[midPoint] ScriptedSQL - create group tries to create account
Ivan Noris
ivan.noris at evolveum.com
Mon Dec 12 11:13:42 CET 2016
Hi Aivo,
are you ADDING projection or assigning role? IMHO add projection always
uses kind=account and intent=default (as of now).
You should assign a role with construction to your role.
Regards,
Ivan
On 12/12/2016 10:48 AM, Aivo Kuhlberg wrote:
>
> Hi,
> I am trying to sync midPoint role to scriptedSQL table "Groups" but
> for some reason every time when I add resource projection to role it
> tries to run CreateScript.groovy with __ACCOUNT__ objectClass. I have
> specified sync parameters for both accounts and groups but for some
> reason it does not help to find entitlement. However importing groups
> works OK - groups in MariaDB Groups table are imported correctly to
> mipdPoint.
> Here are some of the configuration settings I use for ScriptedSQL
> connector:
>
> <schemaHandling>
> <objectType>
> <kind>account</kind>
> <intent>account</intent>
> <default>true</default>
> <objectClass>ri:AccountObjectClass</objectClass>
> ...
> <objectType>
> <kind>entitlement</kind>
> <intent>group</intent>
> <default>true</default>
> <objectClass>ri:CustomGroupObjectClass</objectClass>
> ...
> <synchronization>
> <objectSynchronization>
> <name>DBAT1 users sync</name>
> <objectClass>ri:AccountObjectClass</objectClass>
> <kind>account</kind>
> <intent>account</intent>
> <enabled>true</enabled>
> ...
> </objectSynchronization>
> <objectSynchronization>
> <name>DBAT1 Groups sync</name>
> <objectClass>ri:CustomGroupObjectClass</objectClass>
> <kind>entitlement</kind>
> <intent>group</intent>
> <focusType>RoleType</focusType>
> <enabled>true</enabled>
> ...
>
> And here is what I see in log when I try to add projection to Role
> with name "DBAT1_test3"
> 2016-12-12 11:18:57,096 [] [Thread-12] WARN
> (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
> Can't do reconciliation. Account context doesn't contain current
> version of account.
> 2016-12-12 11:18:57,550 [] [Thread-12] INFO
> (com.evolveum.midpoint.provisioning.impl.ConnectorManager): Created
> new connector instance for
> resource:12784dc4-defd-4ab5-b9bd-70af099d0b38(DBAT1):
> org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector
> v1.1.2.0.em3
> 2016-12-12 11:18:58,426 [] [Thread-12] DEBUG
> (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method:
> null msg:Entering CREATE Script for the objectClass __ACCOUNT__
> 2016-12-12 11:18:58,461 [] [Thread-12] DEBUG
> (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method:
> null msg:Create parameter options is: [:]
> 2016-12-12 11:18:58,461 [] [Thread-12] DEBUG
> (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method:
> null msg:Create parameter id is: DBAT1_test3
> 2016-12-12 11:18:58,487 [] [Thread-12] DEBUG
> (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method:
> null msg:Create parameter description is: null
> 2016-12-12 11:18:58,488 [] [Thread-12] DEBUG
> (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method:
> null msg:Create parameter attributes is: [__ENABLE__:[true]]
>
> Regards,
> Aivo Kuhlberg
>
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161212/78cafd3e/attachment.htm>
More information about the midPoint
mailing list