[midPoint] Object Sync condition - check user's existence

Ana Pereyra apereyra at identicum.com
Fri Oct 28 16:44:50 CEST 2016


Gustav, I had the wrong namespace for the schema extension. I fixed it now
and it's working! Thank you very much for your patience.

Best regards

2016-10-27 16:40 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:

> I think, the problem is with ns for you extension, can you please paste
> your schema extension XSD?
>
> Gustav
>
> 2016-10-27 21:35 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>
>> Thanks Gustav.
>>
>> I tried it like this:
>>
>> *String ns =
>> 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>';*
>>
>> *customAttributeQName = new QName(ns, "myCustomAttribute");*
>>
>> *userInMPQuery = QueryBuilder.queryFor(UserType.class,
>> midpoint.getPrismContext()).item(UserType.F_EXTENSION,
>> customAttributeQName).eq(shadowUid).build()*
>>
>> Still doesn't work. It gives me the following error:
>>
>> ERROR (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
>> Expression error: com.evolveum.midpoint.util.exception.SchemaException:
>> Item path of 'extension/myCustomAttribute' in class
>> com.evolveum.midpoint.xml.ns._public.common.common_3.UserType does not
>> point to a valid ItemDefinition (new) condition in object synchronization
>> User
>>
>> Any ideas? Thanks for the support.
>>
>> Regards
>>
>>
>>
>>
>>
>> 2016-10-27 16:18 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>
>>> try this:
>>>
>>> String ns = 'http://mydomain.com/mynamespace';
>>>
>>> customAttributeQName = new QName(ns, "custom_attribute");
>>>
>>> userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>> midpoint.getPrismContext()).item(UserType.F_EXTENSION,
>>> customAttributeQName).eq(shadowUid).build()
>>>
>>> Regards,
>>>
>>> Gustav
>>>
>>> 2016-10-27 20:45 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>
>>>> Hi Gustav, thank you for your help.
>>>>
>>>> What I'm trying to do is reference the path for the query, something
>>>> like this:
>>>>
>>>> *userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>>> midpoint.getPrismContext())*
>>>> *                    .item( qname_path_custom_attribute ).eq(shadowUid)*
>>>> *                    .build()*
>>>>
>>>> But I can't find a solution that works. Any help? Thanks in advance.
>>>>
>>>> Regards
>>>>
>>>> 2016-10-27 15:13 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>
>>>>> Hi
>>>>>
>>>>> support 3.4 is a support for 3.4.1 official release now and is the
>>>>> same as 3.4.2-snapshot if I have the right information.
>>>>> but this will be also stable and we also use it in production for
>>>>> customers with paid support.
>>>>> Next official release will be only 3.5 at the end of the year.
>>>>>
>>>>> In notification I'm using for user extension/managerId this formular:
>>>>> managerId = basic.getExtensionPropertyValue(requestee, '
>>>>> http://mydomain.com/mynamespace', 'managerId')
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Gustav
>>>>>
>>>>>
>>>>> 2016-10-27 19:57 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>
>>>>>> Hi Gustav,
>>>>>>
>>>>>> I realized I was trying with the wrong version of midpoint. I
>>>>>> upgraded to the 3.4.2-SNAPSHOT version and it worked.
>>>>>>
>>>>>> Is there any way to apply this patch to the 3.4.1 version or should
>>>>>> we wait for the 3.4.2 version?
>>>>>>
>>>>>> On the other hand, we still have an issue. We need to check user's
>>>>>> existence by searching by a custom midpoint attribute.
>>>>>>
>>>>>> We ran some tests based on this thread https://lists.evolveum.com/pip
>>>>>> ermail/midpoint/2015-May/000976.html, but we had no luck trying to
>>>>>> build a QName based on an item path. Can you help us with that?
>>>>>>
>>>>>> Thank you very much for your help.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>
>>>>>> 2016-10-26 17:25 GMT-03:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>
>>>>>>> Gustav,
>>>>>>>
>>>>>>> Thanks for the support. I updated MidPoint to 3.4.1 version and
>>>>>>> unfortunately I'm getting the same error as before:
>>>>>>>
>>>>>>> 2016-10-26 17:22:01,419 [] [http-bio-8080-exec-3] ERROR
>>>>>>> (com.evolveum.midpoint.expression): Trying to find a user with name
>>>>>>> = testUser
>>>>>>> 2016-10-26 17:22:01,525 [] [http-bio-8080-exec-3] ERROR
>>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>>   EQUAL:
>>>>>>>     PATH: name
>>>>>>>     DEF: PPD:{.../common/common-3}name {
>>>>>>> http://prism.evolveum.com/xml/ns/public/types-3}PolyStringT
>>>>>>> ype[0,1],RAM
>>>>>>>     VALUE:
>>>>>>>       testUser
>>>>>>> Paging: null
>>>>>>> 2016-10-26 17:22:01,553 [] [http-bio-8080-exec-3] ERROR
>>>>>>> (com.evolveum.midpoint.model.common.expression.script.ScriptExpression):
>>>>>>> Expression error: java.lang.IllegalArgumentException: Operation
>>>>>>> result must not be null. (new) condition in object synchronization User
>>>>>>> com.evolveum.midpoint.util.exception.ExpressionEvaluationException:
>>>>>>> java.lang.IllegalArgumentException: Operation result must not be
>>>>>>> null. (new) condition in object synchronization User
>>>>>>>         at com.evolveum.midpoint.model.co
>>>>>>> mmon.expression.script.jsr223.Jsr223ScriptEvaluator.evaluate
>>>>>>> (Jsr223ScriptEvaluator.java:119) ~[model-common-3.4.1.jar:na]
>>>>>>>         at com.evolveum.midpoint.model.co
>>>>>>> mmon.expression.script.ScriptExpression.evaluate(ScriptExpression.java:96)
>>>>>>> ~[model-common-3.4.1.jar:na]
>>>>>>>         at com.evolveum.midpoint.model.co
>>>>>>> mmon.expression.script.ScriptExpressionEvaluator.transformSi
>>>>>>> ngleValue(ScriptExpressionEvaluator.java:60)
>>>>>>> [model-common-3.4.1.jar:na]
>>>>>>>         at com.evolveum.midpoint.model.co
>>>>>>> mmon.expression.evaluator.AbstractValueTransformationExpress
>>>>>>> ionEvaluator.evaluateScriptExpression(AbstractValueTransform
>>>>>>> ationExpressionEvaluator.java:256) [model-common-3.4.1.jar:na]
>>>>>>>
>>>>>>> Any other suggestions? Thank you very much for your help.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> 2016-10-25 0:38 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com>:
>>>>>>>
>>>>>>>> Hi Ana,
>>>>>>>>
>>>>>>>> can you try the same with 3.4-support? It was fixed here:
>>>>>>>> https://github.com/Evolveum/midpoint/commit/785332175372e9f4
>>>>>>>> 45271c724cba9c239b9605f9
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>>
>>>>>>>> Gustav
>>>>>>>>
>>>>>>>> 2016-10-24 22:55 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>>
>>>>>>>>> Hi Gustav, I'm using 3.4 version.
>>>>>>>>>
>>>>>>>>> 2016-10-24 17:53 GMT-03:00 Pálos Gustáv <gustav.palos at evolveum.com
>>>>>>>>> >:
>>>>>>>>>
>>>>>>>>>> Hi Ana,
>>>>>>>>>>
>>>>>>>>>> what MP version do you use?
>>>>>>>>>>
>>>>>>>>>> Gustav
>>>>>>>>>>
>>>>>>>>>> 2016-10-24 22:23 GMT+02:00 Ana Pereyra <apereyra at identicum.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi Gustav, thank you very much for your answer.
>>>>>>>>>>>
>>>>>>>>>>> I tried your solution and added this code to my
>>>>>>>>>>> objectSynchronization/condition node:
>>>>>>>>>>>
>>>>>>>>>>> *                  shadowUid = basic.getIdentifierValue(shadow);*
>>>>>>>>>>> *                  userInMPQuery =
>>>>>>>>>>> QueryBuilder.queryFor(UserType.class, midpoint.getPrismContext())*
>>>>>>>>>>> *                    .item(UserType.F_NAME).eq(shadowUid)*
>>>>>>>>>>> *                    .build();*
>>>>>>>>>>> *                  userInMP =
>>>>>>>>>>> midpoint.searchObjects(UserType.class, userInMPQuery);*
>>>>>>>>>>> *                  isInMP = userInMP?.size()>0 ? true : false;*
>>>>>>>>>>>
>>>>>>>>>>> I'm getting the following error:
>>>>>>>>>>>
>>>>>>>>>>> *Caused by: java.lang.IllegalArgumentException: Operation result
>>>>>>>>>>> must not be null.*
>>>>>>>>>>> *        at
>>>>>>>>>>> org.apache.commons.lang.Validate.notNull(Validate.java:192)
>>>>>>>>>>> ~[commons-lang-2.6.jar:2.6]*
>>>>>>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>>>>>>> <http://com.evolveum.midpoint.model.im>pl.controller.ModelController.searchObjects(ModelController.java:743)
>>>>>>>>>>> [model-impl-3.4.jar:na]*
>>>>>>>>>>> *        at com.evolveum.midpoint.model.im
>>>>>>>>>>> <http://com.evolveum.midpoint.model.im>pl.expr.MidpointFunctionsImpl.searchObjects(MidpointFunctionsImpl.java:912)
>>>>>>>>>>> ~[model-impl-3.4.jar:na]*
>>>>>>>>>>> *        at
>>>>>>>>>>> com.evolveum.midpoint.model.api.expr.MidpointFunctions$searchObjects.call(Unknown
>>>>>>>>>>> Source) ~[na:na]*
>>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
>>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:108)
>>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>>> *        at org.codehaus.groovy.runtime.ca
>>>>>>>>>>> <http://org.codehaus.groovy.runtime.ca>llsite.AbstractCallSite.call(AbstractCallSite.java:128)
>>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>>> *        at Script33.run(Script33.groovy:19) ~[na:na]*
>>>>>>>>>>> *        at
>>>>>>>>>>> org.codehaus.groovy.jsr223.GroovyScriptEngineImpl.eval(GroovyScriptEngineImpl.java:344)
>>>>>>>>>>> ~[groovy-all-2.4.0.jar:2.4.0]*
>>>>>>>>>>> *        ... 108 common frames omitted*
>>>>>>>>>>>
>>>>>>>>>>> And this is the query that's allocated in '*userInMPQuery'*:
>>>>>>>>>>>
>>>>>>>>>>> 2016-10-24 17:07:59,075 [] [http-bio-8080-exec-3] ERROR
>>>>>>>>>>> (com.evolveum.midpoint.expression): Query debug: Filter:
>>>>>>>>>>>   EQUAL:
>>>>>>>>>>>     PATH: name
>>>>>>>>>>>     DEF: PPD:{.../common/common-3}name {
>>>>>>>>>>> http://prism.evolveum.com/xml/ns/public/types-3}PolyStringT
>>>>>>>>>>> ype[0,1],RAM
>>>>>>>>>>>     VALUE:
>>>>>>>>>>>       userName
>>>>>>>>>>> Paging: null
>>>>>>>>>>>
>>>>>>>>>>> Any ideas what this could be? I couldn't find a reason for this
>>>>>>>>>>> behaviour. Thanks in advance.
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-10-24 14:32 GMT-03:00 Pálos Gustáv <
>>>>>>>>>>> gustav.palos at evolveum.com>:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Ana,
>>>>>>>>>>>>
>>>>>>>>>>>> I'm using for similar use case this condition in
>>>>>>>>>>>> objectSynchronization:
>>>>>>>>>>>>
>>>>>>>>>>>>             <condition>
>>>>>>>>>>>>                 <script>
>>>>>>>>>>>>                     <code>
>>>>>>>>>>>>       import com.evolveum.midpoint.xml.ns._
>>>>>>>>>>>> public.common.common_3.UserType;
>>>>>>>>>>>>       import com.evolveum.midpoint.prism.qu
>>>>>>>>>>>> ery.builder.QueryBuilder;
>>>>>>>>>>>>       import com.evolveum.midpoint.prism.path.ItemPath;
>>>>>>>>>>>>
>>>>>>>>>>>>                         STATUSS = basic.getAttributeValue(shadow,
>>>>>>>>>>>> 'STATUSS')
>>>>>>>>>>>>
>>>>>>>>>>>>                         toImport = STATUSS == '01'
>>>>>>>>>>>>
>>>>>>>>>>>> // find user in MP, if exists syncronize it also
>>>>>>>>>>>>
>>>>>>>>>>>>                         log.info('shadow {}',
>>>>>>>>>>>> shadow.asPrismObject().debugDump())
>>>>>>>>>>>>                         activation = shadow.getActivation()
>>>>>>>>>>>>                         shadowUid =
>>>>>>>>>>>> basic.getIdentifierValue(shadow);
>>>>>>>>>>>>                userInMPQuery = QueryBuilder.queryFor(UserType.class,
>>>>>>>>>>>> midpoint.getPrismContext()).item(UserType.F_EMPLOYEE_NUMBER)
>>>>>>>>>>>> .eq(shadowUid).and().item(UserType.F_EMPLOYEE_TYPE).eq("pavs
>>>>>>>>>>>> ").build()
>>>>>>>>>>>>                userInMP = midpoint.searchObjects(UserType,
>>>>>>>>>>>> userInMPQuery);
>>>>>>>>>>>>                isInMP = userInMP?.size()>0 ? true : false;
>>>>>>>>>>>>                log.info('isInMP: '+isInMP);
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>                         toImport = isInMP || toImport;
>>>>>>>>>>>>
>>>>>>>>>>>>                         return toImport;
>>>>>>>>>>>>                     </code>
>>>>>>>>>>>>                 </script>
>>>>>>>>>>>>             </condition>
>>>>>>>>>>>>
>>>>>>>>>>>> In my case I need to have status=='01' (enabled), or already
>>>>>>>>>>>> imported (variable isInMP)
>>>>>>>>>>>>
>>>>>>>>>>>> Gustav
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-10-24 19:21 GMT+02:00 Ana Pereyra <apereyra at identicum.com>
>>>>>>>>>>>> :
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi everybody.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have the following issue: I need to import users from two
>>>>>>>>>>>>> different database table resources. The problem is that I don't want to
>>>>>>>>>>>>> create in mipoint every user in the tables, I will create a user in
>>>>>>>>>>>>> midpoint only if the database field value that sets the validTo date
>>>>>>>>>>>>> attribute is lower than the current date.
>>>>>>>>>>>>>
>>>>>>>>>>>>> But that's for the creation only, if the user already exists
>>>>>>>>>>>>> in midpoint, I want to link the account to that user, no matter if the
>>>>>>>>>>>>> validTo date is lower than the current date or not (because maybe I have to
>>>>>>>>>>>>> update the validTo date to disable the user).
>>>>>>>>>>>>>
>>>>>>>>>>>>> I think I'll need some way to check if the user already exists
>>>>>>>>>>>>> in the synchronization/objectSynchronization/condition. Can
>>>>>>>>>>>>> anyone help me with this? Is this possible?
>>>>>>>>>>>>> Thank you very much.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> *Ana Pereyra*
>>>>>>>>>>>>>  Identicum S.A.
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>>>>>> www.identicum.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Gustáv Pálos
>>>>>>>>>>>> Identity Engineer
>>>>>>>>>>>> evolveum.com
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Ana Pereyra*
>>>>>>>>>>>  Identicum S.A.
>>>>>>>>>>>
>>>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>>>> www.identicum.com
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Gustáv Pálos
>>>>>>>>>> Identity Engineer
>>>>>>>>>> evolveum.com
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Ana Pereyra*
>>>>>>>>>  Identicum S.A.
>>>>>>>>>
>>>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>>>> www.identicum.com
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Gustáv Pálos
>>>>>>>> Identity Engineer
>>>>>>>> evolveum.com
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Ana Pereyra*
>>>>>>>  Identicum S.A.
>>>>>>>
>>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>>> www.identicum.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Ana Pereyra*
>>>>>>  Identicum S.A.
>>>>>>
>>>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>>>> www.identicum.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Gustáv Pálos
>>>>> Identity Engineer
>>>>> evolveum.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Ana Pereyra*
>>>>  Identicum S.A.
>>>>
>>>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>>> www.identicum.com
>>>>
>>>
>>>
>>>
>>> --
>>> Gustáv Pálos
>>> Identity Engineer
>>> evolveum.com
>>>
>>
>>
>>
>> --
>> *Ana Pereyra*
>>  Identicum S.A.
>>
>> *Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
>> *apereyra at identicum.com <apereyra at identicum.com>*
>> www.identicum.com
>>
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com
>



-- 
*Ana Pereyra*
 Identicum S.A.

*Jorge Newbery 3226, ArgentinaTel: +54 (11) **4552.3050*
*apereyra at identicum.com <apereyra at identicum.com>*
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161028/aa0fa612/attachment.htm>


More information about the midPoint mailing list