[midPoint] Reconciliation modify object gives an error

Dilek Gider dilek.gider at basistek.com
Wed Mar 8 09:19:13 CET 2017


You are greattt!!
Thank you ver much. I think I still didn't understand logic of resouce xml.
I thought that "ri" is row of coming from database, and "c:name" is record
in midpoint database.
I thought midpoint is comparing them, so it was wrong.

Thank you again, i am trying to solve this for two days.

On Wed, Mar 8, 2017 at 11:08 AM, Oskar Butovič - AMI Praha a.s. <
oskar.butovic at ami.cz> wrote:

> Hello Dilek,
>
> there is ri:name in your correlation rule but icfs:name in your schema
> handling in your resource. That might be the problem. Try icfs:name in both.
>
> 2017-03-08 8:49 GMT+01:00 Dilek Gider <dilek.gider at basistek.com>:
>
>> Hi Oskar,
>>
>> Thank you for your response. Yes I think second reconciliation does not
>> match but I dont know why.
>> I send you my resource xml and SearchScript.groovy. You can see on
>> SerachScript.groovy, I concat two database column as "name".
>>
>> I will appreciate for your help.
>>
>> On Tue, Mar 7, 2017 at 5:38 PM, Oskar Butovič - AMI Praha a.s. <
>> oskar.butovic at ami.cz> wrote:
>>
>>> Hello,
>>>
>>> it seems like names which are created during first reconciliation are
>>> not matched by corelation rule during second reconciliation. What is your
>>> mapping which creates users name?
>>>
>>> Best Regards
>>>
>>> Oskar Butovič
>>>
>>> 2017-03-07 12:52 GMT+01:00 Dilek Gider <dilek.gider at basistek.com>:
>>>
>>>> Hi,
>>>>
>>>> I have reconciliation task in scriptedSQL connector, it creates users
>>>> in midpoint.  First of all, users are created with this task. But when I
>>>> run task twice or more, it gives an error like below for all users:
>>>>
>>>> Error processing focus(user:null(TR45187127836)): constraint
>>>> violation: Found conflicting existing object with property
>>>> {.../common/common-3}name = PP({.../common/common-3}name):[PPV(PolyString:TR45187127836,
>>>> origin: INBOUND:resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db(TirsanScriptedSQLResource))]:
>>>> user:96dd9828-e16f-4a7c-bebe-74c4d184b340(TR45187127836)
>>>>
>>>> Correlation rule has PolyStringNorm such as:
>>>>
>>>> <synchronization>
>>>>       <objectSynchronization>
>>>>          <objectClass>ri:AccountObjectClass</objectClass>
>>>>          <kind>account</kind>
>>>>          <intent>default</intent>
>>>>          <enabled>true</enabled>
>>>>          <correlation>
>>>>             <q:description>
>>>>                    Correlation expression is a search query.
>>>>                    Following search query will look for users that have
>>>> "name"
>>>>                    equal to the "name" attribute of the account. Simply
>>>> speaking,
>>>>                    it will look for match in usernames in the IDM and
>>>> the resource.
>>>>                    The correlation rule always looks for users, so it
>>>> will not match
>>>>                    any other object type.
>>>> </q:description>
>>>>             <q:equal>
>>>>                <q:matching>PolyStringNorm</q:matching>
>>>>                <q:path>c:name</q:path>
>>>>                <expression>
>>>>                   <c:path>declare namespace ri='
>>>> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3';
>>>> $account/attributes/ri:name</c:path>
>>>>                </expression>
>>>>             </q:equal>
>>>>          </correlation>
>>>>          <reaction>
>>>>             <situation>linked</situation>
>>>>             <action>
>>>>                <handlerUri>http://midpoint.e
>>>> volveum.com/xml/ns/public/model/action-3#modifyUser</handlerUri>
>>>>             </action>
>>>>          </reaction>
>>>>          <reaction>
>>>>             <situation>deleted</situation>
>>>>             <action>
>>>>                <handlerUri>http://midpoint.e
>>>> volveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
>>>>             </action>
>>>>          </reaction>
>>>>          <reaction>
>>>>             <situation>unlinked</situation>
>>>>             <objectTemplateRef oid="e63e1118-cbe5-11e5-b08e-3
>>>> c970e44b9e2"/>
>>>>             <action>
>>>>                <handlerUri>http://midpoint.e
>>>> volveum.com/xml/ns/public/model/action-3#link</handlerUri>
>>>>             </action>
>>>>          </reaction>
>>>>          <reaction>
>>>>             <situation>unmatched</situation>
>>>>             <objectTemplateRef oid="e63e1118-cbe5-11e5-b08e-3
>>>> c970e44b9e2"/>
>>>>             <action>
>>>>                <handlerUri>http://midpoint.e
>>>> volveum.com/xml/ns/public/model/action-3#addUser</handlerUri>
>>>>             </action>
>>>>          </reaction>
>>>>       </objectSynchronization>
>>>>    </synchronization>
>>>>
>>>> What can be a problem? Thanks in advance.
>>>>
>>>> Dilek.
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Oskar Butovič
>>> solution architect
>>>
>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>> e-mail: oskar.butovic at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>> web: www.ami.cz
>>>
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> [image: AMI Praha a.s.]
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170308/0b5a9e32/attachment.htm>


More information about the midPoint mailing list