[midPoint] schema handling vs object template
Guckenbiehl, Gabriel
gabriel.guckenbiehl at uni-due.de
Mon Aug 12 09:07:44 CEST 2019
HI Ivan,
sorry being quiet for so long, I have been in vacations.
Thanks for your explanations, obviously I had some twist in my understanding of the concept of an object template.
Maybe you could provide me with another idea of how to achieve what I wanted to get from this construction.
As you may have guessed from the code I had I am trying to build some schema handling which uses two independend iterations, but the standard way in schema handling only provides one iterator. Is there any way to use habe a second one independent from the first? I.e. one of my iterators is expected to run to an max iteration of maybe 10 the other one could reach up to several 1000.
Thanks for your help again
Gabriel
> -----Ursprüngliche Nachricht-----
> Von: midPoint <midpoint-bounces at lists.evolveum.com> Im Auftrag von
> Ivan Noris
> Gesendet: Montag, 29. Juli 2019 09:24
> An: midpoint at lists.evolveum.com
> Betreff: Re: [midPoint] schema handling vs object template
>
> Hi Gabriel,
>
> object template and schema handling are similar, but different concepts.
>
> Schema handling is the place to define how to map the attributes from
> midPoint to the resource account (outbound) or vice-versa (inbound).
>
> Object template is the place to define how midPoint attributes (e.g. User's
> fullName) should be defined from other user attributes (e.g. the same User's
> givenName and familyName).
>
> Object template can be also used with the resource, but in a different
> context. If you have a resource which is a source resource (contains inbounds
> and unmatched->addFocus reaction for example), you can specify an
> arbitrary object template instead of the global object template which is
> specified in the System configuration.
>
> That said, you should not attempt to define account attributes in the
> template but in the schema handling.
>
> Best regards,
>
> Ivan
>
>
> On 23. 7. 2019 16:41, Guckenbiehl, Gabriel wrote:
>
>
> Hello all,
>
> in my LDAP-scheme I have a field which should be set by an mapping
> from an
> object template. The template is called in the synchronization oft he
> LDAP-Ressource. Because the LDAP field is a necessary one I get
> error
> messages, when there is no additional outbound mapping in the
> schema
> handling itself.
> But even though I set the dummy-mapping in the ldap-scheme as
> weak as
> possible it still is not overridden by the mapping in the object
> template.
> Maybe anyone here can give me a hint or two, how to enforce the
> correct
> values?
> I can not put the correct mapping in schema handling itself, because
> the
> iteration there is already used for other context.
>
> Some experimenting led me to believe that no code in the object-
> template is
> executet, but surely this can't be correct, am I right?
>
> Code below. Best regards and thanks fort he help
>
> Gabriel
>
> Gabriel Guckenbiehl, M.Sc.
> Zentrum für Informations- und Mediendienste (ZIM)
> Universität Duisburg Essen
> Schützenbahn 70
> 45127 Essen
> Telefon: +49 (201) 183-3346
>
>
> <objectTemplate
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/co
> mmon-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/co
> mmon-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connecto
> r/icf-1/resou
> rce-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-
> schema-3>
> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/
> org-3" <http://midpoint.evolveum.com/xml/ns/public/common/org-3>
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/in
> stance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
> oid="ea0f69ae-b5e6-4ef9-a206-8421814b977f" version="89">
> <name>LDAP Template</name>
> <iteration>
> <maxIterations>100000</maxIterations>
> <postIterationCondition>
> <variable>
> <name>uidnummer</name>
> <c:path>$shadow/attributes/ri:uidNumber</c:path>
> </variable>
> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
> instance" <http://www.w3.org/2001/XMLSchema-instance>
> xsi:type="c:ScriptExpressionEvaluatorType">
> <trace>true</trace>
> <code>
> tmpUniqueLogin = midpoint.isUniqueAccountValue(resource,
> shadow, 'uidNumber', uidnummer)
> return tmpUniqueLogin
> </code>
> </script>
> </postIterationCondition>
> </iteration>
> <mapping id="18">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>strong</strength>
> <expression>
> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
> instance" <http://www.w3.org/2001/XMLSchema-instance>
> xsi:type="c:ScriptExpressionEvaluatorType">
> <code>
> return 10000+iteration
> </code>
> </script>
> </expression>
> <target>
> <c:path>ri:uidNumber</c:path>
> </target>
> </mapping>
> </objectTemplate>
>
>
> <resource
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/co
> mmon-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connecto
> r/icf-1/resou
> rce-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-
> schema-3>
> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/
> org-3" <http://midpoint.evolveum.com/xml/ns/public/common/org-3>
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/in
> stance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
> oid="7ea21d36-6438-425c-b81c-8be810210000" version="273">
> <name>LDAP_2_with_Template</name>
> <connectorRef oid="a4f34827-e130-4d54-8b48-7b4b2c52f51c"
> relation="org:default" type="c:ConnectorType"/>
> <connectorConfiguration
> xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connecto
> r/icf-1/conne
> ctor-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-
> schema-3> >
> [...]
> </connectorConfiguration>
> <schema>
> <definition>
> <xsd:schema
> xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
> <http://prism.evolveum.com/xml/ns/public/annotation-3>
> xmlns:ra="http://midpoint.evolveum.com/xml/ns/public/resource/a
> nnotation-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3>
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/
> instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> <http://www.w3.org/2001/XMLSchema> elementFormDefault="qualified"
> targetNamespace="http://midpoint.evolveum.com/xml/ns/public/r
> esource/instanc
> e-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3> >
> <xsd:import
> namespace="http://prism.evolveum.com/xml/ns/public/annotation-
> 3" <http://prism.evolveum.com/xml/ns/public/annotation-3> />
> <xsd:import
> namespace="http://midpoint.evolveum.com/xml/ns/public/resourc
> e/annotation-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3>
> />
> </xsd:complexType>
> <xsd:complexType name="posixAccount">
> <xsd:annotation>
> <xsd:appinfo>
> <ra:resourceObject/>
> <ra:identifier>ri:entryUUID</ra:identifier>
>
> <ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
>
> <ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
> <ra:namingAttribute>ri:dn</ra:namingAttribute>
>
> <ra:nativeObjectClass>posixAccount</ra:nativeObjectClass>
> <ra:auxiliary>true</ra:auxiliary>
> </xsd:appinfo>
> </xsd:annotation>
> <xsd:sequence>
> <xsd:element name="uidNumber" type="xsd:int">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayOrder>190</a:displayOrder>
>
> <ra:nativeAttributeName>uidNumber</ra:nativeAttributeName>
>
> <ra:frameworkAttributeName>uidNumber</ra:frameworkAttribute
> Name>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
> </xsd:complexType>
> </xsd:schema>
> </definition>
> </schema>
> <schemaHandling>
> <objectType id="68">
> <kind>account</kind>
> <intent>Employee</intent>
> <displayName>Employee Account</displayName>
> <default>true</default>
> <objectClass>ri:inetOrgPerson</objectClass>
> <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
> <attribute id="70">
> <c:ref>ri:mail</c:ref>
> <tolerant>false</tolerant>
> <exclusiveStrong>true</exclusiveStrong>
> <outbound>
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>strong</strength>
> <source>
> <c:path>$user/givenName</c:path>
> </source>
> <source>
> <c:path>$user/emailAddress</c:path>
> </source>
> <source>
> <c:path>$user/familyName</c:path>
> </source>
> <expression>
> <script
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance>
> xsi:type="c:ScriptExpressionEvaluatorType">
> <code>
> if (emailAddress != null) {
> return emailAddress
> } else {
> mailName =
> givenName.getNorm().tokenize()[0] + iterationToken + '.' +
> familyName.getNorm().replaceAll(" ", "_") + '@uni-due.de';
> return mailName;
> }
> </code>
> </script>
> </expression>
> </outbound>
> </attribute>
> <attribute id="131">
> <c:ref>ri:uidNumber</c:ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <outbound>
> <authoritative>false</authoritative>
> <exclusive>false</exclusive>
> <strength>weak</strength>
> <expression>
> <value>0</value>
> </expression>
> </outbound>
> </attribute>
> <iteration>
> <maxIterations>1000</maxIterations>
> <postIterationCondition>
> <variable>
> <name>test</name>
> <c:path>$shadow/attributes/ri:mail</c:path>
> </variable>
> <script
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance>
> xsi:type="c:ScriptExpressionEvaluatorType">
> <trace>true</trace>
> <code>
> tmpUniqueLogin =
> midpoint.isUniqueAccountValue(resource, shadow, 'mail', test)
> return tmpUniqueLogin
> </code>
> </script>
> </postIterationCondition>
> </iteration>
> </objectType>
> </schemaHandling>
> <capabilities>[...]
> </capabilities>
> <synchronization>
> <objectSynchronization>
> <name>Employee sync</name>
> <objectClass>inetOrgPerson</objectClass>
> <objectClass>benvwAccount</objectClass>
> <kind>account</kind>
> <intent>Employee</intent>
> <focusType>c:UserType</focusType>
> <enabled>true</enabled>
> <correlation>
> <q:equal>
> <q:path>c:name</q:path>
> <expression xmlns="">
> <path>$account/attributes/uid</path>
> </expression>
> </q:equal>
> </correlation>
> <objectTemplateRef oid="ea0f69ae-b5e6-4ef9-a206-
> 8421814b977f"
> relation="org:default" type="c:ObjectTemplateType">
> <targetName>LDAP Template</targetName>
> </objectTemplateRef>
> <reconcile>true</reconcile>
> <opportunistic>true</opportunistic>
> [...]
> </objectSynchronization>
> </synchronization>
> </resource>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6342 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190812/3d41e9aa/attachment.bin>
More information about the midPoint
mailing list