[midPoint] Object Sync condition - check user's existence

Pálos Gustáv gustav.palos at evolveum.com
Thu Oct 27 21:40:37 CEST 2016


I think, the problem is with ns for you extension, can you please paste
your schema extension XSD?

Gustav

2016-10-27 21:35 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:

> Thanks Gustav.
>
> I tried it like this:
>
> *String ns =
> 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>';*
>
> *customAttributeQName = new QName(ns, "myCustomAttribute");*
>
> *userInMPQuery = QueryBuilder.queryFor(UserType.class,
> midpoint.getPrismContext()).item(UserType.F_EXTENSION,
> customAttributeQName).eq(shadowUid).build()*
>
> Still doesn't work. It gives me the following error:
>
> ERROR (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
> Expression error: com.evolveum.midpoint.util.exception.SchemaException:
> Item path of 'extension/myCustomAttribute' in class
> com.evolveum.midpoint.xml.ns._public.common.common_3.UserType does not
> point to a valid ItemDefinition (new) condition in object synchronization
> User
>
> Any ideas? Thanks for the support.
>
> Regards
>
>
>
>
>
> 2016-10-27 16:18 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>
>> try this:
>>
>> String ns = 'http://mydomain.com/mynamespace';
>>
>> customAttributeQName = new QName(ns, "custom_attribute");
>>
>> userInMPQuery = QueryBuilder.queryFor(UserType.class,
>> midpoint.getPrismContext()).item(UserType.F_EXTENSION,
>> customAttributeQName).eq(shadowUid).build()
>>
>> Regards,
>>
>> Gustav
>>
>> 2016-10-27 20:45 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>
>>> Hi Gustav, thank you for your help.
>>>
>>> What I'm trying to do is reference the path for the query, something
>>> like this:
>>>
>>> *userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>> midpoint.getPrismContext())*
>>> *                    .item( qname_path_custom_attribute ).eq(shadowUid)*
>>> *                    .build()*
>>>
>>> But I can't find a solution that works. Any help? Thanks in advance.
>>>
>>> Regards
>>>
>>> 2016-10-27 15:13 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>
>>>> Hi
>>>>
>>>> support 3.4 is a support for 3.4.1 official release now and is the same
>>>> as 3.4.2-snapshot if I have the right information.
>>>> but this will be also stable and we also use it in production for
>>>> customers with paid support.
>>>> Next official release will be only 3.5 at the end of the year.
>>>>
>>>> In notification I'm using for user extension/managerId this formular:
>>>> managerId = basic.getExtensionPropertyValue(requestee, '
>>>> http://mydomain.com/mynamespace', 'managerId')
>>>>
>>>> Best regards,
>>>>
>>>> Gustav
>>>>
>>>>
>>>> 2016-10-27 19:57 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>
>>>>> Hi Gustav,
>>>>>
>>>>> I realized I was trying with the wrong version of midpoint. I upgraded
>>>>> to the 3.4.2-SNAPSHOT version and it worked.
>>>>>
>>>>> Is there any way to apply this patch to the 3.4.1 version or should we
>>>>> wait for the 3.4.2 version?
>>>>>
>>>>> On the other hand, we still have an issue. We need to check user's
>>>>> existence by searching by a custom midpoint attribute.
>>>>>
>>>>> We ran some tests based on this thread https://lists.evolveum.com/pip
>>>>> ermail/midpoint/2015-May/000976.html, but we had no luck trying to
>>>>> build a QName based on an item path. Can you help us with that?
>>>>>
>>>>> Thank you very much for your help.
>>>>>
>>>>> Regards,
>>>>>
>>>>>
>>>>> 2016-10-26 17:25 GMT-03:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>
>>>>>> Gustav,
>>>>>>
>>>>>> Thanks for the support. I updated MidPoint to 3.4.1 version and
>>>>>> unfortunately I'm getting the same error as before:
>>>>>>
>>>>>> 2016-10-26 17:22:01,419 [] [http-bio-8080-exec-3] ERROR
>>>>>> (com.evolveum.midpoint.expression): Trying to find a user with name
>>>>>> = testUser
>>>>>> 2016-10-26 17:22:01,525 [] [http-bio-8080-exec-3] ERROR
>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>   EQUAL:
>>>>>>     PATH: name
>>>>>>     DEF: PPD:{.../common/common-3}name {http://prism.evolveum.com/xml
>>>>>> /ns/public/types-3}PolyStringType[0,1],RAM
>>>>>>     VALUE:
>>>>>>       testUser
>>>>>> Paging: null
>>>>>> 2016-10-26 17:22:01,553 [] [http-bio-8080-exec-3] ERROR
>>>>>> (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
>>>>>> Expression error: java.lang.IllegalArgumentException: Operation
>>>>>> result must not be null. (new) condition in object synchronization User
>>>>>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>>>>>> java.lang.IllegalArgumentException: Operation result must not be
>>>>>> null. (new) condition in object synchronization User
>>>>>>         at com.evolveum.midpoint.model.co
>>>>>> mmon.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate
>>>>>> (Jsr223ScriptEvaluator.java:119) ~[model-common-3.4.1.jar:na]
>>>>>>         at com.evolveum.midpoint.model.co
>>>>>> mmon.expression.script.ScriptExpression.evaluate(ScriptExpression.java:96)
>>>>>> ~[model-common-3.4.1.jar:na]
>>>>>>         at com.evolveum.midpoint.model.co
>>>>>> mmon.expression.script.ScriptExpressionEvaluator.transformSi
>>>>>> ngleValue(ScriptExpressionEvaluator.java:60)
>>>>>> [model-common-3.4.1.jar:na]
>>>>>>         at com.evolveum.midpoint.model.co
>>>>>> mmon.expression.evaluator.AbstractValueTransformationExpress
>>>>>> ionEvaluator.evaluateScriptExpression(AbstractValueTransform
>>>>>> ationExpressionEvaluator.java:256) [model-common-3.4.1.jar:na]
>>>>>>
>>>>>> Any other suggestions? Thank you very much for your help.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> 2016-10-25 0:38 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>>>
>>>>>>> Hi Ana,
>>>>>>>
>>>>>>> can you try the same with 3.4-support? It was fixed here:
>>>>>>> https://github.com/Evolveum/midpoint/commit/785332175372e9f4
>>>>>>> 45271c724cba9c239b9605f9
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> Gustav
>>>>>>>
>>>>>>> 2016-10-24 22:55 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>
>>>>>>>> Hi Gustav, I'm using 3.4 version.
>>>>>>>>
>>>>>>>> 2016-10-24 17:53 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>
>>>>>>>> :
>>>>>>>>
>>>>>>>>> Hi Ana,
>>>>>>>>>
>>>>>>>>> what MP version do you use?
>>>>>>>>>
>>>>>>>>> Gustav
>>>>>>>>>
>>>>>>>>> 2016-10-24 22:23 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>>>
>>>>>>>>>> Hi Gustav, thank you very much for your answer.
>>>>>>>>>>
>>>>>>>>>> I tried your solution and added this code to my
>>>>>>>>>> objectSynchronization/condition node:
>>>>>>>>>>
>>>>>>>>>> *                  shadowUid = basic.getIdentifierValue(shadow);*
>>>>>>>>>> *                  userInMPQuery =
>>>>>>>>>> QueryBuilder.queryFor(UserType.class, midpoint.getPrismContext())*
>>>>>>>>>> *                    .item(UserType.F_NAME).eq(shadowUid)*
>>>>>>>>>> *                    .build();*
>>>>>>>>>> *                  userInMP =
>>>>>>>>>> midpoint.searchObjects(UserType.class, userInMPQuery);*
>>>>>>>>>> *                  isInMP = userInMP?.size()>0 ? true : false;*
>>>>>>>>>>
>>>>>>>>>> I'm getting the following error:
>>>>>>>>>>
>>>>>>>>>> *Caused by: java.lang.IllegalArgumentException: Operation result
>>>>>>>>>> must not be null.*
>>>>>>>>>> *        at
>>>>>>>>>> org.apache.commons.lang.Validate.notNull(Validate.java:192)
>>>>>>>>>> ~[commons-lang-2.6.jar:2.6]*
>>>>>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>>>>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.searchObjects(ModelController.java:743)
>>>>>>>>>> [model-impl-3.4.jar:na]*
>>>>>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>>>>>> <http://com.evolveum.midpoint.model.im>pl.expr.MidpointFunctionsImpl.searchObjects(MidpointFunctionsImpl.java:912)
>>>>>>>>>> ~[model-impl-3.4.jar:na]*
>>>>>>>>>> *        at
>>>>>>>>>> com.evolveum.midpoint.model.api.expr.MidpointFunctions$searchObjects.call(Unknown
>>>>>>>>>> Source) ~[na:na]*
>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:108)
>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:128)
>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>> *        at Script33.run(Script33.groovy:19) ~[na:na]*
>>>>>>>>>> *        at
>>>>>>>>>> org.codehaus.groovy.jsr223.GroovyScriptEngineImpl.eval(GroovyScriptEngineImpl.java:344)
>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>> *        ... 108 common frames omitted*
>>>>>>>>>>
>>>>>>>>>> And this is the query that's allocated in '*userInMPQuery'*:
>>>>>>>>>>
>>>>>>>>>> 2016-10-24 17:07:59,075 [] [http-bio-8080-exec-3] ERROR
>>>>>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>>>>>   EQUAL:
>>>>>>>>>>     PATH: name
>>>>>>>>>>     DEF: PPD:{.../common/common-3}name {
>>>>>>>>>> http://prism.evolveum.com/xml/ns/public/types-3}PolyStringT
>>>>>>>>>> ype[0,1],RAM
>>>>>>>>>>     VALUE:
>>>>>>>>>>       userName
>>>>>>>>>> Paging: null
>>>>>>>>>>
>>>>>>>>>> Any ideas what this could be? I couldn't find a reason for this
>>>>>>>>>> behaviour. Thanks in advance.
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2016-10-24 14:32 GMT-03:00 Pálos Gustáv <
>>>>>>>>>> gustav.palos at evolveum.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi Ana,
>>>>>>>>>>>
>>>>>>>>>>> I'm using for similar use case this condition in
>>>>>>>>>>> objectSynchronization:
>>>>>>>>>>>
>>>>>>>>>>>             <condition>
>>>>>>>>>>>                 <script>
>>>>>>>>>>>                     <code>
>>>>>>>>>>>       import com.evolveum.midpoint.xml.ns._
>>>>>>>>>>> public.common.common_3.UserType;
>>>>>>>>>>>       import com.evolveum.midpoint.prism.qu
>>>>>>>>>>> ery.builder.QueryBuilder;
>>>>>>>>>>>       import com.evolveum.midpoint.prism.path.ItemPath;
>>>>>>>>>>>
>>>>>>>>>>>                         STATUSS = basic.getAttributeValue(shadow,
>>>>>>>>>>> 'STATUSS')
>>>>>>>>>>>
>>>>>>>>>>>                         toImport = STATUSS == '01'
>>>>>>>>>>>
>>>>>>>>>>> // find user in MP, if exists syncronize it also
>>>>>>>>>>>
>>>>>>>>>>>                         log.info('shadow {}',
>>>>>>>>>>> shadow.asPrismObject().debugDump())
>>>>>>>>>>>                         activation = shadow.getActivation()
>>>>>>>>>>>                         shadowUid =
>>>>>>>>>>> basic.getIdentifierValue(shadow);
>>>>>>>>>>>                userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>>>>>>>>>> midpoint.getPrismContext()).item(UserType.F_EMPLOYEE_NUMBER)
>>>>>>>>>>> .eq(shadowUid).and().item(UserType.F_EMPLOYEE_TYPE).eq("pavs
>>>>>>>>>>> ").build()
>>>>>>>>>>>                userInMP = midpoint.searchObjects(UserType,
>>>>>>>>>>> userInMPQuery);
>>>>>>>>>>>                isInMP = userInMP?.size()>0 ? true : false;
>>>>>>>>>>>                log.info('isInMP: '+isInMP);
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                         toImport = isInMP || toImport;
>>>>>>>>>>>
>>>>>>>>>>>                         return toImport;
>>>>>>>>>>>                     </code>
>>>>>>>>>>>                 </script>
>>>>>>>>>>>             </condition>
>>>>>>>>>>>
>>>>>>>>>>> In my case I need to have status=='01' (enabled), or already
>>>>>>>>>>> imported (variable isInMP)
>>>>>>>>>>>
>>>>>>>>>>> Gustav
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-10-24 19:21 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>>>>>
>>>>>>>>>>>> Hi everybody.
>>>>>>>>>>>>
>>>>>>>>>>>> I have the following issue: I need to import users from two
>>>>>>>>>>>> different database table resources. The problem is that I don't want to
>>>>>>>>>>>> create in mipoint every user in the tables, I will create a user in
>>>>>>>>>>>> midpoint only if the database field value that sets the validTo date
>>>>>>>>>>>> attribute is lower than the current date.
>>>>>>>>>>>>
>>>>>>>>>>>> But that's for the creation only, if the user already exists in
>>>>>>>>>>>> midpoint, I want to link the account to that user, no matter if the validTo
>>>>>>>>>>>> date is lower than the current date or not (because maybe I have to update
>>>>>>>>>>>> the validTo date to disable the user).
>>>>>>>>>>>>
>>>>>>>>>>>> I think I'll need some way to check if the user already exists
>>>>>>>>>>>> in the synchronization/objectSynchronization/condition. Can
>>>>>>>>>>>> anyone help me with this? Is this possible?
>>>>>>>>>>>> Thank you very much.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> *Ana Pereyra*
>>>>>>>>>>>>  Identicum S.A.
>>>>>>>>>>>>
>>>>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>>>>> www.identicum.com
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Gustáv Pálos
>>>>>>>>>>> Identity Engineer
>>>>>>>>>>> evolveum.com
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Ana Pereyra*
>>>>>>>>>>  Identicum S.A.
>>>>>>>>>>
>>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>>> www.identicum.com
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Gustáv Pálos
>>>>>>>>> Identity Engineer
>>>>>>>>> evolveum.com
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Ana Pereyra*
>>>>>>>>  Identicum S.A.
>>>>>>>>
>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>> www.identicum.com
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Gustáv Pálos
>>>>>>> Identity Engineer
>>>>>>> evolveum.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Ana Pereyra*
>>>>>>  Identicum S.A.
>>>>>>
>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>> www.identicum.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Ana Pereyra*
>>>>>  Identicum S.A.
>>>>>
>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>> www.identicum.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Gustáv Pálos
>>>> Identity Engineer
>>>> evolveum.com
>>>>
>>>
>>>
>>>
>>> --
>>> *Ana Pereyra*
>>>  Identicum S.A.
>>>
>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>> www.identicum.com
>>>
>>
>>
>>
>> --
>> Gustáv Pálos
>> Identity Engineer
>> evolveum.com
>>
>
>
>
> --
> *Ana Pereyra*
>  Identicum S.A.
>
> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
> *apereyra at identicum.com <apereyra at identicum.com>*
> www.identicum.com
>



-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161027/9a59aa53/attachment.htm>


More information about the midPoint mailing list