[midPoint] Problem with correlation and external attribute
chris at cmwoods.com
chris at cmwoods.com
Fri Sep 25 13:09:49 CEST 2020
Hi Andrea,
just be creative ;-). Here is a snippet from our user schema extension:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <xsd:schema elementFormDefault="qualified" targetNamespace="http://curms.rsint.net/xml/ns/curms/extension" xmlns:tns="http://curms.rsint.net/xml/ns/curms/extension" xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3" /> <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/types-3" /> <xsd:complexType name="UserExtensionType"> <xsd:annotation> <xsd:documentation> The R&S UserType Extension. This extends the standard midPoint UserType schema to include custom attributes as required. </xsd:documentation> <xsd:appinfo> <a:extension ref="c:UserType" /> </xsd:appinfo> </xsd:annotation> <xsd:sequence> <xsd:element name="rsUniqueId" type="xsd:string" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation> R&S Unique ID </xsd:documentation> <xsd:appinfo> <a:indexed>true</a:indexed> <a:displayName>user.hcm.uniqueid.disp</a:displayName> <a:displayOrder>100</a:displayOrder> <a:help>user.hcm.uniqueid.help</a:help> </xsd:appinfo> </xsd:annotation> </xsd:element>
Here we chose http://curms.rsint.net/xml/ns/curms/extension as the targetNamespace. We could have chosen anything really.
Regards,
Chris.
September 25, 2020 12:44 PM, "Andrea Picconi via midPoint" <midpoint at lists.evolveum.com (mailto:midpoint at lists.evolveum.com?to=%22Andrea%20Picconi%20via%20midPoint%22%20<midpoint at lists.evolveum.com>)> wrote:
Hi,
thank you for your help Ivan.
I need some clarification regarding the personal “targetNamespace”: how can I generate a custom one that is good for my usage (like the ones I saw from your example and Ethan’s)?
Forgive me if the question may seem silly, but this is the first time I’m working on something like this 😊
Thank you and regards,
Andrea
From: midPoint <midpoint-bounces at lists.evolveum.com (mailto:midpoint-bounces at lists.evolveum.com)> On Behalf Of Ivan Noris via midPoint
Sent: Friday, September 25, 2020 12:12 PM
To: midpoint at lists.evolveum.com (mailto:midpoint at lists.evolveum.com)
Cc: Ivan Noris <ivan.noris at evolveum.com (mailto:ivan.noris at evolveum.com)>
Subject: Re: [midPoint] Problem with correlation and external attribute
Hi Andrea,
take an inspiration from e.g. https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd (https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd)
See targetNamespace and xmlns:tns definitions in <xsd:schema element.
Ivan
On 25. 9. 2020 11:50, Andrea Picconi via midPoint wrote:
Hi Ethan,
it's probably just that ... I'll try to find a way to create it myself, even if I don't know how.
Thanks again Ethan, thanks Ivan
From: midPoint <midpoint-bounces at lists.evolveum.com> (mailto:midpoint-bounces at lists.evolveum.com) On Behalf Of Ethan Kromhout via midPoint
Sent: Friday, September 25, 2020 11:25 AM
To: midpoint at lists.evolveum.com (mailto:midpoint at lists.evolveum.com)
Cc: Ethan Kromhout <kromhout at unc.edu> (mailto:kromhout at unc.edu)
Subject: Re: [midPoint] Problem with correlation and external attribute
Ivan and Andrea,
Is it problematic that the targetNamespace used in this extension could collide with one of the midPoint provided ones? I've always use a URN unique to my organization.
Ethan
On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:
Hi Andrea,
can you try searching by that extension attribute in midPoint using Query playground?
Ivan
On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:
Hi again,
I also tried @Ethan Kromhout (mailto:kromhout at unc.edu)’s example, but it still gives me the two errors I showed you in the previous mail.
I probably did something wrong in the setting, below how I set it all up:
this is my extension_user_field schema namespace:
<xsd:schema elementFormDefault="qualified"
targetNamespace="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3)
xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3)
xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" (http://prism.evolveum.com/xml/ns/public/annotation-3)
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" (http://midpoint.evolveum.com/xml/ns/public/common/common-3)
xmlns:xsd="http://www.w3.org/2001/XMLSchema" (http://www.w3.org/2001/XMLSchema)>
here the indexed attribute:
<xsd:element name="uidLDAP" type="xsd:string" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>LDAP UID</a:displayName>
<a:displayOrder>550</a:displayOrder>
<a:help>UID from LDAP</a:help>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
here instead the correlation that I have tried, starting from what you have seen above:
<correlation>
<q:equal>
<q:path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3)>extension/uidLDAP</q:path>
<expression>
<path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3)>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3);
$projection/attributes/ri:sAMAccountName
</path>
</expression>
</q:equal>
</correlation>
Could you tell me where I'm wrong?
Thank you,
Andrea
From: midPoint <midpoint-bounces at lists.evolveum.com> (mailto:midpoint-bounces at lists.evolveum.com) On Behalf Of Ethan Kromhout via midPoint
Sent: Wednesday, September 23, 2020 3:12 PM
To: midpoint at lists.evolveum.com (mailto:midpoint at lists.evolveum.com)
Cc: Ethan Kromhout <kromhout at unc.edu> (mailto:kromhout at unc.edu)
Subject: Re: [midPoint] Problem with correlation and external attribute
I have used an extension attribute in a similar way, though it wasn't with AD. In my case I explicitly called out the namespace of the custom schema, not sure if that was required, but it works okay. Do note that the custom attribute must be indexed.
In my schema I have the namespace and indexed attribute, note the "targetNamespace":
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsd:schema elementFormDefault="qualified"
targetNamespace="http://unc.edu/xml/ns/uncPerson" (http://unc.edu/xml/ns/uncPerson)
xmlns:tns="http://example.com/xml/ns/mySchema" (http://example.com/xml/ns/mySchema)
xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" (http://prism.evolveum.com/xml/ns/public/annotation-3)
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" (http://midpoint.evolveum.com/xml/ns/public/common/common-3)
xmlns:xsd="http://www.w3.org/2001/XMLSchema" (http://www.w3.org/2001/XMLSchema)>
<xsd:element name="subId" type="xsd:string" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>subId</a:displayName>
<a:help>Subject ID</a:help>
<a:displayOrder>150</a:displayOrder>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Then in the correlation I reference that namespace as uncPerson:
<correlation>
<q:equal>
<q:path xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson" (http://unc.edu/xml/ns/uncPerson)>extension/uncPerson:subId</q:path>
<expression>
<path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3)>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3);
$account/attributes/ri:pid
</path>
</expression>
</q:equal>
</correlation>
Ethan
On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
Hi all,
I have a problem for which I have searched for a solution everywhere, but I couldn’t find anything: I am making a correlation between an extended attribute present in the user in midpoint (uidLDAP) and the sAMAccountName attribute of an AD account that I need to import.
below, you can see one of the tests made (of the many)
but this does not give me any errors, it just tells me that the correlation has reported an unmatched:
But if I try to force the correlation by choosing the "change owner" option and going to grab the correct user by hand in midpoint, it works
So i think the problem comes from the attribute path on midpoint (the extended one):
Has anyone already tried to use an extended attribute in the first correlation path?
Could you help me?
Thank you and regards,
Andrea Picconi
IAM (Identity Access Management)
Skype: precons
T: +39 06 51963439 (int. 196)
Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori, 20057 Assago (MI).
www.innovery.net (http://www.innovery.net/) | T: +39 06 519 63 439
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com (mailto:midPoint at lists.evolveum.com)
https://lists.evolveum.com/mailman/listinfo/midpoint (https://lists.evolveum.com/mailman/listinfo/midpoint)
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com (mailto:midPoint at lists.evolveum.com)
https://lists.evolveum.com/mailman/listinfo/midpoint (https://lists.evolveum.com/mailman/listinfo/midpoint)
--
Ivan Noris
Senior Identity Engineer
evolveum.com
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com (mailto:midPoint at lists.evolveum.com)
https://lists.evolveum.com/mailman/listinfo/midpoint (https://lists.evolveum.com/mailman/listinfo/midpoint)
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com (mailto:midPoint at lists.evolveum.com)
https://lists.evolveum.com/mailman/listinfo/midpoint (https://lists.evolveum.com/mailman/listinfo/midpoint)
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/ae51f58a/attachment-0004.png>
More information about the midPoint
mailing list