[midPoint] ScriptedSQL - create group tries to create account

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Mon Dec 12 11:51:07 CET 2016


Hi Ivan,
Thanks for the information. Yes I was ADDING a projection rather than adding a metarole with group inducement. Now when I assigned the metarole the group creation works!
Thank you again.
Regards,
Aivo Kuhlberg


________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelIvan Noris <ivan.noris at evolveum.com>
Saadetud: 12. detsember 2016 12:13
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] ScriptedSQL - create group tries to create account


Hi Aivo,


are you ADDING projection or assigning role? IMHO add projection always uses kind=account and intent=default (as of now).


You should assign a role with construction to your role.


Regards,

Ivan

On 12/12/2016 10:48 AM, Aivo Kuhlberg wrote:

Hi,
I am trying to sync midPoint role to scriptedSQL table "Groups" but for some reason every time when I add resource projection to role it tries to run CreateScript.groovy with __ACCOUNT__ objectClass. I have specified sync parameters for both accounts and groups but for some reason it does not help to find entitlement. However importing groups works OK - groups in MariaDB Groups table are imported correctly to mipdPoint.
Here are some of the configuration settings I use for ScriptedSQL connector:

   <schemaHandling>
      <objectType>
         <kind>account</kind>
         <intent>account</intent>
         <default>true</default>
         <objectClass>ri:AccountObjectClass</objectClass>
...
      <objectType>
         <kind>entitlement</kind>
         <intent>group</intent>
         <default>true</default>
         <objectClass>ri:CustomGroupObjectClass</objectClass>
...
   <synchronization>
      <objectSynchronization>
         <name>DBAT1 users sync</name>
         <objectClass>ri:AccountObjectClass</objectClass>
         <kind>account</kind>
         <intent>account</intent>
         <enabled>true</enabled>
...
      </objectSynchronization>
      <objectSynchronization>
         <name>DBAT1 Groups sync</name>
         <objectClass>ri:CustomGroupObjectClass</objectClass>
         <kind>entitlement</kind>
         <intent>group</intent>
         <focusType>RoleType</focusType>
         <enabled>true</enabled>
...

And here is what I see in log when I try to add projection to Role with name "DBAT1_test3"
2016-12-12 11:18:57,096 [] [Thread-12] WARN (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor): Can't do reconciliation. Account context doesn't contain current version of account.
2016-12-12 11:18:57,550 [] [Thread-12] INFO (com.evolveum.midpoint.provisioning.impl.ConnectorManager): Created new connector instance for resource:12784dc4-defd-4ab5-b9bd-70af099d0b38(DBAT1): org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector v1.1.2.0.em3
2016-12-12 11:18:58,426 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Entering CREATE Script for the objectClass __ACCOUNT__
2016-12-12 11:18:58,461 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter options is: [:]
2016-12-12 11:18:58,461 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter id is: DBAT1_test3
2016-12-12 11:18:58,487 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter description is: null
2016-12-12 11:18:58,488 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter attributes is: [__ENABLE__:[true]]

Regards,
Aivo Kuhlberg


________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



--
Ivan Noris
Senior Identity Engineer
evolveum.com


________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20161212/40a93472/attachment-0001.html>


More information about the midPoint mailing list