[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Pavol Mederly
mederly at evolveum.com
Fri Apr 9 12:03:22 CEST 2021
Hello Frédéric,
have you considered this?
https://docs.evolveum.com/midpoint/reference/expressions/mappings/#why-are-the-expressions-and-conditions-evaluated-several-times
<https://docs.evolveum.com/midpoint/reference/expressions/mappings/#why-are-the-expressions-and-conditions-evaluated-several-times>
(Again, I cannot evaluate your approach in general. I am reacting only
to the question of multiple executions of your code. And, generally, if
you are changing an external state from within your mapping - like
executing any changes -, you have to be 100% sure you know what you are
doing.)
Best regards,
--
Pavol Mederly
Software developer
evolveum.com
On 09/04/2021 11:55, Frédéric Lohier via midPoint wrote:
> Hello Michael,
>
> Thank you, I tried using midpoint.executeChanges(delta) instead of
> midpoint.executeChanges(delta, null), it works the same. it modifies
> the shadow but does not update the LDAP account as expected.
>
> I rechecked that if I manually modify the shadow through the GUI, the
> LDAP account is actually updated, below is the log for this action.
>
> What I find weird is that my deltabuilder code in the password mapping
> *seems to be executed twice* when I edit the password. You can see in
> the logs in my previous message that my "deltadebug" appears twice,
> and *I have two clockwork summary* for the same attributes/pwdReset of
> the Shadow while only one clockwork summary is displayed for the
> password value.
>
> What could explain this? Could this be a bug? I am running Midpoint
> LTS 4.0.3.
>
> Log when I manually edit the pwdReset attribute of the shadow through
> the GUI :
>
> 2021-04-09 11:39:42,872 [MODEL] [pool-3-thread-151] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel:
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user>
>
> Triggered by projection primary delta
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset,
> REPLACE))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
> resource:xxx(LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(metadata /
> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel,
> REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef,
> REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset,
> REPLACE), PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef,
> REPLACE), ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ##############################################################
>
>
> -Frederic
>
> On Fri, Apr 9, 2021 at 11:00 AM Gruber, Michael via midPoint
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>> wrote:
>
> Hi,
>
> we use something like this:
>
> //get resource, e.g.:
>
> Def resLDAP = midpoint.searchObjectByName(ResourceType.class, "LDAP");
>
> def deltasShadow = []
>
> //”person” is the objectclass
>
> def attrdef =
> midpoint.getAttributeDefinition(resLDAP.asPrismObject(), "person",
> "pwdReset")
>
> def deltaPwdReset =
> midpoint.deltaFor(ShadowType.class).item(ItemPath.create(ShadowType.F_ATTRIBUTES,
> attrdef.itemName),
> attrdef).replace("TRUE").asObjectDelta(shadowLDAP.oid);
>
> deltasShadow.add(deltaPwdReset)
>
> def deltasRes = midpoint.executeChanges(deltasShadow);
>
> best regards, Michael
>
> *Von:*midPoint <midpoint-bounces at lists.evolveum.com
> <mailto:midpoint-bounces at lists.evolveum.com>> *Im Auftrag von
> *Arnošt Starosta - AMI Praha a.s. via midPoint
> *Gesendet:* Donnerstag, 8. April 2021 18:47
> *An:* midPoint General Discussion <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> *Cc:* Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz
> <mailto:arnost.starosta at ami.cz>>; Pavol Mederly
> <mederly at evolveum.com <mailto:mederly at evolveum.com>>
> *Betreff:* Re: [midPoint] DeltaBuilder for ShadowType - add an
> attribute value to the resource - Undefined or dynamic path error
>
> Hi Frederic,
>
> I used this hand made PrismPropertyDefinition definition for a
> ShadowType query, may help in delta builder as well.
>
> def sAMQName = new
> QName('http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>',
> 'sAMAccountName')
> def sAMDef = new PrismPropertyDefinitionImpl(sAMQName,
> DOMUtil.XSD_STRING, midpoint.prismContext)
>
> ...
>
> .item(ItemPath.create('attributes', 'sAMAccountName'), sAMDef)
>
> arnost
>
> čt 8. 4. 2021 v 18:26 odesílatel Frédéric Lohier via midPoint
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> napsal:
>
> Hello Pavol,
>
> Thank you for the suggested workaround and the jira issue, but
> I could not make it work. The closest I got was :
>
> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>
> .item(ItemPath.create(ShadowType.F_ATTRIBUTES, "pwdReset"),
> pwdResetDefinition)
>
> .replace("TRUE")
>
> .asObjectDelta(projection.getOid())
>
> But, I don’t know how to get the ResourceAttributeDefinition
> for my pwdResetDefinition variable.
>
> As I workaround, I tried to modify the user’s
> credentials/password/forceChange attribute and add a mapping
> to the ri :pwdReset attribute but I also could not make it
> work. The deltabuilder in the credential mapping works, I can
> see that the user’s forceChange attribute is set to TRUE when
> I edit the password throught the GUI, *but this change is not
> synced to the resource*.
>
> How could this behaviour be explained? What am I missing?
>
> I checked that my pwdReset outbound mapping works : if I
> manually set the forceChange attribute through the GUI, then
> the resource’s pwdReset attribute is set to TRUE.
>
> For reference, the aforementioned mappings :
>
> <credentials>
>
> <password>
>
> <outbound>
>
> <name>Password and pwdReset (to force the password reset by
> user)</name>
>
> <strength>strong</strength>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/channel>>
>
> <expression>
>
> <script>
>
> <code>
>
> // If password modification comes from an Midpoint admin
> (channel #user), then we set the
> credentials/password/forceChange user’s attribute to true,
> which will then be synced to the Open LDAP pwdReset attribute
> (this will force the user to reset his password)
>
> import com.evolveum.midpoint.prism.impl.delta.builder.*
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.prism.xml.ns._public.types_3.*
>
> def prismContext = midpoint.getPrismContext()
>
> def delta = DeltaBuilder.deltaFor(UserType.class, prismContext)
>
> .item(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_FORCE_CHANGE)
>
> .replace("TRUE")
>
> .asObjectDelta(focus.getOid())
>
> midpoint.modifyObject(delta, null)
>
> // Then we return the password value anyway
>
> return input
>
> </code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> <outbound>
>
> <name> Simple password mapping</name>
>
> <description>We apply this mapping every time, except if the
> modification is done on the Midpoint GUI (by an IDM
> admin)</description>
>
> <strength>strong</strength>
>
> <exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/exceptChannel>>
>
> </outbound>
>
> <inbound/>
>
> </password>
>
> </credentials>
>
> <attribute>
>
> <ref>ri:pwdReset</ref>
>
> <tolerant>true</tolerant>
>
> <outbound>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user></channel>
>
> <strength>strong</strength>
>
> <source>
>
> <path>$focus/credentials/password/forceChange</path>
>
> </source>
>
> </outbound>
>
> <inbound>
>
> <exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user></exceptChannel>
>
> <strength>strong</strength>
>
> <target>
>
> <path>$focus/credentials/password/forceChange</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> Logs when I modify the password value of a user through the
> midpoint GUI (the delta I am building in the credentials
> mapping is mentioned as « debugdelta ») :
>
> 2021-04-08 18:08:45,012 [MODEL] [pool-3-thread-142] INFO
> (com.evolveum.midpoint.expression): - *debugdelta:*
> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>
> *credentials/password/forceChange*
>
> *ADD: TRUE*
>
> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context
> rot: projection
> LensProjectionContext(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7
> on resource:xxxx (Arobas - IDP LDAP)) rotten because of
> executable delta
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes /
> {.../resource/instance-3}pwdReset, REPLACE))
>
> 2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context
> rot: context rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}forceChange, ADD),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:45,400 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel:
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user>
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}*forceChange, ADD*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
> resource:d0811790-1d80-11e4-86b2-3c970e467874(Arobas - IDP
> LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}forceChange, ADD),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(attributes /
> {.../resource/instance-3}pwdReset, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ##############################################################
>
> 2021-04-08 18:08:45,465 [MODEL] [pool-3-thread-142] INFO
> (com.evolveum.midpoint.expression): - *debugdelta:*
> *ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):*
>
> *credentials/password/forceChange*
>
> *ADD: TRUE*
>
> 2021-04-08 18:08:45,623 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context
> rot: context rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}forceChange, ADD),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:45,679 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel:
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user>
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}*forceChange, ADD*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
> resource:xxx(Arobas - IDP LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}forceChange, ADD),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ##############################################################
>
> 2021-04-08 18:08:45,929 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork): Context
> rot: context rotten because of focus execution delta
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}value, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE))
>
> 2021-04-08 18:08:46,009 [MODEL] [pool-3-thread-142] DEBUG
> (com.evolveum.midpoint.model.impl.lens.Clockwork):
>
> ###[ CLOCKWORK SUMMARY ]######################################
>
> Channel:
> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user>
>
> Triggered by focus primary delta
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}*value, REPLACE*))
>
> Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
>
> Projections (1):
>
> account(ID {.../resource/instance-3}entryUUID = [
> a4407a92-56fa-103a-868e-afc68d38775e ], type 'default',
> resource:xxx(Arobas - IDP LDAP)): KEEP
>
> Executed:
>
> ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}value, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}lastProvisioningTimestamp, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY:
> PropertyDeltaImpl(credentials/password /
> {.../common/common-3}value, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(credentials/password/metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyChannel, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyTimestamp, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifierRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyTaskRef, REPLACE),
> ReferenceDeltaImpl(metadata /
> {.../common/common-3}modifyApproverRef, REPLACE),
> PropertyDeltaImpl(metadata /
> {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
>
> ##############################################################
>
> On Thu, Apr 8, 2021, 08:32 Pavol Mederly via midPoint
> <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>> wrote:
>
> Hello Frédéric,
>
> unfortunately I have currently no time to analyze your
> specific problem, but the issue you see with the delta
> builder is an inherent limitation of that API. For more
> information and a suggested workaround please see
> https://jira.evolveum.com/browse/MID-6981
> <https://jira.evolveum.com/browse/MID-6981>.
>
> Best regards,
>
> --
>
> Pavol Mederly
>
> Software developer
>
> evolveum.com <http://evolveum.com>
>
> On 07/04/2021 17:27, Frédéric Lohier via midPoint wrote:
>
> Hello,
>
> Following up my last email « Set resource attribute
> pwdReset when password changed by Midpoint GUI by IDM
> admin », I think the password mapping using channels
> is the way to go.
>
> What I want to do now is to set this attribute in the
> password mapping context using groovy. This attribute
> exists in the resource schema as an operational
> attribute and I can manualy set this attribute for a
> user through midpoint GUI (edit projection tab).
>
> My guess is that I have to « build a delta » for the
> correspondant shadow object. Am I right?
>
> I know the shadow OID thanks to the projection
> variable (projection.getOid()), I tried to build the
> delta using some examples around, but I get the error
> « Undefined or dynamic path: pwdReset in: CTD
> ({.../common/common-3}ShadowType) ». Any idea of what
> I am doing wrong?
>
> The full password mapping :
>
> <credentials>
>
> <password>
>
> <outbound>
>
> <name>Password and pwdReset (to force the password
> reset by user)</name>
>
> <strength>strong</strength>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/channel>>
>
> <expression>
>
> <script>
>
> <code>
>
> // If password modification comes from an Midpoint
> admin (channel #user), then we set the Open LDAP
> pwdReset attribute to TRUE (this will force the user
> to reset his password)
>
> import com.evolveum.midpoint.prism.impl.delta.builder.*
>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>
> import com.evolveum.prism.xml.ns._public.types_3.*
>
> def prismContext = midpoint.getPrismContext()
>
> def shadowOid = projection.getOid()
>
> def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>
> .item(ShadowType.F_ATTRIBUTES, "pwdReset")
>
> .add("TRUE")
>
> .asObjectDelta(shadowOid)
>
> midpoint.modifyObject(delta, null)
>
> // Then we return the password value anyway
>
> return input
>
> </code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> <outbound>
>
> <name>Simple password mapping</name>
>
> <description>We apply this mapping every time, except
> if the modification is done on the Midpoint GUI (by an
> IDM admin)</description>
>
> <strength>strong</strength>
>
> <exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel
> <http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/exceptChannel>>
>
> </outbound>
>
> <inbound/>
>
> </password>
>
> </credentials>
>
> Error :
>
> java.lang.IllegalArgumentException: Undefined or
> dynamic path: pwdReset in: CTD
> ({.../common/common-3}ShadowType)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)
>
> at
> com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at
> java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
> at
> org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
>
> at
> org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
>
> at
> org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
>
> at
> org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)
>
> at
> expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression
> in mapping
> 'Password_and_pwdReset_(to_force_the_password_reset_by_user)'
> in password mapping in projection (account (default)
> on resource: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
> (LDAP)):13)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)
>
> at
> com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)
>
> at
> com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)
>
> ... 36 common frames omitted
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
> https://lists.evolveum.com/mailman/listinfo/midpoint <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz <mailto:arnost.starosta at ami.cz>
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
>
> AMI Praha a.s.
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu
> včetně všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního
> postihu.
>
>
> WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.),
> Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des
> Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München,
> Registergericht München HR B 211; WWK Allgemeine Versicherung AG,
> Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk
> Fassott; Vorsitzender des Aufsichtsrats: Prof. Dr. Peter Reiff,
> Sitz München, Registergericht München HR B 5553; WWK
> Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer:
> Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht
> München HR B 76323; WWK IT GmbH, Geschäftsführer: Erik Trump, Sitz
> München, Registergericht München HR B 257638; WWK Pensionsfonds
> AG, Vorstand: Karl Ruffing, Heinrich Schüppert, Georg Steinlein;
> Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München,
> Registergericht München HR B 146295; Hausanschrift: Marsstraße 37,
> 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing
> (V.), Stefan Bauer, Christoph Kraiker (Hauck & Aufhäuser),
> Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der
> Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/60d5ed9e/attachment-0001.htm>
More information about the midPoint
mailing list