[midPoint] Synchronizating roles between a database table and midPoint
Richard Richter
virgo at evolveum.com
Fri Feb 11 11:01:07 CET 2022
Hi
Just a wild guess, but it can happen - if you tried to access the resource with a previous configuration that was not right, midPoint created shadows with a wrong object class that can now stand in the way.
In main menu go to Repository objects / All objects and choose Shadow in the type select box, also select your resource . Then you can use the little down arrow on the right in the table header:
After this try to list the accounts on your resource again. If it's set up right, it should help. If it doesn't, then there is still resource configuration problem.
Regards
Richard Richter
Software Developer
Evolveum
From: "midPoint General Discussion" <midpoint at lists.evolveum.com>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Cc: "MERCEDES ONCINA DELTELL" <moncina at um.es>
Sent: Thursday, February 10, 2022 9:50:25 PM
Subject: Re: [midPoint] Synchronizating roles between a database table and midPoint
In the schema handling I assign icfs:uid, which is associated with the primary key of the table (TREL_CODIGO) in the resource configuration, with the "name" attribute, so, both "uid" and "name" have the same value: TREL_CODIGO.
On the other hand, I have tried this:
<correlation>
<q:equal xmlns="">
<q:path>name</q:path>
<expression>
<path>$projection/attributes/trel_codigo</path>
</expression>
</q:equal>
</correlation>
And I get the same error:
Message: Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error: No object class found for the shadow
I admit that I don't really understand the variables that can be used inside the expression, I have seen $user, $focus and $projection, but I am not very sure when each one should be used.
In the rest of the resources, I use $focus in the correlation expression, both for input and output resources and it runs fine.
Thanks in advance.
please check you correlation. In the path-Tag you need to refer to an
attribute of the projection/account, not to an attribute of the focus
object.
You could try this:
<correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression> <path>$projection/attributes/ ri:/TREL_CODIGO/ </path> </expression> </q:equal> </correlation>
[ mailto:midpoint-request at lists.evolveum.com | midpoint-request at lists.evolveum.com ] escribió:
BQ_BEGIN
------------------------------
Message: 2
Date: Thu, 10 Feb 2022 14:14:51 +0100
From: Mercedes Oncina Deltell < [ mailto:moncina at um.es | moncina at um.es ] >
To: [ mailto:midpoint at lists.evolveum.com | midpoint at lists.evolveum.com ]
Subject: Re: [midPoint] Synchronizating roles between a database table
and midPoint
Message-ID: < [ mailto:7b623c6f-989c-1cd2-74ad-08e159063317 at um.es | 7b623c6f-989c-1cd2-74ad-08e159063317 at um.es ] >
Content-Type: text/plain; charset="utf-8"; Format="flowed"
I have configured it as you wrote and I can see the entitlements from de
resource in midPoint, but when I try to import them, I get the now
familiar error:
Message
Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error
No object class found for the shadow
My configuration is:
/* <schemaHandling>*
<objectType id="16">
* <kind>entitlement</kind>**
** <intent>default</intent>**
** <default>true</default>**
**<objectClass>ri:AccountObjectClass</objectClass>*
<attribute id="17">
<ref>icfs:uid</ref>
<tolerant>true</tolerant>
<inbound id="19">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute id="18">
<ref>ri:TREL_DESCRIPCION</ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound id="20">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>displayName</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
* <synchronization>*
<objectSynchronization>
<name>SynchroRoles</name>
*<objectClass>AccountObjectClass</objectClass>**
** <kind>entitlement</kind>**
** <intent>default</intent>**
**<focusType>c:RoleType</focusType>**
** <enabled>true</enabled>*
* <correlation>*
<q:equal xmlns="">
<q:path>name</q:path>
<expression xmlns="">
<path>$focus/attributes/trel_codigo</path>
</expression>
</q:equal>
<q:description>CheckUIDwithCODIGO</q:description>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink | http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink ] </handlerUri>
</action>
</reaction>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#link | http://midpoint.evolveum.com/xml/ns/public/model/action-3#link ] </handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus | http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus ] </handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>/
The Oracle table is:
/CREATE TABLE TIPO_RELACIONES
(
TREL_CODIGO VARCHAR2(2 BYTE),
TREL_DESCRIPCION VARCHAR2(60 BYTE),
TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
TREL_PRIORIDAD NUMBER(2),
TREL_DURACION DATE,
TREL_MESES NUMBER(4),
TREL_TIPO_DURACION VARCHAR2(1 BYTE),
TREL_VIGENTE VARCHAR2(1 BYTE),
TREL_RESPONSABLE VARCHAR2(8 BYTE),
TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
TREL_EXTERNO VARCHAR2(1 BYTE)
)/
I only want it for importing and synchronizing data into midPoint (inbound).
El 10/02/2022 a las 12:00, [ mailto:midpoint-request at lists.evolveum.com | midpoint-request at lists.evolveum.com ] escribió:
BQ_BEGIN
<schemaHandling> <objectType> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default> <kind>*entitlement*</kind> <intent>default</intent> ...
<synchronization> <objectSynchronization> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind> <intent>default</intent> <focusType>RoleType</focusType> <enabled>true</enabled>
...
BQ_END
--
Mercedes Oncina Deltell
Servicio de Infraestructuras TICS
ATICA - Universidad de Murcia
Telf: +34 868881983
-------------- next part --------------
An HTML attachment was scrubbed...
URL: < [ https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/51943c85/attachment-0001.htm | https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/51943c85/attachment-0001.htm ] >
------------------------------
Message: 3
Date: Thu, 10 Feb 2022 16:46:51 +0100
From: Marc Fueller < [ mailto:marc.fueller at daasi.de | marc.fueller at daasi.de ] >
To: Mercedes Oncina Deltell via midPoint < [ mailto:midpoint at lists.evolveum.com | midpoint at lists.evolveum.com ] >
Subject: Re: [midPoint] Synchronizating roles between a database table
and midPoint
Message-ID: < [ mailto:831e49ab-7b01-c992-9916-ec01841df301 at daasi.de | 831e49ab-7b01-c992-9916-ec01841df301 at daasi.de ] >
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi,
please check you correlation. In the path-Tag you need to refer to an
attribute of the projection/account, not to an attribute of the focus
object.
You could try this:
<correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression> <path>$projection/attributes/ ri:/TREL_CODIGO/ </path> </expression> </q:equal> </correlation>
You also need to make sure that you are also mapping TREL_CODIGO to the
midPoint "name" property in the schema handling.
HTH
Marc
Am 10.02.22 um 14:14 schrieb Mercedes Oncina Deltell via midPoint:
BQ_BEGIN
I have configured it as you wrote and I can see the entitlements from
de resource in midPoint, but when I try to import them, I get the now
familiar error:
Message
Could not import account
shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error
No object class found for the shadow
My configuration is:
/* <schemaHandling>*
<objectType id="16">
* <kind>entitlement</kind>**
** <intent>default</intent>**
** <default>true</default>**
**<objectClass>ri:AccountObjectClass</objectClass>*
<attribute id="17">
<ref>icfs:uid</ref>
<tolerant>true</tolerant>
<inbound id="19">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute id="18">
<ref>ri:TREL_DESCRIPCION</ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound id="20">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>displayName</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
* <synchronization>*
<objectSynchronization>
<name>SynchroRoles</name>
*<objectClass>AccountObjectClass</objectClass>**
** <kind>entitlement</kind>**
** <intent>default</intent>**
**<focusType>c:RoleType</focusType>**
** <enabled>true</enabled>*
* <correlation>*
<q:equal xmlns="">
<q:path>name</q:path>
<expression xmlns="">
<path>$focus/attributes/trel_codigo</path>
</expression>
</q:equal>
<q:description>CheckUIDwithCODIGO</q:description>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink | http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink ] </handlerUri>
</action>
</reaction>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#link | http://midpoint.evolveum.com/xml/ns/public/model/action-3#link ] </handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<action>
<handlerUri> [ http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus | http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus ] </handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>/
The Oracle table is:
/CREATE TABLE TIPO_RELACIONES
(
TREL_CODIGO VARCHAR2(2 BYTE),
TREL_DESCRIPCION VARCHAR2(60 BYTE),
TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
TREL_PRIORIDAD NUMBER(2),
TREL_DURACION DATE,
TREL_MESES NUMBER(4),
TREL_TIPO_DURACION VARCHAR2(1 BYTE),
TREL_VIGENTE VARCHAR2(1 BYTE),
TREL_RESPONSABLE VARCHAR2(8 BYTE),
TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
TREL_EXTERNO VARCHAR2(1 BYTE)
)/
I only want it for importing and synchronizing data into midPoint
(inbound).
El 10/02/2022 a las 12:00, [ mailto:midpoint-request at lists.evolveum.com | midpoint-request at lists.evolveum.com ] escribió:
BQ_BEGIN
<schemaHandling> <objectType> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default> <kind>*entitlement*</kind> <intent>default</intent> ...
<synchronization> <objectSynchronization> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind> <intent>default</intent> <focusType>RoleType</focusType> <enabled>true</enabled>
...
BQ_END
--
Mercedes Oncina Deltell
Servicio de Infraestructuras TICS
ATICA - Universidad de Murcia
Telf: +34 868881983
_______________________________________________
midPoint mailing list
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ]
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ]
BQ_END
--
Marc Füller
Consultant
DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email:marc.fueller at daasi.de
web: [ http://www.daasi.de/ | www.daasi.de ]
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: < [ https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/6cf285e3/attachment.htm | https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/6cf285e3/attachment.htm ] >
------------------------------
Subject: Digest Footer
_______________________________________________
midPoint mailing list
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ]
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ]
------------------------------
End of midPoint Digest, Vol 118, Issue 19*****************************************
BQ_END
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/2b91a86d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 722421
Type: image/png
Size: 17697 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/2b91a86d/attachment-0001.png>
More information about the midPoint
mailing list