[midPoint] Template modification

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Mon Jan 22 11:15:59 CET 2018 

Hi Jan

Basically, your script does not find "org" and then you call getOid() on
null object. I think that surrounding that assignment creation code with
if(org != null) should suffice.

Best Regards
Oskar Butovič

2018-01-20 19:56 GMT+01:00 Jan Kaspar <Caspi at seznam.cz>:

> Hi all,
>
> I need help with modification of template. I have following mapping in
> template:
>
>    <mapping id="13">
>       <name>User - AD Role mapping</name>
>       <authoritative>true</authoritative>
>       <strength>strong</strength>
>       <source>
>          <name>ADGroup</name>
>          <c:path>extension/ADGroups</c:path>
>       </source>
>       <expression>
>          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>                  xsi:type="c:ScriptExpressionEvaluatorType">
>             <code>
>    import com.evolveum.midpoint.xml.ns._public.common.common_
> 3.AssignmentType
> <http://com.evolveum.midpoint.xml.ns._public.common.common_3.assignmenttype/>
> ;
>    import com.evolveum.midpoint.xml.ns._public.common.common_
> 3.ObjectReferenceType
> <http://com.evolveum.midpoint.xml.ns._public.common.common_3.objectreferencetype/>
> ;
>    import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType
> <http://com.evolveum.midpoint.xml.ns._public.common.common_3.roletype/>;
>    import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType
> <http://com.evolveum.midpoint.xml.ns._public.common.common_3.orgtype/>;
>    import java.util.*;
>
>    log.warn("AD Role mapping {}" , ADGroup)
>    if (ADGroup != null){
> orgName = ADGroup;
>
>                 org = midpoint.searchObjectByName(RoleType.class,
> orgName);
>                     log.info("org {}" , org)
>                     orgOrt = new ObjectReferenceType();
>          orgOrt.setOid(org.getOid());
>                orgOrt.setType(RoleType.COMPLEX_TYPE);
>         AssignmentType assignment = new AssignmentType();
>         assignment.asPrismContainerValue()
>         assignment.setTargetRef(orgOrt);
>         return assignment
>
>    }
>    </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>assignment</c:path>
>       </target>
>       <condition>
>          <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>                  xsi:type="c:ScriptExpressionEvaluatorType">
>             <code>
>         log.info("AD Role mapping {}, ADGroup {}" , (ADGroup != null),
> ADGroup)
>              return ADGroup != null
>             </code>
>          </script>
>       </condition>
>    </mapping>
>
>
> It works fine, users are imported with attribute ADGroups and all is OK.
> But some users have in thei attributes groups,
> that are not managed and imported to IDM. Typicaly protected admins group.
> (Schema Admins, SQL Admins etc.)
>
> How can I update this template to skip those groups? Now i am getting
> error:
>
> Couldn't reconcile user user:f4f60447-77d9-4a9e-a5f7-
> 6f43b34c834f(jan.kaspar).Errorjava.lang.NullPointerException
> <http://java.lang.nullpointerexception/>: Cannot invoke method getOid()
> on null object in expression in mapping 'User - AD Role mapping' in
> template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default
> User Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD
> Role mapping' in template mapping 'User - AD Role mapping' in
> objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)
> showcom.evolveum.midpoint.util.exception.ExpressionEvaluationException
> <http://com.evolveum.midpoint.util.exception.expressionevaluationexception/>:
> java.lang.NullPointerException <http://java.lang.nullpointerexception/>:
> Cannot invoke method getOid() on null object in expression in mapping 'User
> - AD Role mapping' in template mapping 'User - AD Role mapping' in
> objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User
> Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD Role
> mapping' in template mapping 'User - AD Role mapping' in
> objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)
>
> So basicaly i need condition to check if coresponding role exist...
>
> Jan
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180122/4af253fb/attachment.htm>

More information about the midPoint mailing list