[midPoint] ScriptedSQL -Multivalued attributes (was: add/remove entitlements)

Sun Dec 18 00:58:18 CET 2016

OK, I got it.
The multivalued attribute MUST BE A LIST type ["value1","value2","value"].
I found it in one post in mailing list archive after 2 days of intense research.

Now anything is possible. At least at the moment.... see you soon!
WS

Dnia czwartek, 15 grudnia 2016 21:01:49 CET Wojciech Staszewski pisze:
> Nevermind,
> I just wanna know how to handle multivalued attributes, if I know this, the rest is relatively simple.
> Search, insert, delete, update.
> I found some messages from past years on this mailing list, but nothing valuable.
> Please understand I'm not a programmer (except bash scripting). Until I met Midpoint I did not know that something like Groovy exists. :)
> I ask for your indulgence.
> 
> Dnia poniedziałek, 12 grudnia 2016 21:45:00 CET Nicolas Rossi pisze:
> > Hi, you have to add the association between Users and Groups. It's
> > something like that:
> > 
> > <association>
> > <ref>ri:GroupObjectClass</ref>
> > <kind>entitlement</kind>
> > <intent>default</intent>
> > <tolerant>false</tolerant>
> > <direction>subjectToObject</direction>
> > <associationAttribute>ri:groups</associationAttribute>
> > <valueAttribute>icfs:uid</valueAttribute>
> > <shortcutAssociationAttribute>ri:members</shortcutAssociationAttribute>
> > <shortcutValueAttribute>icfs:uid</shortcutValueAttribute>
> > </association>
> > 
> > You can find more information about the association and the tolerant
> > parameter here:
> > https://wiki.evolveum.com/display/midPoint/Entitlements#Entitlements-AssociationDefinition
> > 
> > Inside your Update script the operation should be ADD_ATTRIBUTE_VALUE for
> > objectClass __ACCOUNT__ and the attribute received should be "groups":
> > 
> >     case "ADD_ATTRIBUTE_VALUES":
> > 
> >         if(objectClass == "__ACCOUNT__")
> >         {
> >             for(String group : attributes.get("groups"))
> >             {
> >                 def existingEntitlement = sql.rows("SELECT 1 FROM
> > UserGroups WHERE user_id=? AND group_id=?",[uid as String, group as
> > String]);
> >                 if(existingEntitlement.isEmpty())
> >                 {
> >                     log.info("Sample - Adding entitlement ${group} to user
> > ${uid}");
> >                     sql.execute("insert into UserGroups (user_id, group_id)
> > values (" + uid + "," + group + ")");
> >                 }
> >                 else
> >                 {
> >                     log.info("Sample - Skipping assignment because user
> > ${uid} already has group ${group}");
> >                 }
> >             }
> >         }
> > 
> > You should also handle the REMOVE_ATTRIBUTE_VALUES with the same logic.
> > Radovan and Ivan have helped us few weeks ago with the ScriptedSQL
> > resource. You can find the conversation in the mailing list. I am sure it
> > will help you too.
> > 
> > Regards,
> > 
> > 
> > 
> > 
> > 
> > Ing Nicolás Rossi
> > Identicum S.A.
> > Jorge Newbery 3226
> > Tel: +54 (11) 4552-3050
> > www.identicum.com
> > 
> > On Mon, Dec 12, 2016 at 7:11 PM, Wojciech Staszewski <
> > wojciech.staszewski at diagnostyka.pl> wrote:
> > 
> > > Hello,
> > >
> > > I'm playing with ScriptedSQL resource, based on Evolveum example from
> > > Github.
> > > I'm able to list/add/remove users/groups and enable/disable accounts.
> > > Great.
> > > But now I want to apply an assignment (a group) to user. Unfortunately
> > > "Update_Script.groovy" is incomplete,
> > > ADD_ATTRIBUTE_VALUES and REMOVE_ATTRIBUTE_VALUES cases are empty.
> > > Where can I find some examples?
> > >
> > > Thanks a lot!
> > > WS
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> > >
> > 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA 
Spółka z ograniczoną odpowiedzialnością 
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00
fax: +48 12 295 01 02 
tel. kom: 663 680 236
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M. Życzkowskiego 16, 31-864 Kraków; 
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał zakładowy: 33 252 500 zł.