[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Pavol Mederly
mederly at evolveum.com
Thu Apr 8 08:32:37 CEST 2021
Hello Frédéric,
unfortunately I have currently no time to analyze your specific problem,
but the issue you see with the delta builder is an inherent limitation
of that API. For more information and a suggested workaround please see
https://jira.evolveum.com/browse/MID-6981
<https://jira.evolveum.com/browse/MID-6981>.
Best regards,
--
Pavol Mederly
Software developer
evolveum.com
On 07/04/2021 17:27, Frédéric Lohier via midPoint wrote:
> Hello,
>
> Following up my last email « Set resource attribute pwdReset when
> password changed by Midpoint GUI by IDM admin », I think the password
> mapping using channels is the way to go.
>
> What I want to do now is to set this attribute in the password mapping
> context using groovy. This attribute exists in the resource schema as
> an operational attribute and I can manualy set this attribute for a
> user through midpoint GUI (edit projection tab).
>
> My guess is that I have to « build a delta » for the correspondant
> shadow object. Am I right?
>
> I know the shadow OID thanks to the projection variable
> (projection.getOid()), I tried to build the delta using some examples
> around, but I get the error « Undefined or dynamic path: pwdReset in:
> CTD ({.../common/common-3}ShadowType) ». Any idea of what I am doing
> wrong?
>
> The full password mapping :
>
> <credentials>
>
> <password>
>
> <outbound>
>
> <name>Password and pwdReset (to force the password reset by user)</name>
>
> <strength>strong</strength>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/channel>>
>
> <expression>
>
> <script>
>
> <code>
>
> // If password modification comes from an Midpoint admin (channel
> #user), then we set the Open LDAP pwdReset attribute to TRUE (this
> will force the user to reset his password)
>
> import com.evolveum.midpoint.prism.impl.delta.builder.*
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.prism.xml.ns._public.types_3.*
>
> def prismContext = midpoint.getPrismContext()
>
> def shadowOid = projection.getOid()
>
> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>
> .item(ShadowType.F_ATTRIBUTES, "pwdReset")
>
> .add("TRUE")
>
> .asObjectDelta(shadowOid)
>
> midpoint.modifyObject(delta, null)
>
> // Then we return the password value anyway
>
> return input
>
> </code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> <outbound>
>
> <name>Simple password mapping</name>
>
> <description>We apply this mapping every time, except if the
> modification is done on the Midpoint GUI (by an IDM admin)</description>
>
> <strength>strong</strength>
>
> <exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/exceptChannel>>
>
> </outbound>
>
> <inbound/>
>
> </password>
>
> </credentials>
>
> Error :
>
> java.lang.IllegalArgumentException: Undefined or dynamic path:
> pwdReset in: CTD ({.../common/common-3}ShadowType)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
> at
> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
>
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)
>
> at
> expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression
> in mapping
> 'Password_and_pwdReset_(to_force_the_password_reset_by_user)' in
> password mapping in projection (account (default) on resource:
> xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (LDAP)):13)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)
>
> at
> com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)
>
> ... 36 common frames omitted
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210408/1f2a7a37/attachment-0001.htm>
More information about the midPoint
mailing list