[midPoint] Help looping on Active Directory groups
f.contessi
f.contessi at nsr.it
Thu Sep 3 16:30:46 CEST 2015
Hi Pavol,
thanks for your suggestions. Now, I have modified the xml code for attribute on the AD resource:
<attribute>
<ref>icfs:groups</ref>
<displayName>Gruppi</displayName>
<inbound>
<expression>
<script>
<relativityMode>absolute</relativityMode>
<code>
def isdirettore = false
def n = input.size()
for (def i = 0; i < n; i++) {
def gruppo = input.get(i)
if (it =~ /^CN=.*_DIV.._DIR.*$/) {
isdirettore = true
}
}
isdirettore
</code>
</script>
</expression>
<target>
<path>$user/extension/mise:organizzazione</path>
</target>
</inbound>
</attribute>
But I have the "input" variable null, as I can see from idm.log:
ERROR (com.evolveum.midpoint.model.common.expression.script.ScriptExpression): Expression error: java.lang.NullPointerException: Cannot invoke method size() on null object (old) expression in mapping in inbound expression for {http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3}groups in resource:Resource-ActiveDirectoryXXX(Active Directory XXX)
The only difference is the namespace: you have suggested me "ri:groups" but it isn't defined in ns instance-3; so I put "icfs:groups". It could made the difference?
Any other suggestion?
Thanks in advance. Regards.
Fabio
Da: "midPoint" midpoint-bounces at lists.evolveum.com
A: midpoint at lists.evolveum.com
Cc:
Data: Thu, 3 Sep 2015 15:45:57 +0200
Oggetto: Re: [midPoint] Help looping on Active Directory groups
>
> Hello Fabio,
>
>
the problem is that you've put your script to ri:title
attribute. So (I think) that as an input you get the value of this
attribute, which is a string. The <source> declaration is
not appropriate here.
>
>
If you want to process ri:groups attribute, please put this
mapping under ri:groups attribute.
>
Also, use <relativityMode>absolute</relativityMode>
(as a child of <script>) in order to get all the values of
ri:groups at once.
>
Remove the <source> part and refer to the input variable
(now called gruppi) simply as input.
>
>
Hope this helps,
>
Pavol
>
>
>
> Hi,
> I have an Active Directory resource and I need to
reconcile users. In populating a virtual user attribute I need
to check if the corresponding AD account has a particular
group assigned. This is a snippet of the resource xml:
>
>
> <attribute>
>
<c:ref>ri:title</c:ref>
>
<displayName>Gruppi</displayName>
> <inbound>
> <source>
>
<name>gruppi</name>
>
<path>$shadow/attributes/groups</path>
> </source>
> <expression>
> <script>
> <code>
> def isdirettore =
false
> def n =
gruppi.size()
> for (def i = 0; i
< n; i++) {
> def gruppo =
gruppi.get(i)
> if (it =~
/^CN=.*_DIV.._DIR.*$/) {
>
isdirettore = true
> }
> }
> isdirettore
> </code>
> </script>
> </expression>
> <target>
>
<path>$user/extension/mise:organizzazione</path>
> </target>
> </inbound>
> </attribute>
>
> I need to loop on assigned AD groups and I need to
check the string format of each group using a regular
expression. The problem is that in the variable named “gruppi” I
have only a string and not an array or List. Do you have any
ideas?
>
> Thanks and regards.
>
> Fabio
>
>
>
>
>
>
> --
>
Fabio
Contessi <f.contessi at nsr.it>
>
>
nova
systems roma / nsr
>
>
>
> _______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150903/0e01b0de/attachment.htm>
More information about the midPoint
mailing list