[midPoint] Problem with correlation and external attribute

Andrea Picconi andrea.picconi at innovery.net
Fri Sep 25 12:44:39 CEST 2020


Hi,

thank you for your help Ivan.
I need some clarification regarding the personal “targetNamespace”: how can I generate a custom one that is good for my usage (like the ones I saw from your example and Ethan’s)?

Forgive me if the question may seem silly, but this is the first time I’m working on something like this 😊

Thank you and regards,
Andrea

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Ivan Noris via midPoint
Sent: Friday, September 25, 2020 12:12 PM
To: midpoint at lists.evolveum.com
Cc: Ivan Noris <ivan.noris at evolveum.com>
Subject: Re: [midPoint] Problem with correlation and external attribute


Hi Andrea,

take an inspiration from e.g. https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd

See targetNamespace and xmlns:tns definitions in <xsd:schema element.

Ivan
On 25. 9. 2020 11:50, Andrea Picconi via midPoint wrote:
Hi Ethan,

it's probably just that ... I'll try to find a way to create it myself, even if I don't know how.
Thanks again Ethan, thanks Ivan

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ethan Kromhout via midPoint
Sent: Friday, September 25, 2020 11:25 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Cc: Ethan Kromhout <kromhout at unc.edu><mailto:kromhout at unc.edu>
Subject: Re: [midPoint] Problem with correlation and external attribute


Ivan and Andrea,

Is it problematic that the targetNamespace used in this extension could collide with one of the midPoint provided ones? I've always use a URN unique to my organization.

Ethan
On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:

Hi Andrea,

can you try searching by that extension attribute in midPoint using Query playground?

Ivan
On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:
Hi again,

I also tried @Ethan Kromhout<mailto:kromhout at unc.edu>’s example, but it still gives me the two errors I showed you in the previous mail.
I probably did something wrong in the setting, below how I set it all up:

this is my extension_user_field schema namespace:

<xsd:schema elementFormDefault="qualified"
                    targetNamespace="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
            xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
            xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"<http://prism.evolveum.com/xml/ns/public/annotation-3>
            xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
            xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>>

here the indexed attribute:

<xsd:element name="uidLDAP" type="xsd:string" minOccurs="0" maxOccurs="1">
                <xsd:annotation>
                    <xsd:appinfo>
                        <a:indexed>true</a:indexed>
                        <a:displayName>LDAP UID</a:displayName>
                        <a:displayOrder>550</a:displayOrder>
                          <a:help>UID from LDAP</a:help>
                    </xsd:appinfo>
                </xsd:annotation>
            </xsd:element>

here instead the correlation that I have tried, starting from what you have seen above:

<correlation>
    <q:equal>
        <q:path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>extension/uidLDAP</q:path>
        <expression>
            <path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
                declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
                $projection/attributes/ri:sAMAccountName
            </path>
        </expression>
    </q:equal>
</correlation>

Could you tell me where I'm wrong?

Thank you,
Andrea

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ethan Kromhout via midPoint
Sent: Wednesday, September 23, 2020 3:12 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Cc: Ethan Kromhout <kromhout at unc.edu><mailto:kromhout at unc.edu>
Subject: Re: [midPoint] Problem with correlation and external attribute


I have used an extension attribute in a similar way, though it wasn't with AD. In my case I explicitly called out the namespace of the custom schema, not sure if that was required, but it works okay. Do note that the custom attribute must be indexed.

In my schema I have the namespace and indexed attribute, note the "targetNamespace":

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsd:schema elementFormDefault="qualified"
            targetNamespace="http://unc.edu/xml/ns/uncPerson"<http://unc.edu/xml/ns/uncPerson>
            xmlns:tns="http://example.com/xml/ns/mySchema"<http://example.com/xml/ns/mySchema>
            xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"<http://prism.evolveum.com/xml/ns/public/annotation-3>
            xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
            xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>>

   <xsd:element name="subId" type="xsd:string" minOccurs="0" maxOccurs="1">
                <xsd:annotation>
                    <xsd:appinfo>
                        <a:indexed>true</a:indexed>
                        <a:displayName>subId</a:displayName>
                        <a:help>Subject ID</a:help>
                        <a:displayOrder>150</a:displayOrder>
                    </xsd:appinfo>
                </xsd:annotation>
            </xsd:element>

Then in the correlation I reference that namespace as uncPerson:

<correlation>
                <q:equal>
                    <q:path xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"<http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
                    <expression>
                        <path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
                            declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
                            $account/attributes/ri:pid
                        </path>
                    </expression>
                </q:equal>
            </correlation>

Ethan
On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
Hi all,

I have a problem for which I have searched for a solution everywhere, but I couldn’t find anything: I am making a correlation between an extended attribute present in the user in midpoint (uidLDAP) and the sAMAccountName attribute of an AD account that I need to import.
below, you can see one of the tests made (of the many)

[cid:image001.png at 01D69338.1961CDA0]

but this does not give me any errors, it just tells me that the correlation has reported an unmatched:

[cid:image002.png at 01D69338.1961CDA0] [cid:image003.jpg at 01D69338.1961CDA0]

But if I try to force the correlation by choosing the "change owner" option and going to grab the correct user by hand in midpoint, it works

[cid:image004.png at 01D69338.1961CDA0]

So i think the problem comes from the attribute path on midpoint (the extended one):

[cid:image005.png at 01D69338.1961CDA0]

Has anyone already tried to use an extended attribute in the first correlation path?
Could you help me?

Thank you and regards,


Andrea Picconi
IAM (Identity Access Management)




[Innovery]
Skype: precons
T:  +39 06 51963439 (int. 196)

Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori, 20057 Assago (MI).
www.innovery.net<http://www.innovery.net/> |  T: +39 06 519 63 439






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: image003.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: image005.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: image006.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/868ba309/attachment-0004.png>


More information about the midPoint mailing list