[midPoint] Object Sync condition - check user's existence

Pálos Gustáv gustav.palos at evolveum.com
Thu Oct 27 20:13:51 CEST 2016


Hi

support 3.4 is a support for 3.4.1 official release now and is the same as
3.4.2-snapshot if I have the right information.
but this will be also stable and we also use it in production for customers
with paid support.
Next official release will be only 3.5 at the end of the year.

In notification I'm using for user extension/managerId this formular:
managerId = basic.getExtensionPropertyValue(requestee, '
http://mydomain.com/mynamespace', 'managerId')

Best regards,

Gustav

2016-10-27 19:57 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:

> Hi Gustav,
>
> I realized I was trying with the wrong version of midpoint. I upgraded to
> the 3.4.2-SNAPSHOT version and it worked.
>
> Is there any way to apply this patch to the 3.4.1 version or should we
> wait for the 3.4.2 version?
>
> On the other hand, we still have an issue. We need to check user's
> existence by searching by a custom midpoint attribute.
>
> We ran some tests based on this thread https://lists.evolveum.com/
> pipermail/midpoint/2015-May/000976.html, but we had no luck trying to
> build a QName based on an item path. Can you help us with that?
>
> Thank you very much for your help.
>
> Regards,
>
>
> 2016-10-26 17:25 GMT-03:00 Ana Pereyra <apereyra at identicum.com>:
>
>> Gustav,
>>
>> Thanks for the support. I updated MidPoint to 3.4.1 version and
>> unfortunately I'm getting the same error as before:
>>
>> 2016-10-26 17:22:01,419 [] [http-bio-8080-exec-3] ERROR
>> (com.evolveum.midpoint.expression): Trying to find a user with name =
>> testUser
>> 2016-10-26 17:22:01,525 [] [http-bio-8080-exec-3] ERROR
>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>   EQUAL:
>>     PATH: name
>>     DEF: PPD:{.../common/common-3}name {http://prism.evolveum.com/xml
>> /ns/public/types-3}PolyStringType[0,1],RAM
>>     VALUE:
>>       testUser
>> Paging: null
>> 2016-10-26 17:22:01,553 [] [http-bio-8080-exec-3] ERROR
>> (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
>> Expression error: java.lang.IllegalArgumentException: Operation result
>> must not be null. (new) condition in object synchronization User
>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>> java.lang.IllegalArgumentException: Operation result must not be null.
>> (new) condition in object synchronization User
>>         at com.evolveum.midpoint.model.common.expression.script.jsr223.
>> Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:119)
>> ~[model-common-3.4.1.jar:na]
>>         at com.evolveum.midpoint.model.common.expression.script.ScriptE
>> xpression.evaluate(ScriptExpression.java:96) ~[model-common-3.4.1.jar:na]
>>         at com.evolveum.midpoint.model.common.expression.script.ScriptE
>> xpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:60)
>> [model-common-3.4.1.jar:na]
>>         at com.evolveum.midpoint.model.common.expression.evaluator.Abst
>> ractValueTransformationExpressionEvaluator.evaluateScriptExp
>> ression(AbstractValueTransformationExpressionEvaluator.java:256)
>> [model-common-3.4.1.jar:na]
>>
>> Any other suggestions? Thank you very much for your help.
>>
>> Regards
>>
>>
>> 2016-10-25 0:38 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>
>>> Hi Ana,
>>>
>>> can you try the same with 3.4-support? It was fixed here:
>>> https://github.com/Evolveum/midpoint/commit/785332175372e9f4
>>> 45271c724cba9c239b9605f9
>>>
>>> Best regards,
>>>
>>> Gustav
>>>
>>> 2016-10-24 22:55 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>
>>>> Hi Gustav, I'm using 3.4 version.
>>>>
>>>> 2016-10-24 17:53 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>
>>>>> Hi Ana,
>>>>>
>>>>> what MP version do you use?
>>>>>
>>>>> Gustav
>>>>>
>>>>> 2016-10-24 22:23 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>
>>>>>> Hi Gustav, thank you very much for your answer.
>>>>>>
>>>>>> I tried your solution and added this code to my
>>>>>> objectSynchronization/condition node:
>>>>>>
>>>>>> *                  shadowUid = basic.getIdentifierValue(shadow);*
>>>>>> *                  userInMPQuery =
>>>>>> QueryBuilder.queryFor(UserType.class, midpoint.getPrismContext())*
>>>>>> *                    .item(UserType.F_NAME).eq(shadowUid)*
>>>>>> *                    .build();*
>>>>>> *                  userInMP = midpoint.searchObjects(UserType.class,
>>>>>> userInMPQuery);*
>>>>>> *                  isInMP = userInMP?.size()>0 ? true : false;*
>>>>>>
>>>>>> I'm getting the following error:
>>>>>>
>>>>>> *Caused by: java.lang.IllegalArgumentException: Operation result must
>>>>>> not be null.*
>>>>>> *        at
>>>>>> org.apache.commons.lang.Validate.notNull(Validate.java:192)
>>>>>> ~[commons-lang-2.6.jar:2.6]*
>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.searchObjects(ModelController.java:743)
>>>>>> [model-impl-3.4.jar:na]*
>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>> <http://com.evolveum.midpoint.model.im>pl.expr.MidpointFunctionsImpl.searchObjects(MidpointFunctionsImpl.java:912)
>>>>>> ~[model-impl-3.4.jar:na]*
>>>>>> *        at
>>>>>> com.evolveum.midpoint.model.api.expr.MidpointFunctions$searchObjects.call(Unknown
>>>>>> Source) ~[na:na]*
>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:108)
>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:128)
>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>> *        at Script33.run(Script33.groovy:19) ~[na:na]*
>>>>>> *        at
>>>>>> org.codehaus.groovy.jsr223.GroovyScriptEngineImpl.eval(GroovyScriptEngineImpl.java:344)
>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>> *        ... 108 common frames omitted*
>>>>>>
>>>>>> And this is the query that's allocated in '*userInMPQuery'*:
>>>>>>
>>>>>> 2016-10-24 17:07:59,075 [] [http-bio-8080-exec-3] ERROR
>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>   EQUAL:
>>>>>>     PATH: name
>>>>>>     DEF: PPD:{.../common/common-3}name {http://prism.evolveum.com/xml
>>>>>> /ns/public/types-3}PolyStringType[0,1],RAM
>>>>>>     VALUE:
>>>>>>       userName
>>>>>> Paging: null
>>>>>>
>>>>>> Any ideas what this could be? I couldn't find a reason for this
>>>>>> behaviour. Thanks in advance.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> 2016-10-24 14:32 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>>>
>>>>>>> Hi Ana,
>>>>>>>
>>>>>>> I'm using for similar use case this condition in
>>>>>>> objectSynchronization:
>>>>>>>
>>>>>>>             <condition>
>>>>>>>                 <script>
>>>>>>>                     <code>
>>>>>>>       import com.evolveum.midpoint.xml.ns._
>>>>>>> public.common.common_3.UserType;
>>>>>>>       import com.evolveum.midpoint.prism.query.builder.QueryBuilder;
>>>>>>>       import com.evolveum.midpoint.prism.path.ItemPath;
>>>>>>>
>>>>>>>                         STATUSS = basic.getAttributeValue(shadow,
>>>>>>> 'STATUSS')
>>>>>>>
>>>>>>>                         toImport = STATUSS == '01'
>>>>>>>
>>>>>>> // find user in MP, if exists syncronize it also
>>>>>>>
>>>>>>>                         log.info('shadow {}',
>>>>>>> shadow.asPrismObject().debugDump())
>>>>>>>                         activation = shadow.getActivation()
>>>>>>>                         shadowUid = basic.getIdentifierValue(shado
>>>>>>> w);
>>>>>>>                userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>>>>>> midpoint.getPrismContext()).item(UserType.F_EMPLOYEE_NUMBER)
>>>>>>> .eq(shadowUid).and().item(UserType.F_EMPLOYEE_TYPE).eq("pavs
>>>>>>> ").build()
>>>>>>>                userInMP = midpoint.searchObjects(UserType,
>>>>>>> userInMPQuery);
>>>>>>>                isInMP = userInMP?.size()>0 ? true : false;
>>>>>>>                log.info('isInMP: '+isInMP);
>>>>>>>
>>>>>>>
>>>>>>>                         toImport = isInMP || toImport;
>>>>>>>
>>>>>>>                         return toImport;
>>>>>>>                     </code>
>>>>>>>                 </script>
>>>>>>>             </condition>
>>>>>>>
>>>>>>> In my case I need to have status=='01' (enabled), or already
>>>>>>> imported (variable isInMP)
>>>>>>>
>>>>>>> Gustav
>>>>>>>
>>>>>>>
>>>>>>> 2016-10-24 19:21 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>
>>>>>>>> Hi everybody.
>>>>>>>>
>>>>>>>> I have the following issue: I need to import users from two
>>>>>>>> different database table resources. The problem is that I don't want to
>>>>>>>> create in mipoint every user in the tables, I will create a user in
>>>>>>>> midpoint only if the database field value that sets the validTo date
>>>>>>>> attribute is lower than the current date.
>>>>>>>>
>>>>>>>> But that's for the creation only, if the user already exists in
>>>>>>>> midpoint, I want to link the account to that user, no matter if the validTo
>>>>>>>> date is lower than the current date or not (because maybe I have to update
>>>>>>>> the validTo date to disable the user).
>>>>>>>>
>>>>>>>> I think I'll need some way to check if the user already exists in
>>>>>>>> the synchronization/objectSynchronization/condition. Can anyone
>>>>>>>> help me with this? Is this possible?
>>>>>>>> Thank you very much.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Ana Pereyra*
>>>>>>>>  Identicum S.A.
>>>>>>>>
>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>> www.identicum.com
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Gustáv Pálos
>>>>>>> Identity Engineer
>>>>>>> evolveum.com
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Ana Pereyra*
>>>>>>  Identicum S.A.
>>>>>>
>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>> www.identicum.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Gustáv Pálos
>>>>> Identity Engineer
>>>>> evolveum.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Ana Pereyra*
>>>>  Identicum S.A.
>>>>
>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>> www.identicum.com
>>>>
>>>
>>>
>>>
>>> --
>>> Gustáv Pálos
>>> Identity Engineer
>>> evolveum.com
>>>
>>
>>
>>
>> --
>> *Ana Pereyra*
>>  Identicum S.A.
>>
>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>> *apereyra at identicum.com <apereyra at identicum.com>*
>> www.identicum.com
>>
>
>
>
> --
> *Ana Pereyra*
>  Identicum S.A.
>
> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
> *apereyra at identicum.com <apereyra at identicum.com>*
> www.identicum.com
>



-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161027/7cb6d90a/attachment.htm>


More information about the midPoint mailing list