[midPoint] Exit correlation rule instead of return empty

Laza, Javier Javier.Laza at ingrammicro.com
Fri Oct 30 13:58:55 CET 2020


Hello,

Thanks for your answer. What you propose is what I finally did and it works. Not the fancier solution but well, it works at least


Regards,

Javier Laza
Cloud Security Operations 
(o) +34 942.247.600 EXT: 2100 
Plaza de Manuel Llano, Santander, Spain, 39011


Twitter | LinkedIn | Facebook | YouTube  

This email may contain material that is confidential, and proprietary to Ingram Micro and subsidiaries, for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.

-----Original Message-----
From: František Dvořák <valtri at civ.zcu.cz> 
Sent: jueves, 22 de octubre de 2020 13:50
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Laza, Javier <Javier.Laza at ingrammicro.com>
Subject: Re: [midPoint] Exit correlation rule instead of return empty

Hello,

you could return some value, where it is ensured, it can't be used in any user, like:

  return "-UNKNOWN-";

Not sure if there is some best practice or other recommendation.

  František

Laza, Javier via midPoint píše v Čt 22. 10. 2020 v 09:17 +0000:
> Hello folks
>  
> I have a OR correlation rule against an AD system that performs two 
> verifications and works fine. I want to also add a new one that checks 
> if the email of the account matches with any user email address
>  
> The problem I am facing is that some accounts doesn’t have an email 
> account, so I am getting a DISPUTED status, I think this is because it 
> is returning an empty string or something like that and there are some 
> users without an email as well, so Midpoint thinks several users 
> matches the rule
>  
> I am checking if the account’s email is empty and if so, then I return 
> the email address (see the code below). Otherwise I don’t want to 
> return anything. I was thinking about setting a condition, but 
> Midpoint complains when I try to use a <condition> tag inside the 
> <q:equal> tag
>  
> <correlation>
>  
>                 <q:or>
>                     <q:equal>
>                              --- Verification 1
>                     </q:equal>
>  
>                     <q:equal>
>                            --- Verification 2
>                     </q:equal>
>  
>  
>                     <q:equal>
>                         <q:path xmlns:c="
> https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.
> com_xml_ns_public_common_common-2D3&d=DwIDaQ&c=--1RjWWBW4Kf6aBAaj53vPI
> twfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=P
> cmy6eVF2c0WhBVbuIlJRkuynmAMTo_sUarK_Ko74us&s=k6oIdAcW7wAsC1GFXB7Eu5AoZ
> FQ7kEg4485lmY0MfxE&e= ">c:emailAddress</q:path
> >
>                         <expression>
>                             <script xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance" xmlns:c="
> https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwIDaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=Pcmy6eVF2c0WhBVbuIlJRkuynmAMTo_sUarK_Ko74us&s=k6oIdAcW7wAsC1GFXB7Eu5AoZFQ7kEg4485lmY0MfxE&e= "
> xsi:type="c:ScriptExpressionEvaluatorType">
>                                 <code>
>                                    def mail = 
> basic.getAttributeValue(shadow, 'mail')
>                                    if(mail != null){
>                                         log.info("The email is
> {}",mail)
>                                         mail
>                                    }else{
>                                         log.info(“The email attribute 
> is empty")
>                                    }
>                                  </code>
>                             </script>
>                         </expression>
>                     </q:equal>
>  
>                 </q:or>
>             </correlation>
>  
>  
> Regards
> 
> La información contenida en este mensaje es confidencial. En caso de 
> que reciba este mensaje por error le rogamos lo comunique a la mayor 
> brevedad al emisor y proceda a su eliminación definitiva, 
> absteniéndose de copiar, almacenar o difundir su contenido. De acuerdo 
> con lo establecido en la Ley Orgánica 15/1999, de Protección de Datos 
> de Carácter Personal y en el Reglamento de Desarrollo 1720/2007, los 
> datos personales que facilite a través de la dirección de correo 
> indicada serán incorporados a un fichero titularidad de INGRAM MICRO, 
> S.L.U., con domicilio en C/ Antonio Machado, 78-80 1ª y 2ª pl. 
> Business Park ( 08840-Viladecans). Mediante el envío de sus datos, Ud. 
> otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para el 
> tratamiento de sus datos, con la finalidad de atender a su consulta 
> y/o mantener la relación profesional, comercial, y/o contractual que 
> en su caso establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus 
> derechos de acceso, rectificación, cancelación y oposición 
> notificándolo por escrito a la dirección del remitente, o a la 
> siguiente dirección de correo nuevascuentas at ingrammicro.es. De acuerdo 
> con la Ley 34/2002, de Servicios de la Sociedad de la Información y de 
> Comercio Electrónico, Vd. podrá oponerse en cualquier momento al 
> tratamiento de sus datos con fines promocionales notificándonoslo por 
> escrito a la dirección de correo mencionada.
> .....................................................................
> .....................................................................
> .....................................................................
> ..................................
> The information contained in this message is confidential. If you 
> receive this message by error please notify it as soon as possible to 
> the sender and proceed to their final elimination by not copy, store 
> or distribute its content. In accordance of what is stated in the Law 
> 15/1999, of Data Personal Protection and Regulation Rule 1720/2007, 
> the personal data provided through the email address you entered will 
> be included in a file owned by INGRAM MICRO, SLU, located at C/ 
> Antonio Machado, 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans).
> By submitting your data, you expressly give your consent to INGRAM 
> MICRO, SLU, to the treatment of your data, in order to answer to your 
> questions and / or keep the professional, commercial relationship and 
> / or contractual set with INGRAM MICRO, SLU You can exercise your 
> rights of access, rectification, cancellation and opposition by giving 
> written notification to the sender address or to  the following email:  
> nuevascuentas at ingrammicro.es. According to Law 34/2002, of the 
> Information Society and Electronic Commerce, you may object at any 
> time to your data treatment for promotional purposes by notifying us 
> in writing to the email address above.
> [Ingram_2818e5de]
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.co
> m_mailman_listinfo_midpoint&d=DwIDaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=0OeKN_TS34QS-SJXC_YJThvidGwk12Q2O3mVC4v6a-g&m=Pcmy6eVF2c0WhBVbuIlJRkuynmAMTo_sUarK_Ko74us&s=9g5n8eN1ZbGFIXPwnHnQkPfxZLjvFxyy-MQr3PnQAVk&e=



More information about the midPoint mailing list