>           <name>familyName</name>
>>           <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$focus/familyName</c:path>
>>        </source>
>>        <source>
>>           <name>givenName</name>
>>           <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/givenName</c:path>
>>        </source>
>>        <source>
>>           <name>additionalName</name>
>>           <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/additionalName</c:path>
>>        </source>
>>        <expression>
>>           <script>
>>              <code>import com.evolveum.midpoint.common.policy.StringPolicyUtils;
>>                  StringPolicyUtils.transliterateFullName(givenName, familyName, additionalName) +iteration
>>              </code>
>>           </script>
>>        </expression>
>>        <target>
>>           <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/name</c:path>
>>        </target>
>>     </mapping>
>> </objectTemplate>
>> If I use order set to before, then I have givenName, familyName, additionalName all are null. If I set order to after, then I have warning Correlation rule for resource 'resource:f01e18f2-3d14-4c25-bea0-268c209f1091(???????????? ? HR)' doesn't contain query, returning empty list of users.
>>
>> How can I properly configure generating username?
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> --
>    Ing. Ivan Noris
>    Senior Identity Management Engineer & IDM Architect
>    evolveum.com                     evolveum.com/blog/
>    ___________________________________________________
>    "Semper Id(e)M Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint



More information about the midPoint mailing list