[midPoint] How to blank out user properties?
Jason Everling
jeverling at bshp.edu
Thu Jul 2 23:18:36 CEST 2020
So can you post what you have for the deleted template action? You also
have that set under the resource for deleted? I just checked, and a long
time ago we did something similar for accounts removed from a resource,
although we don't anymore but that was on 3.2 and should still work, i
don't see why not unless its bug, try the below, i pulled from an old
'delete' template on our private repo from an old resource we had years ago
<mapping>
<authoritative>true</authoritative>
<strength>strong</strength>
<expression>
<value>''</value>
</expression>
<target>
<path>extension/ndsuPrimaryJobTitle</path>
</target>
</mapping>
On Thu, Jul 2, 2020 at 4:09 PM Richard Frovarp <richard.frovarp at ndsu.edu>
wrote:
> Thanks. I've started work down the bulk actions path. Which is perhaps
> less than ideal, but I think I understand it, and I will have operations
> later that will require it. I can follow your more elegant solution after I
> have something working. I don't quite have all of the affiliations
> populated yet right now. I figured that setting and clearing a single value
> attribute from a single source would be the easiest thing to start with.
> Affiliations come after I have this working.
>
> On Thu, 2020-07-02 at 15:55 -0500, Jason Everling wrote:
>
> :/ ive been updating some of our logstash stuff, should be != faculty and
> != staff
> JASON
>
>
> On Thu, Jul 2, 2020 at 3:49 PM Jason Everling <jeverling at bshp.edu> wrote:
>
> Gotcha, I just put together a quick example for an idea, you can also go
> with if affiliation == student && not == faculty || affiliation == student
> && not == staff || etc...
>
> for the assignments, you would write the script to get all assignments
> then if your resource doesn't exist apply mapping, there is a midpoint
> function for it, we used something similar for a bulk task, ill find it on
> my prod git repo, its back there in time,
>
> someone else might be able to chime in sooner
>
>
>
> On Thu, Jul 2, 2020 at 2:13 PM Richard Frovarp <richard.frovarp at ndsu.edu>
> wrote:
>
> But students can be employed. I need it so that if they aren't in that
> resource, they are removed. You're earlier example makes some sense, but I
> don't have a deep enough understanding of midPoint to fully implement it.
> Error complains about the source of $user/assignments. I'm on 4.1 and it
> looks like that may have changed some, but I can't quite figure out how.
>
> Kind of frustrated as this seems like it should be a basic operation, and
> it's the one thing stopping me from going further. I don't want a mess of
> stale data in a brand new system a day after it goes up.
>
> I've been looking at queries and bulk actions, but I can't figure out how
> to find all users that aren't referenced by a resource. I can find all in
> the resource, and all that have a resource that isn't it (which is all of
> the users as names are pulled in from a different resource). What is a one
> minute query in raw SQL is beyond my understanding here right now.
>
> On Thu, 2020-07-02 at 13:15 -0500, Jason Everling wrote:
>
> Also this in the default template, if return null; doesn’t work you could
> also go with return ‘’; . So many different ways to do it without relying
> on a deleted template
>
>
>
> <mapping>
>
> <description>Clean out department</description>
>
> <strength>strong</strength>
>
> <source>
>
> <path>$user/extension/your_affiliation</path>
>
> </source>
>
> <target>
>
> <path>$user/extension/ndsuPrimaryJobTitle</path>
>
> </target>
>
> <expression>
>
> <script>
>
> <code>
>
> if (affiliation == ‘student’) {
>
> return null;
>
> }
>
> </code>
>
> </script>
>
> </expression>
>
> </mapping>
>
>
>
>
>
> *From: *Jason Everling <jeverling at bshp.edu>
> *Sent: *Thursday, July 2, 2020 1:06 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *RE: [midPoint] How to blank out user properties?
>
>
>
> ** only if the resource isn’t assigned?*
>
>
>
> *From: *Jason Everling <jeverling at bshp.edu>
> *Sent: *Thursday, July 2, 2020 1:04 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *RE: [midPoint] How to blank out user properties?
>
>
>
> What about just a regular mapping in the default user template with a
> condition strong that gets applied and only if the resource is assigned?
>
>
>
> <mapping>
>
> <description>Clean out department</description>
>
> <strength>strong</strength>
>
> <source>
>
> <path>$user/assignments</path>
>
> </source>
>
> <target>
>
> <path>$user/extension/ndsuPrimaryJobTitle</path>
>
> </target>
>
> <expression>
>
> <script>
>
> <code>
>
> if (assignment != your resource) {
>
> return null;
>
> }
>
> </code>
>
> </script>
>
> </expression>
>
> </mapping>
>
>
>
>
>
> *From: *Richard Frovarp <richard.frovarp at ndsu.edu>
> *Sent: *Thursday, July 2, 2020 12:56 PM
> *To: *midpoint at lists.evolveum.com
> *Subject: *Re: [midPoint] How to blank out user properties?
>
>
>
> I've seen your archive example. I wasn't completely clear. I don't want to
> archive the old value. I just want it gone. I want to keep the user object
> though. So if I were to leave NDSU, we would want there to still be the
> name, employee number, etc to remain. But my title would no longer apply. A
> bigger deal if I were to become a student, we wouldn't want my job title
> applied to my AD object for instance as it wouldn't be applicable. Just
> trying to get the value back to null.
>
>
>
> On Thu, 2020-07-02 at 12:22 -0500, Jason Everling wrote:
>
> So what I can read from, you want to archive the old value? We do this for
> various attributes when they are changed, see here, I had added it to the
> midpoint samples a while back, it will take the old value which was
> previously set and then add it to a custom schema attribute for archival
> history, such as a username change, level change, affiliation, etc..
>
>
>
>
> https://github.com/evolveum/midpoint-samples/blob/master/samples/contrib/bshp/objects/objectTemplates/Includes%20-%20Archiving.xml
>
>
>
> *From: *Richard Frovarp <richard.frovarp at ndsu.edu>
> *Sent: *Thursday, July 2, 2020 11:13 AM
> *Subject: *[midPoint] How to blank out user properties?
>
>
>
> I'm reading a list of our employees from a DB through a
>
> DatabaseTableConnector resource. As part of that process I'm setting a
>
> custom schema element that is their title. That's fine. However, when
>
> they are no longer employed, they disappear from the database table.
>
>
>
> So I'm trying to blank out the title property, since if they aren't
>
> employed anymore, they don't have a title. We want to keep historic
>
> records, and they may still be a student, which we wouldn't populate a
>
> title.
>
>
>
> How does one go about doing this? It was suggested using an object
>
> template on the deleted situation, but that doesn't appear to be
>
> working.
>
>
>
> Resource:
>
>
>
> <reaction>
>
> <situation>deleted</situation>
>
> <synchronize>true</synchronize>
>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action
>
> -3#unlink</handlerUri>;
>
> </action>
>
> <objectTemplateRef oid="5b23b0d3-0740-47a1-932d-c5a4ab513bc4" />
>
> </reaction>
>
>
>
> User Template:
>
>
>
> <mapping>
>
> <description>Clean out department</description>
>
> <strength>strong</strength>
>
> <target>
>
> <path>$user/extension/ndsuPrimaryJobTitle</path>
>
> </target>
>
> <expression>
>
> <script>
>
> <code>null</code>
>
> </script>
>
> </expression>
>
> </mapping>
>
>
>
> No errors are thrown, it's just that the title element remains populate
>
> with the last know value when the user is deleted from the resource.
>
>
>
> Thanks,
>
> Richard
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200702/abbce747/attachment.htm>
More information about the midPoint
mailing list