[midPoint] Object Sync condition - check user's existence
Ana Pereyra
apereyra at identicum.com
Thu Oct 27 20:45:24 CEST 2016
Hi Gustav, thank you for your help.
What I'm trying to do is reference the path for the query, something like
this:
*userInMPQuery = QueryBuilder.queryFor(UserType.class,
midpoint.getPrismContext())*
* .item( qname_path_custom_attribute ).eq(shadowUid)*
* .build()*
But I can't find a solution that works. Any help? Thanks in advance.
Regards
2016-10-27 15:13 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
> Hi
>
> support 3.4 is a support for 3.4.1 official release now and is the same as
> 3.4.2-snapshot if I have the right information.
> but this will be also stable and we also use it in production for
> customers with paid support.
> Next official release will be only 3.5 at the end of the year.
>
> In notification I'm using for user extension/managerId this formular:
> managerId = basic.getExtensionPropertyValue(requestee, '
> http://mydomain.com/mynamespace', 'managerId')
>
> Best regards,
>
> Gustav
>
>
> 2016-10-27 19:57 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>
>> Hi Gustav,
>>
>> I realized I was trying with the wrong version of midpoint. I upgraded to
>> the 3.4.2-SNAPSHOT version and it worked.
>>
>> Is there any way to apply this patch to the 3.4.1 version or should we
>> wait for the 3.4.2 version?
>>
>> On the other hand, we still have an issue. We need to check user's
>> existence by searching by a custom midpoint attribute.
>>
>> We ran some tests based on this thread https://lists.evolveum.com/pip
>> ermail/midpoint/2015-May/000976.html, but we had no luck trying to build
>> a QName based on an item path. Can you help us with that?
>>
>> Thank you very much for your help.
>>
>> Regards,
>>
>>
>> 2016-10-26 17:25 GMT-03:00 Ana Pereyra <apereyra at identicum.com>:
>>
>>> Gustav,
>>>
>>> Thanks for the support. I updated MidPoint to 3.4.1 version and
>>> unfortunately I'm getting the same error as before:
>>>
>>> 2016-10-26 17:22:01,419 [] [http-bio-8080-exec-3] ERROR
>>> (com.evolveum.midpoint.expression): Trying to find a user with name =
>>> testUser
>>> 2016-10-26 17:22:01,525 [] [http-bio-8080-exec-3] ERROR
>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>> EQUAL:
>>> PATH: name
>>> DEF: PPD:{.../common/common-3}name {http://prism.evolveum.com/xml
>>> /ns/public/types-3}PolyStringType[0,1],RAM
>>> VALUE:
>>> testUser
>>> Paging: null
>>> 2016-10-26 17:22:01,553 [] [http-bio-8080-exec-3] ERROR
>>> (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
>>> Expression error: java.lang.IllegalArgumentException: Operation result
>>> must not be null. (new) condition in object synchronization User
>>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>>> java.lang.IllegalArgumentException: Operation result must not be null.
>>> (new) condition in object synchronization User
>>> at com.evolveum.midpoint.model.common.expression.script.jsr223.
>>> Jsr223ScriptEvaluator.evaluate(Jsr223ScriptEvaluator.java:119)
>>> ~[model-common-3.4.1.jar:na]
>>> at com.evolveum.midpoint.model.common.expression.script.ScriptE
>>> xpression.evaluate(ScriptExpression.java:96)
>>> ~[model-common-3.4.1.jar:na]
>>> at com.evolveum.midpoint.model.common.expression.script.ScriptE
>>> xpressionEvaluator.transformSingleValue(ScriptExpressionEvaluator.java:60)
>>> [model-common-3.4.1.jar:na]
>>> at com.evolveum.midpoint.model.common.expression.evaluator.Abst
>>> ractValueTransformationExpressionEvaluator.evaluateScriptExp
>>> ression(AbstractValueTransformationExpressionEvaluator.java:256)
>>> [model-common-3.4.1.jar:na]
>>>
>>> Any other suggestions? Thank you very much for your help.
>>>
>>> Regards
>>>
>>>
>>> 2016-10-25 0:38 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>
>>>> Hi Ana,
>>>>
>>>> can you try the same with 3.4-support? It was fixed here:
>>>> https://github.com/Evolveum/midpoint/commit/785332175372e9f4
>>>> 45271c724cba9c239b9605f9
>>>>
>>>> Best regards,
>>>>
>>>> Gustav
>>>>
>>>> 2016-10-24 22:55 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>
>>>>> Hi Gustav, I'm using 3.4 version.
>>>>>
>>>>> 2016-10-24 17:53 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>>
>>>>>> Hi Ana,
>>>>>>
>>>>>> what MP version do you use?
>>>>>>
>>>>>> Gustav
>>>>>>
>>>>>> 2016-10-24 22:23 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>
>>>>>>> Hi Gustav, thank you very much for your answer.
>>>>>>>
>>>>>>> I tried your solution and added this code to my
>>>>>>> objectSynchronization/condition node:
>>>>>>>
>>>>>>> * shadowUid = basic.getIdentifierValue(shadow);*
>>>>>>> * userInMPQuery =
>>>>>>> QueryBuilder.queryFor(UserType.class, midpoint.getPrismContext())*
>>>>>>> * .item(UserType.F_NAME).eq(shadowUid)*
>>>>>>> * .build();*
>>>>>>> * userInMP = midpoint.searchObjects(UserType.class,
>>>>>>> userInMPQuery);*
>>>>>>> * isInMP = userInMP?.size()>0 ? true : false;*
>>>>>>>
>>>>>>> I'm getting the following error:
>>>>>>>
>>>>>>> *Caused by: java.lang.IllegalArgumentException: Operation result
>>>>>>> must not be null.*
>>>>>>> * at
>>>>>>> org.apache.commons.lang.Validate.notNull(Validate.java:192)
>>>>>>> ~[commons-lang-2.6.jar:2.6]*
>>>>>>> * at com.evolveum.midpoint.model.im
>>>>>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.searchObjects(ModelController.java:743)
>>>>>>> [model-impl-3.4.jar:na]*
>>>>>>> * at com.evolveum.midpoint.model.im
>>>>>>> <http://com.evolveum.midpoint.model.im>pl.expr.MidpointFunctionsImpl.searchObjects(MidpointFunctionsImpl.java:912)
>>>>>>> ~[model-impl-3.4.jar:na]*
>>>>>>> * at
>>>>>>> com.evolveum.midpoint.model.api.expr.MidpointFunctions$searchObjects.call(Unknown
>>>>>>> Source) ~[na:na]*
>>>>>>> * at org.codehaus.groovy.runtime.ca
>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>> * at org.codehaus.groovy.runtime.ca
>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:108)
>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>> * at org.codehaus.groovy.runtime.ca
>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:128)
>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>> * at Script33.run(Script33.groovy:19) ~[na:na]*
>>>>>>> * at
>>>>>>> org.codehaus.groovy.jsr223.GroovyScriptEngineImpl.eval(GroovyScriptEngineImpl.java:344)
>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>> * ... 108 common frames omitted*
>>>>>>>
>>>>>>> And this is the query that's allocated in '*userInMPQuery'*:
>>>>>>>
>>>>>>> 2016-10-24 17:07:59,075 [] [http-bio-8080-exec-3] ERROR
>>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>> EQUAL:
>>>>>>> PATH: name
>>>>>>> DEF: PPD:{.../common/common-3}name {
>>>>>>> http://prism.evolveum.com/xml/ns/public/types-3}PolyStringT
>>>>>>> ype[0,1],RAM
>>>>>>> VALUE:
>>>>>>> userName
>>>>>>> Paging: null
>>>>>>>
>>>>>>> Any ideas what this could be? I couldn't find a reason for this
>>>>>>> behaviour. Thanks in advance.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> 2016-10-24 14:32 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>>>>
>>>>>>>> Hi Ana,
>>>>>>>>
>>>>>>>> I'm using for similar use case this condition in
>>>>>>>> objectSynchronization:
>>>>>>>>
>>>>>>>> <condition>
>>>>>>>> <script>
>>>>>>>> <code>
>>>>>>>> import com.evolveum.midpoint.xml.ns._
>>>>>>>> public.common.common_3.UserType;
>>>>>>>> import com.evolveum.midpoint.prism.qu
>>>>>>>> ery.builder.QueryBuilder;
>>>>>>>> import com.evolveum.midpoint.prism.path.ItemPath;
>>>>>>>>
>>>>>>>> STATUSS = basic.getAttributeValue(shadow,
>>>>>>>> 'STATUSS')
>>>>>>>>
>>>>>>>> toImport = STATUSS == '01'
>>>>>>>>
>>>>>>>> // find user in MP, if exists syncronize it also
>>>>>>>>
>>>>>>>> log.info('shadow {}',
>>>>>>>> shadow.asPrismObject().debugDump())
>>>>>>>> activation = shadow.getActivation()
>>>>>>>> shadowUid = basic.getIdentifierValue(shado
>>>>>>>> w);
>>>>>>>> userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>>>>>>> midpoint.getPrismContext()).item(UserType.F_EMPLOYEE_NUMBER)
>>>>>>>> .eq(shadowUid).and().item(UserType.F_EMPLOYEE_TYPE).eq("pavs
>>>>>>>> ").build()
>>>>>>>> userInMP = midpoint.searchObjects(UserType,
>>>>>>>> userInMPQuery);
>>>>>>>> isInMP = userInMP?.size()>0 ? true : false;
>>>>>>>> log.info('isInMP: '+isInMP);
>>>>>>>>
>>>>>>>>
>>>>>>>> toImport = isInMP || toImport;
>>>>>>>>
>>>>>>>> return toImport;
>>>>>>>> </code>
>>>>>>>> </script>
>>>>>>>> </condition>
>>>>>>>>
>>>>>>>> In my case I need to have status=='01' (enabled), or already
>>>>>>>> imported (variable isInMP)
>>>>>>>>
>>>>>>>> Gustav
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-10-24 19:21 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>>
>>>>>>>>> Hi everybody.
>>>>>>>>>
>>>>>>>>> I have the following issue: I need to import users from two
>>>>>>>>> different database table resources. The problem is that I don't want to
>>>>>>>>> create in mipoint every user in the tables, I will create a user in
>>>>>>>>> midpoint only if the database field value that sets the validTo date
>>>>>>>>> attribute is lower than the current date.
>>>>>>>>>
>>>>>>>>> But that's for the creation only, if the user already exists in
>>>>>>>>> midpoint, I want to link the account to that user, no matter if the validTo
>>>>>>>>> date is lower than the current date or not (because maybe I have to update
>>>>>>>>> the validTo date to disable the user).
>>>>>>>>>
>>>>>>>>> I think I'll need some way to check if the user already exists in
>>>>>>>>> the synchronization/objectSynchronization/condition. Can anyone
>>>>>>>>> help me with this? Is this possible?
>>>>>>>>> Thank you very much.
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Ana Pereyra*
>>>>>>>>> Identicum S.A.
>>>>>>>>>
>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>> www.identicum.com
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> midPoint mailing list
>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Gustáv Pálos
>>>>>>>> Identity Engineer
>>>>>>>> evolveum.com
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Ana Pereyra*
>>>>>>> Identicum S.A.
>>>>>>>
>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>> www.identicum.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Gustáv Pálos
>>>>>> Identity Engineer
>>>>>> evolveum.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Ana Pereyra*
>>>>> Identicum S.A.
>>>>>
>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>> www.identicum.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Gustáv Pálos
>>>> Identity Engineer
>>>> evolveum.com
>>>>
>>>
>>>
>>>
>>> --
>>> *Ana Pereyra*
>>> Identicum S.A.
>>>
>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>> www.identicum.com
>>>
>>
>>
>>
>> --
>> *Ana Pereyra*
>> Identicum S.A.
>>
>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>> *apereyra at identicum.com <apereyra at identicum.com>*
>> www.identicum.com
>>
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com
>
--
*Ana Pereyra*
Identicum S.A.
*Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
*apereyra at identicum.com <apereyra at identicum.com>*
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161027/bbecf84e/attachment.htm>
More information about the midPoint
mailing list