[midPoint] DatabaseTable Multi-Value Fields
Ivan Noris
ivan.noris at evolveum.com
Mon Oct 10 19:45:56 CEST 2016
Hi Carlos,
AFAIK there are two possible implementations of "update" operations in
the connector: UPDATE and ADD_ATTRIBUTE_VALUES/REMOVE_ATTRIBUTE_VALUES.
I didn't know what's default as I'm not writing the connectors so stuff
like this is usually "just working".
Best regards,
Ivan
On 10/10/2016 04:31 PM, Carlos Ferreira wrote:
> Hi Ivan,
>
> In fact, adding the following line (on the resource configuration)
>
>
> <readReplaceMode>false</readReplaceMode>
> (instead of <readReplaceMode>true</readReplaceMode>)
>
> makes the connector send the action
>
>
> - "REMOVE_ATTRIBUTE_VALUES", when *updating* the current value
>
> or
>
> - "ADD_ATTRIBUTE_VALUES", when *adding* another one
>
> That will make it possible to adjust the groovy script so as to
> accomplish what I need.
>
> Thanks a lot,
>
>
> Carlos
>
>
>
>
>
> 2016-10-10 6:07 GMT-03:00 Ivan Noris <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>>:
>
> Hi Carlos,
> I may be completely wrong, but for a different (custom) connector,
> we needed to do something like this:
>
> <attribute>
> <description>We want the connector have ALL values,
> not only delta</description>
> <ref>ri:roles</ref>
> <readReplaceMode>true</readReplaceMode>
> </attribute>
>
> (It was maybe half year ago, I don't remember the particular
> details now, except that the "ri:roles" was a multi-valued
> attribute, not association).
> Maybe this helps or brings new answers from the other members of
> this list.
>
> Regards,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Carlos Ferreira" <carlos18619 at gmail.com
> <mailto:carlos18619 at gmail.com>>
> *To: *"midPoint General Discussion"
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Saturday, October 8, 2016 12:46:59 AM
> *Subject: *Re: [midPoint] DatabaseTable Multi-Value Fields
>
>
> HI,
>
> This is exactly the same behavior I've been seeing im my case.
>
> First of all,
>
> 1. I'm using SCRIPTEDSQL connector and an ORACLE DB;
> 2. I've configured a multi-valued extension attribute - says
> 'roles' - to receive the roles applied to an user;
> 3. Configured a metarole to deal with an association.
> Something like this:
>
> <inducement id="3">
> <construction>
> <resourceRef
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
> oid="ef2bc95b-76e0-48e3-86db-3d4f02d42fff"
> type="tns:ResourceType"><!-- Localhost
> ScriptedSQL - Oracle --></resourceRef>
> <kind>account</kind>
> <intent>default</intent>
> <association>
> <c:ref>ri:priv</c:ref>
> <outbound>
> <expression>
> <associationFromLink>
> <projectionDiscriminator>
> <kind>entitlement</kind>
> <intent>privilege</intent>
> </projectionDiscriminator>
> </associationFromLink>
> </expression>
> </outbound>
> </association>
> </construction>
> <order>2</order>
> </inducement>
>
> 4. Made the necessary adjustments on the resource to cope with
> the association. Like this:
>
> <association>
> <c:ref>ri:priv</c:ref>
> <kind>entitlement</kind>
> <intent>privilege</intent>
> <direction>subjectToObject</direction>
> <associationAttribute>ri:roles</associationAttribute>
> <valueAttribute>icfs:name</valueAttribute>
> </association>
>
> As to help me understand what goes through the connector, I
> added some lines in the beginning of 'UpdateScript.groovy' script:
>
>
> def now = new Date()
>
> def file1 = new
> File('/var/opt/midpoint/icf-connectors/oracle/update.log');
> if (file1.exists()) {
> file1.delete()
> }
> file1 << "Update test" << "\n"
> file1 << "Date = $now" << "\n"
> file1 << "objectClass = ${objectClass}"<< "\n"
> file1 << "action = $action" << "\n"
> file1 << "attributes = ${attributes}" << "\n"
> file1 << "options = $options" << "\n"
> file1 << "uid = $uid" << "\n"
>
> No matter if I update the current role applied to an user or
> add another one (as the attribute is multivalued), the result
> comes like this:
>
> Update test
> Date = Fri Oct 07 19:28:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role1]]
> options = [:]
> uid = 161
>
> or
>
> Update test
> Date = Fri Oct 07 19:29:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role2]]
> options = [:]
> uid = 161
>
> when, in my opinion, it should be, for example,
>
> Update test
> Date = Fri Oct 07 19:29:07 BRT 2016
> objectClass = __ACCOUNT__
> action = UPDATE
> attributes = [roles:[role1,role2]]
> options = [:]
> uid = 161
>
>
> It seems as the connector treats the "roles" attribute as a
> single-valued one.
>
>
> Carlos A. Ferreira
> TRT/MG
> Brasil
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com <http://evolveum.com>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161010/e5afb2a7/attachment.htm>
More information about the midPoint
mailing list