From Sven.Feyerabend at stuvus.uni-stuttgart.de Mon Oct 3 11:20:32 2022 From: Sven.Feyerabend at stuvus.uni-stuttgart.de (Sven Feyerabend) Date: Mon, 3 Oct 2022 11:20:32 +0200 Subject: [midPoint] Problem with post-registration configuration Message-ID: <48794894-db92-dd84-464b-5e824ada97d9@stuvus.uni-stuttgart.de> Hello everyone, I'm trying to implement an invite based user registration system and want to use midpoints self post-registration feature. I'm using midpoint 4.4.2 and the flexible authentication mechanism. I tried to follow the example in the documentation at https://docs.evolveum.com/midpoint/reference/misc/self-registration/configuration-before-4-6/#self-post-registration-or-invite-for-existing-users-in-midpoint So far I have the following config in my SecurityPolicy:                     selfRegistration active proposed             Aktivierung selfRegistrationAuth                                 and for the authentication sequence:         selfRegistrationAuth         Just a nonce mail to validate e-mail address.         http://midpoint.evolveum.com/xml/ns/public/common/channels-3#selfRegistration             registration                             RegistrationNonce             10             sufficient         Additionally I have configured a notification handler that sends the necessary information via email. If I create a new user the correct information is send via mail, namely a link in the form https://my-midpoint-domain/midpoint/registration?user=oid If I try to open the link in a browser, I get redirected to the login page and the midpoint logs show the following error: ERROR (com.evolveum.midpoint.web.security.filter.MidpointAuthFilter): Couldn't find sequence for URI '/midpoint/registration' in authentication of Security Policy with oid 00000000-0000-0000-0000-000000000120 java.lang.IllegalArgumentException: Couldn't find sequence for URI '/midpoint/registration' in authentication of Security Policy with oid 00000000-0000-0000-0000-000000000120 But if I open midpoint in the browser, then click on the Sign Up button and then paste the link into the url bar, I get the user specific registration form and can complete the activation process. My guess is, that simply opening the link in the browser does not qualify as the selfRegistration channel and therefore the process does not work. What would be the correct way to fix this? Thanks in advance! Regards Sven From jhaywo1 at ilstu.edu Tue Oct 4 20:32:55 2022 From: jhaywo1 at ilstu.edu (Haywood, Jeremiah) Date: Tue, 4 Oct 2022 18:32:55 +0000 Subject: [midPoint] Livesynch Task Suspended on Error Message-ID: Afternoon all, We are experimenting with live synch in a clustered deployment and have come across some situations where it experiences a fatal error and moves to a suspended state. The most recent error we received was the following after container reboot: GUI Results: Operation: com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally Status: FATAL_ERROR Message: Bucket PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)], PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)], PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum .midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[ ])]] is not ready I have also attached the stack trace from the logs. Is it possible to configure Midpoint to continue subsequent runs after permanent errors? Additionally, have others experienced similar behavior? Thank you, Jeremiah Haywood Lead IAM Administrator Office of Technology Solutions | Illinois State University Phone Number (309) 438-3829 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 58001 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: livesynch-fatal-error-log.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7264 bytes Desc: not available URL: From mederly at evolveum.com Tue Oct 4 20:40:46 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Tue, 4 Oct 2022 20:40:46 +0200 Subject: [midPoint] Livesynch Task Suspended on Error In-Reply-To: References: Message-ID: <0f81dd44-ddac-2b61-8c0f-550a8ff433ac@evolveum.com> Jeremiah, this reminds me of situations when the same task runs *independently* on multiple nodes at once. It should not, as the Quartz scheduler should take care of that; but sometimes it does. Very weird things are possible in such cases, and what you describe is exactly one of them. See e.g. https://jira.evolveum.com/browse/MID-5500. (And maybe search our jira for similar issues.) You may check the logs to see if this occurs and then try to determine why. Usually this points to some kind of infrastructure problem (overloaded nodes? faulty DB connections? clocks out of sync? this is a typical case for our professional support :). My advice is to diagnose and fix this, and not to somehow "sweep that under the carpet" -> as it would hurt you sometimes in the future. (Of course, I may be wrong and this could be a genuine midPoint bug. But I doubt that.) Best regards, -- Pavol Mederly Software developer evolveum.com On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote: > > Afternoon all, > > We are experimenting with live synch in a clustered deployment and > have come across some situations where it experiences a fatal error > and moves to a suspended state. The most recent error we received was > the following after container reboot: > > GUI Results: > > Operation: > com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally > > Status: FATAL_ERROR > > Message: > > Bucket > PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)], > PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)], > PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[])]] > is not ready > > I have also attached the stack trace from the logs. Is it possible to > configure Midpoint to continue subsequent runs after permanent errors? > Additionally, have others experienced similar behavior? > > Thank you, > > Jeremiah Haywood > > Lead IAM Administrator > > Office of Technology Solutions | Illinois State University > > Phone Number (309) 438-3829 > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 58001 bytes Desc: not available URL: From vitor.alves at gerencianet.com.br Tue Oct 4 20:45:39 2022 From: vitor.alves at gerencianet.com.br (Vitor Alves | Gerencianet) Date: Tue, 4 Oct 2022 18:45:39 +0000 Subject: [midPoint] RES: Livesynch Task Suspended on Error In-Reply-To: References: Message-ID: Hi Jeremiah, Yes, that is possible. I currently use version 4.4.3 LTS, and I had the same problem as you, in some cases the resource fails, but we must continue with the task. Following are the actions that must be done in the task XML. <...> runnable ready ImportingAccounts recurring * 3 * * * ------- If you want, you can do it via UI (particularly I prefer). Within the task, access the "Schedule" submenu and add: "Recurrence": Recurring Access the "Operational attributes (state)" submenu "Execution state": Runnable "Scheduling state": Ready I hope I could have helped. Atenciosamente, ----- Vitor Alves Analista Cloud Pleno II vitor.alves at gerencianet.com.br Infraestrutura de TI e Segurança gerencianet.com.br | 1ª Região - Brasil Atendimento a clientes: 4000 1234 para capitais e regiões metropolitanas e 0800 941 2343 para demais cidades. Expediente: de segunda a segunda, das 07h às 22h (horário de Brasília), inclusive em feriados nacionais. AVISO DE CONFIDENCIALIDADE - Esta mensagem da Gerencianet é enviada exclusivamente a seus destinatários e pode conter informações confidenciais, protegidas por sigilo profissional. Se você a recebeu indevidamente, a utilização posterior desta mensagem é desautorizada. Solicitamos que seja devolvida ao remetente para esclarecimento do equívoco. -----Mensagem original----- De: midPoint Em nome de midpoint-request at lists.evolveum.com Enviada em: terça-feira, 4 de outubro de 2022 15:33 Para: midpoint at lists.evolveum.com Assunto: midPoint Digest, Vol 126, Issue 3 Send midPoint mailing list submissions to midpoint at lists.evolveum.com To subscribe or unsubscribe via the World Wide Web, visit https://lists.evolveum.com/mailman/listinfo/midpoint or, via email, send a message with subject or body 'help' to midpoint-request at lists.evolveum.com You can reach the person managing the list at midpoint-owner at lists.evolveum.com When replying, please edit your Subject line so it is more specific than "Re: Contents of midPoint digest..." Today's Topics: 1. Livesynch Task Suspended on Error (Haywood, Jeremiah) ---------------------------------------------------------------------- Message: 1 Date: Tue, 4 Oct 2022 18:32:55 +0000 From: "Haywood, Jeremiah" To: "midpoint at lists.evolveum.com" Subject: [midPoint] Livesynch Task Suspended on Error Message-ID: Content-Type: text/plain; charset="utf-8" Afternoon all, We are experimenting with live synch in a clustered deployment and have come across some situations where it experiences a fatal error and moves to a suspended state. The most recent error we received was the following after container reboot: GUI Results: Operation: com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally Status: FATAL_ERROR Message: Bucket PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)], PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)], PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum .midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[ ])]] is not ready I have also attached the stack trace from the logs. Is it possible to configure Midpoint to continue subsequent runs after permanent errors? Additionally, have others experienced similar behavior? Thank you, Jeremiah Haywood Lead IAM Administrator Office of Technology Solutions | Illinois State University Phone Number (309) 438-3829 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 58001 bytes Desc: not available URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: livesynch-fatal-error-log.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7264 bytes Desc: not available URL: ------------------------------ Subject: Digest Footer _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ------------------------------ End of midPoint Digest, Vol 126, Issue 3 **************************************** From mederly at evolveum.com Tue Oct 4 21:06:39 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Tue, 4 Oct 2022 21:06:39 +0200 Subject: [midPoint] Livesynch Task Suspended on Error In-Reply-To: References: Message-ID: I've just looked at the details... 2022-10-03 19:37:01,932 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster.  This may cause inconsistent behavior. 2022-10-03 19:48:25,090 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1 failed or restarted instances. 2022-10-03 19:48:25,090 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs. 2022-10-03 19:50:11,947 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster.  This may cause inconsistent behavior. 2022-10-03 20:05:53,283 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster.  This may cause inconsistent behavior. 2022-10-03 20:19:10,271 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster.  This may cause inconsistent behavior. 2022-10-03 20:32:45,142 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1 failed or restarted instances. 2022-10-03 20:32:45,142 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs. 2022-10-03 20:32:45,164 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: ......Scheduled 1 recoverable job(s) for recovery. 2022-10-03 20:32:45,193 [] [midPointScheduler_Worker-9] INFO (com.evolveum.midpoint.task.quartzimpl.run.JobExecutor): Task Task(id:1664827507317-0-1, name:identityTable (livesynch), oid:9d446a2e-0819-4041-9f66-bf716d76b084) is recovering This points to the cluster issue with 100% certainty. :) -- Pavol Mederly Software developer evolveum.com On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote: > > Afternoon all, > > We are experimenting with live synch in a clustered deployment and > have come across some situations where it experiences a fatal error > and moves to a suspended state. The most recent error we received was > the following after container reboot: > > GUI Results: > > Operation: > com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally > > Status: FATAL_ERROR > > Message: > > Bucket > PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)], > PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)], > PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum.midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[])]] > is not ready > > I have also attached the stack trace from the logs. Is it possible to > configure Midpoint to continue subsequent runs after permanent errors? > Additionally, have others experienced similar behavior? > > Thank you, > > Jeremiah Haywood > > Lead IAM Administrator > > Office of Technology Solutions | Illinois State University > > Phone Number (309) 438-3829 > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 58001 bytes Desc: not available URL: From jhaywo1 at ilstu.edu Tue Oct 4 21:14:58 2022 From: jhaywo1 at ilstu.edu (Haywood, Jeremiah) Date: Tue, 4 Oct 2022 19:14:58 +0000 Subject: [midPoint] Livesynch Task Suspended on Error In-Reply-To: References: Message-ID: Thanks for the information and looking into that log file. Would this be addressed by having a tight binding to a specific node for the livesynch task? Or would increasing the quartzClusterCheckinGracePeriod still be required (based off details in [MID-5500] Reconc error: Couldn't complete work bucket for task - Evolveum Jira )? Thank you, Jeremiah Haywood Lead IAM Administrator Office of Technology Solutions | Illinois State University Phone Number (309) 438-3829 From: midPoint On Behalf Of Pavol Mederly via midPoint Sent: Tuesday, October 4, 2022 2:07 PM To: midpoint at lists.evolveum.com Cc: Pavol Mederly Subject: Re: [midPoint] Livesynch Task Suspended on Error This message originated from outside of the Illinois State University email system. Learn why this is important I've just looked at the details... 2022-10-03 19:37:01,932 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior. 2022-10-03 19:48:25,090 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1 failed or restarted instances. 2022-10-03 19:48:25,090 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs. 2022-10-03 19:50:11,947 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior. 2022-10-03 20:05:53,283 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior. 2022-10-03 20:19:10,271 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] WARN (org.quartz.impl.jdbcjobstore.JobStoreTX): This scheduler instance (ilstu-midpoint-dev-02) is still active but was recovered by another instance in the cluster. This may cause inconsistent behavior. 2022-10-03 20:32:45,142 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: detected 1 failed or restarted instances. 2022-10-03 20:32:45,142 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: Scanning for instance "ilstu-midpoint-dev-01"'s failed in-progress jobs. 2022-10-03 20:32:45,164 [] [QuartzScheduler_midPointScheduler-ilstu-midpoint-dev-02_ClusterManager] INFO (org.quartz.impl.jdbcjobstore.JobStoreTX): ClusterManager: ......Scheduled 1 recoverable job(s) for recovery. 2022-10-03 20:32:45,193 [] [midPointScheduler_Worker-9] INFO (com.evolveum.midpoint.task.quartzimpl.run.JobExecutor): Task Task(id:1664827507317-0-1, name:identityTable (livesynch), oid:9d446a2e-0819-4041-9f66-bf716d76b084) is recovering This points to the cluster issue with 100% certainty. :) -- Pavol Mederly Software developer evolveum.com On 04/10/2022 20:32, Haywood, Jeremiah via midPoint wrote: Afternoon all, We are experimenting with live synch in a clustered deployment and have come across some situations where it experiences a fatal error and moves to a suspended state. The most recent error we received was the following after container reboot: GUI Results: Operation: com.evolveum.midpoint.repo.common.activity.run.LocalActivityRun.runLocally Status: FATAL_ERROR Message: Bucket PCV(4531):[PP({.../common/common-3}sequentialNumber):[PPV(Integer:1)], PP({.../common/common-3}state):[PPV(WorkBucketStateType:COMPLETE)], PP({.../common/common-3}content):[PPV(NullWorkBucketContentType:com.evolveum .midpoint.xml.ns._public.common.common_3.NullWorkBucketContentType at 6e57bf8b[ ])]] is not ready I have also attached the stack trace from the logs. Is it possible to configure Midpoint to continue subsequent runs after permanent errors? Additionally, have others experienced similar behavior? Thank you, Jeremiah Haywood Lead IAM Administrator Office of Technology Solutions | Illinois State University Phone Number (309) 438-3829 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 58001 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 7264 bytes Desc: not available URL: From yrevyakin at gmail.com Wed Oct 5 17:00:22 2022 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Wed, 5 Oct 2022 18:00:22 +0300 Subject: [midPoint] NULL validTo in condition for assignment Message-ID: Hi all, I've found that if I assign an org (using objectTemplate) with the condition validTo == null (for example, if validTo was changed from a real value to empty) and use assignmentTaretSearch to get target org there is no any effect and nothing is assigned. It looks like the same as in this post in our maillist https://lists.evolveum.com/pipermail/midpoint/2018-November/005102.html Could someone confirm this is a bug or a feature? It looks like we can consider empty validTo as valid value when an employee has no finish date in case of assignments and assignmentTargetSearch. If I assign a static org by oid there is no problem. Thanks, J -------------- next part -------------- An HTML attachment was scrubbed... URL: From yrevyakin at gmail.com Wed Oct 5 17:01:46 2022 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Wed, 5 Oct 2022 18:01:46 +0300 Subject: [midPoint] NULL validTo in condition for assignment In-Reply-To: References: Message-ID: Sorry for misspelling: It looks like we CAN'T consider empty validTo as valid value when an employee has no finish date in case of assignments and assignmentTargetSearch. On Wed, 5 Oct 2022 at 18:00, Yakov Revyakin wrote: > Hi all, > I've found that if I assign an org (using objectTemplate) with the > condition > validTo == null (for example, if validTo was changed from a real value to > empty) and use assignmentTaretSearch to get target org there is no any > effect and nothing is assigned. > > It looks like the same as in this post in our maillist > https://lists.evolveum.com/pipermail/midpoint/2018-November/005102.html > > Could someone confirm this is a bug or a feature? > > It looks like we can consider empty validTo as valid value when an > employee has no finish date in case of assignments and > assignmentTargetSearch. > > If I assign a static org by oid there is no problem. > > Thanks, > J > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kamil.jires at evolveum.com Thu Oct 6 02:55:54 2022 From: kamil.jires at evolveum.com (Kamil Jires) Date: Thu, 6 Oct 2022 02:55:54 +0200 Subject: [midPoint] Midpoint Repository Load Balancing/Failover In-Reply-To: References: Message-ID: Hi Jeremiah,  Thanks for the question. Let me redirect the focus a little bit. Midpoint using JDBC driver to connect to the database. The native repository design expect the postgresql database. In case we put these together the focus may be "targeted" to the postgresql JDBC driver which seems to natively support it. By the documentation ( https://jdbc.postgresql.org/documentation/use/#connection-fail-over ) the example of the syntax may be: - jdbc:postgresql://host1:port1,host2:port2/database - jdbc:postgresql://node1,node2,node3/accounting?targetServerType=primary - jdbc:postgresql://node1,node2,node3/accounting?targetServerType=preferSecondary&loadBalanceHosts=true For sure it would be good to test it. In case of hands-on experience the feedback would be appreciated. Thank you,  Kamil On 23/09/2022 22:17, Haywood, Jeremiah via midPoint wrote: > > Hey all, > > Does anyone know if Midpoint natively supports multiple > repository/failover nodes via config.xml > (configuration.midpoint.repository.jdbcUrl) or environment variable > (REPO_JDBC_URL)? Or would this need to be handled with a proxy in > front of the database nodes? Possibly Pgpool or HAProxy. > > Thank you, > > Jeremiah Haywood > > Lead IAM Administrator > > Office of Technology Solutions | Illinois State University > > Phone Number (309) 438-3829 > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From barvepratik7721 at gmail.com Fri Oct 7 10:23:25 2022 From: barvepratik7721 at gmail.com (Pratik Barve) Date: Fri, 7 Oct 2022 13:53:25 +0530 Subject: [midPoint] Not able to build Midpoint code present on master branch Message-ID: Hi all, I am trying to build midpoint code available on the GitHub master branch. I followed this document and I am getting Build Failure. Attaching screenshots for reference [image: image.png] [image: image.png] [image: image.png] Regards Pratik -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 1238387 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 1288919 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 1312008 bytes Desc: not available URL: From jfellmann at gmail.com Fri Oct 7 16:38:25 2022 From: jfellmann at gmail.com (Joaquim Fellmann) Date: Fri, 7 Oct 2022 16:38:25 +0200 Subject: [midPoint] PR for midpoint book Message-ID: Hello, I'd like to submit a PR that fixes some typos in midpoint book but cannot find the adoc sources in the midpoint/docs github repository (only the html/epub/pdf files are available). Could someone point me to the right direction ? Thanks -- Joaquim -------------- next part -------------- An HTML attachment was scrubbed... URL: From barvepratik7721 at gmail.com Mon Oct 10 10:35:20 2022 From: barvepratik7721 at gmail.com (Pratik Barve) Date: Mon, 10 Oct 2022 14:05:20 +0530 Subject: [midPoint] Running midpoint from Intellij idea doesn't show ui with CSS Message-ID: Hi all, I am running midpoint application within IntelliJ with the steps described here . I am able to start midpoint, but it is with no UI. How can I achieve running midpoint with UI as if we are running midpoint distribution package? Attaching current midpoint UI and current configuration that I did to get this [image: image.png] [image: image.png] Regards, Pratik -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 21912 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 226397 bytes Desc: not available URL: From stephane.delcourt at ulb.be Mon Oct 10 12:54:04 2022 From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=) Date: Mon, 10 Oct 2022 10:54:04 +0000 Subject: [midPoint] hasNoAssignment policy constraint Message-ID: Hi all, Does someone know how to deal with this policy constraint ? My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068 So I want to add policy constraint in role B to block user receiving it if not assigned of role A Here's the code sample I'm using in role B: exclude-if-no-role-a But this does not trigger any error when I try to assign role B to a user not having role A. What am I missing here ? I don't even know how to debug this. Thanks for your help Stéphane Delcourt Informaticien - Gestionnaire système - Développeur [www.ulb.be] Département informatique, Service Applications métier Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: image001.jpg URL: From radovan.semancik at evolveum.com Mon Oct 10 13:38:12 2022 From: radovan.semancik at evolveum.com (Radovan Semancik) Date: Mon, 10 Oct 2022 13:38:12 +0200 Subject: [midPoint] PR for midpoint book In-Reply-To: References: Message-ID: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com> Hello, Book sources are not (yet) on github. Book is using a "non-commercial" Creative Commons license, which is somehow different that open source licenses for source code. We are not yet sure about all the differences and legal implications, we are still considering whether it is OK for us to publish book source code as well. How much typos have you found? If it is just a few, please send any kind of description of the typos directly to me, and I will fix the book manually. If there are a lot of typos ... then it would be best to make the book source code available ... and perhaps this could speed up our decision. -- Radovan Semancik Software Architect evolveum.com On 10/7/22 16:38, Joaquim Fellmann via midPoint wrote: > Hello, > > I'd like to submit a PR that fixes some typos in midpoint > book > but cannot find the adoc sources in > the midpoint/docs github repository (only the html/epub/pdf files are > available). Could someone point me to the right direction ? > > Thanks > > -- > Joaquim > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From jfellmann at gmail.com Mon Oct 10 14:13:20 2022 From: jfellmann at gmail.com (Joaquim Fellmann) Date: Mon, 10 Oct 2022 14:13:20 +0200 Subject: [midPoint] PR for midpoint book In-Reply-To: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com> References: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com> Message-ID: Hi Radovan, I found quite a lot (and will probably find more as I dig into it). I'll send you a diff against the latest master since the sources are not available yet. Regards -- Joaquim On Mon, 10 Oct 2022 at 13:38, Radovan Semancik via midPoint < midpoint at lists.evolveum.com> wrote: > Hello, > > Book sources are not (yet) on github. Book is using a "non-commercial" > Creative Commons license, which is somehow different that open source > licenses for source code. We are not yet sure about all the differences and > legal implications, we are still considering whether it is OK for us to > publish book source code as well. > > How much typos have you found? If it is just a few, please send any kind > of description of the typos directly to me, and I will fix the book > manually. If there are a lot of typos ... then it would be best to make the > book source code available ... and perhaps this could speed up our decision. > > -- > Radovan Semancik > Software Architectevolveum.com > > > > On 10/7/22 16:38, Joaquim Fellmann via midPoint wrote: > > Hello, > > I'd like to submit a PR that fixes some typos in midpoint > book > but cannot find the adoc sources in the midpoint/docs github repository > (only the html/epub/pdf files are available). Could someone point me to the > right direction ? > > Thanks > > -- > Joaquim > > _______________________________________________ > midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint > > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zeipelt at uni-wuppertal.de Tue Oct 11 13:25:39 2022 From: zeipelt at uni-wuppertal.de (Rene Zeipelt) Date: Tue, 11 Oct 2022 13:25:39 +0200 Subject: [midPoint] Compile Error on connector-ldap v3.4 Message-ID: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de> Hello, for testing hash tags with openldap pw-sha2 module I compile my git clone (with v3.4 tag) and got [ERROR] Failed to execute goal on project connector-ldap: Could not resolve dependencies for project com.evolveum.polygon:connector-ldap:jar:3.4: Failed to collect dependencies at org.apache.directory.api:api-all:jar:2.1.0e3: Failed to read artifact descriptor for org.apache.directory.api:api-all:jar:2.1.0e3: Failure to find org.apache.directory.project:project:pom:46-SNAPSHOT in https://nexus.evolveum.com/nexus/content/groups/public/ was cached in the local repository, resolution will not be reattempted until the update interval of evolveum has elapsed or updates are forced So version 3.6-snapshot have no compiling errors but the provisioning framework version is different and jar file would not loaded to midpoint by the icf-connectors dir. Running a midpoint 4.5 with native postgresql (13) on tomcat (9) deployment. Thank you for any hint or help. Best regards Rene Zeipelt -- _________________________________________________________ BERGISCHE UNIVERSITÄT WUPPERTAL Zentrum fuer Informations- und Medienverarbeitung - ZIM Gaussstr. 20 DEU-42119 Wuppertal _________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4200 bytes Desc: S/MIME Cryptographic Signature URL: From dmitri at asgardsecurity.eu Tue Oct 11 16:54:45 2022 From: dmitri at asgardsecurity.eu (dmitri at asgardsecurity.eu) Date: Tue, 11 Oct 2022 17:54:45 +0300 Subject: [midPoint] Database table connector to MS SQL Message-ID: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu> Hello! � I have a MS SQL with View, accessible with SQL Management Studio, all ok. Now I’ve used next configuration to setup the resource in Midpoint: � XXX.com 1433 XXX http://www.w3.org/2001/04/xmlenc#aes256-cbc XXXXX XXX XXXX Profiles Staff Id com.microsoft.sqlserver.jdbc.SQLServerDriver Single jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d; � � Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception: Operation org.identityconnectors.framework.api.ConnectorFacade.search Message Configuration error: SQL param name should be not null Parameters objectClass [ObjectClass: __ACCOUNT__] -------------- next part -------------- An HTML attachment was scrubbed... URL: From hsin-fang.hsu at itconcepts.ch Wed Oct 12 10:53:53 2022 From: hsin-fang.hsu at itconcepts.ch (Hsin-Fang Hsu) Date: Wed, 12 Oct 2022 08:53:53 +0000 Subject: [midPoint] use extensionAttributes in AD -- ERR_13219_NULL_SYNTAX_CHECKER Cannot validate with a null SyntaxChecker Message-ID: Hi, I am using com.evolveum.polygon.connector.ldap.ad.AdLdapConnector v3.3 I want to use extensionAttribute in the outbound but got this error: ERR_13219_NULL_SYNTAX_CHECKER Cannot validate with a null SyntaxChecker If I replace ri:extensionAttribute11 with ri:street then everything works fine. Did I miss anything? Or if there is anything need to be donw from the AD side? Here is the resource configuration: [cid:image001.png at 01D8DE28.844E4610] The outbound mapping [cid:image002.png at 01D8DE28.EA904090] Thank you very much for the help in advance! Best regards, Hsin-Fang -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 90756 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 15058 bytes Desc: image002.png URL: From mederly at evolveum.com Wed Oct 12 12:34:01 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Wed, 12 Oct 2022 12:34:01 +0200 Subject: [midPoint] hasNoAssignment policy constraint In-Reply-To: References: Message-ID: Hello, Stéphane, just a few general comments: 1. I would search the midPoint sources for string. We try to do the development seriously, so every feature should have (at least) one test for it. This one is no exception. 2. I would search the docs.evolveum.com for "hasNoAssignment". Here the situation is a bit worse. The feature is not quite finished - it was sponsored to some extent; but additional resources are needed to document it properly. However, this work-in-progress document could help: https://docs.evolveum.com/midpoint/devel/design/policy-constraints/. (The formatting problems are due to wiki migration.) 3. As for debugging, policy constraints do not have "" flag nor the comprehensive troubleshooting methodology (as mappings do). So I use the (experimental) troubleshooting with traces to diagnose issues with them. 4. Personally, I would be greatly interested in how many installations do use policy rules, and this one in particular. -- Pavol Mederly Software developer evolveum.com On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote: > > Hi all, > > Does someone know how to deal with this policy constraint ? > > My idea is to use it for role dependency as intended > https://jira.evolveum.com/browse/MID-4068 > > So I want to add policy constraint in role B to block user receiving > it if not assigned of role A > > Here’s the code sample I’m using in role B: > >     > > > > exclude-if-no-role-a > > > > > > > > > > > > > > > > > > > >     > > But this does not trigger any error when I try to assign role B to a > user not having role A. > > What am I missing here ? > > I don’t even know how to debug this. > > Thanks for your help > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > www.ulb.be > *Département informatique, Service Applications métier* > Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: not available URL: From stefano at everythinginfo.cloud Wed Oct 12 22:41:53 2022 From: stefano at everythinginfo.cloud (Stefano Belluomini | EI) Date: Wed, 12 Oct 2022 20:41:53 +0000 Subject: [midPoint] Database table connector to MS SQL In-Reply-To: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu> References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu> Message-ID: Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls. ________________________________ From: midPoint on behalf of dmitri--- via midPoint Sent: Wednesday, October 12, 2022 12:54:45 AM To: midpoint at lists.evolveum.com Cc: dmitri at asgardsecurity.eu Subject: [midPoint] Database table connector to MS SQL Hello! I have a MS SQL with View, accessible with SQL Management Studio, all ok. Now I’ve used next configuration to setup the resource in Midpoint: > XXX.com 1433 XXX >http://www.w3.org/2001/04/xmlenc#aes256-cbc> XXXXX XXX XXXX Profiles Staff Id com.microsoft.sqlserver.jdbc.SQLServerDriver Single jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d; Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception: Operation org.identityconnectors.framework.api.ConnectorFacade.search Message Configuration error: SQL param name should be not null Parameters objectClass [ObjectClass: __ACCOUNT__] Error Configuration error: SQL param name should be not null show com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382) Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface. Any suggestions would be much appreciated, thank you! Cheers, Dmitry -------------- next part -------------- An HTML attachment was scrubbed... URL: From berezkin.dmitriy at gmail.com Thu Oct 13 07:54:00 2022 From: berezkin.dmitriy at gmail.com (Dmitriy Berezkin) Date: Thu, 13 Oct 2022 09:54:00 +0400 Subject: [midPoint] Recompute Task Performance In-Reply-To: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> Message-ID: <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> Hi! Could you tell me with parameter has the greatest impact on recompute task performance? Is it CPU or RAM or DB performance or anything else? I want to know how we can reduce task processing time. Is there any knowledge about it besides profiling? ––– Dmitry Berezkin -------------- next part -------------- An HTML attachment was scrubbed... URL: From gustav.palos at gmail.com Thu Oct 13 07:56:20 2022 From: gustav.palos at gmail.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=) Date: Thu, 13 Oct 2022 07:56:20 +0200 Subject: [midPoint] Recompute Task Performance In-Reply-To: <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> Message-ID: Hi, Are you using multiple workerThreads & buckets & nodes? https://docs.evolveum.com/midpoint/reference/tasks/activities/distribution/ best regards, Gustav št 13. 10. 2022 o 7:54 Dmitriy Berezkin via midPoint < midpoint at lists.evolveum.com> napísal(a): > Hi! > > Could you tell me with parameter has the greatest impact on recompute task > performance? Is it CPU or RAM or DB performance or anything else? > I want to know how we can reduce task processing time. Is there any > knowledge about it besides profiling? > > ––– > Dmitry Berezkin > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -- s pozdravom Gustáv Pálos -------------- next part -------------- An HTML attachment was scrubbed... URL: From berezkin.dmitriy at gmail.com Thu Oct 13 08:10:58 2022 From: berezkin.dmitriy at gmail.com (Dmitriy Berezkin) Date: Thu, 13 Oct 2022 10:10:58 +0400 Subject: [midPoint] Recompute Task Performance In-Reply-To: References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> Message-ID: We’re using 8 workerThreads and separate node for scheduled tasks. ––– Dmitry Berezkin 13 окт. 2022 г., 09:56 +0400, Pálos Gustáv via midPoint , писал: > Hi, > > Are you using multiple workerThreads & buckets & nodes? > https://docs.evolveum.com/midpoint/reference/tasks/activities/distribution/ > > best regards, > > Gustav > > > št 13. 10. 2022 o 7:54 Dmitriy Berezkin via midPoint napísal(a): > > > Hi! > > > > > > Could you tell me with parameter has the greatest impact on recompute task performance? Is it CPU or RAM or DB performance or anything else? > > > I want to know how we can reduce task processing time. Is there any knowledge about it besides profiling? > > > > > > ––– > > > Dmitry Berezkin > > > _______________________________________________ > > > midPoint mailing list > > > midPoint at lists.evolveum.com > > > https://lists.evolveum.com/mailman/listinfo/midpoint > > > -- > s pozdravom > > Gustáv Pálos > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmitri at asgardsecurity.eu Thu Oct 13 10:41:53 2022 From: dmitri at asgardsecurity.eu (dmitri at asgardsecurity.eu) Date: Thu, 13 Oct 2022 11:41:53 +0300 Subject: [midPoint] Database table connector to MS SQL In-Reply-To: References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu> Message-ID: <003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu> ‘Staff id’ – IS configured to allow NULL values as I see, could this be a problem? I can ask the IT to change this behavior in SQL View query, although I don’t see any NULL value there in the data. � Cheers, Dmitry � From: Stefano Belluomini | EI Sent: Wednesday, October 12, 2022 11:42 PM To: midPoint General Discussion Cc: dmitri at asgardsecurity.eu Subject: Re: [midPoint] Database table connector to MS SQL � Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls. _____ From: midPoint > on behalf of dmitri--- via midPoint > Sent: Wednesday, October 12, 2022 12:54:45 AM To: midpoint at lists.evolveum.com > Cc: dmitri at asgardsecurity.eu > Subject: [midPoint] Database table connector to MS SQL � Hello! � I have a MS SQL with View, accessible with SQL Management Studio, all ok. Now I’ve used next configuration to setup the resource in Midpoint: � � � � � � � � > � � � � � � � � � � � � � � � � � � XXX.com � � � � � � � � � � �1433 � � � � � � � � � � � XXX � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � >http://www.w3.org/2001/04/xmlenc#aes256-cbc � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � XXXXX � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � XXX � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � XXXX � � � � � � � � � � � Profiles � � � � � � � � � � � Staff Id � � � � � � � � � � �com.microsoft.sqlserver.jdbc.SQLServerDriver � � � � � � � � � � � Single � � � � � � � � � � � jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d; � � � � � � � � � Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception: Operation org.identityconnectors.framework.api.ConnectorFacade.search Message Configuration error: SQL param name should be not null Parameters objectClass [ObjectClass: __ACCOUNT__] Error Configuration error: SQL param name should be not null show com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382) � � Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface. � Any suggestions would be much appreciated, thank you! � Cheers, Dmitry � � � -------------- next part -------------- An HTML attachment was scrubbed... URL: From stefano at everythinginfo.cloud Thu Oct 13 10:43:53 2022 From: stefano at everythinginfo.cloud (Stefano Belluomini | EI) Date: Thu, 13 Oct 2022 08:43:53 +0000 Subject: [midPoint] Database table connector to MS SQL In-Reply-To: <003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu> References: <023101d8dd81$66fee490$34fcadb0$@asgardsecurity.eu> <003c01d8dedf$a5556520$f0002f60$@asgardsecurity.eu> Message-ID: Hi Dmitry, The connector will complain if a reference column allows nulls, even if none of the cells have nulls. I’m confident that’s your problem. Regards, Stefano ________________________________ From: dmitri at asgardsecurity.eu Sent: Thursday, October 13, 2022 6:41:53 PM To: Stefano Belluomini | EI ; 'midPoint General Discussion' Subject: RE: [midPoint] Database table connector to MS SQL ‘Staff id’ – IS configured to allow NULL values as I see, could this be a problem? I can ask the IT to change this behavior in SQL View query, although I don’t see any NULL value there in the data. Cheers, Dmitry From: Stefano Belluomini | EI Sent: Wednesday, October 12, 2022 11:42 PM To: midPoint General Discussion Cc: dmitri at asgardsecurity.eu Subject: Re: [midPoint] Database table connector to MS SQL Is the staffId column in your database configured to allow NULL? I use the same connector and the column I’m using as the key does not allow nulls. ________________________________ From: midPoint > on behalf of dmitri--- via midPoint > Sent: Wednesday, October 12, 2022 12:54:45 AM To: midpoint at lists.evolveum.com > Cc: dmitri at asgardsecurity.eu > Subject: [midPoint] Database table connector to MS SQL Hello! I have a MS SQL with View, accessible with SQL Management Studio, all ok. Now I’ve used next configuration to setup the resource in Midpoint: > XXX.com 1433 XXX >http://www.w3.org/2001/04/xmlenc#aes256-cbc> XXXXX XXX XXXX Profiles Staff Id com.microsoft.sqlserver.jdbc.SQLServerDriver Single jdbc:sqlserver://%h:%p;encrypt=false;databaseName=%d; Test Connection is ok, schema generation is ok – everything seems to be fine, now when I try to browse objects from resource or run import task I get exception: Operation org.identityconnectors.framework.api.ConnectorFacade.search Message Configuration error: SQL param name should be not null Parameters objectClass [ObjectClass: __ACCOUNT__] Error Configuration error: SQL param name should be not null show com.evolveum.midpoint.util.exception.ConfigurationException: Configuration error: SQL param name should be not null at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:169) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil.processConnIdException(ConnIdUtil.java:87) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.executeConnIdSearch(SearchExecutor.java:236) at com.evolveum.midpoint.provisioning.ucf.impl.connid.SearchExecutor.execute(SearchExecutor.java:110) at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.search(ConnectorInstanceConnIdImpl.java:1787) at com.evolveum.midpoint.provisioning.impl.resourceobjects.ResourceObjectConverter.searchResourceObjects(ResourceObjectConverter.java:1382) Timeout wise seems that Midpoint is getting the data – query takes around 27 seconds to run on server, more-or-less same time I wait till I get this error in Midpoint interface. Any suggestions would be much appreciated, thank you! Cheers, Dmitry -------------- next part -------------- An HTML attachment was scrubbed... URL: From zeipelt at uni-wuppertal.de Thu Oct 13 11:26:12 2022 From: zeipelt at uni-wuppertal.de (Rene Zeipelt) Date: Thu, 13 Oct 2022 11:26:12 +0200 Subject: [midPoint] Compile Error on connector-ldap v3.4 In-Reply-To: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de> References: <7fa2a85f-93f2-5a5c-bdb7-9025d9c65167@uni-wuppertal.de> Message-ID: Am 11.10.22 um 13:25 schrieb Rene Zeipelt via midPoint: > Hello, for testing hash tags with openldap pw-sha2 module I compile my > git clone (with v3.4 tag) and got > > [ERROR] Failed to execute goal on project connector-ldap: Could not > resolve dependencies for project > com.evolveum.polygon:connector-ldap:jar:3.4: Failed to collect > dependencies at org.apache.directory.api:api-all:jar:2.1.0e3: Failed > to read artifact descriptor for > org.apache.directory.api:api-all:jar:2.1.0e3: Failure to find > org.apache.directory.project:project:pom:46-SNAPSHOT in > https://nexus.evolveum.com/nexus/content/groups/public/ was cached in > the local repository, resolution will not be reattempted until the > update interval of evolveum has elapsed or updates are forced > > So version 3.6-snapshot have no compiling errors but the provisioning > framework version is different and jar file would not loaded to > midpoint by the icf-connectors dir. Running a midpoint 4.5 with native > postgresql (13) on tomcat (9) deployment. Thank you for any hint or help. > Best regards > Rene Zeipelt > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint Hello, I got error free compiling on v.3.3.1 of connector-ldap jar and add the algorithm name SSHA512 to hashBytes function on the schema/AbstractSchemaTranslator.java. The function build the hash tag from alg name to {SSHA-512} and this does not work on openldap pw-sha2 module. But with the algorithm name equal to hash tag it build the right tag {SSHA512} and it works on ldap bind. Best regards Rene Zeipelt -- _________________________________________________________ BERGISCHE UNIVERSITÄT WUPPERTAL Zentrum fuer Informations- und Medienverarbeitung - ZIM Gaussstr. 20 DEU-42119 Wuppertal _________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4942 bytes Desc: S/MIME Cryptographic Signature URL: From stephane.delcourt at ulb.be Thu Oct 13 17:08:08 2022 From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=) Date: Thu, 13 Oct 2022 15:08:08 +0000 Subject: [midPoint] hasNoAssignment policy constraint In-Reply-To: References: Message-ID: Hi Pavol, Thanks for all your suggestions, I did not knew about the third one and give it a try. IT helps me to understand that my policy constraint did not apply user having assignment to role A but role B having assignment to role A. I now understand the meaning of "evaluated on" column in the wiki sorry about that. Then I'm back at the beginning and my main goal is to achieve the opposite of exclusion constraint. Stéphane Delcourt Informaticien - Gestionnaire système - Développeur From: midPoint On Behalf Of Pavol Mederly via midPoint Sent: Wednesday, 12 October 2022 12:34 To: midpoint at lists.evolveum.com Cc: Pavol Mederly Subject: Re: [midPoint] hasNoAssignment policy constraint Hello, Stéphane, just a few general comments: 1. I would search the midPoint sources for string. We try to do the development seriously, so every feature should have (at least) one test for it. This one is no exception. 2. I would search the docs.evolveum.com for "hasNoAssignment". Here the situation is a bit worse. The feature is not quite finished - it was sponsored to some extent; but additional resources are needed to document it properly. However, this work-in-progress document could help: https://docs.evolveum.com/midpoint/devel/design/policy-constraints/. (The formatting problems are due to wiki migration.) 3. As for debugging, policy constraints do not have "" flag nor the comprehensive troubleshooting methodology (as mappings do). So I use the (experimental) troubleshooting with traces to diagnose issues with them. 4. Personally, I would be greatly interested in how many installations do use policy rules, and this one in particular. -- Pavol Mederly Software developer evolveum.com On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote: Hi all, Does someone know how to deal with this policy constraint ? My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068 So I want to add policy constraint in role B to block user receiving it if not assigned of role A Here's the code sample I'm using in role B: exclude-if-no-role-a But this does not trigger any error when I try to assign role B to a user not having role A. What am I missing here ? I don't even know how to debug this. Thanks for your help Stéphane Delcourt Informaticien - Gestionnaire système - Développeur [www.ulb.be] Département informatique, Service Applications métier Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: image001.jpg URL: From mederly at evolveum.com Thu Oct 13 19:26:19 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Thu, 13 Oct 2022 19:26:19 +0200 Subject: [midPoint] hasNoAssignment policy constraint In-Reply-To: References: Message-ID: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com> Hello Stéphane, I would consider formulating the rule like this: "It is illegal to have a role B and not have role A (at the same time)" - forgetting about the assignment-oriented, transition-related "assignment" constraint, but simply using two object-oriented, state-related ones: hasAssignment, hasNoAssignment. -- Pavol Mederly Software developer evolveum.com On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote: > > Hi Pavol, > > Thanks for all your suggestions, I did not knew about the third one > and give it a try. > > IT helps me to understand that my policy constraint did not apply user > having assignment to role A but role B having assignment to role A. > > I now understand the meaning of “evaluated on” column in the wiki > sorry about that. > > Then I’m back at the beginning and my main goal is to achieve the > opposite of exclusion constraint. > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > > *From:*midPoint *On Behalf Of > *Pavol Mederly via midPoint > *Sent:* Wednesday, 12 October 2022 12:34 > *To:* midpoint at lists.evolveum.com > *Cc:* Pavol Mederly > *Subject:* Re: [midPoint] hasNoAssignment policy constraint > > Hello, Stéphane, > > just a few general comments: > > 1. I would search the midPoint sources for string. > We try to do the development seriously, so every feature should > have (at least) one test for it. This one is no exception. > 2. I would search the docs.evolveum.com for "hasNoAssignment". Here > the situation is a bit worse. The feature is not quite finished - > it was sponsored to some extent; but additional resources are > needed to document it properly. However, this work-in-progress > document could help: > https://docs.evolveum.com/midpoint/devel/design/policy-constraints/ > . > (The formatting problems are due to wiki migration.) > 3. As for debugging, policy constraints do not have "" flag > nor the comprehensive troubleshooting methodology (as mappings > do). So I use the (experimental) troubleshooting with traces > to > diagnose issues with them. > 4. Personally, I would be greatly interested in how many > installations do use policy rules, and this one in particular. > > -- > Pavol Mederly > Software developer > evolveum.com > > On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote: > > Hi all, > > Does someone know how to deal with this policy constraint ? > > My idea is to use it for role dependency as intended > https://jira.evolveum.com/browse/MID-4068 > > > So I want to add policy constraint in role B to block user > receiving it if not assigned of role A > > Here’s the code sample I’m using in role B: > >     > > > > exclude-if-no-role-a > > > > > > > > > > > > > > > > > > > > > > But this does not trigger any error when I try to assign role B to > a user not having role A. > > What am I missing here ? > > I don’t even know how to debug this. > > Thanks for your help > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > www.ulb.be > > *Département informatique, Service Applications métier* > Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: not available URL: From stephane.delcourt at ulb.be Fri Oct 14 10:30:15 2022 From: stephane.delcourt at ulb.be (=?iso-8859-1?Q?Delcourt_St=E9phane?=) Date: Fri, 14 Oct 2022 08:30:15 +0000 Subject: [midPoint] hasNoAssignment policy constraint In-Reply-To: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com> References: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com> Message-ID: Thanks a lot and sorry about the misunderstanding of documentation here. Found the solution: I was placing policy rule on role B as assignment instead of inducement. Stéphane Delcourt Informaticien - Gestionnaire système - Développeur From: midPoint On Behalf Of Pavol Mederly via midPoint Sent: Thursday, 13 October 2022 19:26 To: midpoint at lists.evolveum.com Cc: Pavol Mederly Subject: Re: [midPoint] hasNoAssignment policy constraint Hello Stéphane, I would consider formulating the rule like this: "It is illegal to have a role B and not have role A (at the same time)" - forgetting about the assignment-oriented, transition-related "assignment" constraint, but simply using two object-oriented, state-related ones: hasAssignment, hasNoAssignment. -- Pavol Mederly Software developer evolveum.com On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote: Hi Pavol, Thanks for all your suggestions, I did not knew about the third one and give it a try. IT helps me to understand that my policy constraint did not apply user having assignment to role A but role B having assignment to role A. I now understand the meaning of "evaluated on" column in the wiki sorry about that. Then I'm back at the beginning and my main goal is to achieve the opposite of exclusion constraint. Stéphane Delcourt Informaticien - Gestionnaire système - Développeur From: midPoint On Behalf Of Pavol Mederly via midPoint Sent: Wednesday, 12 October 2022 12:34 To: midpoint at lists.evolveum.com Cc: Pavol Mederly Subject: Re: [midPoint] hasNoAssignment policy constraint Hello, Stéphane, just a few general comments: 1. I would search the midPoint sources for string. We try to do the development seriously, so every feature should have (at least) one test for it. This one is no exception. 2. I would search the docs.evolveum.com for "hasNoAssignment". Here the situation is a bit worse. The feature is not quite finished - it was sponsored to some extent; but additional resources are needed to document it properly. However, this work-in-progress document could help: https://docs.evolveum.com/midpoint/devel/design/policy-constraints/. (The formatting problems are due to wiki migration.) 3. As for debugging, policy constraints do not have "" flag nor the comprehensive troubleshooting methodology (as mappings do). So I use the (experimental) troubleshooting with traces to diagnose issues with them. 4. Personally, I would be greatly interested in how many installations do use policy rules, and this one in particular. -- Pavol Mederly Software developer evolveum.com On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote: Hi all, Does someone know how to deal with this policy constraint ? My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068 So I want to add policy constraint in role B to block user receiving it if not assigned of role A Here's the code sample I'm using in role B: exclude-if-no-role-a But this does not trigger any error when I try to assign role B to a user not having role A. What am I missing here ? I don't even know how to debug this. Thanks for your help Stéphane Delcourt Informaticien - Gestionnaire système - Développeur [www.ulb.be] Département informatique, Service Applications métier Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: image001.jpg URL: From mederly at evolveum.com Fri Oct 14 11:03:42 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Fri, 14 Oct 2022 11:03:42 +0200 Subject: [midPoint] hasNoAssignment policy constraint In-Reply-To: References: <36685aba-6bb0-1fb3-74ed-127b021a6d3e@evolveum.com> Message-ID: <87dd2042-afec-55da-db0d-9af8b85eb353@evolveum.com> Stéphane, I am glad you found the solution. And there is no need to apologize! :) -- Pavol Mederly Software developer evolveum.com On 14/10/2022 10:30, Delcourt Stéphane via midPoint wrote: > > Thanks a lot and sorry about the misunderstanding  of documentation here. > > Found the solution: > > I was placing policy rule on role B as assignment instead of inducement. > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > > *From:*midPoint *On Behalf Of > *Pavol Mederly via midPoint > *Sent:* Thursday, 13 October 2022 19:26 > *To:* midpoint at lists.evolveum.com > *Cc:* Pavol Mederly > *Subject:* Re: [midPoint] hasNoAssignment policy constraint > > Hello Stéphane, > > I would consider formulating the rule like this: "It is illegal to > have a role B and not have role A (at the same time)" - forgetting > about the assignment-oriented, transition-related "assignment" > constraint, but simply using two object-oriented, state-related ones: > hasAssignment, hasNoAssignment. > > -- > Pavol Mederly > Software developer > evolveum.com > > On 13/10/2022 17:08, Delcourt Stéphane via midPoint wrote: > > Hi Pavol, > > Thanks for all your suggestions, I did not knew about the third > one and give it a try. > > IT helps me to understand that my policy constraint did not apply > user having assignment to role A but role B having assignment to > role A. > > I now understand the meaning of “evaluated on” column in the wiki > sorry about that. > > Then I’m back at the beginning and my main goal is to achieve the > opposite of exclusion constraint. > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > > *From:*midPoint > *On Behalf Of *Pavol > Mederly via midPoint > *Sent:* Wednesday, 12 October 2022 12:34 > *To:* midpoint at lists.evolveum.com > *Cc:* Pavol Mederly > > *Subject:* Re: [midPoint] hasNoAssignment policy constraint > > Hello, Stéphane, > > just a few general comments: > > 1. I would search the midPoint sources for > string. We try to do the development seriously, so every > feature should have (at least) one test for it. This one is no > exception. > 2. I would search the docs.evolveum.com for "hasNoAssignment". > Here the situation is a bit worse. The feature is not quite > finished - it was sponsored to some extent; but additional > resources are needed to document it properly. However, this > work-in-progress document could help: > https://docs.evolveum.com/midpoint/devel/design/policy-constraints/ > . > (The formatting problems are due to wiki migration.) > 3. As for debugging, policy constraints do not have "" > flag nor the comprehensive troubleshooting methodology (as > mappings do). So I use the (experimental) troubleshooting with > traces > to > diagnose issues with them. > 4. Personally, I would be greatly interested in how many > installations do use policy rules, and this one in particular. > > -- > > Pavol Mederly > > Software developer > > evolveum.com > > On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote: > > Hi all, > > Does someone know how to deal with this policy constraint ? > > My idea is to use it for role dependency as intended > https://jira.evolveum.com/browse/MID-4068 > > > So I want to add policy constraint in role B to block user > receiving it if not assigned of role A > > Here’s the code sample I’m using in role B: > > > > > > exclude-if-no-role-a > > > > > > > > > > > > > > > > > > > > > > But this does not trigger any error when I try to assign role > B to a user not having role A. > > What am I missing here ? > > I don’t even know how to debug this. > > Thanks for your help > > *Stéphane Delcourt* > Informaticien – Gestionnaire système - Développeur > www.ulb.be > > *Département informatique, Service Applications métier* > Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles > > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 15369 bytes Desc: not available URL: From ssimkova at evolveum.com Fri Oct 14 15:35:15 2022 From: ssimkova at evolveum.com (Simona Simkova) Date: Fri, 14 Oct 2022 15:35:15 +0200 (CEST) Subject: [midPoint] Evolveum at Educause in Denver Message-ID: <1716831998.120349.1665754515926.JavaMail.zimbra@evolveum.com> Dear midPoint community, The higher education IT world is gathering once again and we cannot miss it this time. Hence, we would like to let you know that Evolveum team (Slavek Licehammer, Identity Engineer and Simona Simkova, Sales&Partnerships Representative) will be at [ https://events.educause.edu/annual-conference | EDUCAUSE  ] this year, from October 24th-28th in Denver! Are you planning to attend too? Let us know via email academia @evolveum.com and we could arrange some time to speak in person. We are looking forward to live discussion! Best regards Simona Simkova | Sales Representative [ mailto:simona.simkova at evolveum.com | simona.simkova at evolveum.com ] | [ http://www.evolveum.com/ | www.evolveum.com ] +421 911 449 455 [ https://twitter.com/Evolveum ] Disclaimer: The contents of this e-mail and attachment(s) thereto are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. -------------- next part -------------- An HTML attachment was scrubbed... URL: From PFSJ at senado.leg.br Fri Oct 14 17:14:25 2022 From: PFSJ at senado.leg.br (Paulo Fernandes de Souza Junior) Date: Fri, 14 Oct 2022 15:14:25 +0000 Subject: [midPoint] Error in matchingRule Message-ID: After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 From ruy.takata at serpro.gov.br Fri Oct 14 19:00:13 2022 From: ruy.takata at serpro.gov.br (Ruy Minoru Ito Takata) Date: Fri, 14 Oct 2022 17:00:13 +0000 Subject: [midPoint] Replace Manager from OrgUnit Message-ID: Hi, I'm using CSV file to create a org tree and assign a manager to each one. But when there are a change in manager, the new manager is added and the old manager is not removed. Like in the book, the org CSV has orgnum, orgname, and manager identifier. I made two resources, one to build the org tree, and another to assign manager to the orgs. The resource that assigns manager to the orgs has a assignmentTargetSearch to find the org and change the assignment attribute of the user. So, when a user is no more manager of an org, his identifier disappear from the CSV file. What is the correct way to do this? My CSV org file is like: orgnum,orgname,orgmanager My schemahandling: Organizational Unit Manager ri:AccountObjectClass account true ri:orgmanager $focus/employeeNumber ri:orgnum c:OrgType org:manager csvorgmanager identifier $input $focus/assignment Thanks [Serpro] Ruy Minoru Ito Takata Analista Superintendência de Segurança da Informação Diretoria de Operações +55 (11) 2173-1799 "Essa mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente ao destinatário informado e pode conter dados pessoais, protegidos pela Lei Geral de Proteção de Dados (Lei 13.709/2018), assim como informações confidenciais, protegidas por sigilo profissional. O SERPRO ressalta seu comprometimento em assegurar a segurança e a proteção das informações contidas neste e-mail e informa que a sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você o recebeu indevidamente, queira, por gentileza, reenviá-lo ao emitente, esclarecendo o equívoco." "This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) - a government company established under Brazilian law (5.615/70) - is directed exclusively to its addressee and may contain personal data protected by the General Data Protection Law (13.709/2018) as well as confidencial data, protected under professional secrecy rules. SERPRO highlights its commitment to ensuring the security and protection of the information contained in this email and its unauthorized use is illegal and may subject the transgressor to the law´s penalties. If you´re not the addressee, please send it back, elucidating the failure." -------------- next part -------------- An HTML attachment was scrubbed... URL: From smarbrier at positivethinking.tech Sun Oct 16 23:45:31 2022 From: smarbrier at positivethinking.tech (=?utf-8?B?U8OpYmFzdGllbiBNQVJCUklFUg==?=) Date: Sun, 16 Oct 2022 21:45:31 +0000 Subject: [midPoint] Error in matchingRule In-Reply-To: References: Message-ID: Hello Paolo, Can you tell me from which version you moved from and if you changed the version of your AD connector ? Best regards, Sébastien Marbrier -----Original Message----- From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion Cc: Paulo Fernandes de Souza Junior Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. From PFSJ at senado.leg.br Mon Oct 17 13:38:53 2022 From: PFSJ at senado.leg.br (Paulo Fernandes de Souza Junior) Date: Mon, 17 Oct 2022 11:38:53 +0000 Subject: [midPoint] Error in matchingRule In-Reply-To: References: Message-ID: Hi Sébastien, We just upgrade from version 4.4.2. No changes in AD connector version. Regards, Paulo Fernandes de Souza Júnior NQPPPS Senado Federal - PRODASEN Fone: 61 3303.3924 ________________________________ De: midPoint em nome de Sébastien MARBRIER via midPoint Enviado: domingo, 16 de outubro de 2022 18:45 Para: midPoint General Discussion Cc: Sébastien MARBRIER Assunto: Re: [midPoint] Error in matchingRule Hello Paolo, Can you tell me from which version you moved from and if you changed the version of your AD connector ? Best regards, Sébastien Marbrier -----Original Message----- From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion Cc: Paulo Fernandes de Souza Junior Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From davy.priem at vives.be Mon Oct 17 16:28:47 2022 From: davy.priem at vives.be (Davy Priem) Date: Mon, 17 Oct 2022 14:28:47 +0000 Subject: [midPoint] Error in matchingRule In-Reply-To: References: Message-ID: <2007739D-C62A-48DD-906D-3B2E663A8249@vives.be> Hi, FYI: I have the same issue, but this is not blocking from operation correctly. I thought this was because we didn’t switch to native Postgress yet. 2022-10-17 15:17:48,559 [REPOSITORY] [pool-2-thread-135] ERROR (com.evolveum.midpoint.repo.sql.query.matcher.StringMatcher): Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. Property name: '_s2.value', value: ‘cn=xxxx,ou=xxxx,ou=xxxx,dc=xxxx,dc=xxxx' Davy Priem Coördinator IT architectuur, operations en security Hogeschool VIVES | Dienst studentenzaken, informatie en technologie Doorniksesteenweg 145 | 8500 Kortrijk tel. + 32 56 27 05 61 e-mail davy.priem at vives.be Op 17 okt. 2022, om 13:38 heeft Paulo Fernandes de Souza Junior via midPoint > het volgende geschreven: Hi Sébastien, We just upgrade from version 4.4.2. No changes in AD connector version. Regards, Paulo Fernandes de Souza Júnior NQPPPS Senado Federal - PRODASEN Fone: 61 3303.3924 ________________________________ De: midPoint > em nome de Sébastien MARBRIER via midPoint > Enviado: domingo, 16 de outubro de 2022 18:45 Para: midPoint General Discussion > Cc: Sébastien MARBRIER > Assunto: Re: [midPoint] Error in matchingRule Hello Paolo, Can you tell me from which version you moved from and if you changed the version of your AD connector ? Best regards, Sébastien Marbrier -----Original Message----- From: midPoint > On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion > Cc: Paulo Fernandes de Souza Junior > Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From dantrob at uwo.ca Mon Oct 17 16:51:29 2022 From: dantrob at uwo.ca (Dennis Antrobus) Date: Mon, 17 Oct 2022 14:51:29 +0000 Subject: [midPoint] Error in matchingRule Message-ID: Hi, We encountered this issue during our upgrade to MidPoint 4.4.3 and discovered via consultation with Evolveum that it's since been fixed in the MidPoint 4.4.4 support branch. In order to move past this issue you'll likely need to either upgrade your instances to a snapshot version of MidPoint 4.4.4 (https://nexus.evolveum.com/nexus/#browse/browse:snapshots:com%2Fevolveum%2Fmidpoint%2Fdist%2F4.4.4-SNAPSHOT) or wait until the finalized MidPoint 4.4.4 version has been released. Dennis Antrobus Western Technology Services Western University From: midPoint >> On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion >> Cc: Paulo Fernandes de Souza Junior >> Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From smarbrier at positivethinking.tech Mon Oct 17 17:28:21 2022 From: smarbrier at positivethinking.tech (=?iso-8859-1?Q?S=E9bastien_MARBRIER?=) Date: Mon, 17 Oct 2022 15:28:21 +0000 Subject: [midPoint] Error in matchingRule In-Reply-To: References: Message-ID: Hello Paolo, the LDAP connector version changed from 3.1 to 3.3 between 4.2 to 4.4.3. I am not sure if it may come from here but you should have a try. In the documentation, I found the details about the matching rules here: https://docs.evolveum.com/midpoint/reference/concepts/matching-rules/ Can you tell us which rule do you use for the 'distinguishedName' ? Best regards, [logo] Sébastien Marbrier | Senior IT Consultant smarbrier at positivethinking.tech Tel. +41 21 601 81 00 [Teams chat] Chat with me on Teams [cid:image003.png at 01D8E24D.D8ED5020] [cid:image004.png at 01D8E24D.D8ED5020] [cid:image005.png at 01D8E24D.D8ED5020] [cid:image006.png at 01D8E24D.D8ED5020] Avenue d'Ouchy 4 - CH 1006 Lausanne www.positivethinking.tech From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: lundi, 17 octobre 2022 13:39 To: midPoint General Discussion Cc: Paulo Fernandes de Souza Junior Subject: Re: [midPoint] Error in matchingRule Hi Sébastien, We just upgrade from version 4.4.2. No changes in AD connector version. Regards, Paulo Fernandes de Souza Júnior NQPPPS Senado Federal - PRODASEN Fone: 61 3303.3924 ________________________________ De: midPoint > em nome de Sébastien MARBRIER via midPoint > Enviado: domingo, 16 de outubro de 2022 18:45 Para: midPoint General Discussion > Cc: Sébastien MARBRIER > Assunto: Re: [midPoint] Error in matchingRule Hello Paolo, Can you tell me from which version you moved from and if you changed the version of your AD connector ? Best regards, Sébastien Marbrier -----Original Message----- From: midPoint > On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion > Cc: Paulo Fernandes de Souza Junior > Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 7735 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 686 bytes Desc: image002.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 2337 bytes Desc: image003.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 2756 bytes Desc: image004.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 2358 bytes Desc: image005.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.png Type: image/png Size: 2669 bytes Desc: image006.png URL: From PFSJ at senado.leg.br Mon Oct 17 18:49:47 2022 From: PFSJ at senado.leg.br (Paulo Fernandes de Souza Junior) Date: Mon, 17 Oct 2022 16:49:47 +0000 Subject: [midPoint] Error in matchingRule In-Reply-To: References: Message-ID: Thank you all for the answers. Sébastien, I upgraded from version 4.4.2, not 4.2, same connector version 3.3. Our friend Denis Antrobous showed this is a known bug, fixed in version 4.4.4-snapshot. Paulo Fernandes de Souza Júnior NQPPPS Senado Federal - PRODASEN Fone: 61 3303.3924 ________________________________ De: Sébastien MARBRIER Enviado: segunda-feira, 17 de outubro de 2022 12:28 Para: midPoint General Discussion Cc: Paulo Fernandes de Souza Junior Assunto: RE: Error in matchingRule Você não costuma receber emails de smarbrier at positivethinking.tech. Saiba por que isso é importante Hello Paolo, the LDAP connector version changed from 3.1 to 3.3 between 4.2 to 4.4.3. I am not sure if it may come from here but you should have a try. In the documentation, I found the details about the matching rules here: https://docs.evolveum.com/midpoint/reference/concepts/matching-rules/ Can you tell us which rule do you use for the 'distinguishedName' ? Best regards, [logo] Sébastien Marbrier | Senior IT Consultant smarbrier at positivethinking.tech Tel. +41 21 601 81 00 [Teams chat] Chat with me on Teams [cid:image003.png at 01D8E24D.D8ED5020] [cid:image004.png at 01D8E24D.D8ED5020] [cid:image005.png at 01D8E24D.D8ED5020] [cid:image006.png at 01D8E24D.D8ED5020] Avenue d'Ouchy 4 – CH 1006 Lausanne www.positivethinking.tech From: midPoint On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: lundi, 17 octobre 2022 13:39 To: midPoint General Discussion Cc: Paulo Fernandes de Souza Junior Subject: Re: [midPoint] Error in matchingRule Hi Sébastien, We just upgrade from version 4.4.2. No changes in AD connector version. Regards, Paulo Fernandes de Souza Júnior NQPPPS Senado Federal - PRODASEN Fone: 61 3303.3924 ________________________________ De: midPoint > em nome de Sébastien MARBRIER via midPoint > Enviado: domingo, 16 de outubro de 2022 18:45 Para: midPoint General Discussion > Cc: Sébastien MARBRIER > Assunto: Re: [midPoint] Error in matchingRule Hello Paolo, Can you tell me from which version you moved from and if you changed the version of your AD connector ? Best regards, Sébastien Marbrier -----Original Message----- From: midPoint > On Behalf Of Paulo Fernandes de Souza Junior via midPoint Sent: vendredi, 14 octobre 2022 17:14 To: midPoint General Discussion > Cc: Paulo Fernandes de Souza Junior > Subject: [midPoint] Error in matchingRule After upgrading to version 4.4.3, I am encountering a lot of occurrence of the following error: Unknown matcher 'distinguishedName'. The only supported explicit matcher for string values is 'stringIgnoreCase'. Ignoring for now, but may cause an exception in future midPoint versions. In the documentation matchinRule distinguishedName is still valid for DN string attribute definitions in LDAP. We are using AD. Any changes in this version? Paulo Fernandes de Souza Júnior Senado Federal - PRODASEN Fone: 61 3303.3924 _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint ________________________________ Positive Thinking Company puts security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Positive Thinking Company does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 7735 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 686 bytes Desc: image002.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 2337 bytes Desc: image003.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 2756 bytes Desc: image004.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 2358 bytes Desc: image005.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image006.png Type: image/png Size: 2669 bytes Desc: image006.png URL: From yrevyakin at gmail.com Mon Oct 17 19:18:29 2022 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Mon, 17 Oct 2022 20:18:29 +0300 Subject: [midPoint] Discovery, Object Already Exists Message-ID: Hi all, I'm playing with connector-gooogleapps. I assign the resource to a user via a role assigned to an org with order=2 UserType inducement. If I use Admin UI and enable reconcile option after clicking Save I can see, in the audit log report, that right after successful creation of a new Google account Midpoint starts Sync Discovery. During this stage Midpoint tries to create the account again and this stage goes down because of exception ObjectAlreadyExists. After that successfully created projection gets Dead status. But, If I run reconciliation of a trusted CVS source, creation of an account is successful and there is no any Discovery after creation. Could you advise how to manage this case and have alive accounts instead of dead using UI? Tnx, J -------------- next part -------------- An HTML attachment was scrubbed... URL: From K.J.Collins at hw.ac.uk Mon Oct 17 20:10:08 2022 From: K.J.Collins at hw.ac.uk (Collins, Kevin) Date: Mon, 17 Oct 2022 18:10:08 +0000 Subject: [midPoint] Filtering inbound data from Postgres table Message-ID: Hi everyone, I’ve been working through the MidPoint book and the samples in midPoint 4.4.3 to try answer a couple of problems I’m having putting together a PoC midPoint demo: * How do I filter inbound data from a (Postgres) db table so that it doesn’t try to import stale data? Simplified use case is that an HR system writes data about staff to a Postgres db table. That data is more or less authoritative for staff. The db table contains details about every member of staff who is current but also contains details of every staff person it has ever known about. This sounds like an ideal job for a scripted-sql connector but I can’t get that to work at all in midPoint. So I’m looking at filtering on the inbound data. Unless, of course, anyone has good worked example of a scripted-sql resource that they’d be willing to share… * * How do I prevent the Idm from deleting the entire record from the Postgres db table when I delete it in the IDM ? The HR people “own” the data in the table except for the username, emailAddress and initial password, which are generated by the Idm and passed back to the table. Thanks in advance. -Kev_C -- Kevin Collins, Senior Specialist, Information Services Heriot-Watt University, EDINBURGH, EH14 4AS, Scotland, UK For IT support queries or requests, please navigate to https://hwu.topdesk.net/, email ishelp at hw.ac.uk or phone ext 4045, with full details of your query or request and your contact details. http://www.hw.ac.uk/is ________________________________ Founded in 1821, Heriot-Watt is a leader in ideas and solutions. With campuses and students across the entire globe we span the world, delivering innovation and educational excellence in business, engineering, design and the physical, social and life sciences. This email is generated from the Heriot-Watt University Group, which includes: 1. Heriot-Watt University, a Scottish charity registered under number SC000278 2. Heriot- Watt Services Limited (Oriam), Scotland's national performance centre for sport. Heriot-Watt Services Limited is a private limited company registered is Scotland with registered number SC271030 and registered office at Research & Enterprise Services Heriot-Watt University, Riccarton, Edinburgh, EH14 4AS. The contents (including any attachments) are confidential. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of its contents is strictly prohibited, and you should please notify the sender immediately and then delete it (including any attachments) from your system. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gustav.palos at gmail.com Tue Oct 18 03:40:36 2022 From: gustav.palos at gmail.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=) Date: Tue, 18 Oct 2022 03:40:36 +0200 Subject: [midPoint] Filtering inbound data from Postgres table In-Reply-To: References: Message-ID: Hi Kevin, scripted-sql sample is here: https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql but if you have only one table with data from HR is easier to use build in database table connector: https://docs.evolveum.com/connectors/resources/databasetable Filtering out old data can you do in at least 2 ways: 1) creating a DB view with where condition to filter out all old data what you never need in midPoint 2) just using resource synchronization/objectSynchronization/condition something like this: about setting up read only resource you need to set existence to true in schemaHandling/objectType HR don't support shadow delete, so never try to delete... weak true and also setting up configured capabilities: false false false + also use DB user with read only permission only to required tables for security reasons at all. If you need more help with PoC don't hesitate to contact us... Best regards, Gustav po 17. 10. 2022 o 20:10 Collins, Kevin via midPoint < midpoint at lists.evolveum.com> napísal(a): > Hi everyone, > > > I’ve been working through the MidPoint book and the samples in midPoint > 4.4.3 to try answer a couple of problems I’m having putting together a PoC > midPoint demo: > > > - How do I filter inbound data from a (Postgres) db table so that it > doesn’t try to import stale data? Simplified use case is that an HR system > writes data about staff to a Postgres db table. That data is more or less > authoritative for staff. The db table contains details about every member > of staff who is current but also contains details of every staff person it > has ever known about. This sounds like an ideal job for a scripted-sql > connector but I can’t get that to work at all in midPoint. So I’m looking > at filtering on the inbound data. Unless, of course, anyone has good worked > example of a scripted-sql resource that they’d be willing to share… > - > - How do I prevent the Idm from deleting the entire record from the > Postgres db table when I delete it in the IDM ? > > > The HR people “own” the data in the table except for the username, > emailAddress and initial password, which are generated by the Idm and > passed back to the table. > > Thanks in advance. > > > -Kev_C > > > -- > Kevin Collins, > Senior Specialist, > Information Services > Heriot-Watt University, > EDINBURGH, EH14 4AS, > Scotland, UK > > For IT support queries or requests, please navigate to > https://hwu.topdesk.net/, email ishelp at hw.ac.uk or > phone ext 4045, with full details of your query or request and your contact > details. > > http://www.hw.ac.uk/is > > > > ------------------------------ > > Founded in 1821, Heriot-Watt is a leader in ideas and solutions. With > campuses and students across the entire globe we span the world, delivering > innovation and educational excellence in business, engineering, design and > the physical, social and life sciences. This email is generated from the > Heriot-Watt University Group, which includes: > > 1. Heriot-Watt University, a Scottish charity registered under number > SC000278 > 2. Heriot- Watt Services Limited (Oriam), Scotland's national > performance centre for sport. Heriot-Watt Services Limited is a private > limited company registered is Scotland with registered number SC271030 and > registered office at Research & Enterprise Services Heriot-Watt University, > Riccarton, Edinburgh, EH14 4AS. > > The contents (including any attachments) are confidential. If you are not > the intended recipient of this e-mail, any disclosure, copying, > distribution or use of its contents is strictly prohibited, and you should > please notify the sender immediately and then delete it (including any > attachments) from your system. > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -- s pozdravom Gustáv Pálos -------------- next part -------------- An HTML attachment was scrubbed... URL: From K.J.Collins at hw.ac.uk Tue Oct 18 09:31:09 2022 From: K.J.Collins at hw.ac.uk (Collins, Kevin) Date: Tue, 18 Oct 2022 07:31:09 +0000 Subject: [midPoint] Filtering inbound data from Postgres table In-Reply-To: References: Message-ID: Gustav, Thanks for that. I’ll have a go at doing that later on today. -Kev_C On 18 Oct 2022, at 02:40, Pálos Gustáv via midPoint > wrote: **************************************************************** Caution: This email originated from a sender outside Heriot-Watt University. Do not follow links or open attachments if you doubt the authenticity of the sender or the content. **************************************************************** Hi Kevin, scripted-sql sample is here: https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql but if you have only one table with data from HR is easier to use build in database table connector: https://docs.evolveum.com/connectors/resources/databasetable Filtering out old data can you do in at least 2 ways: 1) creating a DB view with where condition to filter out all old data what you never need in midPoint 2) just using resource synchronization/objectSynchronization/condition something like this: about setting up read only resource you need to set existence to true in schemaHandling/objectType HR don't support shadow delete, so never try to delete... weak true and also setting up configured capabilities: false false false + also use DB user with read only permission only to required tables for security reasons at all. If you need more help with PoC don't hesitate to contact us... Best regards, Gustav po 17. 10. 2022 o 20:10 Collins, Kevin via midPoint > napísal(a): Hi everyone, I’ve been working through the MidPoint book and the samples in midPoint 4.4.3 to try answer a couple of problems I’m having putting together a PoC midPoint demo: * How do I filter inbound data from a (Postgres) db table so that it doesn’t try to import stale data? Simplified use case is that an HR system writes data about staff to a Postgres db table. That data is more or less authoritative for staff. The db table contains details about every member of staff who is current but also contains details of every staff person it has ever known about. This sounds like an ideal job for a scripted-sql connector but I can’t get that to work at all in midPoint. So I’m looking at filtering on the inbound data. Unless, of course, anyone has good worked example of a scripted-sql resource that they’d be willing to share… * * How do I prevent the Idm from deleting the entire record from the Postgres db table when I delete it in the IDM ? The HR people “own” the data in the table except for the username, emailAddress and initial password, which are generated by the Idm and passed back to the table. Thanks in advance. -Kev_C -- Kevin Collins, Senior Specialist, Information Services Heriot-Watt University, EDINBURGH, EH14 4AS, Scotland, UK For IT support queries or requests, please navigate to https://hwu.topdesk.net/, email ishelp at hw.ac.uk or phone ext 4045, with full details of your query or request and your contact details. http://www.hw.ac.uk/is ________________________________ Founded in 1821, Heriot-Watt is a leader in ideas and solutions. With campuses and students across the entire globe we span the world, delivering innovation and educational excellence in business, engineering, design and the physical, social and life sciences. This email is generated from the Heriot-Watt University Group, which includes: 1. Heriot-Watt University, a Scottish charity registered under number SC000278 2. Heriot- Watt Services Limited (Oriam), Scotland's national performance centre for sport. Heriot-Watt Services Limited is a private limited company registered is Scotland with registered number SC271030 and registered office at Research & Enterprise Services Heriot-Watt University, Riccarton, Edinburgh, EH14 4AS. The contents (including any attachments) are confidential. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of its contents is strictly prohibited, and you should please notify the sender immediately and then delete it (including any attachments) from your system. _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -- s pozdravom Gustáv Pálos _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -- Kevin Collins, Senior Specialist, Information Services Heriot-Watt University, EDINBURGH, EH14 4AS, Scotland, UK For IT support queries or requests, please navigate to https://hwu.topdesk.net/, email ishelp at hw.ac.uk or phone ext 4045, with full details of your query or request and your contact details. http://www.hw.ac.uk/is -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrik.sidler at itconcepts.ch Thu Oct 20 09:19:10 2022 From: patrik.sidler at itconcepts.ch (Patrik Sidler) Date: Thu, 20 Oct 2022 07:19:10 +0000 Subject: [midPoint] REST Operation without Reconcile Message-ID: Dear All We are updating the password of a midpoint user over REST API. The user has several projections that are updated manually when needed. Now we have the problem, that a password change over REST executes a Reconcile when it is finished and because of this reconcile and all the projections other attributes are also changed. We only would like to change the password, nothing else and this is only possible when we are able to disable the reconcile after the REST password change. We execute the following POST Operation to change the password: URL : {{ midpointurl }}/users/08296d97-8ccb-4906-9d3e-1b3a1316b8fe?reconcile=false Body : replace credentials/password/value Soleil12hg3336544* But at the end, the Reconcile gets executed, this means ?reconcile=false in the POST Action does not work. How can we change the password over REST without executing a Reconcile at the end. Thank you all in advance for your help. Regards Patrik Sidler -------------- next part -------------- An HTML attachment was scrubbed... URL: From barvepratik7721 at gmail.com Thu Oct 20 13:35:28 2022 From: barvepratik7721 at gmail.com (Pratik Barve) Date: Thu, 20 Oct 2022 17:05:28 +0530 Subject: [midPoint] Regarding Gitlab Connector Message-ID: Hi all, I am working with Gitlab connector. I can get accounts from the *uncategorized* section to the *Accounts* section in Resource after configuring schema handling. How can I achieve the same with *GroupObjectClass* I want to get GroupObjectClass into Generic. Please let me know if I misunderstood anything Regards Pratik -------------- next part -------------- An HTML attachment was scrubbed... URL: From mederly at evolveum.com Thu Oct 20 17:36:47 2022 From: mederly at evolveum.com (Pavol Mederly) Date: Thu, 20 Oct 2022 17:36:47 +0200 Subject: [midPoint] Recompute Task Performance In-Reply-To: <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> Message-ID: Dmitriy, unfortunately, the definite and general answer does not exist. As far as profiling is concerned, midPoint has some application-level profiling features that you can use. Some of us (me included) devoted a lot of effort into this area. However, the current state is under-documented, experimental, and requires a lot of insight into the internal workings of midPoint. By far the easiest and most reliable way is to use our professional services. Best regards, -- Pavol Mederly Software developer evolveum.com On 13/10/2022 07:54, Dmitriy Berezkin via midPoint wrote: > Hi! > > Could you tell me with parameter has the greatest impact on recompute > task performance? Is it CPU or RAM or DB performance or anything else? > I want to know how we can reduce task processing time. Is there any > knowledge about it besides profiling? > > ––– > Dmitry Berezkin > > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From berezkin.dmitriy at gmail.com Thu Oct 20 18:37:12 2022 From: berezkin.dmitriy at gmail.com (Dmitriy Berezkin) Date: Thu, 20 Oct 2022 20:37:12 +0400 Subject: [midPoint] Recompute Task Performance In-Reply-To: References: <80c1701d-683a-4aa1-a9dc-6191c01e66d3@Spark> <60469662-3da9-4819-bd63-ab01fabf0e9d@Spark> Message-ID: <5919894f-20c4-4ecd-8555-08792a806ad1@Spark> Thank you, Pavol! ––– Dmitry Berezkin 20 окт. 2022 г., 19:36 +0400, Pavol Mederly via midPoint , писал: > Dmitriy, > unfortunately, the definite and general answer does not exist. > As far as profiling is concerned, midPoint has some application-level profiling features that you can use. Some of us (me included) devoted a lot of effort into this area. However, the current state is under-documented, experimental, and requires a lot of insight into the internal workings of midPoint. > By far the easiest and most reliable way is to use our professional services. > Best regards, > -- > Pavol Mederly > Software developer > evolveum.com > On 13/10/2022 07:54, Dmitriy Berezkin via midPoint wrote: > > Hi! > > > > Could you tell me with parameter has the greatest impact on recompute task performance? Is it CPU or RAM or DB performance or anything else? > > I want to know how we can reduce task processing time. Is there any knowledge about it besides profiling? > > > > ––– > > Dmitry Berezkin > > > > _______________________________________________ > > midPoint mailing list > > midPoint at lists.evolveum.com > > https://lists.evolveum.com/mailman/listinfo/midpoint > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From yrevyakin at gmail.com Fri Oct 21 19:23:14 2022 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Fri, 21 Oct 2022 20:23:14 +0300 Subject: [midPoint] Discovery, Object Already Exists In-Reply-To: References: Message-ID: Any suggestions? On Mon, 17 Oct 2022 at 20:18, Yakov Revyakin wrote: > Hi all, > I'm playing with connector-gooogleapps. > I assign the resource to a user via a role assigned to an org with order=2 > UserType inducement. > If I use Admin UI and enable reconcile option after clicking Save I can > see, in the audit log report, that right after successful creation of a new > Google account Midpoint starts Sync Discovery. During this stage Midpoint > tries to create the account again and this stage goes down because of > exception ObjectAlreadyExists. After that successfully created projection > gets Dead status. > But, If I run reconciliation of a trusted CVS source, creation of an > account is successful and there is no any Discovery after creation. > Could you advise how to manage this case and have alive accounts instead > of dead using UI? > > Tnx, > J > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitor.alves at gerencianet.com.br Sat Oct 22 00:36:53 2022 From: vitor.alves at gerencianet.com.br (Vitor Alves | Gerencianet) Date: Fri, 21 Oct 2022 22:36:53 +0000 Subject: [midPoint] RES: Regarding Gitlab Connector In-Reply-To: References: Message-ID: Hi, Pratik The Gitlab connector is a bit confusing with its configuration and available examples. Fortunately, I had the opportunity to work on it due to our environment containing several Gitlab servers. Below is the XML of my resource, if necessary I can also send the XML example of a role and how I configured it to work. The connector had some performance issues and they were fixed, but I haven't launched the merge request yet, I'll do that on Monday. Regards, ----- Vitor Alves -------------- next part -------------- A non-text attachment was scrubbed... Name: gitlab_resource.xml Type: application/xml Size: 99836 bytes Desc: gitlab_resource.xml URL: From yrevyakin at gmail.com Sat Oct 22 21:21:30 2022 From: yrevyakin at gmail.com (Yakov Revyakin) Date: Sat, 22 Oct 2022 22:21:30 +0300 Subject: [midPoint] Replace Manager from OrgUnit In-Reply-To: References: Message-ID: Your code looks like a mix of two things you need to implement separately. 1) Schema handling must be responsible for update of an Org 2) User objectTemplate must be responsible for manager assignment/revocation On Fri, 14 Oct 2022 at 20:02, Ruy Minoru Ito Takata via midPoint < midpoint at lists.evolveum.com> wrote: > > Hi, > I'm using CSV file to create a org tree and assign a manager to each one. > But when there are a change in manager, the new manager is added and the > old manager is not removed. > > Like in the book, the org CSV has orgnum, orgname, and manager identifier. > I made two resources, one to build the org tree, and another to assign > manager to the orgs. > > The resource that assigns manager to the orgs has a assignmentTargetSearch > to find the org and change the assignment attribute of the user. So, when a > user is no more manager of an org, his identifier disappear from the CSV > file. > > What is the correct way to do this? > > My CSV org file is like: > orgnum,orgname,orgmanager > > My schemahandling: > > > Organizational Unit Manager > ri:AccountObjectClass > account > true > > ri:orgmanager > > > $focus/employeeNumber > > > > > ri:orgnum > > > > c:OrgType > > org:manager > csvorgmanager > > > > identifier > > $input > > > > > > > $focus/assignment > > > > > > > > > > > > Thanks > [image: Serpro] > *Ruy Minoru Ito Takata* > Analista > Superintendência de Segurança da Informação > Diretoria de Operações > +55 (11) 2173-1799 > > > > “Essa mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), > empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é > enviada exclusivamente ao destinatário informado e pode conter dados > pessoais, protegidos pela Lei Geral de Proteção de Dados (Lei 13.709/2018), > assim como informações confidenciais, protegidas por sigilo profissional. O > SERPRO ressalta seu comprometimento em assegurar a segurança e a proteção > das informações contidas neste e-mail e informa que a sua utilização > desautorizada é ilegal e sujeita o infrator às penas da lei. Se você o > recebeu indevidamente, queira, por gentileza, reenviá-lo ao emitente, > esclarecendo o equívoco.” “This message from SERVIÇO FEDERAL DE > PROCESSAMENTO DE DADOS (SERPRO) - a government company established under > Brazilian law (5.615/70) - is directed exclusively to its addressee and may > contain personal data protected by the General Data Protection Law > (13.709/2018) as well as confidencial data, protected under professional > secrecy rules. SERPRO highlights its commitment to ensuring the security > and protection of the information contained in this email and its > unauthorized use is illegal and may subject the transgressor to the law´s > penalties. If you´re not the addressee, please send it back, elucidating > the failure.” > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ruy.takata at serpro.gov.br Mon Oct 24 14:36:16 2022 From: ruy.takata at serpro.gov.br (Ruy Minoru Ito Takata) Date: Mon, 24 Oct 2022 12:36:16 +0000 Subject: [midPoint] Replace Manager from OrgUnit In-Reply-To: References: Message-ID: I will try suing objectTemplate. Thanks. [Serpro] Ruy Minoru Ito Takata Analista Superintendência de Segurança da Informação Diretoria de Operações +55 (11) 2173-1799 ________________________________ De: Yakov Revyakin Enviado: sábado, 22 de outubro de 2022 16:21 Para: midPoint General Discussion Cc: Ruy Minoru Ito Takata Assunto: Re: [midPoint] Replace Manager from OrgUnit Your code looks like a mix of two things you need to implement separately. 1) Schema handling must be responsible for update of an Org 2) User objectTemplate must be responsible for manager assignment/revocation On Fri, 14 Oct 2022 at 20:02, Ruy Minoru Ito Takata via midPoint > wrote: Hi, I'm using CSV file to create a org tree and assign a manager to each one. But when there are a change in manager, the new manager is added and the old manager is not removed. Like in the book, the org CSV has orgnum, orgname, and manager identifier. I made two resources, one to build the org tree, and another to assign manager to the orgs. The resource that assigns manager to the orgs has a assignmentTargetSearch to find the org and change the assignment attribute of the user. So, when a user is no more manager of an org, his identifier disappear from the CSV file. What is the correct way to do this? My CSV org file is like: orgnum,orgname,orgmanager My schemahandling: Organizational Unit Manager ri:AccountObjectClass account true ri:orgmanager $focus/employeeNumber ri:orgnum c:OrgType org:manager csvorgmanager identifier $input $focus/assignment Thanks [Serpro] Ruy Minoru Ito Takata Analista Superintendência de Segurança da Informação Diretoria de Operações +55 (11) 2173-1799 “Essa mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente ao destinatário informado e pode conter dados pessoais, protegidos pela Lei Geral de Proteção de Dados (Lei 13.709/2018), assim como informações confidenciais, protegidas por sigilo profissional. O SERPRO ressalta seu comprometimento em assegurar a segurança e a proteção das informações contidas neste e-mail e informa que a sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você o recebeu indevidamente, queira, por gentileza, reenviá-lo ao emitente, esclarecendo o equívoco.” “This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) - a government company established under Brazilian law (5.615/70) - is directed exclusively to its addressee and may contain personal data protected by the General Data Protection Law (13.709/2018) as well as confidencial data, protected under professional secrecy rules. SERPRO highlights its commitment to ensuring the security and protection of the information contained in this email and its unauthorized use is illegal and may subject the transgressor to the law´s penalties. If you´re not the addressee, please send it back, elucidating the failure.” _______________________________________________ midPoint mailing list midPoint at lists.evolveum.com https://lists.evolveum.com/mailman/listinfo/midpoint -------------- next part -------------- An HTML attachment was scrubbed... URL: From katkav at evolveum.com Mon Oct 24 16:57:34 2022 From: katkav at evolveum.com (Katka Bolemant) Date: Mon, 24 Oct 2022 16:57:34 +0200 (CEST) Subject: [midPoint] MidPoint 4.6 "Baumgarten" released Message-ID: <166193000.14150.1666623454171.JavaMail.zimbra@evolveum.com> Dear community, Evolveum team is proud to announce forty-third midPoint release 4.6, code-named "Baumgarten". MidPoint 4.6 brings substantial GUI improvements, smart correlation, resource inheritance, and many smaller enhancements. For more information, please, see the full release notes at [ https://docs.evolveum.com/midpoint/release/4.6/ | https://docs.evolveum.com/midpoint/release/4.6/ ] We would like to express a special thanks for all midPoint subscribers, partners, supporters and especially contributors. -- Katarina Bolemant Development Team Leader evolveum.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jfellmann at gmail.com Wed Oct 26 09:57:42 2022 From: jfellmann at gmail.com (Joaquim Fellmann) Date: Wed, 26 Oct 2022 09:57:42 +0200 Subject: [midPoint] PR for midpoint book In-Reply-To: References: <2075b42e-6258-4b71-aa6b-8e543f2d1d3d@evolveum.com> Message-ID: Hi Radovan, Any update on the topic of updating Midpoint Book sources ? I sent you a diff for the HTML version of the book but it's definitely not a sustainable way of managing updates (these updates will probably have to be manually applied to the .adoc files at some point). Regards -- Joaquim On Mon, 10 Oct 2022 at 14:13, Joaquim Fellmann wrote: > Hi Radovan, > > I found quite a lot (and will probably find more as I dig into it). I'll > send you a diff against the latest master since the sources are not > available yet. > > Regards > > -- > Joaquim > > > On Mon, 10 Oct 2022 at 13:38, Radovan Semancik via midPoint < > midpoint at lists.evolveum.com> wrote: > >> Hello, >> >> Book sources are not (yet) on github. Book is using a "non-commercial" >> Creative Commons license, which is somehow different that open source >> licenses for source code. We are not yet sure about all the differences and >> legal implications, we are still considering whether it is OK for us to >> publish book source code as well. >> >> How much typos have you found? If it is just a few, please send any kind >> of description of the typos directly to me, and I will fix the book >> manually. If there are a lot of typos ... then it would be best to make the >> book source code available ... and perhaps this could speed up our decision. >> >> -- >> Radovan Semancik >> Software Architectevolveum.com >> >> >> >> On 10/7/22 16:38, Joaquim Fellmann via midPoint wrote: >> >> Hello, >> >> I'd like to submit a PR that fixes some typos in midpoint >> book >> but cannot find the adoc sources in the midpoint/docs github repository >> (only the html/epub/pdf files are available). Could someone point me to the >> right direction ? >> >> Thanks >> >> -- >> Joaquim >> >> _______________________________________________ >> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint >> >> >> >> _______________________________________________ >> midPoint mailing list >> midPoint at lists.evolveum.com >> https://lists.evolveum.com/mailman/listinfo/midpoint >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sebastian.Dornieden at comramo.de Wed Oct 26 14:44:05 2022 From: Sebastian.Dornieden at comramo.de (Dornieden, Sebastian) Date: Wed, 26 Oct 2022 12:44:05 +0000 Subject: [midPoint] Show origin of indirect assignment Message-ID: Hi all, i'm trying to find a way to show the origin of an indirect assignment in indirectAssignments panel? Can you give me a hint how to achieve this? Thanks, Sebastian Sebastian Dornieden Data Center Services Informationstechnologie COMRAMO AG Bischofsholer Damm 89 30173 Hannover Handelsregister: Hannover HRB 202670 Vorstand: Herr Peter Nohr Aufsichtsratsvorsitzender: Herr Adalbert Schmidt Mail: Sebastian.Dornieden at comramo.de Web: www.comramo.de Hotline der Informationstechnologie: +49 511 12401-767 [cid:SocialLink_Xing_32x32_4f00de66-fcf4-476a-a7ee-188148f1e811.png] [cid:kununu_cf05cfcf-5263-4b81-8013-1060f1117763.png] [cid:SocialLink_Linkedin_32x32_6bcc8929-ec52-49ac-b958-ce8e8349d04f.png] Diese Information ist ausschlie?lich f?r den Adressaten bestimmt und kann vertraulich oder gesetzlich gesch?tzte Informationen enthalten. Wenn Sie nicht der bestimmungsgem??e Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgem??en Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. Diese E-Mail enth?lt kein Anerkenntnis, dass es sich beim Inhalt dieser E-Mail um eine rechtsverbindliche Erkl?rung der COMRAMO AG handelt. Erkl?rungen, welche die COMRAMO AG verpflichten, bed?rfen jeweils der Unterschrift der zeichnungsberechtigten Person der COMRAMO AG. Die Allgemeinen Gesch?ftsbedingungen der COMRAMO AG finden Sie auf www.comramo.de und k?nnen sie dort als PDF-Datei herunterladen. Bitte beachten Sie unsere Datenschutzhinweise: https://www.comramo.de/datenschutz/ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Xing_32x32_4f00de66-fcf4-476a-a7ee-188148f1e811.png Type: image/png Size: 725 bytes Desc: SocialLink_Xing_32x32_4f00de66-fcf4-476a-a7ee-188148f1e811.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: kununu_cf05cfcf-5263-4b81-8013-1060f1117763.png Type: image/png Size: 1359 bytes Desc: kununu_cf05cfcf-5263-4b81-8013-1060f1117763.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Linkedin_32x32_6bcc8929-ec52-49ac-b958-ce8e8349d04f.png Type: image/png Size: 468 bytes Desc: SocialLink_Linkedin_32x32_6bcc8929-ec52-49ac-b958-ce8e8349d04f.png URL: From jfellmann at gmail.com Wed Oct 26 18:52:25 2022 From: jfellmann at gmail.com (Joaquim Fellmann) Date: Wed, 26 Oct 2022 18:52:25 +0200 Subject: [midPoint] Show origin of indirect assignment In-Reply-To: References: Message-ID: It would also help to have this information for direct assignment (assignments to roles with autoassign feature enabled show up as direct) So far my best shot has been adding explanations in the role description (shown in the indirectAssignment panel). -- Joaquim On Wed, 26 Oct 2022 at 14:44, Dornieden, Sebastian via midPoint < midpoint at lists.evolveum.com> wrote: > Hi all, > > > > i’m trying to find a way to show the origin of an indirect assignment in > indirectAssignments panel? Can you give me a hint how to achieve this? > > > > Thanks, > > > > Sebastian > > Sebastian Dornieden > Data Center Services > Informationstechnologie > > COMRAMO AG > Bischofsholer Damm 89 > 30173 Hannover > > Handelsregister: Hannover HRB 202670 > Vorstand: Herr Peter Nohr > Aufsichtsratsvorsitzender: Herr Adalbert Schmidt > > Mail: Sebastian.Dornieden at comramo.de > Web: www.comramo.de > > Hotline der Informationstechnologie: > +49 511 12401-767 > > > > > > Diese Information ist ausschließlich für den Adressaten bestimmt und kann > vertraulich oder gesetzlich geschützte Informationen enthalten. Wenn Sie > nicht der bestimmungsgemäße Adressat sind, unterrichten Sie bitte den > Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemäßen > Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, > weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. > > Diese E-Mail enthält kein Anerkenntnis, dass es sich beim Inhalt dieser > E-Mail um eine rechtsverbindliche Erklärung der COMRAMO AG handelt. > Erklärungen, welche die COMRAMO AG verpflichten, bedürfen jeweils der > Unterschrift der zeichnungsberechtigten Person der COMRAMO AG. Die > Allgemeinen Geschäftsbedingungen der COMRAMO AG finden Sie auf > www.comramo.de und können sie dort als PDF-Datei herunterladen. Bitte > beachten Sie unsere Datenschutzhinweise: > https://www.comramo.de/datenschutz/ > _______________________________________________ > midPoint mailing list > midPoint at lists.evolveum.com > https://lists.evolveum.com/mailman/listinfo/midpoint > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Xing_32x32_4f00de66-fcf4-476a-a7ee-188148f1e811.png Type: image/png Size: 725 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: kununu_cf05cfcf-5263-4b81-8013-1060f1117763.png Type: image/png Size: 1359 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: SocialLink_Linkedin_32x32_6bcc8929-ec52-49ac-b958-ce8e8349d04f.png Type: image/png Size: 468 bytes Desc: not available URL: