[midPoint] DatabaseTable Multi-Value Fields

Carlos Ferreira carlos18619 at gmail.com
Sat Oct 8 00:46:59 CEST 2016 

HI,

This is exactly the same behavior I've been seeing im my case.

First of all,

1. I'm using SCRIPTEDSQL connector and an ORACLE DB;
2. I've configured a multi-valued extension attribute - says 'roles' - to
receive the roles applied to an user;
3. Configured a metarole to deal with an association. Something like this:

   <inducement id="3">
      <construction>
         <resourceRef xmlns:tns="
http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                      oid="ef2bc95b-76e0-48e3-86db-3d4f02d42fff"
                      type="tns:ResourceType"><!-- Localhost ScriptedSQL -
Oracle  --></resourceRef>
         <kind>account</kind>
         <intent>default</intent>
         <association>
            <c:ref>ri:priv</c:ref>
            <outbound>
               <expression>
                  <associationFromLink>
                     <projectionDiscriminator>
                        <kind>entitlement</kind>
                        <intent>privilege</intent>
                     </projectionDiscriminator>
                  </associationFromLink>
               </expression>
            </outbound>
         </association>
      </construction>
      <order>2</order>
   </inducement>

4. Made the necessary adjustments on the resource to cope with the
association. Like this:

         <association>
            <c:ref>ri:priv</c:ref>
            <kind>entitlement</kind>
            <intent>privilege</intent>
            <direction>subjectToObject</direction>
            <associationAttribute>ri:roles</associationAttribute>
            <valueAttribute>icfs:name</valueAttribute>
         </association>

As to help me understand what goes through the connector, I added some
lines in the beginning of 'UpdateScript.groovy' script:


def now = new Date()

def file1 = new File('/var/opt/midpoint/icf-connectors/oracle/update.log');
if (file1.exists()) {
    file1.delete()
}
file1 << "Update test" << "\n"
file1 << "Date = $now" << "\n"
file1 << "objectClass = ${objectClass}"<< "\n"
file1 << "action = $action" << "\n"
file1 << "attributes = ${attributes}" << "\n"
file1 << "options = $options" << "\n"
file1 << "uid = $uid" << "\n"

No matter if I update the current role applied to an user or add another
one (as the attribute is multivalued), the result comes like this:

Update test
Date = Fri Oct 07 19:28:07 BRT 2016
objectClass = __ACCOUNT__
action = UPDATE
attributes = [roles:[role1]]
options = [:]
uid = 161

or

Update test
Date = Fri Oct 07 19:29:07 BRT 2016
objectClass = __ACCOUNT__
action = UPDATE
attributes = [roles:[role2]]
options = [:]
uid = 161

when, in my opinion, it should be, for example,

Update test
Date = Fri Oct 07 19:29:07 BRT 2016
objectClass = __ACCOUNT__
action = UPDATE
attributes = [roles:[role1,role2]]
options = [:]
uid = 161


It seems as the connector treats the "roles" attribute as a single-valued
one.


Carlos A. Ferreira
TRT/MG
Brasil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161007/28540cd7/attachment.htm>

More information about the midPoint mailing list