[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Frédéric Lohier
frederic at lohier.org
Fri Apr 9 11:32:01 CEST 2021
Hello Arnošt,
Thank you!
Following your example, I tried this :
def pwdResetQName = new QName('
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3','pwdReset')
def pwdResetDef = new PrismPropertyDefinitionImpl(pwdResetQName,
DOMUtil.XSD_BOOLEAN, prismContext)
def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
.item(ItemPath.create('attributes', 'pwdReset'), pwdResetDef)
.add("TRUE")
.asObjectDelta(projection.getOid())
midpoint.modifyObject(delta, null)
I can see in the user's history and the logs that the shadow object has
been modified in Midpoint, but the account on the resource (LDAP) is not
updated (I should see a new pwdReset attribute with value "TRUE").
Am I missing something? My understanding is that if I modify a shadow, it
should modify the corresponding account on the resource.
For reference, the log when I modify a user's password, I can see it
executes the expected mapping with aforementioned script :
2021-04-09 11:01:38,861 [MODEL] [pool-3-thread-149] INFO
(com.evolveum.midpoint.expression): - debugdelta:
ObjectDelta<ShadowType>(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY):
attributes/pwdReset
ADD: TRUE
2021-04-09 11:01:39,295 [MODEL] [pool-3-thread-149] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by projection primary delta
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / pwdReset, ADD))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [
a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
resource:xxx(LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(metadata /
{.../common/common-3}lastProvisioningTimestamp, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / pwdReset, ADD), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
/ {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
##############################################################
2021-04-09 11:01:39,384 [MODEL] [pool-3-thread-149] INFO
(com.evolveum.midpoint.expression): - debugdelta:
ObjectDelta<ShadowType>(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY):
attributes/pwdReset
ADD: TRUE
2021-04-09 11:01:39,694 [MODEL] [pool-3-thread-149] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: projection
LensProjectionContext(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7 on
resource:d0811790-1d80-11e4-86b2-3c970e467874(LDAP)) rotten because of
executable delta
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / pwdReset, ADD))
2021-04-09 11:01:39,803 [MODEL] [pool-3-thread-149] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by projection primary delta
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / pwdReset, ADD))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [
a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
resource:xxx(LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(metadata /
{.../common/common-3}lastProvisioningTimestamp, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / pwdReset, ADD), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
/ {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
##############################################################
2021-04-09 11:01:40,086 [MODEL] [pool-3-thread-149] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
rotten because of focus execution delta
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
REPLACE), PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTimestamp, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifierRef, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTaskRef, REPLACE))
2021-04-09 11:01:40,150 [MODEL] [pool-3-thread-149] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by focus primary delta
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
REPLACE))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [
a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
resource:xxx(LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
REPLACE), PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTimestamp, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifierRef, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
{.../common/common-3}lastProvisioningTimestamp, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
REPLACE), PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTimestamp, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifierRef, REPLACE),
ReferenceDeltaImpl(credentials/password/metadata /
{.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
{.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
/ {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
##############################################################
-Frederic
On Thu, Apr 8, 2021 at 6:47 PM Arnošt Starosta - AMI Praha a.s. <
arnost.starosta at ami.cz> wrote:
> Hi Frederic,
>
> I used this hand made PrismPropertyDefinition definition for a ShadowType
> query, may help in delta builder as well.
>
> def sAMQName = new QName('
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3',
> 'sAMAccountName')
> def sAMDef = new PrismPropertyDefinitionImpl(sAMQName, DOMUtil.XSD_STRING,
> midpoint.prismContext)
> ...
> .item(ItemPath.create('attributes', 'sAMAccountName'), sAMDef)
>
> arnost
>
>
> čt 8. 4. 2021 v 18:26 odesílatel Frédéric Lohier via midPoint <
> midpoint at lists.evolveum.com> napsal:
>
>> Hello Pavol,
>>
>>
>>
>> Thank you for the suggested workaround and the jira issue, but I could
>> not make it work. The closest I got was :
>>
>>
>>
>> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>>
>> .item(ItemPath.create(ShadowType.F_ATTRIBUTES, "pwdReset"),
>> pwdResetDefinition)
>>
>> .replace("TRUE")
>>
>> .asObjectDelta(projection.getOid())
>>
>>
>>
>> But, I don’t know how to get the ResourceAttributeDefinition for my
>> pwdResetDefinition variable.
>>
>>
>>
>> As I workaround, I tried to modify the user’s
>> credentials/password/forceChange attribute and add a mapping to the
>> ri :pwdReset attribute but I also could not make it work. The deltabuilder
>> in the credential mapping works, I can see that the user’s forceChange
>> attribute is set to TRUE when I edit the password throught the GUI, *but
>> this change is not synced to the resource*.
>>
>>
>>
>> How could this behaviour be explained? What am I missing?
>>
>>
>>
>> I checked that my pwdReset outbound mapping works : if I manually set the
>> forceChange attribute through the GUI, then the resource’s pwdReset
>> attribute is set to TRUE.
>>
>>
>>
>> For reference, the aforementioned mappings :
>>
>>
>>
>>
>>
>> <credentials>
>>
>> <password>
>>
>> <outbound>
>>
>> <name>Password and pwdReset (to force the password reset by
>> user)</name>
>>
>> <strength>strong</strength>
>>
>> <channel>
>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>>
>> <expression>
>>
>> <script>
>>
>> <code>
>>
>> // If password modification comes from an
>> Midpoint admin (channel #user), then we set the
>> credentials/password/forceChange user’s attribute to true, which will then
>> be synced to the Open LDAP pwdReset attribute (this will force the user to
>> reset his password)
>>
>>
>>
>>
>> import com.evolveum.midpoint.prism.impl.delta.builder.*
>>
>>
>> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>>
>> import com.evolveum.prism.xml.ns._public.types_3.*
>>
>>
>>
>> def prismContext = midpoint.getPrismContext()
>>
>>
>> def delta = DeltaBuilder.deltaFor(UserType.class, prismContext)
>>
>>
>> .item(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_FORCE_CHANGE)
>>
>> .replace("TRUE")
>>
>> .asObjectDelta(focus.getOid())
>>
>> midpoint.modifyObject(delta, null)
>>
>>
>>
>> // Then we return the password value anyway
>>
>> return input
>>
>> </code>
>>
>> </script>
>>
>> </expression>
>>
>> </outbound>
>>
>> <outbound>
>>
>> <name> Simple password mapping</name>
>>
>> <description>We apply this mapping every time, except if the
>> modification is done on the Midpoint GUI (by an IDM admin)</description>
>>
>> <strength>strong</strength>
>>
>> <exceptChannel>
>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
>> exceptChannel>
>>
>> </outbound>
>>
>> <inbound/>
>>
>> </password>
>>
>> </credentials>
>>
>>
>>
>>
>>
>> <attribute>
>>
>> <ref>ri:pwdReset</ref>
>>
>> <tolerant>true</tolerant>
>>
>> <outbound>
>>
>> <channel>
>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>>
>> <strength>strong</strength>
>>
>> <source>
>>
>> <path>$focus/credentials/password/forceChange</path>
>>
>> </source>
>>
>> </outbound>
>>
>> <inbound>
>>
>> <exceptChannel>
>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
>> exceptChannel>
>>
>> <strength>strong</strength>
>>
>> <target>
>>
>> <path>$focus/credentials/password/forceChange</path>
>>
>> </target>
>>
>> </inbound>
>>
>> </attribute>
>>
>>
>>
>> Logs when I modify the password value of a user through the midpoint GUI
>> (the delta I am building in the credentials mapping is mentioned as
>> « debugdelta ») :
>>
>>
>>
>> 2021-04-08 18:08:45,012 [MODEL] [pool-3-thread-142] INFO
>> (com.evolveum.midpoint.expression): - *debugdelta:*
>> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>>
>> *credentials/password/forceChange*
>>
>> * ADD: TRUE*
>>
>> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: projection
>> LensProjectionContext(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7 on
>> resource:xxxx (LDAP)) rotten because of executable delta
>> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
>> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE))
>>
>> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
>> rotten because of focus execution delta
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
>> ADD), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE))
>>
>> 2021-04-08 18:08:45,400 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>>
>> ###[ CLOCKWORK SUMMARY ]######################################
>>
>> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>
>> Triggered by focus primary delta
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}*forceChange,
>> ADD*))
>>
>> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
>>
>> Projections (1):
>>
>> account(ID {.../resource/instance-3}entryUUID = [
>> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
>> resource:d0811790-1d80-11e4-86b2-3c970e467874(LDAP)): KEEP
>>
>> Executed:
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
>> ADD), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
>> REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyApproverRef, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
>> REPLACE)): SUCCESS
>>
>> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
>> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
>> REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyApproverRef, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
>> REPLACE)): SUCCESS
>>
>> ##############################################################
>>
>> 2021-04-08 18:08:45,465 [MODEL] [pool-3-thread-142] INFO
>> (com.evolveum.midpoint.expression): - *debugdelta:*
>> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>>
>> * credentials/password/forceChange*
>>
>> * ADD: TRUE*
>>
>> 2021-04-08 18:08:45,623 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
>> rotten because of focus execution delta
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
>> ADD), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE))
>>
>> 2021-04-08 18:08:45,679 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>>
>> ###[ CLOCKWORK SUMMARY ]######################################
>>
>> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>
>> Triggered by focus primary delta
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}*forceChange,
>> ADD*))
>>
>> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
>>
>> Projections (1):
>>
>> account(ID {.../resource/instance-3}entryUUID = [
>> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
>> resource:xxx(LDAP)): KEEP
>>
>> Executed:
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
>> ADD), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
>> / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyApproverRef, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
>> REPLACE)): SUCCESS
>>
>> ##############################################################
>>
>> 2021-04-08 18:08:45,929 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
>> rotten because of focus execution delta
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
>> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE))
>>
>> 2021-04-08 18:08:46,009 [MODEL] [pool-3-thread-142] DEBUG
>> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>>
>> ###[ CLOCKWORK SUMMARY ]######################################
>>
>> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>>
>> Triggered by focus primary delta
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}*value,
>> REPLACE*))
>>
>> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
>>
>> Projections (1):
>>
>> account(ID {.../resource/instance-3}entryUUID = [
>> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
>> resource:xxx(LDAP)): KEEP
>>
>> Executed:
>>
>> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
>> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
>> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
>> REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyApproverRef, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
>> REPLACE)): SUCCESS
>>
>> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
>> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
>> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyChannel, REPLACE),
>> PropertyDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifierRef, REPLACE),
>> ReferenceDeltaImpl(credentials/password/metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
>> {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
>> / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
>> {.../common/common-3}modifyApproverRef, REPLACE),
>> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
>> REPLACE)): SUCCESS
>>
>> ##############################################################
>>
>>
>> On Thu, Apr 8, 2021, 08:32 Pavol Mederly via midPoint <
>> midpoint at lists.evolveum.com> wrote:
>>
>>> Hello Frédéric,
>>>
>>> unfortunately I have currently no time to analyze your specific problem,
>>> but the issue you see with the delta builder is an inherent limitation of
>>> that API. For more information and a suggested workaround please see
>>> https://jira.evolveum.com/browse/MID-6981.
>>>
>>> Best regards,
>>>
>>> --
>>> Pavol Mederly
>>> Software developerevolveum.com
>>>
>>> On 07/04/2021 17:27, Frédéric Lohier via midPoint wrote:
>>>
>>> Hello,
>>>
>>>
>>>
>>> Following up my last email « Set resource attribute pwdReset when
>>> password changed by Midpoint GUI by IDM admin », I think the password
>>> mapping using channels is the way to go.
>>>
>>> What I want to do now is to set this attribute in the password mapping
>>> context using groovy. This attribute exists in the resource schema as an
>>> operational attribute and I can manualy set this attribute for a user
>>> through midpoint GUI (edit projection tab).
>>>
>>>
>>>
>>> My guess is that I have to « build a delta » for the correspondant
>>> shadow object. Am I right?
>>>
>>>
>>>
>>> I know the shadow OID thanks to the projection variable
>>> (projection.getOid()), I tried to build the delta using some examples
>>> around, but I get the error « Undefined or dynamic path: pwdReset in: CTD
>>> ({.../common/common-3}ShadowType) ». Any idea of what I am doing wrong?
>>>
>>>
>>>
>>> The full password mapping :
>>>
>>>
>>>
>>> <credentials>
>>>
>>> <password>
>>>
>>> <outbound>
>>>
>>> <name>Password and pwdReset (to force the password reset by
>>> user)</name>
>>>
>>> <strength>strong</strength>
>>>
>>> <channel>
>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>>>
>>> <expression>
>>>
>>> <script>
>>>
>>> <code>
>>>
>>> // If password modification comes from an
>>> Midpoint admin (channel #user), then we set the Open LDAP pwdReset
>>> attribute to TRUE (this will force the user to reset his password)
>>>
>>>
>>>
>>>
>>> import com.evolveum.midpoint.prism.impl.delta.builder.*
>>>
>>>
>>> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>>>
>>>
>>> import com.evolveum.prism.xml.ns._public.types_3.*
>>>
>>>
>>>
>>> def prismContext = midpoint.getPrismContext()
>>>
>>> def shadowOid = projection.getOid()
>>>
>>>
>>> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>>>
>>> .item(ShadowType.F_ATTRIBUTES, "pwdReset")
>>>
>>> .add("TRUE")
>>>
>>> .asObjectDelta(shadowOid)
>>>
>>> midpoint.modifyObject(delta, null)
>>>
>>>
>>>
>>> // Then we return the password value anyway
>>>
>>> return input
>>>
>>> </code>
>>>
>>> </script>
>>>
>>> </expression>
>>>
>>> </outbound>
>>>
>>> <outbound>
>>>
>>> <name> Simple password mapping</name>
>>>
>>> <description>We apply this mapping every time, except if
>>> the modification is done on the Midpoint GUI (by an IDM admin)</
>>> description>
>>>
>>> <strength>strong</strength>
>>>
>>> <exceptChannel>
>>> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
>>> exceptChannel>
>>>
>>> </outbound>
>>>
>>> <inbound/>
>>>
>>> </password>
>>>
>>> </credentials>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Error :
>>>
>>>
>>>
>>> java.lang.IllegalArgumentException: Undefined or dynamic path: pwdReset
>>> in: CTD ({.../common/common-3}ShadowType)
>>>
>>> at
>>> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)
>>>
>>> at
>>> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)
>>>
>>> at
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>>
>>> at
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>
>>> at
>>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>
>>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
>>>
>>> at
>>> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)
>>>
>>> at
>>> expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression
>>> in mapping 'Password_and_pwdReset_(to_force_the_password_reset_by_user)' in
>>> password mapping in projection (account (default) on resource:
>>> xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (LDAP)):13)
>>>
>>> at
>>> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)
>>>
>>> at
>>> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)
>>>
>>> at
>>> com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)
>>>
>>> ... 36 common frames omitted
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/1dc93068/attachment-0001.htm>
More information about the midPoint
mailing list