[midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Gruber, Michael
MICHAEL.GRUBER at wwk.de
Fri Apr 9 17:03:07 CEST 2021
Hello Frédéric,
do you have defined pwdReset in operationalAttributes?
Having this may fix the “does not update the LDAP account”.
Best regards, Michael
WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Prof. Dr. Peter Reiff, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK IT GmbH, Geschäftsführer: Erik Trump, Sitz München, Registergericht München HR B 257638; WWK Pensionsfonds AG, Vorstand: Karl Ruffing, Heinrich Schüppert, Georg Steinlein; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Stefan Bauer, Christoph Kraiker (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
Von: midPoint <midpoint-bounces at lists.evolveum.com> Im Auftrag von Pavol Mederly via midPoint
Gesendet: Freitag, 9. April 2021 12:03
An: midpoint at lists.evolveum.com
Cc: Pavol Mederly <mederly at evolveum.com>
Betreff: Re: [midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Hello Frédéric,
have you considered this?
https://docs.evolveum.com/midpoint/reference/expressions/mappings/#why-are-the-expressions-and-conditions-evaluated-several-times
(Again, I cannot evaluate your approach in general. I am reacting only to the question of multiple executions of your code. And, generally, if you are changing an external state from within your mapping - like executing any changes -, you have to be 100% sure you know what you are doing.)
Best regards,
--
Pavol Mederly
Software developer
evolveum.com
On 09/04/2021 11:55, Frédéric Lohier via midPoint wrote:
Hello Michael,
Thank you, I tried using midpoint.executeChanges(delta) instead of midpoint.executeChanges(delta, null), it works the same. it modifies the shadow but does not update the LDAP account as expected.
I rechecked that if I manually modify the shadow through the GUI, the LDAP account is actually updated, below is the log for this action.
What I find weird is that my deltabuilder code in the password mapping seems to be executed twice when I edit the password. You can see in the logs in my previous message that my "deltadebug" appears twice, and I have two clockwork summary for the same attributes/pwdReset of the Shadow while only one clockwork summary is displayed for the password value.
What could explain this? Could this be a bug? I am running Midpoint LTS 4.0.3.
Log when I manually edit the pwdReset attribute of the shadow through the GUI :
2021-04-09 11:39:42,872 [MODEL] [pool-3-thread-151] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by projection primary delta
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY: PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(myuser))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [ a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:xxx(LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(metadata / {.../common/common-3}lastProvisioningTimestamp, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY: PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
##############################################################
-Frederic
On Fri, Apr 9, 2021 at 11:00 AM Gruber, Michael via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Hi,
we use something like this:
//get resource, e.g.:
Def resLDAP = midpoint.searchObjectByName(ResourceType.class, "LDAP");
def deltasShadow = []
//”person” is the objectclass
def attrdef = midpoint.getAttributeDefinition(resLDAP.asPrismObject(), "person", "pwdReset")
def deltaPwdReset = midpoint.deltaFor(ShadowType.class).item(ItemPath.create(ShadowType.F_ATTRIBUTES, attrdef.itemName), attrdef).replace("TRUE").asObjectDelta(shadowLDAP.oid);
deltasShadow.add(deltaPwdReset)
def deltasRes = midpoint.executeChanges(deltasShadow);
best regards, Michael
Von: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> Im Auftrag von Arnošt Starosta - AMI Praha a.s. via midPoint
Gesendet: Donnerstag, 8. April 2021 18:47
An: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Cc: Arnošt Starosta - AMI Praha a.s. <arnost.starosta at ami.cz<mailto:arnost.starosta at ami.cz>>; Pavol Mederly <mederly at evolveum.com<mailto:mederly at evolveum.com>>
Betreff: Re: [midPoint] DeltaBuilder for ShadowType - add an attribute value to the resource - Undefined or dynamic path error
Hi Frederic,
I used this hand made PrismPropertyDefinition definition for a ShadowType query, may help in delta builder as well.
def sAMQName = new QName('http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'sAMAccountName')
def sAMDef = new PrismPropertyDefinitionImpl(sAMQName, DOMUtil.XSD_STRING, midpoint.prismContext)
...
.item(ItemPath.create('attributes', 'sAMAccountName'), sAMDef)
arnost
čt 8. 4. 2021 v 18:26 odesílatel Frédéric Lohier via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> napsal:
Hello Pavol,
Thank you for the suggested workaround and the jira issue, but I could not make it work. The closest I got was :
def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
.item(ItemPath.create(ShadowType.F_ATTRIBUTES, "pwdReset"), pwdResetDefinition)
.replace("TRUE")
.asObjectDelta(projection.getOid())
But, I don’t know how to get the ResourceAttributeDefinition for my pwdResetDefinition variable.
As I workaround, I tried to modify the user’s credentials/password/forceChange attribute and add a mapping to the ri :pwdReset attribute but I also could not make it work. The deltabuilder in the credential mapping works, I can see that the user’s forceChange attribute is set to TRUE when I edit the password throught the GUI, but this change is not synced to the resource.
How could this behaviour be explained? What am I missing?
I checked that my pwdReset outbound mapping works : if I manually set the forceChange attribute through the GUI, then the resource’s pwdReset attribute is set to TRUE.
For reference, the aforementioned mappings :
<credentials>
<password>
<outbound>
<name>Password and pwdReset (to force the password reset by user)</name>
<strength>strong</strength>
<channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel<http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/channel>>
<expression>
<script>
<code>
// If password modification comes from an Midpoint admin (channel #user), then we set the credentials/password/forceChange user’s attribute to true, which will then be synced to the Open LDAP pwdReset attribute (this will force the user to reset his password)
import com.evolveum.midpoint.prism.impl.delta.builder.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.prism.xml.ns._public.types_3.*
def prismContext = midpoint.getPrismContext()
def delta = DeltaBuilder.deltaFor(UserType.class, prismContext)
.item(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_FORCE_CHANGE)
.replace("TRUE")
.asObjectDelta(focus.getOid())
midpoint.modifyObject(delta, null)
// Then we return the password value anyway
return input
</code>
</script>
</expression>
</outbound>
<outbound>
<name> Simple password mapping</name>
<description>We apply this mapping every time, except if the modification is done on the Midpoint GUI (by an IDM admin)</description>
<strength>strong</strength>
<exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel<http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/exceptChannel>>
</outbound>
<inbound/>
</password>
</credentials>
<attribute>
<ref>ri:pwdReset</ref>
<tolerant>true</tolerant>
<outbound>
<channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
<strength>strong</strength>
<source>
<path>$focus/credentials/password/forceChange</path>
</source>
</outbound>
<inbound>
<exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel>
<strength>strong</strength>
<target>
<path>$focus/credentials/password/forceChange</path>
</target>
</inbound>
</attribute>
Logs when I modify the password value of a user through the midpoint GUI (the delta I am building in the credentials mapping is mentioned as « debugdelta ») :
2021-04-08 18:08:45,012 [MODEL] [pool-3-thread-142] INFO (com.evolveum.midpoint.expression): - debugdelta: ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):
credentials/password/forceChange
ADD: TRUE
2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: projection LensProjectionContext(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7 on resource:xxxx (Arobas - IDP LDAP)) rotten because of executable delta ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY: PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE))
2021-04-08 18:08:45,298 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context rotten because of focus execution delta ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE))
2021-04-08 18:08:45,400 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by focus primary delta
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [ a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:d0811790-1d80-11e4-86b2-3c970e467874(Arobas - IDP LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}lastProvisioningTimestamp, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY: PropertyDeltaImpl(attributes / {.../resource/instance-3}pwdReset, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
##############################################################
2021-04-08 18:08:45,465 [MODEL] [pool-3-thread-142] INFO (com.evolveum.midpoint.expression): - debugdelta: ObjectDelta<UserType>(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY):
credentials/password/forceChange
ADD: TRUE
2021-04-08 18:08:45,623 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context rotten because of focus execution delta ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE))
2021-04-08 18:08:45,679 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by focus primary delta
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [ a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:xxx(Arobas - IDP LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}forceChange, ADD), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
##############################################################
2021-04-08 18:08:45,929 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork): Context rot: context rotten because of focus execution delta ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}value, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE))
2021-04-08 18:08:46,009 [MODEL] [pool-3-thread-142] DEBUG (com.evolveum.midpoint.model.impl.lens.Clockwork):
###[ CLOCKWORK SUMMARY ]######################################
Channel: http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
Triggered by focus primary delta
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}value, REPLACE))
Focus: focus(user:a0d85100-354e-450d-9ad1-8d2028d8336c(admlutunp))
Projections (1):
account(ID {.../resource/instance-3}entryUUID = [ a4407a92-56fa-103a-868e-afc68d38775e ], type 'default', resource:xxx(Arobas - IDP LDAP)): KEEP
Executed:
ObjectDelta(UserType:a0d85100-354e-450d-9ad1-8d2028d8336c,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}value, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}lastProvisioningTimestamp, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
ObjectDelta(ShadowType:574a2c41-b0ea-45a1-b006-3e0f980165f7,MODIFY: PropertyDeltaImpl(credentials/password / {.../common/common-3}value, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(credentials/password/metadata / {.../common/common-3}modifyTaskRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifierRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyTaskRef, REPLACE), ReferenceDeltaImpl(metadata / {.../common/common-3}modifyApproverRef, REPLACE), PropertyDeltaImpl(metadata / {.../common/common-3}modifyApprovalComment, REPLACE)): SUCCESS
##############################################################
On Thu, Apr 8, 2021, 08:32 Pavol Mederly via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Hello Frédéric,
unfortunately I have currently no time to analyze your specific problem, but the issue you see with the delta builder is an inherent limitation of that API. For more information and a suggested workaround please see https://jira.evolveum.com/browse/MID-6981.
Best regards,
--
Pavol Mederly
Software developer
evolveum.com<http://evolveum.com>
On 07/04/2021 17:27, Frédéric Lohier via midPoint wrote:
Hello,
Following up my last email « Set resource attribute pwdReset when password changed by Midpoint GUI by IDM admin », I think the password mapping using channels is the way to go.
What I want to do now is to set this attribute in the password mapping context using groovy. This attribute exists in the resource schema as an operational attribute and I can manualy set this attribute for a user through midpoint GUI (edit projection tab).
My guess is that I have to « build a delta » for the correspondant shadow object. Am I right?
I know the shadow OID thanks to the projection variable (projection.getOid()), I tried to build the delta using some examples around, but I get the error « Undefined or dynamic path: pwdReset in: CTD ({.../common/common-3}ShadowType) ». Any idea of what I am doing wrong?
The full password mapping :
<credentials>
<password>
<outbound>
<name>Password and pwdReset (to force the password reset by user)</name>
<strength>strong</strength>
<channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel<http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/channel>>
<expression>
<script>
<code>
// If password modification comes from an Midpoint admin (channel #user), then we set the Open LDAP pwdReset attribute to TRUE (this will force the user to reset his password)
import com.evolveum.midpoint.prism.impl.delta.builder.*
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.prism.xml.ns._public.types_3.*
def prismContext = midpoint.getPrismContext()
def shadowOid = projection.getOid()
def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
.item(ShadowType.F_ATTRIBUTES, "pwdReset")
.add("TRUE")
.asObjectDelta(shadowOid)
midpoint.modifyObject(delta, null)
// Then we return the password value anyway
return input
</code>
</script>
</expression>
</outbound>
<outbound>
<name> Simple password mapping</name>
<description>We apply this mapping every time, except if the modification is done on the Midpoint GUI (by an IDM admin)</description>
<strength>strong</strength>
<exceptChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</exceptChannel<http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user%3C/exceptChannel>>
</outbound>
<inbound/>
</password>
</credentials>
Error :
java.lang.IllegalArgumentException: Undefined or dynamic path: pwdReset in: CTD ({.../common/common-3}ShadowType)
at com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:92)
at com.evolveum.midpoint.prism.impl.delta.builder.DeltaBuilder.item(DeltaBuilder.java:85)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoCachedMethodSite.invoke(PojoMetaMethodSite.java:188)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:53)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:115)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:127)
at expression_in_mapping_'Password_and_pwdReset_(to_force_the_password_reset_by_user)'_in_password_mapping_in_projection_(account_(default)_on_resource_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(LDAP)).run(expression in mapping 'Password_and_pwdReset_(to_force_the_password_reset_by_user)' in password mapping in projection (account (default) on resource: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (LDAP)):13)
at com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:203)
at com.evolveum.midpoint.model.common.expression.script.groovy.GroovyScriptEvaluator.evaluateScript(GroovyScriptEvaluator.java:50)
at com.evolveum.midpoint.model.common.expression.script.AbstractCachingScriptEvaluator.evaluate(AbstractCachingScriptEvaluator.java:76)
... 36 common frames omitted
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Arnošt Starosta
solution architect
gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz<mailto:arnost.starosta at ami.cz>
AMI Praha a.s.
Pláničkova 11, 162 00 Praha 6
tel.: [+420] 274 783 239 | web: www.ami.cz<https://www.ami.cz>
[Das Bild wurde vom Absender entfernt. AMI Praha a.s.]
Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Prof. Dr. Peter Reiff, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK IT GmbH, Geschäftsführer: Erik Trump, Sitz München, Registergericht München HR B 257638; WWK Pensionsfonds AG, Vorstand: Karl Ruffing, Heinrich Schüppert, Georg Steinlein; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Stefan Bauer, Christoph Kraiker (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/0005d222/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/0005d222/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7074 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210409/0005d222/attachment-0001.bin>
More information about the midPoint
mailing list