[midPoint] Problem with correlation and external attribute
Pavol Mederly
mederly at evolveum.com
Fri Sep 25 11:33:04 CEST 2020
Ethan!!!
You are a genius.
Of course it /is/ a problem. I was myself curious what the cause is but
had no time to look. And even if I did, most probably I wouldn't see it. :-D
Pavol Mederly
Software developer
evolveum.com
On 25/09/2020 11:25, Ethan Kromhout via midPoint wrote:
>
> Ivan and Andrea,
>
> Is it problematic that the targetNamespace used in this extension
> could collide with one of the midPoint provided ones? I've always use
> a URN unique to my organization.
>
> Ethan
>
> On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:
>>
>> Hi Andrea,
>>
>> can you try searching by that extension attribute in midPoint using
>> Query playground?
>>
>> Ivan
>>
>> On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:
>>>
>>> Hi again,
>>>
>>> I also tried @Ethan Kromhout <mailto:kromhout at unc.edu>’s example,
>>> but it still gives me the two errors I showed you in the previous mail.
>>>
>>> I probably did something wrong in the setting, below how I set it
>>> all up:
>>>
>>> this is my extension_user_field schema namespace:
>>>
>>> <xsd:schema elementFormDefault=/"qualified"/
>>>
>>> targetNamespace=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>>>
>>> xmlns:tns=/"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"/
>>>
>>>
>>> xmlns:a=/"http://prism.evolveum.com/xml/ns/public/annotation-3"/
>>>
>>>
>>> xmlns:c=/"http://midpoint.evolveum.com/xml/ns/public/common/common-3"/
>>>
>>> xmlns:xsd=/"http://www.w3.org/2001/XMLSchema"/>
>>>
>>> here the indexed attribute:
>>>
>>> <xsd:element name=/"uidLDAP"/ type=/"xsd:string"/ minOccurs=/"0"/
>>> maxOccurs=/"1"/>
>>>
>>> <xsd:annotation>
>>>
>>> <xsd:appinfo>
>>>
>>> <a:indexed>true</a:indexed>
>>>
>>> <a:displayName>LDAP UID</a:displayName>
>>>
>>> <a:displayOrder>550</a:displayOrder>
>>>
>>> <a:help>UID from LDAP</a:help>
>>>
>>> </xsd:appinfo>
>>>
>>> </xsd:annotation>
>>>
>>> </xsd:element>
>>>
>>> here instead the correlation that I have tried, starting from what
>>> you have seen above:
>>>
>>> <correlation>
>>>
>>> <q:equal>
>>>
>>> <q:path
>>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">extension/uidLDAP</q:path>
>>>
>>> <expression>
>>>
>>> <path
>>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
>>>
>>> declare namespace
>>> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
>>>
>>> $projection/attributes/ri:sAMAccountName
>>>
>>> </path>
>>>
>>> </expression>
>>>
>>> </q:equal>
>>>
>>> </correlation>
>>>
>>> Could you tell me where I'm wrong?
>>>
>>> Thank you,
>>>
>>> Andrea
>>>
>>> *From:*midPoint <midpoint-bounces at lists.evolveum.com> *On Behalf Of
>>> *Ethan Kromhout via midPoint
>>> *Sent:* Wednesday, September 23, 2020 3:12 PM
>>> *To:* midpoint at lists.evolveum.com
>>> *Cc:* Ethan Kromhout <kromhout at unc.edu>
>>> *Subject:* Re: [midPoint] Problem with correlation and external
>>> attribute
>>>
>>> I have used an extension attribute in a similar way, though it
>>> wasn't with AD. In my case I explicitly called out the namespace of
>>> the custom schema, not sure if that was required, but it works okay.
>>> Do note that the custom attribute must be indexed.
>>>
>>> In my schema I have the namespace and indexed attribute, note the
>>> "targetNamespace":
>>>
>>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
>>> <xsd:schema elementFormDefault="qualified"
>>> targetNamespace="http://unc.edu/xml/ns/uncPerson"
>>> <http://unc.edu/xml/ns/uncPerson>
>>> xmlns:tns="http://example.com/xml/ns/mySchema"
>>> <http://example.com/xml/ns/mySchema>
>>>
>>> xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
>>> <http://prism.evolveum.com/xml/ns/public/annotation-3>
>>>
>>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>> <http://www.w3.org/2001/XMLSchema>>
>>>
>>> <xsd:element name="subId" type="xsd:string" minOccurs="0"
>>> maxOccurs="1">
>>> <xsd:annotation>
>>> <xsd:appinfo>
>>> <a:indexed>true</a:indexed>
>>> <a:displayName>subId</a:displayName>
>>> <a:help>Subject ID</a:help>
>>> <a:displayOrder>150</a:displayOrder>
>>> </xsd:appinfo>
>>> </xsd:annotation>
>>> </xsd:element>
>>>
>>> Then in the correlation I reference that namespace as uncPerson:
>>>
>>> <correlation>
>>> <q:equal>
>>> <q:path
>>> xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"
>>> <http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
>>> <expression>
>>> <path
>>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
>>> declare namespace
>>> ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
>>> $account/attributes/ri:pid
>>> </path>
>>> </expression>
>>> </q:equal>
>>> </correlation>
>>>
>>> Ethan
>>>
>>> On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
>>>
>>> Hi all,
>>>
>>> I have a problem for which I have searched for a solution
>>> everywhere, but I couldn’t find anything: I am making a
>>> correlation between an extended attribute present in the user in
>>> midpoint (*/uidLDAP/*) and the */sAMAccountName/* attribute of
>>> an AD account that I need to import.
>>>
>>> below, you can see one of the tests made (of the many)
>>>
>>> but this does not give me any errors, it just tells me that the
>>> correlation has reported an unmatched:
>>>
>>> But if I try to force the correlation by choosing the "change
>>> owner" option and going to grab the correct user by hand in
>>> midpoint, it works
>>>
>>> So i think the problem comes from the attribute path on midpoint
>>> (the extended one):
>>>
>>> Has anyone already tried to use an extended attribute in the
>>> first correlation path?
>>>
>>> Could you help me?
>>>
>>> Thank you and regards,
>>>
>>> *Andrea Picconi*
>>>
>>> /IAM (Identity Access Management)/
>>>
>>>
>>> Innovery
>>> Skype: precons
>>> T: +39 06 51963439 (int. 196)
>>>
>>> Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori,
>>> 20057 Assago (MI).
>>> www.innovery.net <http://www.innovery.net/> | T: +39 06 519 63 439
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>> midPoint mailing list
>>>
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>> --
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/387dfa16/attachment-0004.png>
More information about the midPoint
mailing list