[midPoint] DatabaseTableConnector organization structure sync
mceylan
mrveceylan at gmail.com
Wed May 13 14:08:01 CEST 2020
Hi Arnost,
I changed the object template as you said. As I understand it as below.
<mapping id="11">
<name>Add Organization</name>
<source>
<name>org_id</name>
<c:path>$focus/extension/identifier</c:path>
</source>
<source>
<name>parent_id</name>
<c:path>$focus/extension/parent_id</c:path>
</source>
<source>
<name>orgName</name>
<c:path>$focus/extension/organizationname</c:path>
</source>
<expression>
<assignmentTargetSearch xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:SearchObjectRefExpressionEvaluatorType">
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>c:identifier</q:path>
<expression>
<script>
<code>org_id</code>
</script>
</expression>
</q:equal>
</filter>
<createOnDemand>true</createOnDemand>
<populateObject>
<populateItem>
<expression>
<script xsi:type="c:ScriptExpressionEvaluatorType">
<code>org_id</code>
</script>
</expression>
<target>
<c:path>c:identifier</c:path>
</target>
</populateItem>
<populateItem>
<expression>
<script xsi:type="c:ScriptExpressionEvaluatorType">
<code>orgName</code>
</script>
</expression>
<target>
<c:path>name</c:path>
</target>
</populateItem>
<populateItem>
<expression>
<script xsi:type="c:ScriptExpressionEvaluatorType">
<code>orgName</code>
</script>
</expression>
<target>
<c:path>name</c:path>
</target>
</populateItem>
<populateItem>
<expression>
<assignmentTargetSearch
xsi:type="c:SearchObjectRefExpressionEvaluatorType">
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>org_id</q:path>
<expression>
<script>
<code>parent_id</code>
</script>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<c:path>$focus/assignment</c:path>
</target>
</populateItem>
</populateObject>
</assignmentTargetSearch>
</expression>
<target>
<c:path>$focus/assignment</c:path>
</target>
</mapping>
No organization came when I ran import task in this way. Task also made a
mistake
Failures (13):
13: java.lang.RuntimeException: Couldn't find a proper data item to query,
given base entity Ent:ROrg (jaxb=OrgType) and this filter: EQUAL:
PATH: org_id
DEF: null
VALUE:
700036 in (new) expression in assignment expression in expression in
mapping 'Add Organization' in template mapping 'Add Organization' in
objectTemplate:c0c010c0-d34d-b33f-f00d-777333333333(User
Template)(orgName=YÖNETİM MÜDÜRLÜĞÜ; org_id=700043;
parent_id=700036; ) in expression in mapping 'Add Organization' in template
mapping 'Add Organization' in
objectTemplate:c0c010c0-d34d-b33f-f00d-777333333333(User Template)
Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 13 May 2020 Çar,
11:02 tarihinde şunu yazdı:
> Hi Merve,
>
> your organizations may have more than one parent? i guess no, that would
> make a very unusual organization structure.
>
> Suppose each midpoint organization has an id in extension/org_id and knows
> it's one and only parent id in extension/parent_id. Then a mapping like
>
> <mapping>
> <source>
> <path>$focus/*extension/parent_id*</path>
> </source>
> <expression>
> <assignmentTargetSearch>
> <targetType>c:OrgType</targetType>
> <filter>
> <q:equal>
> <q:path>*extension/org_id*</q:path>
> <expression>
> <script><code>*parent_id*</code></script>
> </expression>
> </q:equal>
> </filter>
> </assignmentTargetSearch>
> </expression>
> <*target*>
> <path>$focus/*assignment*</path>
> </target>
> </mapping>
>
> in organization template assigns the organization as a member in
> *existing* parent organization. When you reconcile your organizations in
> a random order and not in parent-first-child-next order (as you do), the
> parent organization may not be created yet, the mapping can't find the
> parent and child organizations keep dangling in the air (visible as many
> fake 'root' orgs in gui). That's why you need to recompute all the orgs one
> more time when all parent orgs are guaranteed they exist - after
> reconciling them first.
>
> I checked briefly your org template and you seem to mix parent and child
> ids sometimes, e.g. the 'Add Organization' mapping tries to assign parents
> (i guess) by this filter
>
> <filter>
> <q:equal>
> <q:path>c:identifier</q:path>
> <expression>
> <script>
> <code>*org_id*</code>
> </script>
> </expression>
> </q:equal>
> </filter>
>
> where org_id is extension/identifier. Shouldn't you be comparing
> *parent_id* instead? You seem to be on the right path in the end .)
>
> arnost
>
> út 12. 5. 2020 v 21:26 odesílatel mceylan <mrveceylan at gmail.com> napsal:
>
>> Hi Arnost,
>>
>> Hi, do I have to define all parent ones in filter one by one? What will
>> be added later? and how can I do this?
>>
>> Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 12 May 2020
>> Sal, 20:03 tarihinde şunu yazdı:
>>
>>> Hi Merve,
>>>
>>> you may load the parent org id to each organization in midpoint with
>>> ordinary resource inbound mapping to an extension attribute. Then create
>>> the assignment from organization to it's parent org in org template by
>>> using the parent id in the filter, like this
>>>
>>>
>>> https://wiki.evolveum.com/display/midPoint/Automatic+Role+Assignment+HOWTO
>>>
>>> Do the same for users and their parent orgs.
>>>
>>> During the first organization import the parent org may not exist yet
>>> (it may be processed and created after the child org), thats why you need
>>> to recompute the orgs second time to get all parent assignments working.
>>>
>>> good luck
>>>
>>> arnost
>>>
>>>
>>>
>>>
>>> út 12. 5. 2020 v 16:33 odesílatel mceylan <mrveceylan at gmail.com> napsal:
>>>
>>>> Hi Gustav, Thanks for your answer
>>>>
>>>> It did not improve when I imported twice. I didn't understand that.
>>>> There are users in the database table and there is also identifier and
>>>> parent information in their information. Users are sorted, for example, by
>>>> employeeNumber. But unfortunately, the organization name, identifier and
>>>> parent_id in their columns are not sequential. What do I have to do in this
>>>> situation?
>>>>
>>>> Pálos Gustáv <gustav.palos at gmail.com>, 12 May 2020 Sal, 16:57
>>>> tarihinde şunu yazdı:
>>>>
>>>>> Hi mceylan,
>>>>>
>>>>> You need organizations in right order (from bottom to top), and I
>>>>> prefer not using createOnDemand, just create orgs with linked shadows
>>>>> & strong assignmentTargetSearch.
>>>>> If you have in wrong order, you need to import "twice", first just
>>>>> create orgs and assign what you already have, and on second round create
>>>>> assignments to missing parents from first run.
>>>>>
>>>>> best regards,
>>>>>
>>>>> Gustav
>>>>>
>>>>>
>>>>> ut 12. 5. 2020 o 15:15 mceylan <mrveceylan at gmail.com> napísal(a):
>>>>>
>>>>>> I made it as the attached source. I added the user template in the
>>>>>> file. This way the organizational tree is created, but parent_id and
>>>>>> identifier get mixed. So some don't occur under child parent. It occurs as
>>>>>> a side tab. I couldn't figure it out.
>>>>>>
>>>>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal, 15:57
>>>>>> tarihinde şunu yazdı:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> nothing special. Just use them as AccountObjectClass from the
>>>>>>> connector and link them to corresponding objects in midPoint (e.g.
>>>>>>> Organizations).
>>>>>>>
>>>>>>> Ivan
>>>>>>> On 12. 5. 2020 14:55, mceylan wrote:
>>>>>>>
>>>>>>> Thanks for the answer, Ivan. So what should I do to pull the
>>>>>>> organizational units from DB Table resource and create and synchronize the
>>>>>>> organization tree in midpoint according to parent id and identifier?
>>>>>>>
>>>>>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal, 14:30
>>>>>>> tarihinde şunu yazdı:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I think DB Table connector supports only AccountObjectClass.
>>>>>>>>
>>>>>>>> Ivan
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12. 5. 2020 13:06, mceylan wrote:
>>>>>>>>
>>>>>>>> I get the following error when I set
>>>>>>>> CustomorganizationalUnitObjectClass as database resorce object class. What
>>>>>>>> would be the reason?
>>>>>>>>
>>>>>>>> Error:No objectclass specified and no default can be determined
>>>>>>>>
>>>>>>>> <default>true</default>
>>>>>>>> When I do, I get the following error.
>>>>>>>>
>>>>>>>> Internal error: Got unexpected exception:
>>>>>>>> java.lang.IllegalArgumentException: Operation requires an Account
>>>>>>>> ObjectClass.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <schemaHandling>
>>>>>>>> <objectType id="1">
>>>>>>>> <kind>generic</kind>
>>>>>>>> <default>false</default>
>>>>>>>>
>>>>>>>> <objectClass>ri:CustomorganizationalUnitObjectClass</objectClass>
>>>>>>>> <attribute id="2">
>>>>>>>> <c:ref>icfs:uid</c:ref>
>>>>>>>> <displayName>Entry UUID</displayName>
>>>>>>>> <limitations>
>>>>>>>> <access>
>>>>>>>> <read>true</read>
>>>>>>>> </access>
>>>>>>>> </limitations>
>>>>>>>> </attribute>
>>>>>>>> <attribute id="3">
>>>>>>>> <c:ref>icfs:name</c:ref>
>>>>>>>> <displayName>Name</displayName>
>>>>>>>> <limitations>
>>>>>>>> <minOccurs>0</minOccurs>
>>>>>>>> <access>
>>>>>>>> <read>true</read>
>>>>>>>> <add>true</add>
>>>>>>>> <modify>true</modify>
>>>>>>>> </access>
>>>>>>>> </limitations>
>>>>>>>> <inbound id="24">
>>>>>>>> <target>
>>>>>>>> <c:path>$user/employeeNumber</c:path>
>>>>>>>> </target>
>>>>>>>> </inbound>
>>>>>>>> <inbound id="43">
>>>>>>>> <target>
>>>>>>>> <c:path>$user/name</c:path>
>>>>>>>> </target>
>>>>>>>> </inbound>
>>>>>>>> </attribute>
>>>>>>>> <attribute id="15">
>>>>>>>> <c:ref>ri:parent_id</c:ref>
>>>>>>>> <inbound id="16">
>>>>>>>> <target>
>>>>>>>> <c:path>$user/extension/parent_id</c:path>
>>>>>>>> </target>
>>>>>>>> </inbound>
>>>>>>>> </attribute>
>>>>>>>> <attribute id="37">
>>>>>>>> <c:ref>ri:identifier</c:ref>
>>>>>>>> <inbound id="39">
>>>>>>>> <target>
>>>>>>>> <c:path>$user/extension/identifier</c:path>
>>>>>>>> </target>
>>>>>>>> </inbound>
>>>>>>>> </attribute>
>>>>>>>> <attribute id="32">
>>>>>>>> <c:ref>ri:organization_name</c:ref>
>>>>>>>> <inbound id="33">
>>>>>>>> <target>
>>>>>>>> <c:path>$user/extension/organizationname</c:path>
>>>>>>>> </target>
>>>>>>>> </inbound>
>>>>>>>> </attribute>
>>>>>>>> <activation>
>>>>>>>> <administrativeStatus>
>>>>>>>> <outbound id="5"/>
>>>>>>>> <inbound id="6">
>>>>>>>> <strength>weak</strength>
>>>>>>>> </inbound>
>>>>>>>> </administrativeStatus>
>>>>>>>> </activation>
>>>>>>>> </objectType>
>>>>>>>> </schemaHandling>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>> --
>>>>>>>> Ivan Noris
>>>>>>>> Senior Identity Engineerevolveum.com
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Merve CEYLAN
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>> --
>>>>>>> Ivan Noris
>>>>>>> Senior Identity Engineerevolveum.com
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Merve CEYLAN
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> s pozdravom
>>>>>
>>>>> Gustáv Pálos
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>
>>>>
>>>> --
>>>> Merve CEYLAN
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>
>>>
>>> --
>>>
>>> *Arnošt Starosta*
>>> solution architect
>>>
>>> gsm: [+420] 603 794 932
>>> e‑mail: arnost.starosta at ami.cz
>>>
>>> *AMI Praha a.s.*
>>> Pláničkova 11, 162 00 Praha 6
>>>
>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>> za společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>> obsahovat důvěrné nebo osobní
>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>> zveřejňování, zprostředkování
>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>> neoprávněně, informujte o tom prosím
>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>> všech jeho příloh. Nakládáním
>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>> postihu.
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>> --
>> Merve CEYLAN
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
--
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200513/46c01cd0/attachment.htm>
More information about the midPoint
mailing list