[midPoint] Problem with correlation and external attribute

Andrea Picconi andrea.picconi at innovery.net
Mon Sep 28 10:26:32 CEST 2020


Hi Chris,

thank you for your example.
So I could put whatever? For example, I could put “http://bigpoint.evolveum.com/xml/ns/public/resource/instance-3” and would it work?
Or I could even use yours, maybe ("http://curms.rsint.net/xml/ns/curms/extension”).

Is it right?

Thank you again,
Andrea


From: chris at cmwoods.com <chris at cmwoods.com>
Sent: Friday, September 25, 2020 1:10 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Andrea Picconi <andrea.picconi at innovery.net>; Marianna De Biasio <marianna.debiasio at innovery.net>; Jacopo Giuliano <jacopo.giuliano at innovery.net>
Subject: Re: [midPoint] Problem with correlation and external attribute

Hi Andrea,

just be creative ;-). Here is a snippet from our user schema extension:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <xsd:schema elementFormDefault="qualified" targetNamespace="http://curms.rsint.net/xml/ns/curms/extension" xmlns:tns="http://curms.rsint.net/xml/ns/curms/extension" xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3" /> <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/types-3" /> <xsd:complexType name="UserExtensionType"> <xsd:annotation> <xsd:documentation> The R&S UserType Extension. This extends the standard midPoint UserType schema to include custom attributes as required. </xsd:documentation> <xsd:appinfo> <a:extension ref="c:UserType" /> </xsd:appinfo> </xsd:annotation> <xsd:sequence> <xsd:element name="rsUniqueId" type="xsd:string" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation> R&S Unique ID </xsd:documentation> <xsd:appinfo> <a:indexed>true</a:indexed> <a:displayName>user.hcm.uniqueid.disp</a:displayName> <a:displayOrder>100</a:displayOrder> <a:help>user.hcm.uniqueid.help</a:help> </xsd:appinfo> </xsd:annotation> </xsd:element>

Here we chose http://curms.rsint.net/xml/ns/curms/extension as the targetNamespace. We could have chosen anything really.

Regards,
Chris.

September 25, 2020 12:44 PM, "Andrea Picconi via midPoint" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com?to=%22Andrea%20Picconi%20via%20midPoint%22%20%3cmidpoint at lists.evolveum.com%3e>> wrote:

Hi,

thank you for your help Ivan.

I need some clarification regarding the personal “targetNamespace”: how can I generate a custom one that is good for my usage (like the ones I saw from your example and Ethan’s)?

Forgive me if the question may seem silly, but this is the first time I’m working on something like this 😊

Thank you and regards,

Andrea

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> On Behalf Of Ivan Noris via midPoint
Sent: Friday, September 25, 2020 12:12 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Cc: Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Subject: Re: [midPoint] Problem with correlation and external attribute

Hi Andrea,

take an inspiration from e.g. https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd

See targetNamespace and xmlns:tns definitions in <xsd:schema element.

Ivan

On 25. 9. 2020 11:50, Andrea Picconi via midPoint wrote:

Hi Ethan,

it's probably just that ... I'll try to find a way to create it myself, even if I don't know how.

Thanks again Ethan, thanks Ivan

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ethan Kromhout via midPoint
Sent: Friday, September 25, 2020 11:25 AM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Cc: Ethan Kromhout <kromhout at unc.edu><mailto:kromhout at unc.edu>
Subject: Re: [midPoint] Problem with correlation and external attribute

Ivan and Andrea,

Is it problematic that the targetNamespace used in this extension could collide with one of the midPoint provided ones? I've always use a URN unique to my organization.

Ethan

On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:

Hi Andrea,

can you try searching by that extension attribute in midPoint using Query playground?

Ivan

On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:

Hi again,

I also tried @Ethan Kromhout<mailto:kromhout at unc.edu>’s example, but it still gives me the two errors I showed you in the previous mail.

I probably did something wrong in the setting, below how I set it all up:

this is my extension_user_field schema namespace:

<xsd:schema elementFormDefault="qualified"

targetNamespace="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>

xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>

xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"<http://prism.evolveum.com/xml/ns/public/annotation-3>

xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>

xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>>

here the indexed attribute:

<xsd:element name="uidLDAP" type="xsd:string" minOccurs="0" maxOccurs="1">

<xsd:annotation>

<xsd:appinfo>

<a:indexed>true</a:indexed>

<a:displayName>LDAP UID</a:displayName>

<a:displayOrder>550</a:displayOrder>

<a:help>UID from LDAP</a:help>

</xsd:appinfo>

</xsd:annotation>

</xsd:element>

here instead the correlation that I have tried, starting from what you have seen above:

<correlation>

<q:equal>

<q:path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>extension/uidLDAP</q:path>

<expression>

<path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>

declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;

$projection/attributes/ri:sAMAccountName

</path>

</expression>

</q:equal>

</correlation>

Could you tell me where I'm wrong?

Thank you,

Andrea

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> On Behalf Of Ethan Kromhout via midPoint
Sent: Wednesday, September 23, 2020 3:12 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Cc: Ethan Kromhout <kromhout at unc.edu><mailto:kromhout at unc.edu>
Subject: Re: [midPoint] Problem with correlation and external attribute

I have used an extension attribute in a similar way, though it wasn't with AD. In my case I explicitly called out the namespace of the custom schema, not sure if that was required, but it works okay. Do note that the custom attribute must be indexed.

In my schema I have the namespace and indexed attribute, note the "targetNamespace":

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsd:schema elementFormDefault="qualified"
targetNamespace="http://unc.edu/xml/ns/uncPerson"<http://unc.edu/xml/ns/uncPerson>
xmlns:tns="http://example.com/xml/ns/mySchema"<http://example.com/xml/ns/mySchema>
xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"<http://prism.evolveum.com/xml/ns/public/annotation-3>
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
xmlns:xsd="http://www.w3.org/2001/XMLSchema"<http://www.w3.org/2001/XMLSchema>>

<xsd:element name="subId" type="xsd:string" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>subId</a:displayName>
<a:help>Subject ID</a:help>
<a:displayOrder>150</a:displayOrder>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>

Then in the correlation I reference that namespace as uncPerson:

<correlation>
<q:equal>
<q:path xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"<http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
<expression>
<path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;
$account/attributes/ri:pid
</path>
</expression>
</q:equal>
</correlation>

Ethan

On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:

Hi all,

I have a problem for which I have searched for a solution everywhere, but I couldn’t find anything: I am making a correlation between an extended attribute present in the user in midpoint (uidLDAP) and the sAMAccountName attribute of an AD account that I need to import.

below, you can see one of the tests made (of the many)

[cid:image001.png at 01D69580.D12BCEF0]

but this does not give me any errors, it just tells me that the correlation has reported an unmatched:

[cid:image002.png at 01D69580.D12BCEF0][cid:image003.jpg at 01D69580.D12BCEF0]

But if I try to force the correlation by choosing the "change owner" option and going to grab the correct user by hand in midpoint, it works

[cid:image004.png at 01D69580.D12BCEF0]

So i think the problem comes from the attribute path on midpoint (the extended one):

[cid:image005.png at 01D69580.D12BCEF0]

Has anyone already tried to use an extended attribute in the first correlation path?

Could you help me?

Thank you and regards,

Andrea Picconi

IAM (Identity Access Management)



[Innovery]
Skype: precons
T: +39 06 51963439 (int. 196)

Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori, 20057 Assago (MI).
www.innovery.net<http://www.innovery.net/> | T: +39 06 519 63 439



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

https://lists.evolveum.com/mailman/listinfo/midpoint

--

Ivan Noris

Senior Identity Engineer

evolveum.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: image003.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: image005.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: image006.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200928/b3003e6f/attachment-0004.png>


More information about the midPoint mailing list