[midPoint] Synchronizating roles between a database table and midPoint
Jason Everling
jeverling at bshp.edu
Fri Feb 11 16:14:43 CET 2022
Although I have not used databasetable connector in many many years I
believe your issue is stemming from using the "AccountObjectClass" , in
your configuration you can try changing to
<kind>entitlement</kind>
<intent>default</intent>
<default>true</default>
<objectClass>ri:CustomGroupObjectClass</objectClass>
Then in sync also change objectClass name to match,
<synchronization>
<objectSynchronization>
<name>SynchroRoles</name>
<objectClass>CustomGroupObjectClass</objectClass>
JASON
On Fri, Feb 11, 2022 at 7:02 AM Paulo Fernandes de Souza Junior via
midPoint <midpoint at lists.evolveum.com> wrote:
> In the schema handling I assign icfs:uid, which is associated with the
> primary key of the table (TREL_CODIGO) in the resource configuration, with
> the "name" attribute, so, both "uid" and "name" have the same value:
> TREL_CODIGO.
>
> On the other hand, I have tried this:
> <correlation>
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression>
> <path>$projection/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> </correlation>
>
>
> Try with <path>$projection/attributes/ri:trel_codigo</path>
>
>
> Note the "ri:"
>
>
>
> *Paulo Fernandes de Souza Júnior*
>
> *NQPPPS *Senado Federal - PRODASEN
> Fone: 61 3303.3924
>
>
> ------------------------------
> *De:* midPoint <midpoint-bounces at lists.evolveum.com> em nome de MERCEDES
> ONCINA DELTELL via midPoint <midpoint at lists.evolveum.com>
> *Enviado:* quinta-feira, 10 de fevereiro de 2022 17:50
> *Para:* midpoint at lists.evolveum.com
> *Cc:* MERCEDES ONCINA DELTELL
> *Assunto:* Re: [midPoint] Synchronizating roles between a database table
> and midPoint
>
>
> In the schema handling I assign icfs:uid, which is associated with the
> primary key of the table (TREL_CODIGO) in the resource configuration, with
> the "name" attribute, so, both "uid" and "name" have the same value:
> TREL_CODIGO.
>
> On the other hand, I have tried this:
>
>
>
>
>
>
>
> *<correlation> <q:equal xmlns=""> <q:path>name</q:path>
> <expression> <path>$projection/attributes/trel_codigo</path>
> </expression> </q:equal> </correlation>*
> And I get the same error:
>
> *Message: Could not import account
> shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01) Error: No object class
> found for the shadow*
>
> I admit that I don't really understand the variables that can be used
> inside the expression, I have seen $user, $focus and $projection, but I am
> not very sure when each one should be used.
>
> In the rest of the resources, I use $focus in the correlation
> expression, both for input and output resources and it runs fine.
>
> Thanks in advance.
>
>
> please check you correlation. In the path-Tag you need to refer to an
> attribute of the projection/account, not to an attribute of the focus
> object.
>
> You could try this:
>
> <correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression>
> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression>
> </q:equal> </correlation>
>
>
> midpoint-request at lists.evolveum.com escribió:
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 10 Feb 2022 14:14:51 +0100
> From: Mercedes Oncina Deltell <moncina at um.es>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Synchronizating roles between a database table
> and midPoint
> Message-ID: <7b623c6f-989c-1cd2-74ad-08e159063317 at um.es>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> I have configured it as you wrote and I can see the entitlements from de
> resource in midPoint, but when I try to import them, I get the now
> familiar error:
>
> Message
> Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
>
> Error
> No object class found for the shadow
>
> My configuration is:
>
> /* <schemaHandling>*
> <objectType id="16">
> * <kind>entitlement</kind>**
> ** <intent>default</intent>**
> ** <default>true</default>**
> **<objectClass>ri:AccountObjectClass</objectClass>*
> <attribute id="17">
> <ref>icfs:uid</ref>
> <tolerant>true</tolerant>
> <inbound id="19">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>name</path>
> </target>
> </inbound>
> </attribute>
> <attribute id="18">
> <ref>ri:TREL_DESCRIPCION</ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <inbound id="20">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>displayName</path>
> </target>
> </inbound>
> </attribute>
> </objectType>
> </schemaHandling>
> * <synchronization>*
> <objectSynchronization>
> <name>SynchroRoles</name>
> *<objectClass>AccountObjectClass</objectClass>**
> ** <kind>entitlement</kind>**
> ** <intent>default</intent>**
> **<focusType>c:RoleType</focusType>**
> ** <enabled>true</enabled>*
> * <correlation>*
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression xmlns="">
> <path>$focus/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> <q:description>CheckUIDwithCODIGO</q:description>
> </correlation>
> <reconcile>false</reconcile>
> <reaction>
> <situation>deleted</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> </reaction>
> <reaction>
> <situation>unlinked</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
> </handlerUri>
> </action>
> </reaction>
> </objectSynchronization>
> </synchronization>/
>
> The Oracle table is:
>
> /CREATE TABLE TIPO_RELACIONES
> (
> TREL_CODIGO VARCHAR2(2 BYTE),
> TREL_DESCRIPCION VARCHAR2(60 BYTE),
> TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
> TREL_PRIORIDAD NUMBER(2),
> TREL_DURACION DATE,
> TREL_MESES NUMBER(4),
> TREL_TIPO_DURACION VARCHAR2(1 BYTE),
> TREL_VIGENTE VARCHAR2(1 BYTE),
> TREL_RESPONSABLE VARCHAR2(8 BYTE),
> TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
> TREL_EXTERNO VARCHAR2(1 BYTE)
> )/
>
> I only want it for importing and synchronizing data into midPoint
> (inbound).
>
>
> El 10/02/2022 a las 12:00, midpoint-request at lists.evolveum.com escribió:
>
> <schemaHandling> <objectType>
> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default>
> <kind>*entitlement*</kind> <intent>default</intent> ...
> <synchronization> <objectSynchronization>
> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind>
> <intent>default</intent> <focusType>RoleType</focusType>
> <enabled>true</enabled>
>
> ...
>
> --
> Mercedes Oncina Deltell
> Servicio de Infraestructuras TICS
> ATICA - Universidad de Murcia
> Telf: +34 868881983
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/51943c85/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 3
> Date: Thu, 10 Feb 2022 16:46:51 +0100
> From: Marc Fueller <marc.fueller at daasi.de>
> To: Mercedes Oncina Deltell via midPoint <midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Synchronizating roles between a database table
> and midPoint
> Message-ID: <831e49ab-7b01-c992-9916-ec01841df301 at daasi.de>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi,
>
> please check you correlation. In the path-Tag you need to refer to an
> attribute of the projection/account, not to an attribute of the focus
> object.
>
> You could try this:
>
> <correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression>
> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression>
> </q:equal> </correlation>
>
>
> You also need to make sure that you are also mapping TREL_CODIGO to the
> midPoint "name" property in the schema handling.
>
> HTH
>
> Marc
>
>
> Am 10.02.22 um 14:14 schrieb Mercedes Oncina Deltell via midPoint:
>
> I have configured it as you wrote and I can see the entitlements from
> de resource in midPoint, but when I try to import them, I get the now
> familiar error:
>
> Message
> Could not import account
> shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
>
> Error
> No object class found for the shadow
>
> My configuration is:
>
> /* <schemaHandling>*
> <objectType id="16">
> * <kind>entitlement</kind>**
> ** <intent>default</intent>**
> ** <default>true</default>**
> **<objectClass>ri:AccountObjectClass</objectClass>*
> <attribute id="17">
> <ref>icfs:uid</ref>
> <tolerant>true</tolerant>
> <inbound id="19">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>name</path>
> </target>
> </inbound>
> </attribute>
> <attribute id="18">
> <ref>ri:TREL_DESCRIPCION</ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <inbound id="20">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>displayName</path>
> </target>
> </inbound>
> </attribute>
> </objectType>
> </schemaHandling>
> * <synchronization>*
> <objectSynchronization>
> <name>SynchroRoles</name>
> *<objectClass>AccountObjectClass</objectClass>**
> ** <kind>entitlement</kind>**
> ** <intent>default</intent>**
> **<focusType>c:RoleType</focusType>**
> ** <enabled>true</enabled>*
> * <correlation>*
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression xmlns="">
> <path>$focus/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> <q:description>CheckUIDwithCODIGO</q:description>
> </correlation>
> <reconcile>false</reconcile>
> <reaction>
> <situation>deleted</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> </reaction>
> <reaction>
> <situation>unlinked</situation>
> <synchronize>true</synchronize>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#link
> </handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> <action>
> <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus
> </handlerUri>
> </action>
> </reaction>
> </objectSynchronization>
> </synchronization>/
>
> The Oracle table is:
>
> /CREATE TABLE TIPO_RELACIONES
> (
> TREL_CODIGO VARCHAR2(2 BYTE),
> TREL_DESCRIPCION VARCHAR2(60 BYTE),
> TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
> TREL_PRIORIDAD NUMBER(2),
> TREL_DURACION DATE,
> TREL_MESES NUMBER(4),
> TREL_TIPO_DURACION VARCHAR2(1 BYTE),
> TREL_VIGENTE VARCHAR2(1 BYTE),
> TREL_RESPONSABLE VARCHAR2(8 BYTE),
> TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
> TREL_EXTERNO VARCHAR2(1 BYTE)
> )/
>
> I only want it for importing and synchronizing data into midPoint
> (inbound).
>
>
> El 10/02/2022 a las 12:00, midpoint-request at lists.evolveum.com escribió:
>
> <schemaHandling> <objectType>
> <objectClass>ri:AccountObjectClass</objectClass> <default>true</default>
> <kind>*entitlement*</kind> <intent>default</intent> ...
> <synchronization> <objectSynchronization>
> <objectClass>AccountObjectClass</objectClass> <kind>*entitlement*</kind>
> <intent>default</intent> <focusType>RoleType</focusType>
> <enabled>true</enabled>
>
> ...
>
> --
> Mercedes Oncina Deltell
> Servicio de Infraestructuras TICS
> ATICA - Universidad de Murcia
> Telf: +34 868881983
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Marc Füller
> Consultant
>
> DAASI International GmbH
> Europaplatz 3
> D-72072 Tübingen
> Germany
>
> phone: +49 7071 407109-0
> fax: +49 7071 407109-9
> email:marc.fueller at daasi.de
> web:www.daasi.de
> Sitz der Gesellschaft: Tübingen
> Registergericht: Amtsgericht Stuttgart, HRB 382175
> Geschäftsleitung: Peter Gietz
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/6cf285e3/attachment.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 118, Issue
> 19*****************************************
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/4f267824/attachment-0001.htm>
More information about the midPoint
mailing list