[midPoint] Problem with correlation and external attribute
Ethan Kromhout
kromhout at unc.edu
Fri Sep 25 11:25:08 CEST 2020
Ivan and Andrea,
Is it problematic that the targetNamespace used in this extension could
collide with one of the midPoint provided ones? I've always use a URN
unique to my organization.
Ethan
On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:
>
> Hi Andrea,
>
> can you try searching by that extension attribute in midPoint using
> Query playground?
>
> Ivan
>
> On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:
>>
>> Hi again,
>>
>> I also tried @Ethan Kromhout <mailto:kromhout at unc.edu>’s example, but
>> it still gives me the two errors I showed you in the previous mail.
>>
>> I probably did something wrong in the setting, below how I set it all up:
>>
>> this is my extension_user_field schema namespace:
>>
>> <xsd:schema elementFormDefault=/"qualified"/
>>
>> targetNamespace=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>>
>>
>> xmlns:tns=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>>
>>
>> xmlns:a=/"http://prism.evolveum.com/xml/ns/public/annotation-3"/
>>
>>
>> xmlns:c=/"http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>>
>> xmlns:xsd=/"http://www.w3.org/2001/XMLSchema"/>
>>
>> here the indexed attribute:
>>
>> <xsd:element name=/"uidLDAP"/ type=/"xsd:string"/ minOccurs=/"0"/
>> maxOccurs=/"1"/>
>>
>> <xsd:annotation>
>>
>> <xsd:appinfo>
>>
>> <a:indexed>true</a:indexed>
>>
>> <a:displayName>LDAP UID</a:displayName>
>>
>> <a:displayOrder>550</a:displayOrder>
>>
>> <a:help>UID from LDAP</a:help>
>>
>> </xsd:appinfo>
>>
>> </xsd:annotation>
>>
>> </xsd:element>
>>
>> here instead the correlation that I have tried, starting from what
>> you have seen above:
>>
>> <correlation>
>>
>> <q:equal>
>>
>> <q:path
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">extension/uidLDAP</q:path>
>>
>> <expression>
>>
>> <path
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>>
>> declare namespace
>> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
>>
>> $projection/attributes/ri:sAMAccountName
>>
>> </path>
>>
>> </expression>
>>
>> </q:equal>
>>
>> </correlation>
>>
>> Could you tell me where I'm wrong?
>>
>> Thank you,
>>
>> Andrea
>>
>> *From:*midPoint <midpoint-bounces at lists.evolveum.com> *On Behalf Of
>> *Ethan Kromhout via midPoint
>> *Sent:* Wednesday, September 23, 2020 3:12 PM
>> *To:* midpoint at lists.evolveum.com
>> *Cc:* Ethan Kromhout <kromhout at unc.edu>
>> *Subject:* Re: [midPoint] Problem with correlation and external attribute
>>
>> I have used an extension attribute in a similar way, though it wasn't
>> with AD. In my case I explicitly called out the namespace of the
>> custom schema, not sure if that was required, but it works okay. Do
>> note that the custom attribute must be indexed.
>>
>> In my schema I have the namespace and indexed attribute, note the
>> "targetNamespace":
>>
>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>> <xsd:schema elementFormDefault="qualified"
>> targetNamespace="http://unc.edu/xml/ns/uncPerson"
>> <http://unc.edu/xml/ns/uncPerson>
>> xmlns:tns="http://example.com/xml/ns/mySchema"
>> <http://example.com/xml/ns/mySchema>
>>
>> xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
>> <http://prism.evolveum.com/xml/ns/public/annotation-3>
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> <http://www.w3.org/2001/XMLSchema>>
>>
>> <xsd:element name="subId" type="xsd:string" minOccurs="0"
>> maxOccurs="1">
>> <xsd:annotation>
>> <xsd:appinfo>
>> <a:indexed>true</a:indexed>
>> <a:displayName>subId</a:displayName>
>> <a:help>Subject ID</a:help>
>> <a:displayOrder>150</a:displayOrder>
>> </xsd:appinfo>
>> </xsd:annotation>
>> </xsd:element>
>>
>> Then in the correlation I reference that namespace as uncPerson:
>>
>> <correlation>
>> <q:equal>
>> <q:path
>> xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"
>> <http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
>> <expression>
>> <path
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
>> declare namespace
>> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
>> $account/attributes/ri:pid
>> </path>
>> </expression>
>> </q:equal>
>> </correlation>
>>
>> Ethan
>>
>> On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
>>
>> Hi all,
>>
>> I have a problem for which I have searched for a solution
>> everywhere, but I couldn’t find anything: I am making a
>> correlation between an extended attribute present in the user in
>> midpoint (*/uidLDAP/*) and the */sAMAccountName/* attribute of an
>> AD account that I need to import.
>>
>> below, you can see one of the tests made (of the many)
>>
>> but this does not give me any errors, it just tells me that the
>> correlation has reported an unmatched:
>>
>> But if I try to force the correlation by choosing the "change
>> owner" option and going to grab the correct user by hand in
>> midpoint, it works
>>
>> So i think the problem comes from the attribute path on midpoint
>> (the extended one):
>>
>> Has anyone already tried to use an extended attribute in the
>> first correlation path?
>>
>> Could you help me?
>>
>> Thank you and regards,
>>
>> *Andrea Picconi*
>>
>> /IAM (Identity Access Management)/
>>
>>
>> Innovery
>> Skype: precons
>> T: +39 06 51963439 (int. 196)
>>
>> Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori,
>> 20057 Assago (MI).
>> www.innovery.net <http://www.innovery.net/> | T: +39 06 519 63 439
>>
>>
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/20127a3c/attachment-0004.png>
More information about the midPoint
mailing list