[midPoint] Object template to deploy accounts from midpoint to AD error "accountConstruction has no definition"

Jack Wilson jack.wilson at cogitogroup.net
Wed Apr 10 05:26:57 CEST 2019


Hi

I am attempting to pull accounts from an active directory (A) into midpoint users, and following this deploy these users into a second active directory (B).

I have accounts being pulled from (A) into midpoint users successfully, but am running into issues deploying these into (B).

To my understanding, this requires an object template for users to be assigned in (A)'s synchronization:


<synchronization>
        <objectSynchronization>
            ...
            <objectTemplateRef oid="c0c010c0-d34d-b33f-f00d-777111111111" relation="org:default" type="c:ObjectTemplateType">
                <targetName>Default User Template DEMO 2 DOMAIN</targetName>
            </objectTemplateRef>
            <reconcile>false</reconcile>
            <reaction>
                <situation>unlinked</situation>
                <synchronize>true</synchronize>
                <reconcile>true</reconcile>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
                </action>
            </reaction>
            <reaction>
                <situation>unmatched</situation>
                <synchronize>true</synchronize>
                <reconcile>true</reconcile>
                <action>
                    <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
                    <objectTemplateRef oid="c0c010c0-d34d-b33f-f00d-777111111111"/>
                </action>
            </reaction>
            ...
        </objectSynchronization>
    </synchronization>


The object (user) template is the following:


<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="c0c010c0-d34d-b33f-f00d-777111111111" version="3">
    <name>Default User Template DEMO 2 DOMAIN</name>
    <metadata>
        ...
    </metadata>
    <mapping id="1">
        <strength>strong</strength>
        <expression>
            <value>
                <accountConstruction>
                    <resourceRef oid="f5f9fdaa-ec62-4f1b-b17d-c8dc6639bd93" type="c:ResourceType"/>
                </accountConstruction>
            </value>
        </expression>
        <target>
            <c:path>assignment</c:path>
        </target>
    </mapping>
</objectTemplate>

This was based off the following two sources:
https://wiki.evolveum.com/display/midPoint/Synchronization+Examples
https://github.com/Evolveum/midpoint/blob/master/samples/demo/user-template.xml (Noting assignment is commented out here)

When running an 'import accounts' task on (A), I receive the following errors (or the equivalent if I include <assignment> around <accountConstruction>):

[midPointScheduler_Worker-1] ERROR (com.evolveum.midpoint.repo.common.task.AbstractSearchIterativeResultHandler): Import of object shadow: ... from ... failed: Item {http://midpoint.evolveum.com/xml/ns/public/common/common-3}accountConstruction has no definition (in container value CTD ({.../common/common-3}AssignmentType))while parsing (
  {...common/common-3}accountConstruction =>
    (
      {...common/common-3}resourceRef =>
        (
          oid =>
            parser ValueParser(DOMa, oid: f5f9fdaa-ec62-4f1b-b17d-c8dc6639bd93)
          type =>
            parser ValueParser(DOMa, type: c:ResourceType)
        )
    )
)

I expect this is because this syntax is in fact invalid? Any ideas on how to resolve this?

Regards,

Jack Wilson
Digital Security Consultant



This email, and any attachment, is confidential and also privileged. If you have received it in error, please notify me immediately and delete it from your system along with any attachments. You should not copy or use it for any purpose, nor disclose its contents to any other person.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190410/0c08a05a/attachment.htm>


More information about the midPoint mailing list