[midPoint] objectTemplate account create base on account fail
HAQUET Serge
shaquet at cirb.brussels
Tue Nov 21 11:23:13 CET 2017
What i don’t understand why this behavior different from the behavior of the user interface
I can’t remove the assignment created
Operation
Save (GUI)
Message
Attempt to delete value PCV(null):[PC({http://midpoint.evolveum.com/xml/ns/public/common/common-3}construction):[PCV(null):[PrismReference({.../common/common-3}resourceRef):[PRV(oid=0e70c40e-d952-45ee-9780-10845afdc126, targetType={.../common/common-3}ResourceType)]]]] from item assignment but that value is mandated by a strong mapping (in object template objectTemplate:10000000-0000-0000-0000-000000000222(Complex User Template) for focus user:54faf55b-c588-4ab0-9892-5ff6d3181577(Test2))
Error
Attempt to delete value PCV(null):[PC({http://midpoint.evolveum.com/xml/ns/public/common/common-3}construction):[PCV(null):[PrismReference({.../common/common-3}resourceRef):[PRV(oid=0e70c40e-d952-45ee-9780-10845afdc126, targetType={.../common/common-3}ResourceType)]]]] from item assignment but that value is mandated by a strong mapping (in object template objectTemplate:10000000-0000-0000-0000-000000000222(Complex User Template) for focus user:54faf55b-c588-4ab0-9892-5ff6d3181577(Test2))
show<javascript:;>
So it is hard to me to believe that everything is working correctly
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: mardi 21 novembre 2017 10:43
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] objectTemplate account create base on account fail
Hi Serge,
once again; you are NOT creating a role. You are assigning a resource account. That's the relation meaning "I wish the account on the resource to be created and exist". That is the assignment.
As a result, MidPoint will create the resource account. That's the relation meaning "There is the account on that resource currently". That's the projection.
The role icon and resource assignment icon differ. See the attached screenshots:
- my user has assigned role Employee and also resource account on CSV-1 resource (Assignment tab; notice the icons)
- my user has three accounts (CSV-1, CSV-2, CSV-3) (Projections tab)
The existence of CSV-1 account in projection is the result of that resource account being assigned. The name of the resource assignment is the same as the name of the resource.
No role is created. The resource account is assigned and midPoint creates it. This is one of the main midPoint concepts. If there is an assignment, midPoint will create the account(s) and keep them until you unassign the assignment.
I personally use roles (also through object template mappings) and not resource assignments.
In your case, as the name of the resource assignment has always the same as the name of the resource, everything is working correctly.
Best regards,
Ivan
On 16.11.2017 08:03, HAQUET Serge wrote:
Ok so how can I fix the issue of the role created when I assign the account?
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: mercredi 15 novembre 2017 17:53
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] objectTemplate account create base on account fail
Hi,
I don't know if that's entirely possible, but it's not a good idea to "assign" resource account just by linking. As stated in the wiki page I referenced, link is just a relationship between midPoint user and resource account, and that link can be deleted if the account is deleted directly on the resource. Assignment is able to re-create that account even in this situation.
Ivan
On 15.11.2017 08:32, HAQUET Serge wrote:
What target I should use to avoid to create this role.
I try linkref but nothing happend
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: mardi 14 novembre 2017 15:54
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] objectTemplate account create base on account fail
Serge,
what you have in assignments is the resource account assignment, for which the projection has been created. If you assign resource account (as you do), this is the expected state.
See https://wiki.evolveum.com/display/midPoint/Assigning+vs+Linking
Best regards,
Ivan
On 09.11.2017 15:19, HAQUET Serge wrote:
When i look via the gui I have the projection but in assignment I have also a “role” with the same name of my resource
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: jeudi 9 novembre 2017 13:12
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] objectTemplate account create base on account fail
Hi Serge,
can you specify exact file/sample where this was?
I have not used direct account assignment, but just roles, in the object template, but I can see this:
samples/demo/user-template.xml
<mapping>
<description>A hack to avoid feedback to HR feed - deleting accounts because they are not assigned</description>
<strength>strong</strength>
<source>
<path>employeeType</path>
</source>
<expression>
<value>
<!--<assignment>-->
<construction>
<resourceRef oid="8844dcca-775d-11e2-a0ac-001e8c717e5b" type="c:ResourceType"/>
</construction>
<!--</assignment>-->
</value>
</expression>
<target>
<path>assignment</path>
</target>
<condition>
<script>
<code>employeeType != null</code>
</script>
</condition>
</mapping>
See how the <assignment> element is commented out; hope this is the problem.
If you specify the sample from which you have seen the original construction, we can have a look at it.
Best regards,
Ivan
On 08.11.2017 12:43, HAQUET Serge wrote:
I get this example from midpoint git and it didn’t work , look like missing something to validate the xml
<mapping>
<strength>strong</strength>
<expression>
<value>
<assignment>
<construction>
<resourceRef oid="0e70c40e-d952-45ee-9780-10845afdc126" type="ResourceType"/>
</construction>
</assignment>
</value>
</expression>
<target>
<path>assignment</path>
</target>
</mapping>
Midpoint version : 3.6
Goal : when create new user , create a new account an link it base on the some resources
Actions:
* using the Complex User Template , from the midpoint git.
* only use the account create part.
* import the file in midpoint
* create new user
Error (see file) : Message
Item {http://midpoint.evolveum.com/xml/ns/public/common/common-3}assignment has no definition (in container value CTD ({.../common/common-3}AssignmentType))while parsing ( {...common/common-3}assignment => ( {...common/common-3}construction => ( {...common/common-3}resourceRef => ( oid => parser ValueParser(DOMa, oid: 0e70c40e-d952-45ee-9780-10845afdc126) type => parser ValueParser(DOMa, type: ResourceType) ) ) ) )
When : trying to create user
[imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.2&filename=image001.png]
Serge HAQUET
Project Analyst
Operations - Project Analyst
Avenue des Arts 21, 1000 Bruxelles - cirb.brussels<http://cirb.brussels/> - disclaimer<http://cirb.brussels/disclaimer-1>
T +32 2 801 12 41 | G +32 497 44 44 99 | Helpdesk +32 2 801 00 00
Be green, leave it on the screen ! [imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.3&filename=image002.png] <https://www.linkedin.com/company/cirb_cibg> [imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.4&filename=image003.png] <https://twitter.com/CIRB_CIBG> [imap://vix@mail.evolveum.com:993/fetch%3EUID%3E/INBOX/Lists/midPoint%3E1540915?header=quotebody&part=1.1.5&filename=image004.jpg] <http://www.environnement.brussels/thematiques/ville-durable/le-label-entreprise-ecodynamique>
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 17152 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 537 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 658 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1336 bytes
Desc: image004.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cirb_48ee021e-930c-4d9c-b9ae-589a94eea2ab.png
Type: image/png
Size: 17152 bytes
Desc: cirb_48ee021e-930c-4d9c-b9ae-589a94eea2ab.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedIn_391f8333-965b-4b73-9dbc-f68a4356657b.png
Type: image/png
Size: 537 bytes
Desc: linkedIn_391f8333-965b-4b73-9dbc-f68a4356657b.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter_a7266c6c-f7c1-4a59-bfea-6e55a9e45977.png
Type: image/png
Size: 658 bytes
Desc: twitter_a7266c6c-f7c1-4a59-bfea-6e55a9e45977.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_eco_mail2_ea9ebf7c-274d-4f6f-a7e5-3a2b8d3efa28.jpg
Type: image/jpeg
Size: 1336 bytes
Desc: logo_eco_mail2_ea9ebf7c-274d-4f6f-a7e5-3a2b8d3efa28.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171121/0c3b37da/attachment-0001.jpg>
More information about the midPoint
mailing list