[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Frédéric Lohier
frederic at lohier.org
Fri Apr 9 11:55:29 CEST 2021
Hello Michael,
Thank you, I tried using midpoint.executeChanges(delta) instead of
midpoint.executeChanges(delta, null), it works the same. it modifies the
shadow but does not update the LDAP account as expected.
I rechecked that if I manually modify the shadow through the GUI, the LDAP
account is actually updated, below is the log for this action.
What I find weird is that my deltabuilder code in the password mapping *seems
to be executed twice* when I edit the password. You can see in the logs in
my previous message that my "deltadebug" appears twice, and *I have two
clockwork summary* for the same attributes/pwdReset of the Shadow while
only one clockwork summary is displayed for the password value.
What could explain this? Could this be a bug? I am running Midpoint LTS
4.0.3.
Log when I manually edit the pwdReset attribute of the shadow through the
GUI :
2021-04-09 11:39:42,872 [MODEL] [pool-3-thread-151] DEBUG
(com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by projection primary delta
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [
a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
resource:xxx(LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
PropertyDeltaImpl(metadata /
{.../common/common-3}lastProvisioningTimestamp, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
REPLACE), ReferenceDeltaImpl(metadata /
{.../common/common-3}modifyApproverRef, REPLACE),
PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
REPLACE)): SUCCESS
##############################################################
-Frederic
On Fri, Apr 9, 2021 at 11:00 AM Gruber, Michael via midPoint <
midpoint at lists.evolveum.com> wrote:
> Hi,
>
>
>
> we use something like this:
>
>
>
> //get resource, e.g.:
>
> Def resLDAP = midpoint.searchObjectByName(ResourceType.class, "LDAP");
>
> def deltasShadow = []
>
> //”person” is the objectclass
>
> def attrdef = midpoint.getAttributeDefinition(resLDAP.asPrismObject(),
> "person", "pwdReset")
>
> def deltaPwdReset =
> midpoint.deltaFor(ShadowType.class).item(ItemPath.create(ShadowType.F_ATTRIBUTES,
> attrdef.itemName), attrdef).replace("TRUE").asObjectDelta(shadowLDAP.oid);
>
> deltasShadow.add(deltaPwdReset)
>
> def deltasRes = midpoint.executeChanges(deltasShadow);
>
>
>
> best regards, Michael
>
>
>
>
>
> *Von:* midPoint <midpoint-bounces at lists.evolveum.com> *Im Auftrag von *Arnošt
> Starosta - AMI Praha a.s. via midPoint
> *Gesendet:* Donnerstag, 8. April 2021 18:47
> *An:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Cc:* Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz>; Pavol
> Mederly <mederly at evolveum.com>
> *Betreff:* Re: [midPoint] DeltaBuilder for ShadowType - add an attribute
> value to the resource - Undefined or dynamic path error
>
>
>
> Hi Frederic,
>
>
>
> I used this hand made PrismPropertyDefinition definition for a ShadowType
> query, may help in delta builder as well.
>
>
>
> def sAMQName = new QName('
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3',
> 'sAMAccountName')
> def sAMDef = new PrismPropertyDefinitionImpl(sAMQName, DOMUtil.XSD_STRING,
> midpoint.prismContext)
>
> ...
>
> .item(ItemPath.create('attributes', 'sAMAccountName'), sAMDef)
>
>
>
> arnost
>
>
>
>
>
> čt 8. 4. 2021 v 18:26 odesílatel Frédéric Lohier via midPoint <
> midpoint at lists.evolveum.com> napsal:
>
> Hello Pavol,
>
>
>
> Thank you for the suggested workaround and the jira issue, but I could not
> make it work. The closest I got was :
>
>
>
> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>
> .item(ItemPath.create(ShadowType.F_ATTRIBUTES, "pwdReset"),
> pwdResetDefinition)
>
> .replace("TRUE")
>
> .asObjectDelta(projection.getOid())
>
>
>
> But, I don’t know how to get the ResourceAttributeDefinition for my
> pwdResetDefinition variable.
>
>
>
> As I workaround, I tried to modify the user’s
> credentials/password/forceChange attribute and add a mapping to the
> ri :pwdReset attribute but I also could not make it work. The deltabuilder
> in the credential mapping works, I can see that the user’s forceChange
> attribute is set to TRUE when I edit the password throught the GUI, *but
> this change is not synced to the resource*.
>
>
>
> How could this behaviour be explained? What am I missing?
>
>
>
> I checked that my pwdReset outbound mapping works : if I manually set the
> forceChange attribute through the GUI, then the resource’s pwdReset
> attribute is set to TRUE.
>
>
>
> For reference, the aforementioned mappings :
>
>
>
>
>
> <credentials>
>
> <password>
>
> <outbound>
>
> <name>Password and pwdReset (to force the password reset by
> user)</name>
>
> <strength>strong</strength>
>
> <channel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>
> <expression>
>
> <script>
>
> <code>
>
> // If password modification comes from an Midpoint
> admin (channel #user), then we set the credentials/password/forceChange
> user’s attribute to true, which will then be synced to the Open LDAP
> pwdReset attribute (this will force the user to reset his password)
>
>
>
>
> import com.evolveum.midpoint.prism.impl.delta.builder.*
>
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.prism.xml.ns._public.types_3.*
>
>
>
> def prismContext = midpoint.getPrismContext()
>
>
> def delta = DeltaBuilder.deltaFor(UserType.class, prismContext)
>
>
> .item(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_FORCE_CHANGE)
>
> .replace("TRUE")
>
> .asObjectDelta(focus.getOid())
>
> midpoint.modifyObject(delta, null)
>
>
>
> // Then we return the password value anyway
>
> return input
>
> </code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> <outbound>
>
> <name> Simple password mapping</name>
>
> <description>We apply this mapping every time, except if the
> modification is done on the Midpoint GUI (by an IDM admin)</description>
>
> <strength>strong</strength>
>
> <exceptChannel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
> exceptChannel>
>
> </outbound>
>
> <inbound/>
>
> </password>
>
> </credentials>
>
>
>
>
>
> <attribute>
>
> <ref>ri:pwdReset</ref>
>
> <tolerant>true</tolerant>
>
> <outbound>
>
> <channel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>
> <strength>strong</strength>
>
> <source>
>
> <path>$focus/credentials/password/forceChange</path>
>
> </source>
>
> </outbound>
>
> <inbound>
>
> <exceptChannel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
> exceptChannel>
>
> <strength>strong</strength>
>
> <target>
>
> <path>$focus/credentials/password/forceChange</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
>
>
> Logs when I modify the password value of a user through the midpoint GUI
> (the delta I am building in the credentials mapping is mentioned as
> « debugdelta ») :
>
>
>
> 2021-04-08 18:08:45,012 [MODEL] [pool-3-thread-142] INFO
> (com.evolveum.midpoint.expression): - *debugdelta:*
> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>
> *credentials/password/forceChange*
>
> * ADD: TRUE*
>
> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: projection
> LensProjectionContext(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7 on
> resource:xxxx (Arobas - IDP LDAP)) rotten because of executable delta
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE))
>
> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
> rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
> ADD), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:45,400 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}*forceChange,
> ADD*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
> resource:d0811790-1d80-11e4-86b2-3c970e467874(Arobas - IDP LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
> ADD), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
> REPLACE)): SUCCESS
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
> REPLACE)): SUCCESS
>
> ##############################################################
>
> 2021-04-08 18:08:45,465 [MODEL] [pool-3-thread-142] INFO
> (com.evolveum.midpoint.expression): - *debugdelta:*
> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>
> * credentials/password/forceChange*
>
> * ADD: TRUE*
>
> 2021-04-08 18:08:45,623 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
> rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
> ADD), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:45,679 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}*forceChange,
> ADD*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:xxx(Arobas
> - IDP LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange,
> ADD), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
> / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
> REPLACE)): SUCCESS
>
> ##############################################################
>
> 2021-04-08 18:08:45,929 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context
> rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:46,009 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}*value,
> REPLACE*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:xxx(Arobas
> - IDP LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
> REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
> REPLACE)): SUCCESS
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(credentials/password / {.../common/common-3}value,
> REPLACE), PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata
> / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment,
> REPLACE)): SUCCESS
>
> ##############################################################
>
>
>
>
>
> On Thu, Apr 8, 2021, 08:32 Pavol Mederly via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
> Hello Frédéric,
>
> unfortunately I have currently no time to analyze your specific problem,
> but the issue you see with the delta builder is an inherent limitation of
> that API. For more information and a suggested workaround please see
> https://jira.evolveum.com/browse/MID-6981.
>
> Best regards,
>
> --
>
> Pavol Mederly
>
> Software developer
>
> evolveum.com
>
> On 07/04/2021 17:27, Frédéric Lohier via midPoint wrote:
>
> Hello,
>
>
>
> Following up my last email « Set resource attribute pwdReset when password
> changed by Midpoint GUI by IDM admin », I think the password mapping using
> channels is the way to go.
>
> What I want to do now is to set this attribute in the password mapping
> context using groovy. This attribute exists in the resource schema as an
> operational attribute and I can manualy set this attribute for a user
> through midpoint GUI (edit projection tab).
>
>
>
> My guess is that I have to « build a delta » for the correspondant shadow
> object. Am I right?
>
>
>
> I know the shadow OID thanks to the projection variable
> (projection.getOid()), I tried to build the delta using some examples
> around, but I get the error « Undefined or dynamic path: pwdReset in: CTD
> ({.../common/common-3}ShadowType) ». Any idea of what I am doing wrong?
>
>
>
> The full password mapping :
>
>
>
> <credentials>
>
> <password>
>
> <outbound>
>
> <name>Password and pwdReset (to force the password reset by
> user)</name>
>
> <strength>strong</strength>
>
> <channel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
>
> <expression>
>
> <script>
>
> <code>
>
> // If password modification comes from an Midpoint
> admin (channel #user), then we set the Open LDAP pwdReset attribute to TRUE
> (this will force the user to reset his password)
>
>
>
>
> import com.evolveum.midpoint.prism.impl.delta.builder.*
>
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.prism.xml.ns._public.types_3.*
>
>
>
> def prismContext = midpoint.getPrismContext()
>
> def shadowOid = projection.getOid()
>
>
> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>
> .item(ShadowType.F_ATTRIBUTES, "pwdReset")
>
> .add("TRUE")
>
> .asObjectDelta(shadowOid)
>
> midpoint.modifyObject(delta, null)
>
>
>
> // Then we return the password value anyway
>
> return input
>
> </code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> <outbound>
>
> <name> Simple password mapping</name>
>
> <description>We apply this mapping every time, except if the
> modification is done on the Midpoint GUI (by an IDM admin)</description>
>
> <strength>strong</strength>
>
> <exceptChannel>
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</
> exceptChannel>
>
> </outbound>
>
> <inbound/>
>
> </password>
>
> </credentials>
>
>
>
>
>
>
>
> Error :
>
>
>
> java.lang.IllegalArgumentException: Undefined or dynamic path: pwdReset
> in: CTD ({.../common/common-3}ShadowType)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
> at
> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
>
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)
>
> at
> expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression
> in mapping 'Password_and_pwdReset_(to_force_the_password_reset_by_user)' in
> password mapping in projection (account (default) on resource:
> xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (LDAP)):13)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)
>
> at
> com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)
>
> ... 36 common frames omitted
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
>
>
> WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer
> Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank
> Schindelhauer, Sitz München, Registergericht München HR B 211; WWK
> Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer
> Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Prof. Dr.
> Peter Reiff, Sitz München, Registergericht München HR B 5553; WWK
> Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl
> Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323;
> WWK IT GmbH, Geschäftsführer: Erik Trump, Sitz München, Registergericht
> München HR B 257638; WWK Pensionsfonds AG, Vorstand: Karl Ruffing, Heinrich
> Schüppert, Georg Steinlein; Vorsitzender des Aufsichtsrats: Dirk Fassott,
> Sitz München, Registergericht München HR B 146295; Hausanschrift:
> Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl
> Ruffing (V.), Stefan Bauer, Christoph Kraiker (Hauck & Aufhäuser),
> Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c,
> rue Gabriel Lippmann, L-5365 Munsbach
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/bf5b8b69/attachment-0001.htm>
More information about the midPoint
mailing list