[midPoint] DatabaseTable Multi-Value Fields

Carlos Ferreira carlos18619 at gmail.com
Mon Oct 10 16:31:29 CEST 2016 

Hi Ivan,

In fact, adding the following line (on the resource configuration)

            <readReplaceMode>false</readReplaceMode>
(instead of  <readReplaceMode>true</readReplaceMode>)

makes the connector send the action


- "REMOVE_ATTRIBUTE_VALUES", when *updating* the current value

or

- "ADD_ATTRIBUTE_VALUES", when *adding* another one

That will make it possible to adjust the groovy script so as to accomplish
what I need.

Thanks a lot,


Carlos





2016-10-10 6:07 GMT-03:00 Ivan Noris <Ivan.Noris at evolveum.com>:

> Hi Carlos,
> I may be completely wrong, but for a different (custom) connector, we
> needed to do something like this:
>
>          <attribute>
>             <description>We want the connector have ALL values, not only
> delta</description>
>             <ref>ri:roles</ref>
>             <readReplaceMode>true</readReplaceMode>
>          </attribute>
>
> (It was maybe half year ago, I don't remember the particular details now,
> except that the "ri:roles" was a multi-valued attribute, not association).
> Maybe this helps or brings new answers from the other members of this list.
>
> Regards,
> Ivan
>
> ------------------------------
>
> *From: *"Carlos Ferreira" <carlos18619 at gmail.com>
> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com>
> *Sent: *Saturday, October 8, 2016 12:46:59 AM
> *Subject: *Re: [midPoint] DatabaseTable Multi-Value Fields
>
>
> HI,
>
> This is exactly the same behavior I've been seeing im my case.
>
> First of all,
>
> 1. I'm using SCRIPTEDSQL connector and an ORACLE DB;
> 2. I've configured a multi-valued extension attribute - says 'roles' - to
> receive the roles applied to an user;
> 3. Configured a metarole to deal with an association. Something like this:
>
>    <inducement id="3">
>       <construction>
>          <resourceRef xmlns:tns="http://midpoint.
> evolveum.com/xml/ns/public/common/common-3"
>                       oid="ef2bc95b-76e0-48e3-86db-3d4f02d42fff"
>                       type="tns:ResourceType"><!-- Localhost ScriptedSQL -
> Oracle  --></resourceRef>
>          <kind>account</kind>
>          <intent>default</intent>
>          <association>
>             <c:ref>ri:priv</c:ref>
>             <outbound>
>                <expression>
>                   <associationFromLink>
>                      <projectionDiscriminator>
>                         <kind>entitlement</kind>
>                         <intent>privilege</intent>
>                      </projectionDiscriminator>
>                   </associationFromLink>
>                </expression>
>             </outbound>
>          </association>
>       </construction>
>       <order>2</order>
>    </inducement>
>
> 4. Made the necessary adjustments on the resource to cope with the
> association. Like this:
>
>          <association>
>             <c:ref>ri:priv</c:ref>
>             <kind>entitlement</kind>
>             <intent>privilege</intent>
>             <direction>subjectToObject</direction>
>             <associationAttribute>ri:roles</associationAttribute>
>             <valueAttribute>icfs:name</valueAttribute>
>          </association>
>
> As to help me understand what goes through the connector, I added some
> lines in the beginning of 'UpdateScript.groovy' script:
>
>
> def now = new Date()
>
> def file1 = new File('/var/opt/midpoint/icf-connectors/oracle/update.log')
> ;
> if (file1.exists()) {
>     file1.delete()
> }
> file1 << "Update test" << "\n"
> file1 << "Date = $now" << "\n"
> file1 << "objectClass = ${objectClass}"<< "\n"
> file1 << "action = $action" << "\n"
> file1 << "attributes = ${attributes}" << "\n"
> file1 << "options = $options" << "\n"
> file1 << "uid = $uid" << "\n"
>
> No matter if I update the current role applied to an user or add another
> one (as the attribute is multivalued), the result comes like this:
>
> Update test
> Date = Fri Oct 07 19:28:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role1]]
> options = [:]
> uid = 161
>
> or
>
> Update test
> Date = Fri Oct 07 19:29:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role2]]
> options = [:]
> uid = 161
>
> when, in my opinion, it should be, for example,
>
> Update test
> Date = Fri Oct 07 19:29:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role1,role2]]
> options = [:]
> uid = 161
>
>
> It seems as the connector treats the "roles" attribute as a single-valued
> one.
>
>
> Carlos A. Ferreira
> TRT/MG
> Brasil
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161010/458f10ab/attachment.htm>

More information about the midPoint mailing list