[midPoint] Synchronizating roles between a database table and midPoint
Paulo Fernandes de Souza Junior
PFSJ at senado.leg.br
Fri Feb 11 14:02:05 CET 2022
In the schema handling I assign icfs:uid, which is associated with the primary key of the table (TREL_CODIGO) in the resource configuration, with the "name" attribute, so, both "uid" and "name" have the same value: TREL_CODIGO.
On the other hand, I have tried this:
<correlation>
<q:equal xmlns="">
<q:path>name</q:path>
<expression>
<path>$projection/attributes/trel_codigo</path>
</expression>
</q:equal>
</correlation>
Try with <path>$projection/attributes/ri:trel_codigo</path>
Note the "ri:"
Paulo Fernandes de Souza Júnior
NQPPPS
Senado Federal - PRODASEN
Fone: 61 3303.3924
________________________________
De: midPoint <midpoint-bounces at lists.evolveum.com> em nome de MERCEDES ONCINA DELTELL via midPoint <midpoint at lists.evolveum.com>
Enviado: quinta-feira, 10 de fevereiro de 2022 17:50
Para: midpoint at lists.evolveum.com
Cc: MERCEDES ONCINA DELTELL
Assunto: Re: [midPoint] Synchronizating roles between a database table and midPoint
In the schema handling I assign icfs:uid, which is associated with the primary key of the table (TREL_CODIGO) in the resource configuration, with the "name" attribute, so, both "uid" and "name" have the same value: TREL_CODIGO.
On the other hand, I have tried this:
<correlation>
<q:equal xmlns="">
<q:path>name</q:path>
<expression>
<path>$projection/attributes/trel_codigo</path>
</expression>
</q:equal>
</correlation>
And I get the same error:
Message: Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error: No object class found for the shadow
I admit that I don't really understand the variables that can be used inside the expression, I have seen $user, $focus and $projection, but I am not very sure when each one should be used.
In the rest of the resources, I use $focus in the correlation expression, both for input and output resources and it runs fine.
Thanks in advance.
please check you correlation. In the path-Tag you need to refer to an
attribute of the projection/account, not to an attribute of the focus
object.
You could try this:
<correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression> </q:equal> </correlation>
midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com> escribió:
------------------------------
Message: 2
Date: Thu, 10 Feb 2022 14:14:51 +0100
From: Mercedes Oncina Deltell <moncina at um.es<mailto:moncina at um.es>>
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Synchronizating roles between a database table
and midPoint
Message-ID: <7b623c6f-989c-1cd2-74ad-08e159063317 at um.es<mailto:7b623c6f-989c-1cd2-74ad-08e159063317 at um.es>>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
I have configured it as you wrote and I can see the entitlements from de
resource in midPoint, but when I try to import them, I get the now
familiar error:
Message
Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error
No object class found for the shadow
My configuration is:
/* <schemaHandling>*
<objectType id="16">
* <kind>entitlement</kind>**
** <intent>default</intent>**
** <default>true</default>**
**<objectClass>ri:AccountObjectClass</objectClass>*
<attribute id="17">
<ref>icfs:uid</ref>
<tolerant>true</tolerant>
<inbound id="19">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute id="18">
<ref>ri:TREL_DESCRIPCION</ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound id="20">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>displayName</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
* <synchronization>*
<objectSynchronization>
<name>SynchroRoles</name>
*<objectClass>AccountObjectClass</objectClass>**
** <kind>entitlement</kind>**
** <intent>default</intent>**
**<focusType>c:RoleType</focusType>**
** <enabled>true</enabled>*
* <correlation>*
<q:equal xmlns="">
<q:path>name</q:path>
<expression xmlns="">
<path>$focus/attributes/trel_codigo</path>
</expression>
</q:equal>
<q:description>CheckUIDwithCODIGO</q:description>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>/
The Oracle table is:
/CREATE TABLE TIPO_RELACIONES
(
TREL_CODIGO VARCHAR2(2 BYTE),
TREL_DESCRIPCION VARCHAR2(60 BYTE),
TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
TREL_PRIORIDAD NUMBER(2),
TREL_DURACION DATE,
TREL_MESES NUMBER(4),
TREL_TIPO_DURACION VARCHAR2(1 BYTE),
TREL_VIGENTE VARCHAR2(1 BYTE),
TREL_RESPONSABLE VARCHAR2(8 BYTE),
TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
TREL_EXTERNO VARCHAR2(1 BYTE)
)/
I only want it for importing and synchronizing data into midPoint (inbound).
El 10/02/2022 a las 12:00, midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com> escribió:
<schemaHandling> <objectType> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default> <kind>*entitlement*</kind> <intent>default</intent> ...
<synchronization> <objectSynchronization> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind> <intent>default</intent> <focusType>RoleType</focusType> <enabled>true</enabled>
...
--
Mercedes Oncina Deltell
Servicio de Infraestructuras TICS
ATICA - Universidad de Murcia
Telf: +34 868881983
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/51943c85/attachment-0001.htm>
------------------------------
Message: 3
Date: Thu, 10 Feb 2022 16:46:51 +0100
From: Marc Fueller <marc.fueller at daasi.de<mailto:marc.fueller at daasi.de>>
To: Mercedes Oncina Deltell via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] Synchronizating roles between a database table
and midPoint
Message-ID: <831e49ab-7b01-c992-9916-ec01841df301 at daasi.de<mailto:831e49ab-7b01-c992-9916-ec01841df301 at daasi.de>>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi,
please check you correlation. In the path-Tag you need to refer to an
attribute of the projection/account, not to an attribute of the focus
object.
You could try this:
<correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression> </q:equal> </correlation>
You also need to make sure that you are also mapping TREL_CODIGO to the
midPoint "name" property in the schema handling.
HTH
Marc
Am 10.02.22 um 14:14 schrieb Mercedes Oncina Deltell via midPoint:
I have configured it as you wrote and I can see the entitlements from
de resource in midPoint, but when I try to import them, I get the now
familiar error:
Message
Could not import account
shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
Error
No object class found for the shadow
My configuration is:
/* <schemaHandling>*
<objectType id="16">
* <kind>entitlement</kind>**
** <intent>default</intent>**
** <default>true</default>**
**<objectClass>ri:AccountObjectClass</objectClass>*
<attribute id="17">
<ref>icfs:uid</ref>
<tolerant>true</tolerant>
<inbound id="19">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>name</path>
</target>
</inbound>
</attribute>
<attribute id="18">
<ref>ri:TREL_DESCRIPCION</ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<inbound id="20">
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<target>
<path>displayName</path>
</target>
</inbound>
</attribute>
</objectType>
</schemaHandling>
* <synchronization>*
<objectSynchronization>
<name>SynchroRoles</name>
*<objectClass>AccountObjectClass</objectClass>**
** <kind>entitlement</kind>**
** <intent>default</intent>**
**<focusType>c:RoleType</focusType>**
** <enabled>true</enabled>*
* <correlation>*
<q:equal xmlns="">
<q:path>name</q:path>
<expression xmlns="">
<path>$focus/attributes/trel_codigo</path>
</expression>
</q:equal>
<q:description>CheckUIDwithCODIGO</q:description>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
</action>
</reaction>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<reconcile>false</reconcile>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>/
The Oracle table is:
/CREATE TABLE TIPO_RELACIONES
(
TREL_CODIGO VARCHAR2(2 BYTE),
TREL_DESCRIPCION VARCHAR2(60 BYTE),
TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
TREL_PRIORIDAD NUMBER(2),
TREL_DURACION DATE,
TREL_MESES NUMBER(4),
TREL_TIPO_DURACION VARCHAR2(1 BYTE),
TREL_VIGENTE VARCHAR2(1 BYTE),
TREL_RESPONSABLE VARCHAR2(8 BYTE),
TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
TREL_EXTERNO VARCHAR2(1 BYTE)
)/
I only want it for importing and synchronizing data into midPoint
(inbound).
El 10/02/2022 a las 12:00, midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com> escribió:
<schemaHandling> <objectType> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default> <kind>*entitlement*</kind> <intent>default</intent> ...
<synchronization> <objectSynchronization> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind> <intent>default</intent> <focusType>RoleType</focusType> <enabled>true</enabled>
...
--
Mercedes Oncina Deltell
Servicio de Infraestructuras TICS
ATICA - Universidad de Murcia
Telf: +34 868881983
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Marc Füller
Consultant
DAASI International GmbH
Europaplatz 3
D-72072 Tübingen
Germany
phone: +49 7071 407109-0
fax: +49 7071 407109-9
email:marc.fueller at daasi.de
web:www.daasi.de<http://www.daasi.de>
Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/6cf285e3/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint
------------------------------
End of midPoint Digest, Vol 118, Issue 19*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/0fc8d43e/attachment-0001.htm>
More information about the midPoint
mailing list