[midPoint] Template modification
Jan Kaspar
Caspi at seznam.cz
Sat Jan 20 19:56:44 CET 2018
Hi all,
I need help with modification of template. I have following mapping
in template:
<mapping id="13">
<name>User - AD Role mapping</name>
<authoritative>true</authoritative>
<strength>strong</strength>
<source>
<name>ADGroup</name>
<c:path>extension/ADGroups</c:path>
</source>
<expression>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance(http://www.w3.org/2001/XMLSchema-instance)"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.
AssignmentType
(http://com.evolveum.midpoint.xml.ns._public.common.common_3.assignmenttype/)
;
import com.evolveum.midpoint.xml.ns._public.common.common_3.
ObjectReferenceType
(http://com.evolveum.midpoint.xml.ns._public.common.common_3.objectreferencetype/)
;
import com.evolveum.midpoint.xml.ns._public.common.common_3.
RoleType
(http://com.evolveum.midpoint.xml.ns._public.common.common_3.roletype/)
;
import com.evolveum.midpoint.xml.ns._public.common.common_3.
OrgType
(http://com.evolveum.midpoint.xml.ns._public.common.common_3.orgtype/)
;
import java.util.*;
log.warn("AD Role mapping {}" , ADGroup)
if (ADGroup != null){
orgName = ADGroup;
org = midpoint.searchObjectByName(RoleType.class,
orgName);
log.info("org {}" , org)
orgOrt = new ObjectReferenceType();
orgOrt.setOid(org.getOid());
orgOrt.setType(RoleType.COMPLEX_TYPE);
AssignmentType assignment = new AssignmentType();
assignment.asPrismContainerValue()
assignment.setTargetRef(orgOrt);
return assignment
}
</code>
</script>
</expression>
<target>
<c:path>assignment</c:path>
</target>
<condition>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance(http://www.w3.org/2001/XMLSchema-instance)"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
log.info("AD Role mapping {}, ADGroup {}" , (ADGroup !=
null), ADGroup)
return ADGroup != null
</code>
</script>
</condition>
</mapping>
It works fine, users are imported with attribute ADGroups and all is
OK. But some users have in thei attributes groups,
that are not managed and imported to IDM. Typicaly protected admins
group. (Schema Admins, SQL Admins etc.)
How can I update this template to skip those groups? Now i am
getting error:
Couldn't reconcile user user:f4f60447-77d9-4a9e-a5f7-6f43b34c834f
(jan.kaspar).
Error
java.lang.NullPointerException
(http://java.lang.nullpointerexception/): Cannot invoke method
getOid() on null object in expression in mapping 'User - AD Role
mapping' in template mapping 'User - AD Role mapping' in
objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User
Template)(ADGroup=Schema Admins; ) in expression in mapping 'User -
AD Role mapping' in template mapping 'User - AD Role mapping' in
objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User
Template)
show
com.evolveum.midpoint.util.exception.ExpressionEvaluationException
(http://com.evolveum.midpoint.util.exception.expressionevaluationexception/)
: java.lang.NullPointerException
(http://java.lang.nullpointerexception/): Cannot invoke method
getOid() on null object in expression in mapping 'User - AD Role
mapping' in template mapping 'User - AD Role mapping' in
objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User
Template)(ADGroup=Schema Admins; ) in expression in mapping 'User -
AD Role mapping' in template mapping 'User - AD Role mapping' in
objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User
Template)
So basicaly i need condition to check if coresponding role exist...
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180120/5a49383c/attachment.htm>
More information about the midPoint
mailing list