[midPoint] objectTemplate account create base on account fail

Ivan Noris ivan.noris at evolveum.com
Tue Nov 21 10:42:34 CET 2017


Hi Serge,

once again; you are NOT creating a role. You are assigning a resource
account. That's the relation meaning "I wish the account on the resource
to be created and exist". That is the assignment.

As a result, MidPoint will create the resource account. That's the
relation meaning "There is the account on that resource currently".
That's the projection.

The role icon and resource assignment icon differ. See the attached
screenshots:

- my user has assigned role Employee and also resource account on CSV-1
resource (Assignment tab; notice the icons)

- my user has three accounts (CSV-1, CSV-2, CSV-3) (Projections tab)

The existence of CSV-1 account in projection is the result of that
resource account being assigned. The name of the resource assignment is
the same as the name of the resource.

No role is created. The resource account is assigned and midPoint
creates it. This is one of the main midPoint concepts. If there is an
assignment, midPoint will create the account(s) and keep them until you
unassign the assignment.

I personally use roles (also through object template mappings) and not
resource assignments.

In your case, as the name of the resource assignment has always the same
as the name of the resource, everything is working correctly.

Best regards,

Ivan


On 16.11.2017 08:03, HAQUET Serge wrote:
>
> Ok so how can I fix the issue of the role created when I assign the
> account?
>
>  
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
> Behalf Of *Ivan Noris
> *Sent:* mercredi 15 novembre 2017 17:53
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] objectTemplate account create base on
> account fail
>
>  
>
> Hi,
>
> I don't know if that's entirely possible, but it's not a good idea to
> "assign" resource account just by linking. As stated in the wiki page
> I referenced, link is just a relationship between midPoint user and
> resource account, and that link can be deleted if the account is
> deleted directly on the resource. Assignment is able to re-create that
> account even in this situation.
>
> Ivan
>
>  
>
> On 15.11.2017 08:32, HAQUET Serge wrote:
>
>     What target I should use to avoid to create this role.
>
>     I try linkref but nothing happend
>
>      
>
>      
>
>     *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>     Behalf Of *Ivan Noris
>     *Sent:* mardi 14 novembre 2017 15:54
>     *To:* midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>     *Subject:* Re: [midPoint] objectTemplate account create base on
>     account fail
>
>      
>
>     Serge,
>
>     what you have in assignments is the resource account assignment,
>     for which the projection has been created. If you assign resource
>     account (as you do), this is the expected state.
>
>     See https://wiki.evolveum.com/display/midPoint/Assigning+vs+Linking
>
>     Best regards,
>
>     Ivan
>
>      
>
>     On 09.11.2017 15:19, HAQUET Serge wrote:
>
>         When i look via the gui I have the projection but in
>         assignment I have also a “role” with the same name of my resource
>
>          
>
>
>
>
>          
>
>          
>
>          
>
>
>
>
>          
>
>         *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com]
>         *On Behalf Of *Ivan Noris
>         *Sent:* jeudi 9 novembre 2017 13:12
>         *To:* midpoint at lists.evolveum.com
>         <mailto:midpoint at lists.evolveum.com>
>         *Subject:* Re: [midPoint] objectTemplate account create base
>         on account fail
>
>          
>
>         Hi Serge,
>
>         can you specify exact file/sample where this was?
>
>         I have not used direct account assignment, but just roles, in
>         the object template, but I can see this:
>
>         samples/demo/user-template.xml
>
>            <mapping>
>                 <description>A hack to avoid feedback to HR feed -
>         deleting accounts because they are not assigned</description>
>                         <strength>strong</strength>
>                 <source>
>                         <path>employeeType</path>
>                 </source>
>                 <expression>
>                     <value>
>                                         <!--<assignment>-->
>                                                 <construction>
>                                                         <resourceRef
>         oid="8844dcca-775d-11e2-a0ac-001e8c717e5b" type="c:ResourceType"/>
>                                                 </construction>
>                                         <!--</assignment>-->
>                     </value>           
>                 </expression>
>                 <target>
>                         <path>assignment</path>
>                 </target>
>                 <condition>
>                         <script>
>                         <code>employeeType != null</code>
>                     </script>
>                         </condition>
>             </mapping>
>
>         See how the <assignment> element is commented out; hope this
>         is the problem.
>
>         If you specify the sample from which you have seen the
>         original construction, we can have a look at it.
>
>         Best regards,
>
>         Ivan
>
>          
>
>         On 08.11.2017 12:43, HAQUET Serge wrote:
>
>             I get this example from midpoint git and it didn’t work ,
>             look like missing something to validate  the xml
>
>              
>
>             <mapping>
>
>                     <strength>strong</strength>
>
>                     <expression>
>
>                         <value>
>
>                             <assignment>
>
>                                 <construction>
>
>                                     <resourceRef
>             oid="0e70c40e-d952-45ee-9780-10845afdc126"
>             type="ResourceType"/>
>
>                                 </construction>
>
>                             </assignment>
>
>                         </value>               
>
>                     </expression>
>
>                     <target>
>
>                         <path>assignment</path>
>
>                     </target>
>
>                 </mapping>
>
>             * *
>
>             *Midpoint version :*3.6
>
>              
>
>             *Goal :*when create new user , create a new account an
>             link it base on the some resources
>
>              
>
>             *Actions:*
>
>               * using the Complex User Template , from the midpoint git.
>               * only use the account create part.
>               * import the file in midpoint
>               * create new user
>
>              
>
>             *Error (see file)*: Message
>
>             Item
>             {http://midpoint.evolveum.com/xml/ns/public/common/common-3}assignment
>             has no definition (in container value CTD
>             ({.../common/common-3}AssignmentType))while parsing (
>             {...common/common-3}assignment => (
>             {...common/common-3}construction => (
>             {...common/common-3}resourceRef => ( oid => parser
>             ValueParser(DOMa, oid:
>             0e70c40e-d952-45ee-9780-10845afdc126) type => parser
>             ValueParser(DOMa, type: ResourceType) ) ) ) )
>
>              
>
>             *When *: trying to create user
>
>              
>
>              
>
>              
>
>              
>
>               imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.2&filename=image001.png
>
>             	
>
>             *Serge HAQUET*
>             Project Analyst
>             Operations - Project Analyst
>             Avenue des Arts 21, 1000 Bruxelles - cirb.brussels
>             <http://cirb.brussels/>- disclaimer
>             <http://cirb.brussels/disclaimer-1>
>             T +32 2 801 12 41 | G +32 497 44 44 99 | Helpdesk +32 2
>             801 00 00
>             Be green, leave it on the screen
>             !                                                       imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.3&filename=image002.png
>             <https://www.linkedin.com/company/cirb_cibgimap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.4&filename=image003.png
>             <https://twitter.com/CIRB_CIBGimap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.5&filename=image004.jpg
>             <http://www.environnement.brussels/thematiques/ville-durable/le-label-entreprise-ecodynamique>
>
>
>
>
>
>
>             _______________________________________________
>
>             midPoint mailing list
>
>             midPoint at lists.evolveum.com
>             <mailto:midPoint at lists.evolveum.com>
>
>             http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>         -- 
>
>         Ivan Noris
>
>         Senior Identity Engineer
>
>         evolveum.com
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>     -- 
>
>     Ivan Noris
>
>     Senior Identity Engineer
>
>     evolveum.com
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 17152 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 537 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 658 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1336 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: assignments.png
Type: image/png
Size: 18664 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: projections.png
Type: image/png
Size: 27111 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/6f5cd649/attachment-0004.png>


More information about the midPoint mailing list