[midPoint] upgrade to MP 3.5 role cycle error on user resource import

Shawn McKinney smckinney at symas.com
Thu Jan 12 17:41:03 CET 2017


> On Jan 12, 2017, at 10:05 AM, Pavol Mederly <mederly at evolveum.com> wrote:
> 
> So it looks like this:
> 
> user:null(curly) -[]-> role:6aaaa771-3267-454f-b399-4a84ddfc78f8(admin))
> role:6aaaa771-3267-454f-b399-4a84ddfc78f8(admin) -[]-> role:15cdcbba-74ab-46d6-90e7-54e701a176be(Metarole for Role))
> role:15cdcbba-74ab-46d6-90e7-54e701a176be(Metarole for Role) -[]-> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set))
> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set) -[]-> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org))
> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org) -[]-> service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001))
> service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) -[]-> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set))
> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set) -[]-> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org))
> 
> What looks strange to me, is the Metarole for Org -> m1001 link.
> 
> Please could you post the current definition of role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org) 


here it is:

<role xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen635="http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="9c6d1dbe-1a87-11e5-b107-001e8c717e5b" version="41" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
      <name>Metarole for Org</name>
         <inducement id="1">
         <description>LDAPGROUP-ORg</description>
         <construction>
            <description>LDAPGROUP-Org</description>
            <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
            <kind>entitlement</kind>
            <intent>ldapGroup</intent>
         </construction>
         <order>1</order>
         <focusType>OrgType</focusType>
      </inducement>
      <inducement id="3">
         <description>LDAPGROUP-Org</description>
         <targetRef type="c:ServiceType">
            <filter>
               <q:inOid>
                  <expression>
                     <script>
                        <code>
                            import com.evolveum.midpoint.prism.query.*
                            	import com.evolveum.midpoint.prism.query.OrgFilter.Scope;
								import com.evolveum.midpoint.xml.ns._public.common.common_3.*
							
								filter = OrgFilter.createOrg(source.getOid(), Scope.ONE_LEVEL)
								
								query = ObjectQuery.createObjectQuery(filter)
								objects = midpoint.searchObjects(ServiceType.class, query)
								
								resultSet = [];
								for (org in objects) {
									resultSet.add(org.getOid())
								}
								return resultSet
                       </code>
                     </script>
                  </expression>
               </q:inOid>
            </filter>
            <resolutionTime>run</resolutionTime>
         </targetRef>
         <order>3</order>
         <focusType>UserType</focusType>
      </inducement>
      <inducement id="2">
         <description>LDAPGROUP ADMIN-ORg</description>
         <construction>
            <description>LDAPGROUP ADMIN-Org</description>
            <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
            <kind>entitlement</kind>
            <intent>unixGroup-admin</intent>
         </construction>
         <order>1</order>
         <focusType>OrgType</focusType>
      </inducement>
      <inducement id="4">
         <description>LDAPGROUP AUDITOR-ORg</description>
         <construction>
            <description>LDAPGROUP AUDITOR-Org</description>
            <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
            <kind>entitlement</kind>
            <intent>unixGroup-auditor</intent>
         </construction>
         <order>1</order>
         <focusType>OrgType</focusType>
      </inducement>
      <inducement id="6">
         <description>LDAPGROUP USER-ORg</description>
         <construction>
            <description>LDAPGROUP USER-Org</description>
            <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
            <kind>entitlement</kind>
            <intent>unixGroup-user</intent>
         </construction>
         <order>1</order>
         <focusType>OrgType</focusType>
      </inducement>
      <inducement id="7">
         <focusMappings>
            <mapping>
               <name>sequenceGID</name>
               <strength>weak</strength>
               <expression>
                  <sequentialValue>
                     <sequenceRef oid="02cb7caa-6618-11e5-87a5-7b6c6776a63e"/>
                  </sequentialValue>
               </expression>
               <target>
                  <c:path xmlns:posix="http://example.com/xml/ns/mySchema">extension/posix:gidNumber</c:path>
               </target>
            </mapping>
         </focusMappings>
      </inducement>
   </role>


More information about the midPoint mailing list