[midPoint] DatabaseTableConnector organization structure sync
mceylan
mrveceylan at gmail.com
Thu May 14 13:36:52 CEST 2020
Hi,
My reconcile / recompute tasks also work, but there is no improvement. If a
child is added to the database before its parent, it is created directly
like a new root. Then, in the database, the parent is created under the
parentin, since the other childs are added after the parent. The first
child stands alone as a root.
So, as far as I understand, what I need to do is not to print the parent_id
and identifier sequentially in the table?
I guess to sort the bottom-down relationship in the solution database.
Nothing else comes to my mind. createOnDemand / populateObject, I added as
much as I added.
Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 13 May 2020 Çar,
19:23 tarihinde şunu yazdı:
> Hi,
>
> yes, that's what the two step reconciliation/recompute is about. During
> the first run all the objects get created, during the second run all the
> right associations are for sure created. The price is of course your data
> in idm is inconsistent after the first reconciliation, some orgs and users
> have no parents associated until the second reconciliation/recompute.
>
> If thats not good enough, there are two other options i can see
>
> 1. Create the not-yet-imported parent organizations as stubs with just
> their identifier and some default values as you tried with the
> createOnDemand/populateObject, you were maybe almost there. Not too
> consistent either but could work out well.
>
> 2. Order the database objects in the parent-child relationship order
> before importing them into idm. You could do that with an external task
> computing this so called topological ordering and updating each record with
> its order before importing into idm in that order. Sounds like too much
> work and lot of fun at the same time.
>
> arnost
>
> st 13. 5. 2020 v 17:50 odesílatel mceylan <mrveceylan at gmail.com> napsal:
>
>> Hi again,
>>
>> I tried one by one but it needs mapping.
>> There is this problem. If an organization's parent is in the database
>> table before it, there is no problem. But if the user first creates
>> himself, and then his parent enters the database table, there is no
>> hierarchy. I couldn't solve this situation.
>>
>>
>> Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 13 May 2020
>> Çar, 17:31 tarihinde şunu yazdı:
>>
>>> Hi again,
>>>
>>> I don't know which 'URI' the exception talks about but I'm not an online
>>> debugger .)
>>>
>>> But using a groovy script only to return a variable seems overkill, you
>>> may specify the path to the value directly with path element i think like
>>> for example
>>>
>>> <expression>
>>> <path>$parent_id</path>
>>> </expression>
>>>
>>> And again - i'm not sure what the <name> elements in your source
>>> declarations do.
>>>
>>> Just take slow generic debugging steps
>>>
>>> 1. remove from the mapping all that is not necessary to debug your root
>>> problem - in your case it's the populateObject element, the anyway useless
>>> organizationname, the source/name elements etc
>>> 2. tweak the resulting code to find out whats really happening... until
>>> it works!
>>> 3. slowly return back everything you need
>>>
>>> I remember you work with midPoint for quite a long time so i'm sure you
>>> will make this running in no time.
>>>
>>> arnost
>>>
>>> st 13. 5. 2020 v 15:57 odesílatel mceylan <mrveceylan at gmail.com> napsal:
>>>
>>>> Thanks,
>>>> Arnost, I guess I just updated it wrong. I made the change in the
>>>> filter you say now.
>>>>
>>>> https://gist.github.com/mrvcyln/9c61803aa83a587ad38c8b0b27de81cc
>>>>
>>>> This time I got the following error. What is the wrong part?
>>>>
>>>> Couldn't evaluate expression
>>>> ExpressionType(variable=[],evaluator=script:com.evolveum.midpoint.xml.ns._public.common.common_3.ScriptExpressionEvaluatorType at 63dc4f7[language=<null>,returnType=<null>,code=parent_id,description=<null>,trace=<null>,relativityMode=<null>,includeNullInputs=<null>,allowEmptyValues=<null>]):
>>>> The URI (700036) does not contain slash character in (new) expression in
>>>> mapping 'Add Organization' in template mapping 'Add Organization' in
>>>> objectTemplate:c0c010c0-d34d-b33f-f00d-777333333333(User Template)(
>>>>
>>>> Petr Gašparík - AMI Praha a.s. <petr.gasparik at ami.cz>, 13 May 2020
>>>> Çar, 16:15 tarihinde şunu yazdı:
>>>>
>>>>> PS: even better to store as file.xml
>>>>> <https://gist.github.com/PetrGasparik/92f413ad8e23c7f36c5f601538649a1a>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> s pozdravem
>>>>>
>>>>> *Petr Gašparík*
>>>>> konzultant IT bezpečnosti
>>>>>
>>>>> gsm: [+420] 603 523 860
>>>>> e‑mail: petr.gasparik at ami.cz
>>>>>
>>>>> *AMI Praha a.s.*
>>>>> Pláničkova 11, 162 00 Praha 6
>>>>>
>>>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>>>
>>>>> [image: AMI Praha a.s.]
>>>>>
>>>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>> za společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>>>> obsahovat důvěrné nebo osobní
>>>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>>>> zveřejňování, zprostředkování
>>>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>>>> neoprávněně, informujte o tom prosím
>>>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>>>> všech jeho příloh. Nakládáním
>>>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>>>> postihu.
>>>>>
>>>>>
>>>>>
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Bez
>>>>> virů. www.avast.com
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>>>>> <#m_-6442713081876663117_m_7176348392288216995_m_-7547626413580072640_m_6196740476173370635_m_1351162053854177239_m_-769752199588538615_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>
>>>>> st 13. 5. 2020 v 15:13 odesílatel Petr Gašparík - AMI Praha a.s. <
>>>>> petr.gasparik at ami.cz> napsal:
>>>>>
>>>>>> Merve, it is better to use gist for code snippets, like this (your
>>>>>> mapping)
>>>>>> https://gist.githubusercontent.com/PetrGasparik/dac261891f0f22de425dc6112de1251b/raw/07de83e5392e4caf2d0781f5061dc39599b70430/gistfile1.txt
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> s pozdravem
>>>>>>
>>>>>> *Petr Gašparík*
>>>>>> konzultant IT bezpečnosti
>>>>>>
>>>>>> gsm: [+420] 603 523 860
>>>>>> e‑mail: petr.gasparik at ami.cz
>>>>>>
>>>>>> *AMI Praha a.s.*
>>>>>> Pláničkova 11, 162 00 Praha 6
>>>>>>
>>>>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>>>>
>>>>>> [image: AMI Praha a.s.]
>>>>>>
>>>>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>> za společnost AMI Praha a.s.
>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>> výhradně písemnou formu.
>>>>>>
>>>>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>>>>> obsahovat důvěrné nebo osobní
>>>>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>>>>> zveřejňování, zprostředkování
>>>>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>>>>> neoprávněně, informujte o tom prosím
>>>>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>>>>> všech jeho příloh. Nakládáním
>>>>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>>>>> postihu.
>>>>>>
>>>>>>
>>>>>>
>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Bez
>>>>>> virů. www.avast.com
>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>>>>>> <#m_-6442713081876663117_m_7176348392288216995_m_-7547626413580072640_m_6196740476173370635_m_1351162053854177239_m_-769752199588538615_m_7905686014798021229_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>
>>>>>> st 13. 5. 2020 v 14:29 odesílatel Arnošt Starosta - AMI Praha a.s. <
>>>>>> arnost.starosta at ami.cz> napsal:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> without looking into the details you are still trying to filter the
>>>>>>> SAME organization as the assignment target, or not?
>>>>>>>
>>>>>>> The assignmentTargetSearch filter is the same as three emails above
>>>>>>> - trying to 'find assignment target organizations that have my org_id as
>>>>>>> identifier' instead of trying to link the target organization id to my
>>>>>>> parent_id.
>>>>>>>
>>>>>>> Also not sure about the name declarations in your 'source' elements.
>>>>>>> It may work, don't know, but i use sources directly in code expressions
>>>>>>> without naming them - in your case it would be 'parent_id' and 'identifier'
>>>>>>> - or i declare and name them as 'variable' elements in the expression
>>>>>>> itself.
>>>>>>>
>>>>>>> arnost
>>>>>>>
>>>>>>> st 13. 5. 2020 v 14:08 odesílatel mceylan <mrveceylan at gmail.com>
>>>>>>> napsal:
>>>>>>>
>>>>>>>> Hi Arnost,
>>>>>>>>
>>>>>>>> I changed the object template as you said. As I understand it as
>>>>>>>> below.
>>>>>>>> <mapping id="11">
>>>>>>>> <name>Add Organization</name>
>>>>>>>> <source>
>>>>>>>> <name>org_id</name>
>>>>>>>> <c:path>$focus/extension/identifier</c:path>
>>>>>>>> </source>
>>>>>>>> <source>
>>>>>>>> <name>parent_id</name>
>>>>>>>> <c:path>$focus/extension/parent_id</c:path>
>>>>>>>> </source>
>>>>>>>> <source>
>>>>>>>> <name>orgName</name>
>>>>>>>> <c:path>$focus/extension/organizationname</c:path>
>>>>>>>> </source>
>>>>>>>> <expression>
>>>>>>>> <assignmentTargetSearch xmlns:xsi="
>>>>>>>> http://www.w3.org/2001/XMLSchema-instance"
>>>>>>>>
>>>>>>>> xsi:type="c:SearchObjectRefExpressionEvaluatorType">
>>>>>>>> <targetType>c:OrgType</targetType>
>>>>>>>> <filter>
>>>>>>>> <q:equal>
>>>>>>>> <q:path>c:identifier</q:path>
>>>>>>>> <expression>
>>>>>>>> <script>
>>>>>>>> <code>org_id</code>
>>>>>>>> </script>
>>>>>>>> </expression>
>>>>>>>> </q:equal>
>>>>>>>> </filter>
>>>>>>>> <createOnDemand>true</createOnDemand>
>>>>>>>> <populateObject>
>>>>>>>> <populateItem>
>>>>>>>> <expression>
>>>>>>>> <script
>>>>>>>> xsi:type="c:ScriptExpressionEvaluatorType">
>>>>>>>> <code>org_id</code>
>>>>>>>> </script>
>>>>>>>> </expression>
>>>>>>>> <target>
>>>>>>>> <c:path>c:identifier</c:path>
>>>>>>>> </target>
>>>>>>>> </populateItem>
>>>>>>>> <populateItem>
>>>>>>>> <expression>
>>>>>>>> <script
>>>>>>>> xsi:type="c:ScriptExpressionEvaluatorType">
>>>>>>>> <code>orgName</code>
>>>>>>>> </script>
>>>>>>>> </expression>
>>>>>>>> <target>
>>>>>>>> <c:path>name</c:path>
>>>>>>>> </target>
>>>>>>>> </populateItem>
>>>>>>>> <populateItem>
>>>>>>>> <expression>
>>>>>>>> <script
>>>>>>>> xsi:type="c:ScriptExpressionEvaluatorType">
>>>>>>>> <code>orgName</code>
>>>>>>>> </script>
>>>>>>>> </expression>
>>>>>>>> <target>
>>>>>>>> <c:path>name</c:path>
>>>>>>>> </target>
>>>>>>>> </populateItem>
>>>>>>>> <populateItem>
>>>>>>>> <expression>
>>>>>>>> <assignmentTargetSearch
>>>>>>>> xsi:type="c:SearchObjectRefExpressionEvaluatorType">
>>>>>>>> <targetType>c:OrgType</targetType>
>>>>>>>> <filter>
>>>>>>>> <q:equal>
>>>>>>>> <q:path>org_id</q:path>
>>>>>>>> <expression>
>>>>>>>> <script>
>>>>>>>> <code>parent_id</code>
>>>>>>>> </script>
>>>>>>>> </expression>
>>>>>>>> </q:equal>
>>>>>>>> </filter>
>>>>>>>> </assignmentTargetSearch>
>>>>>>>> </expression>
>>>>>>>> <target>
>>>>>>>> <c:path>$focus/assignment</c:path>
>>>>>>>> </target>
>>>>>>>> </populateItem>
>>>>>>>> </populateObject>
>>>>>>>> </assignmentTargetSearch>
>>>>>>>> </expression>
>>>>>>>> <target>
>>>>>>>> <c:path>$focus/assignment</c:path>
>>>>>>>> </target>
>>>>>>>> </mapping>
>>>>>>>>
>>>>>>>>
>>>>>>>> No organization came when I ran import task in this way. Task also
>>>>>>>> made a mistake
>>>>>>>>
>>>>>>>>
>>>>>>>> Failures (13):
>>>>>>>> 13: java.lang.RuntimeException: Couldn't find a proper data item to
>>>>>>>> query, given base entity Ent:ROrg (jaxb=OrgType) and this filter: EQUAL:
>>>>>>>> PATH: org_id
>>>>>>>> DEF: null
>>>>>>>> VALUE:
>>>>>>>> 700036 in (new) expression in assignment expression in expression
>>>>>>>> in mapping 'Add Organization' in template mapping 'Add Organization' in
>>>>>>>> objectTemplate:c0c010c0-d34d-b33f-f00d-777333333333(User
>>>>>>>> Template)(orgName=YÖNETİM MÜDÜRLÜĞÜ; org_id=700043;
>>>>>>>> parent_id=700036; ) in expression in mapping 'Add Organization' in template
>>>>>>>> mapping 'Add Organization' in
>>>>>>>> objectTemplate:c0c010c0-d34d-b33f-f00d-777333333333(User Template)
>>>>>>>>
>>>>>>>> Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 13 May
>>>>>>>> 2020 Çar, 11:02 tarihinde şunu yazdı:
>>>>>>>>
>>>>>>>>> Hi Merve,
>>>>>>>>>
>>>>>>>>> your organizations may have more than one parent? i guess no, that
>>>>>>>>> would make a very unusual organization structure.
>>>>>>>>>
>>>>>>>>> Suppose each midpoint organization has an id in extension/org_id
>>>>>>>>> and knows it's one and only parent id in extension/parent_id. Then a
>>>>>>>>> mapping like
>>>>>>>>>
>>>>>>>>> <mapping>
>>>>>>>>> <source>
>>>>>>>>> <path>$focus/*extension/parent_id*</path>
>>>>>>>>> </source>
>>>>>>>>> <expression>
>>>>>>>>> <assignmentTargetSearch>
>>>>>>>>> <targetType>c:OrgType</targetType>
>>>>>>>>> <filter>
>>>>>>>>> <q:equal>
>>>>>>>>> <q:path>*extension/org_id*</q:path>
>>>>>>>>> <expression>
>>>>>>>>> <script><code>*parent_id*
>>>>>>>>> </code></script>
>>>>>>>>> </expression>
>>>>>>>>> </q:equal>
>>>>>>>>> </filter>
>>>>>>>>> </assignmentTargetSearch>
>>>>>>>>> </expression>
>>>>>>>>> <*target*>
>>>>>>>>> <path>$focus/*assignment*</path>
>>>>>>>>> </target>
>>>>>>>>> </mapping>
>>>>>>>>>
>>>>>>>>> in organization template assigns the organization as a member in
>>>>>>>>> *existing* parent organization. When you reconcile your
>>>>>>>>> organizations in a random order and not in parent-first-child-next order
>>>>>>>>> (as you do), the parent organization may not be created yet, the mapping
>>>>>>>>> can't find the parent and child organizations keep dangling in the air
>>>>>>>>> (visible as many fake 'root' orgs in gui). That's why you need to recompute
>>>>>>>>> all the orgs one more time when all parent orgs are guaranteed they exist -
>>>>>>>>> after reconciling them first.
>>>>>>>>>
>>>>>>>>> I checked briefly your org template and you seem to mix parent and
>>>>>>>>> child ids sometimes, e.g. the 'Add Organization' mapping tries to assign
>>>>>>>>> parents (i guess) by this filter
>>>>>>>>>
>>>>>>>>> <filter>
>>>>>>>>> <q:equal>
>>>>>>>>> <q:path>c:identifier</q:path>
>>>>>>>>> <expression>
>>>>>>>>> <script>
>>>>>>>>> <code>*org_id*</code>
>>>>>>>>> </script>
>>>>>>>>> </expression>
>>>>>>>>> </q:equal>
>>>>>>>>> </filter>
>>>>>>>>>
>>>>>>>>> where org_id is extension/identifier. Shouldn't you be comparing
>>>>>>>>> *parent_id* instead? You seem to be on the right path in the end
>>>>>>>>> .)
>>>>>>>>>
>>>>>>>>> arnost
>>>>>>>>>
>>>>>>>>> út 12. 5. 2020 v 21:26 odesílatel mceylan <mrveceylan at gmail.com>
>>>>>>>>> napsal:
>>>>>>>>>
>>>>>>>>>> Hi Arnost,
>>>>>>>>>>
>>>>>>>>>> Hi, do I have to define all parent ones in filter one by one?
>>>>>>>>>> What will be added later? and how can I do this?
>>>>>>>>>>
>>>>>>>>>> Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>, 12
>>>>>>>>>> May 2020 Sal, 20:03 tarihinde şunu yazdı:
>>>>>>>>>>
>>>>>>>>>>> Hi Merve,
>>>>>>>>>>>
>>>>>>>>>>> you may load the parent org id to each organization in midpoint
>>>>>>>>>>> with ordinary resource inbound mapping to an extension attribute. Then
>>>>>>>>>>> create the assignment from organization to it's parent org in org template
>>>>>>>>>>> by using the parent id in the filter, like this
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> https://wiki.evolveum.com/display/midPoint/Automatic+Role+Assignment+HOWTO
>>>>>>>>>>>
>>>>>>>>>>> Do the same for users and their parent orgs.
>>>>>>>>>>>
>>>>>>>>>>> During the first organization import the parent org may not
>>>>>>>>>>> exist yet (it may be processed and created after the child org), thats why
>>>>>>>>>>> you need to recompute the orgs second time to get all parent assignments
>>>>>>>>>>> working.
>>>>>>>>>>>
>>>>>>>>>>> good luck
>>>>>>>>>>>
>>>>>>>>>>> arnost
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> út 12. 5. 2020 v 16:33 odesílatel mceylan <mrveceylan at gmail.com>
>>>>>>>>>>> napsal:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Gustav, Thanks for your answer
>>>>>>>>>>>>
>>>>>>>>>>>> It did not improve when I imported twice. I didn't understand
>>>>>>>>>>>> that. There are users in the database table and there is also identifier
>>>>>>>>>>>> and parent information in their information. Users are sorted, for example,
>>>>>>>>>>>> by employeeNumber. But unfortunately, the organization name, identifier and
>>>>>>>>>>>> parent_id in their columns are not sequential. What do I have to do in this
>>>>>>>>>>>> situation?
>>>>>>>>>>>>
>>>>>>>>>>>> Pálos Gustáv <gustav.palos at gmail.com>, 12 May 2020 Sal, 16:57
>>>>>>>>>>>> tarihinde şunu yazdı:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi mceylan,
>>>>>>>>>>>>>
>>>>>>>>>>>>> You need organizations in right order (from bottom to top),
>>>>>>>>>>>>> and I prefer not using createOnDemand, just create orgs with
>>>>>>>>>>>>> linked shadows & strong assignmentTargetSearch.
>>>>>>>>>>>>> If you have in wrong order, you need to import "twice", first
>>>>>>>>>>>>> just create orgs and assign what you already have, and on second round
>>>>>>>>>>>>> create assignments to missing parents from first run.
>>>>>>>>>>>>>
>>>>>>>>>>>>> best regards,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Gustav
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ut 12. 5. 2020 o 15:15 mceylan <mrveceylan at gmail.com>
>>>>>>>>>>>>> napísal(a):
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I made it as the attached source. I added the user template
>>>>>>>>>>>>>> in the file. This way the organizational tree is created, but parent_id and
>>>>>>>>>>>>>> identifier get mixed. So some don't occur under child parent. It occurs as
>>>>>>>>>>>>>> a side tab. I couldn't figure it out.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal, 15:57
>>>>>>>>>>>>>> tarihinde şunu yazdı:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> nothing special. Just use them as AccountObjectClass from
>>>>>>>>>>>>>>> the connector and link them to corresponding objects in midPoint (e.g.
>>>>>>>>>>>>>>> Organizations).
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ivan
>>>>>>>>>>>>>>> On 12. 5. 2020 14:55, mceylan wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks for the answer, Ivan. So what should I do to pull the
>>>>>>>>>>>>>>> organizational units from DB Table resource and create and synchronize the
>>>>>>>>>>>>>>> organization tree in midpoint according to parent id and identifier?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ivan Noris <ivan.noris at evolveum.com>, 12 May 2020 Sal,
>>>>>>>>>>>>>>> 14:30 tarihinde şunu yazdı:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I think DB Table connector supports only AccountObjectClass.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Ivan
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 12. 5. 2020 13:06, mceylan wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I get the following error when I set
>>>>>>>>>>>>>>>> CustomorganizationalUnitObjectClass as database resorce object class. What
>>>>>>>>>>>>>>>> would be the reason?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Error:No objectclass specified and no default can be
>>>>>>>>>>>>>>>> determined
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <default>true</default>
>>>>>>>>>>>>>>>> When I do, I get the following error.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Internal error: Got unexpected exception:
>>>>>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an Account
>>>>>>>>>>>>>>>> ObjectClass.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <schemaHandling>
>>>>>>>>>>>>>>>> <objectType id="1">
>>>>>>>>>>>>>>>> <kind>generic</kind>
>>>>>>>>>>>>>>>> <default>false</default>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <objectClass>ri:CustomorganizationalUnitObjectClass</objectClass>
>>>>>>>>>>>>>>>> <attribute id="2">
>>>>>>>>>>>>>>>> <c:ref>icfs:uid</c:ref>
>>>>>>>>>>>>>>>> <displayName>Entry UUID</displayName>
>>>>>>>>>>>>>>>> <limitations>
>>>>>>>>>>>>>>>> <access>
>>>>>>>>>>>>>>>> <read>true</read>
>>>>>>>>>>>>>>>> </access>
>>>>>>>>>>>>>>>> </limitations>
>>>>>>>>>>>>>>>> </attribute>
>>>>>>>>>>>>>>>> <attribute id="3">
>>>>>>>>>>>>>>>> <c:ref>icfs:name</c:ref>
>>>>>>>>>>>>>>>> <displayName>Name</displayName>
>>>>>>>>>>>>>>>> <limitations>
>>>>>>>>>>>>>>>> <minOccurs>0</minOccurs>
>>>>>>>>>>>>>>>> <access>
>>>>>>>>>>>>>>>> <read>true</read>
>>>>>>>>>>>>>>>> <add>true</add>
>>>>>>>>>>>>>>>> <modify>true</modify>
>>>>>>>>>>>>>>>> </access>
>>>>>>>>>>>>>>>> </limitations>
>>>>>>>>>>>>>>>> <inbound id="24">
>>>>>>>>>>>>>>>> <target>
>>>>>>>>>>>>>>>> <c:path>$user/employeeNumber</c:path>
>>>>>>>>>>>>>>>> </target>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> <inbound id="43">
>>>>>>>>>>>>>>>> <target>
>>>>>>>>>>>>>>>> <c:path>$user/name</c:path>
>>>>>>>>>>>>>>>> </target>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> </attribute>
>>>>>>>>>>>>>>>> <attribute id="15">
>>>>>>>>>>>>>>>> <c:ref>ri:parent_id</c:ref>
>>>>>>>>>>>>>>>> <inbound id="16">
>>>>>>>>>>>>>>>> <target>
>>>>>>>>>>>>>>>> <c:path>$user/extension/parent_id</c:path>
>>>>>>>>>>>>>>>> </target>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> </attribute>
>>>>>>>>>>>>>>>> <attribute id="37">
>>>>>>>>>>>>>>>> <c:ref>ri:identifier</c:ref>
>>>>>>>>>>>>>>>> <inbound id="39">
>>>>>>>>>>>>>>>> <target>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <c:path>$user/extension/identifier</c:path>
>>>>>>>>>>>>>>>> </target>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> </attribute>
>>>>>>>>>>>>>>>> <attribute id="32">
>>>>>>>>>>>>>>>> <c:ref>ri:organization_name</c:ref>
>>>>>>>>>>>>>>>> <inbound id="33">
>>>>>>>>>>>>>>>> <target>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <c:path>$user/extension/organizationname</c:path>
>>>>>>>>>>>>>>>> </target>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> </attribute>
>>>>>>>>>>>>>>>> <activation>
>>>>>>>>>>>>>>>> <administrativeStatus>
>>>>>>>>>>>>>>>> <outbound id="5"/>
>>>>>>>>>>>>>>>> <inbound id="6">
>>>>>>>>>>>>>>>> <strength>weak</strength>
>>>>>>>>>>>>>>>> </inbound>
>>>>>>>>>>>>>>>> </administrativeStatus>
>>>>>>>>>>>>>>>> </activation>
>>>>>>>>>>>>>>>> </objectType>
>>>>>>>>>>>>>>>> </schemaHandling>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Ivan Noris
>>>>>>>>>>>>>>>> Senior Identity Engineerevolveum.com
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Merve CEYLAN
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Ivan Noris
>>>>>>>>>>>>>>> Senior Identity Engineerevolveum.com
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Merve CEYLAN
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> s pozdravom
>>>>>>>>>>>>>
>>>>>>>>>>>>> Gustáv Pálos
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Merve CEYLAN
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> *Arnošt Starosta*
>>>>>>>>>>> solution architect
>>>>>>>>>>>
>>>>>>>>>>> gsm: [+420] 603 794 932
>>>>>>>>>>> e‑mail: arnost.starosta at ami.cz
>>>>>>>>>>>
>>>>>>>>>>> *AMI Praha a.s.*
>>>>>>>>>>> Pláničkova 11, 162 00 Praha 6
>>>>>>>>>>>
>>>>>>>>>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>>>>>>>>>
>>>>>>>>>>> [image: AMI Praha a.s.]
>>>>>>>>>>>
>>>>>>>>>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít
>>>>>>>>>>> ani neuzavírá za společnost AMI Praha a.s.
>>>>>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>>>>>> výhradně písemnou formu.
>>>>>>>>>>>
>>>>>>>>>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů
>>>>>>>>>>> a může obsahovat důvěrné nebo osobní
>>>>>>>>>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>>>>>>>>>> zveřejňování, zprostředkování
>>>>>>>>>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>>>>>>>>>> neoprávněně, informujte o tom prosím
>>>>>>>>>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu
>>>>>>>>>>> včetně všech jeho příloh. Nakládáním
>>>>>>>>>>> s neoprávněně získanými informacemi se vystavujete riziku
>>>>>>>>>>> právního postihu.
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> midPoint mailing list
>>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Merve CEYLAN
>>>>>>>>>> _______________________________________________
>>>>>>>>>> midPoint mailing list
>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> *Arnošt Starosta*
>>>>>>>>> solution architect
>>>>>>>>>
>>>>>>>>> gsm: [+420] 603 794 932
>>>>>>>>> e‑mail: arnost.starosta at ami.cz
>>>>>>>>>
>>>>>>>>> *AMI Praha a.s.*
>>>>>>>>> Pláničkova 11, 162 00 Praha 6
>>>>>>>>>
>>>>>>>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>>>>>>>
>>>>>>>>> [image: AMI Praha a.s.]
>>>>>>>>>
>>>>>>>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>>>> za společnost AMI Praha a.s.
>>>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>>>> výhradně písemnou formu.
>>>>>>>>>
>>>>>>>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>>>>>>>> obsahovat důvěrné nebo osobní
>>>>>>>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>>>>>>>> zveřejňování, zprostředkování
>>>>>>>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>>>>>>>> neoprávněně, informujte o tom prosím
>>>>>>>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu
>>>>>>>>> včetně všech jeho příloh. Nakládáním
>>>>>>>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>>>>>>>> postihu.
>>>>>>>>> _______________________________________________
>>>>>>>>> midPoint mailing list
>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Merve CEYLAN
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Arnošt Starosta*
>>>>>>> solution architect
>>>>>>>
>>>>>>> gsm: [+420] 603 794 932
>>>>>>> e‑mail: arnost.starosta at ami.cz
>>>>>>>
>>>>>>> *AMI Praha a.s.*
>>>>>>> Pláničkova 11, 162 00 Praha 6
>>>>>>>
>>>>>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>>>>>
>>>>>>> [image: AMI Praha a.s.]
>>>>>>>
>>>>>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>> za společnost AMI Praha a.s.
>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>> výhradně písemnou formu.
>>>>>>>
>>>>>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>>>>>> obsahovat důvěrné nebo osobní
>>>>>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>>>>>> zveřejňování, zprostředkování
>>>>>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>>>>>> neoprávněně, informujte o tom prosím
>>>>>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>>>>>> všech jeho příloh. Nakládáním
>>>>>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>>>>>> postihu.
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>
>>>>>>
>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Bez
>>>>>> virů. www.avast.com
>>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>>>>>> <#m_-6442713081876663117_m_7176348392288216995_m_-7547626413580072640_m_6196740476173370635_m_1351162053854177239_m_-769752199588538615_m_7905686014798021229_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>
>>>>
>>>> --
>>>> Merve CEYLAN
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>
>>>
>>> --
>>>
>>> *Arnošt Starosta*
>>> solution architect
>>>
>>> gsm: [+420] 603 794 932
>>> e‑mail: arnost.starosta at ami.cz
>>>
>>> *AMI Praha a.s.*
>>> Pláničkova 11, 162 00 Praha 6
>>>
>>> tel.: [+420] 274 783 239 | web: www.ami.cz
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>>> za společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>>> obsahovat důvěrné nebo osobní
>>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>>> zveřejňování, zprostředkování
>>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>>> neoprávněně, informujte o tom prosím
>>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>>> všech jeho příloh. Nakládáním
>>> s neoprávněně získanými informacemi se vystavujete riziku právního
>>> postihu.
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>
>>
>> --
>> Merve CEYLAN
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
--
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200514/f6595449/attachment.htm>
More information about the midPoint
mailing list