[midPoint] upgrade to MP 3.5 role cycle error on user resource import
Pavol Mederly
mederly at evolveum.com
Thu Jan 12 18:19:29 CET 2017
Very probably m1001 is generated using the script for "LDAPGROUP-Org"
inducement. Now I see it in standard midPoint samples... I know very
little of this scenario, so maybe Katka or Radovan would be able to tell
you more; or maybe me (later), but I have to consult with them.
Pavol Mederly
Software developer
evolveum.com
On 12.01.2017 17:41, Shawn McKinney wrote:
>> On Jan 12, 2017, at 10:05 AM, Pavol Mederly <mederly at evolveum.com> wrote:
>>
>> So it looks like this:
>>
>> user:null(curly) -[]-> role:6aaaa771-3267-454f-b399-4a84ddfc78f8(admin))
>> role:6aaaa771-3267-454f-b399-4a84ddfc78f8(admin) -[]-> role:15cdcbba-74ab-46d6-90e7-54e701a176be(Metarole for Role))
>> role:15cdcbba-74ab-46d6-90e7-54e701a176be(Metarole for Role) -[]-> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set))
>> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set) -[]-> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org))
>> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org) -[]-> service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001))
>> service:6aa02b86-6619-4be0-9268-1e875f9ef403(m1001) -[]-> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set))
>> org:af5ea4a1-bd88-40de-978d-50a7c263d38e(m1set) -[]-> role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org))
>>
>> What looks strange to me, is the Metarole for Org -> m1001 link.
>>
>> Please could you post the current definition of role:9c6d1dbe-1a87-11e5-b107-001e8c717e5b(Metarole for Org)
>
> here it is:
>
> <role xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:gen635="http://prism.evolveum.com/xml/ns/public/debug" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="9c6d1dbe-1a87-11e5-b107-001e8c717e5b" version="41" xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> <name>Metarole for Org</name>
> <inducement id="1">
> <description>LDAPGROUP-ORg</description>
> <construction>
> <description>LDAPGROUP-Org</description>
> <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
> <kind>entitlement</kind>
> <intent>ldapGroup</intent>
> </construction>
> <order>1</order>
> <focusType>OrgType</focusType>
> </inducement>
> <inducement id="3">
> <description>LDAPGROUP-Org</description>
> <targetRef type="c:ServiceType">
> <filter>
> <q:inOid>
> <expression>
> <script>
> <code>
> import com.evolveum.midpoint.prism.query.*
> import com.evolveum.midpoint.prism.query.OrgFilter.Scope;
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> filter = OrgFilter.createOrg(source.getOid(), Scope.ONE_LEVEL)
>
> query = ObjectQuery.createObjectQuery(filter)
> objects = midpoint.searchObjects(ServiceType.class, query)
>
> resultSet = [];
> for (org in objects) {
> resultSet.add(org.getOid())
> }
> return resultSet
> </code>
> </script>
> </expression>
> </q:inOid>
> </filter>
> <resolutionTime>run</resolutionTime>
> </targetRef>
> <order>3</order>
> <focusType>UserType</focusType>
> </inducement>
> <inducement id="2">
> <description>LDAPGROUP ADMIN-ORg</description>
> <construction>
> <description>LDAPGROUP ADMIN-Org</description>
> <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
> <kind>entitlement</kind>
> <intent>unixGroup-admin</intent>
> </construction>
> <order>1</order>
> <focusType>OrgType</focusType>
> </inducement>
> <inducement id="4">
> <description>LDAPGROUP AUDITOR-ORg</description>
> <construction>
> <description>LDAPGROUP AUDITOR-Org</description>
> <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
> <kind>entitlement</kind>
> <intent>unixGroup-auditor</intent>
> </construction>
> <order>1</order>
> <focusType>OrgType</focusType>
> </inducement>
> <inducement id="6">
> <description>LDAPGROUP USER-ORg</description>
> <construction>
> <description>LDAPGROUP USER-Org</description>
> <resourceRef oid="d0811790-1d80-11e4-86b2-3c970e467874" type="c:ResourceType"/>
> <kind>entitlement</kind>
> <intent>unixGroup-user</intent>
> </construction>
> <order>1</order>
> <focusType>OrgType</focusType>
> </inducement>
> <inducement id="7">
> <focusMappings>
> <mapping>
> <name>sequenceGID</name>
> <strength>weak</strength>
> <expression>
> <sequentialValue>
> <sequenceRef oid="02cb7caa-6618-11e5-87a5-7b6c6776a63e"/>
> </sequentialValue>
> </expression>
> <target>
> <c:path xmlns:posix="http://example.com/xml/ns/mySchema">extension/posix:gidNumber</c:path>
> </target>
> </mapping>
> </focusMappings>
> </inducement>
> </role>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list