[midPoint] Problem with correlation and external attribute
Ivan Noris
ivan.noris at evolveum.com
Fri Sep 25 10:10:04 CEST 2020
Hi Andrea,
can you try searching by that extension attribute in midPoint using
Query playground?
Ivan
On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:
>
> Hi again,
>
>
>
> I also tried @Ethan Kromhout <mailto:kromhout at unc.edu>’s example, but
> it still gives me the two errors I showed you in the previous mail.
>
> I probably did something wrong in the setting, below how I set it all up:
>
>
>
> this is my extension_user_field schema namespace:
>
>
>
> <xsd:schema elementFormDefault=/"qualified"/
>
>
> targetNamespace=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>
>
> xmlns:tns=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>
>
> xmlns:a=/"http://prism.evolveum.com/xml/ns/public/annotation-3"/
>
>
> xmlns:c=/"http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>
> xmlns:xsd=/"http://www.w3.org/2001/XMLSchema"/>
>
>
>
> here the indexed attribute:
>
>
>
> <xsd:element name=/"uidLDAP"/ type=/"xsd:string"/ minOccurs=/"0"/
> maxOccurs=/"1"/>
>
> <xsd:annotation>
>
> <xsd:appinfo>
>
> <a:indexed>true</a:indexed>
>
> <a:displayName>LDAP UID</a:displayName>
>
> <a:displayOrder>550</a:displayOrder>
>
> <a:help>UID from LDAP</a:help>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
>
>
> here instead the correlation that I have tried, starting from what you
> have seen above:
>
>
>
> <correlation>
>
> <q:equal>
>
> <q:path
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">extension/uidLDAP</q:path>
>
> <expression>
>
> <path
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>
> declare namespace
> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
>
> $projection/attributes/ri:sAMAccountName
>
> </path>
>
> </expression>
>
> </q:equal>
>
> </correlation>
>
>
>
> Could you tell me where I'm wrong?
>
>
>
> Thank you,
>
> Andrea
>
>
>
> *From:*midPoint <midpoint-bounces at lists.evolveum.com> *On Behalf Of
> *Ethan Kromhout via midPoint
> *Sent:* Wednesday, September 23, 2020 3:12 PM
> *To:* midpoint at lists.evolveum.com
> *Cc:* Ethan Kromhout <kromhout at unc.edu>
> *Subject:* Re: [midPoint] Problem with correlation and external attribute
>
>
>
> I have used an extension attribute in a similar way, though it wasn't
> with AD. In my case I explicitly called out the namespace of the
> custom schema, not sure if that was required, but it works okay. Do
> note that the custom attribute must be indexed.
>
> In my schema I have the namespace and indexed attribute, note the
> "targetNamespace":
>
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <xsd:schema elementFormDefault="qualified"
> targetNamespace="http://unc.edu/xml/ns/uncPerson"
> <http://unc.edu/xml/ns/uncPerson>
> xmlns:tns="http://example.com/xml/ns/mySchema"
> <http://example.com/xml/ns/mySchema>
>
> xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
> <http://prism.evolveum.com/xml/ns/public/annotation-3>
>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> <http://www.w3.org/2001/XMLSchema>>
>
> <xsd:element name="subId" type="xsd:string" minOccurs="0"
> maxOccurs="1">
> <xsd:annotation>
> <xsd:appinfo>
> <a:indexed>true</a:indexed>
> <a:displayName>subId</a:displayName>
> <a:help>Subject ID</a:help>
> <a:displayOrder>150</a:displayOrder>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
>
> Then in the correlation I reference that namespace as uncPerson:
>
> <correlation>
> <q:equal>
> <q:path
> xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"
> <http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
> <expression>
> <path
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
> declare namespace
> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
> $account/attributes/ri:pid
> </path>
> </expression>
> </q:equal>
> </correlation>
>
> Ethan
>
> On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
>
> Hi all,
>
>
>
> I have a problem for which I have searched for a solution
> everywhere, but I couldn’t find anything: I am making a
> correlation between an extended attribute present in the user in
> midpoint (*/uidLDAP/*) and the */sAMAccountName/* attribute of an
> AD account that I need to import.
>
> below, you can see one of the tests made (of the many)
>
>
>
>
>
> but this does not give me any errors, it just tells me that the
> correlation has reported an unmatched:
>
>
>
>
>
>
>
> But if I try to force the correlation by choosing the "change
> owner" option and going to grab the correct user by hand in
> midpoint, it works
>
>
>
>
>
> So i think the problem comes from the attribute path on midpoint
> (the extended one):
>
>
>
>
>
> Has anyone already tried to use an extended attribute in the first
> correlation path?
>
> Could you help me?
>
>
>
> Thank you and regards,
>
>
>
>
>
> *Andrea Picconi*
>
> /IAM (Identity Access Management)/
>
>
> Innovery
> Skype: precons
> T: +39 06 51963439 (int. 196)
>
> Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori,
> 20057 Assago (MI).
> www.innovery.net <http://www.innovery.net/> | T: +39 06 519 63 439
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/79857f2a/attachment-0004.png>
More information about the midPoint
mailing list