[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error

Frédéric Lohier frederic at lohier.org
Wed Apr 7 17:27:52 CEST 2021 

Hello,



Following up my last email « Set resource attribute pwdReset when password
changed by Midpoint GUI by IDM admin », I think the password mapping using
channels is the way to go.

What I want to do now is to set this attribute in the password mapping
context using groovy. This attribute exists in the resource schema as an
operational attribute and I can manualy set this attribute for a user
through midpoint GUI (edit projection tab).



My guess is that I have to « build a delta » for the correspondant shadow
object. Am I right?



I know the shadow OID thanks to the projection variable
(projection.getOid()), I tried to build the delta using some examples
around, but I get the error « Undefined or dynamic path: pwdReset in: CTD
({.../common/common-3}ShadowType) ». Any idea of what I am doing wrong?



The full password mapping :



<credentials>

    <password>

        <outbound>

            <name>Password and pwdReset (to force the password reset by
user)</name>

            <strength>strong</strength>

            <channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>

            <expression>

                <script>

                    <code>

                        // If password modification comes from an Midpoint
admin (channel #user), then we set the Open LDAP pwdReset attribute to TRUE
(this will force the user to reset his password)




import com.evolveum.midpoint.prism.impl.delta.builder.*


import com.evolveum.midpoint.xml.ns._public.common.common_3.*

                        import com.evolveum.prism.xml.ns._public.types_3.*



                        def prismContext = midpoint.getPrismContext()

                        def shadowOid = projection.getOid()


def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)

                      .item(ShadowType.F_ATTRIBUTES, "pwdReset")

                            .add("TRUE")

                            .asObjectDelta(shadowOid)

                        midpoint.modifyObject(delta, null)



                        // Then we return the password value anyway

                        return input

                    </code>

                </script>

            </expression>

        </outbound>

        <outbound>

            <name> Simple password mapping</name>

            <description>We apply this mapping every time, except if the
modification is done on the Midpoint GUI (by an IDM admin)</description>

            <strength>strong</strength>

            <exceptChannel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
exceptChannel>

        </outbound>

        <inbound/>

    </password>

</credentials>







Error :



java.lang.IllegalArgumentException: Undefined or dynamic path: pwdReset in:
CTD ({.../common/common-3}ShadowType)

        at
com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)

        at
com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)

        at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)

        at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.base/java.lang.reflect.Method.invoke(Method.java:566)

        at
org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)

        at
org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)

        at
org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)

        at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)

        at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)

        at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)

        at
expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression
in mapping 'Password_and_pwdReset_(to_force_the_password_reset_by_user)' in
password mapping in projection (account (default) on resource:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (LDAP)):13)

        at
com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)

        at
com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)

        at
com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)

        ... 36 common frames omitted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210407/11a87b8a/attachment-0001.htm>

More information about the midPoint mailing list