[midPoint] Assigning a different resource during the import of accounts from external resource.
Ivan Noris
ivan.noris at evolveum.com
Wed Feb 22 17:22:07 CET 2017
Hi,
if using roles is a functional workaround, you can stick to it.
I really don't know/have not used the assignmentTargetSearch for
ResourceType. Someone else still may have answer.
For target resources, assigning roles is always better as you can have
mappings in the role.
Ivan
On 02/22/2017 05:16 PM, Prabhakara Rao Doddapaneni wrote:
> Ivan,
>
> You are correct. It worked when i remove the resource from the
> template and induce it to the role i am adding.
> I was trying to assign a resource different from source.
>
> Thank,
> Prabhakar.
>
>
> ------------------------------------------------------------------------
> *From:* "midpoint-request at lists.evolveum.com"
> <midpoint-request at lists.evolveum.com>
> *To:* midpoint at lists.evolveum.com
> *Sent:* Wednesday, February 22, 2017 7:04 AM
> *Subject:* midPoint Digest, Vol 58, Issue 37
>
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
> <mailto:midpoint-request at lists.evolveum.com>
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
> <mailto:midpoint-owner at lists.evolveum.com>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. Re: One-way synchronization of accounts from resources.
> (Ivan Noris)
> 2. Re: Assigning a different resource during the import of
> accounts from external resource. (Ivan Noris)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 22 Feb 2017 13:01:42 +0100
> From: Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] One-way synchronization of accounts from
> resources.
> Message-ID: <d04a08c8-87fe-c859-271a-96ef7179fe8f at evolveum.com
> <mailto:d04a08c8-87fe-c859-271a-96ef7179fe8f at evolveum.com>>
> Content-Type: text/plain; charset=utf-8
>
> Hi,
>
> DELETED situation means, the object does not exist anymore, and unlink
> should not even attempt to delete object on resource.
>
> So for me it seems OK.
>
> Ivan
>
>
> On 02/22/2017 09:00 AM, Wojciech Staszewski wrote:
> > And when I create synchronization reaction and situation "Deleted"
> with a non-deleting action, eg. "unlink"? Woult it be ok?
> >
> > W dniu 22.02.2017 o 08:46, Ivan Noris pisze:
> >> Hi,
> >>
> >> if you configure your resource with inbound mappings only (remove
> all outbounds), midPoint will not try to push any attribute changes to
> that resource.
> >>
> >> In addition you can configure capatilibies of the resource to
> completely disable create, update and/or delete operations:
> >>
> >> ...
> >>
> >> </schemaHandling>
> >>
> >> <capabilities
> xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
> >> <configured>
> >> <cap:create>
> >> <cap:enabled>false</cap:enabled>
> >> </cap:create>
> >> <cap:update>
> >> <cap:enabled>false</cap:enabled>
> >> </cap:update>
> >> <cap:delete>
> >> <cap:enabled>false</cap:enabled>
> >> </cap:delete>
> >> </configured>
> >> </capabilities>
> >> <synchronization>
> >> ...
> >>
> >> See also:
> https://wiki.evolveum.com/display/midPoint/Resource+Capabilities
> >>
> >> Please note that when midPoint user is deleted, midPoint will try
> to delete also that account, but as the operation is disabled, it will
> never delete it and show warning "Operation not supported". There is
> an issue https://jira.evolveum.com/browse/MID-2144 to completely
> ignore such operations even in GUI.
> >>
> >> Of course with custom connectors/meta connectors (ScriptedSQL for
> example) you are able to do the same on the connector side - by not
> implementing the DeleteOp operation (or any other). What I describe
> here is midPoint configurable way which works for any connector.
> >>
> >> Best regards,
> >> Ivan
> >>
> >> On 02/22/2017 04:56 AM, Prabhakara Rao Doddapaneni wrote:
> >>> Hello,
> >>>
> >>> I have external identity stores that i configured to sync with
> midpoint repository. I need to configure the synchronization so that
> only changes in the store to be updated in midpoint but not in
> reverse. The changes to the users i make in midpoint should not be
> carried to the external resource.
> >>>
> >>> As of now when i use the resource configuration examples in
> github, when i delete a user in midpoint, the relevant account is
> being deleted in the external store. I dont want to do that.
> >>>
> >>> Please help by explaining how to configure only inbound
> synchronization but ignore the outbound synchronization. I am blocked
> in my POC because of this.
> >>>
> >>> Thanks,
> >>> Prabhakar.
> >>>
> >>>
> >>> _______________________________________________
> >>> midPoint mailing list
> >>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> >>> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> --
> >> Ivan Noris
> >> Senior Identity Engineer
> >> evolveum.com
> >>
> >>
> >>
> >> _______________________________________________
> >> midPoint mailing list
> >> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 22 Feb 2017 13:04:27 +0100
> From: Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Assigning a different resource during the
> import of accounts from external resource.
> Message-ID: <d1e6d554-415c-0186-1085-ab68bf8c4101 at evolveum.com
> <mailto:d1e6d554-415c-0186-1085-ab68bf8c4101 at evolveum.com>>
> Content-Type: text/plain; charset="utf-8"
>
> Unfortunately, I have never assigned resource accounts (without roles).
>
> So maybe someone else knows if this should work (and how).
>
> What is the resource which you are trying to assign? The source or
> something else? (You can use roles as a workaround.)
>
> Ivan
>
>
> On 02/22/2017 12:48 PM, Prabhakara Rao Doddapaneni wrote:
> > I configured two resources; one inbound and second both-ways. For the
> > inbound resource, configured unmatched situation to add user with the
> > following template:
> >
> >
> >
> > <mapping>
> > <description>
> > Property mapping.
> > Defines how properties of user object are set up.
> > This specific definition sets a full name as a concatenation
> > of givenName and familyName.
> > </description>
> > <strength>weak</strength>
> > <source>
> > <c:path>$user/givenName</c:path>
> > </source>
> > <source>
> > <c:path>$user/familyName</c:path>
> > </source>
> > <expression>
> > <script>
> >
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> > <code>
> > givenName + ' ' + familyName
> > </code>
> > </script>
> > </expression>
> > <target>
> > <c:path>fullName</c:path>
> > </target>
> > </mapping>
> > <mapping>
> > <name>Default Role</name>
> > <strength>strong</strength>
> > <expression>
> > <assignmentTargetSearch>
> > <targetType>c:RoleType</targetType>
> > <oid>00000000-0000-0000-0000-000000000008</oid>
> > </assignmentTargetSearch>
> > </expression>
> > <target>
> > <c:path>assignment</c:path>
> > </target>
> > </mapping>
> > <mapping>
> > <name>Default Resource</name>
> > <strength>strong</strength>
> > <expression>
> > <assignmentTargetSearch>
> > <targetType>c:ResourceType</targetType>
> > <oid>ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee</oid>
> > </assignmentTargetSearch>
> > </expression>
> > <target>
> > <c:path>assignment</c:path>
> > </target>
> > </mapping>
> >
> > My intention was to assign the above role and resource to the new user
> > imported. It is failing to add the resource with the cause: Caused
> > by: java.lang.ClassCastException:
> > com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType
> > cannot be cast to
> > com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType
> > at
> >
> com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:368)
> > ~[model-impl-3.5.jar:na]
> >
> >
> > When I tried with the following mapping to assign the resource:
> > <mapping>
> > <strength>strong</strength>
> > <expression>
> > <value>
> > <assignment>
> > <construction>
> > <resourceRef
> oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee"
> > type="ResourceType"/>
> > </construction>
> > </assignment>
> > </value>
> > </expression>
> > <target>
> > <path>assignment</path>
> > </target>
> > </mapping>
> > I get the following exception:
> > 2017-02-22 06:31:17,086 [] [midPointScheduler_Worker-6] ERROR
> >
> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler):
> > Import of object
> > shadow:07c95824-ee5f-40b1-abba-1935c578b632(************) from
> > resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3ffff(Demo CAS DBTable)
> > failed: Item
> > {http://midpoint.evolveum.com/xml/ns/public/common/common-3}assignment
> > has no definition (in container value CTD
> > ({.../common/common-3}AssignmentType))while parsing (
> > {...common/common-3}assignment => ( {...common/common-3}construction
> > => ( {...common/common-3}resourceRef => ( oid => parser
> > ValueParser(DOMa, oid: ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee) type =>
> > parser ValueParser(DOMa, type: ResourceType) ) ) ) )
> > Please help me know the mistake i am doing.
> > Thanks,
> > Prabhakar.
> >
> >
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> > http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170222/c1b0aec8/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 58, Issue 37
> ****************************************
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170222/a61022ea/attachment.htm>
More information about the midPoint
mailing list