[midPoint] change ArcheType on import/livesynch

Markus Calmius markus.calmius at proton.ch
Tue Oct 17 10:10:15 CEST 2023 

Hi,

OK, so reading some more information I saw this:
https://docs.evolveum.com/midpoint/reference/schema/archetypes/configuration/#limitations
"Archetype assignments are not supposed to change during the lifetime of an object."
Which is what I'd like to do.

To be fair, what I am actually after is to have the three different User-views/filters and different colored icons.

Assigning a role that induces an archetype does not seem to work, which is why I wanted three different archetype depending on where in the life-cycle the user is.

Is there another way to do this?

oh, and it should have said:
"the complexity and power of this product is sometimes mind-boggling"

TiA
Markus 

------- Original Message -------
On Tuesday, October 17th, 2023 at 02:03, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:


> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
> 
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
> 
> 
> Today's Topics:
> 
> 1. Ninja on Windows-Server (Florian Dürr)
> 2. change ArcheType on import/livesynch (Markus Calmius)
> 3. Update from 4.4.3 to 4.4.6 breaking LDAP authentication
> (Alcides Moraes)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 16 Oct 2023 14:36:10 +0000
> From: Florian Dürr florian.duerr at itconcepts.ch
> 
> To: sb45 via midPoint midpoint at lists.evolveum.com
> 
> Subject: [midPoint] Ninja on Windows-Server
> Message-ID:
> GV0P278MB0671E0E66DFE2C61731FD18EFAD7A at GV0P278MB0671.CHEP278.PROD.OUTLOOK.COM
> 
> 
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi all
> 
> Summary:
> I am trying to export midPoint-configuration on a Windows-Installation (to migrate to a more recent LTS-Linux-Installation!).
> OS: Windows Server 2016
> Java: 17.0.2
> Database: some MS-SQL-Server (version unknown)
> midPoint: 4.4.3 (working fine, so the database-connection is probably not the issue)
> 
> Symptom:
> Whatever I try to due with ninja, I get one of the following errors:
> 
> Example 1:
> c:\Program Files\midpoint-4.4.3\lib>java -jar ninja.jar -m "c:\Program Files\midpoint-4.4.3" verify
> 
> Initializing using midpoint home; with repository connection
> Unexpected exception occurred (class org.springframework.beans.factory.BeanDefinitionStoreException), reason: Failed to parse configuration class [com.evolveum.midpoint.repo.sql.SqlRepositoryBeanConfig]; nested exception is java.lang.IllegalStateException: Error processing condition on com.evolveum.midpoint.repo.sql.SqlRepositoryBeanConfig
> 
> (Note: I've tried variations for the midPoint-Homefolder-Parameter - none work)
> 
> Example 2:
> c:\Program Files\midpoint-4.4.3\bin>ninja export -O "c:\temp\test.xml"
> 
> Using MIDPOINT_HOME: "c:\Program Files\midpoint-4.4.3\bin\..\var"
> Using LOADER_PATH:
> Using RUN_JAVA: "C:\Program Files\Java\jdk-17.0.2\bin\java"
> Initializing using midpoint home; with repository connection
> Unexpected exception occurred (class org.springframework.beans.factory.UnsatisfiedDependencyException), reason: Error creating bean with name 'auditFactory': Unsatisfied dependency expressed through field 'availableServiceFactories'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'sqlAuditServiceFactory' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Unsatisfied dependency expressed through method 'sqlAuditServiceFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'baseHelper' defined in URL [jar:file:/C:/Program%20Files/midpoint-4.4.3/lib/ninja.jar!/BOOT-INF/lib/repo-sql-impl-4.4.3.jar!/com/evolveum/midpoint/repo/sql/helpers/BaseHelper.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'sessionFactory' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Unsatisfied dependency expressed through method 'sessionFactory' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method 'dataSource' threw exception; nested exception is com.evolveum.midpoint.repo.api.RepositoryServiceFactoryException: Couldn't initialize datasource, reason: Failed to load driver class com.microsoft.sqlserver.jdbc.SQLServerDriver in either of HikariConfig class loader or Thread context classloader
> 
> To me it looks like some issue with connectivity to the SQL-Server, but since midPoint is working fine and ninja is using connectivity-information from config.xml, this should not be the case...
> 
> Any Ideas?
> 
> Thanks and best,
> Florian
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 16 Oct 2023 14:58:55 +0000
> From: Markus Calmius markus.calmius at proton.ch
> 
> To: midPoint General Discussion midpoint at lists.evolveum.com
> 
> Subject: [midPoint] change ArcheType on import/livesynch
> Message-ID:
> EBSd1bjN6obYY-XBLiRziPYde3XCKo494onuJRJyXK5pTziP9SAloetJx75xktiaFNuebGzld8rnH6nKyHVMHJg4qPkwVk0JUv0xBEgWw1M=@proton.ch
> 
> 
> Content-Type: text/plain; charset="utf-8"
> 
> Hi,
> 
> the complexity of this product is sometimes mind-boggling. You think you understand something, and then: stacktrace ;)
> 
> So, I read this "In this demo, we use archetypes Full time employee, Part time employee, Contractor, and Retired. Archetype is assigned to a user during import from resource based on his employment type"
> from: https://docs.evolveum.com/midpoint/demo/
> 
> and I'm doing something similar. Basically we have a column in the csv file that has one of three values:
> pre-employee
> current-employee
> post-employee
> 
> I created ArcheTypes for these different kind of users, then automatically assigned them on import. All good.
> However, if I change the value and re-import (or use live synch) I get:
> "ERROR (com.evolveum.midpoint.model.impl.sync.reactions.SynchronizationActionExecutor): SYNCHRONIZATION: Error in synchronization on resource:<redacted_resource> for situation LINKED: SchemaException: Found [archetype:<oid>(pre_employee), archetype:<oid>(current_employee)] structural archetypes; only a single one is supported"
> 
> 
> I removed oids to make it easier to read.
> Do I need to check (another hook?) if a user changes archetype and remove the previous one first? It seems a bit...well unnecessary. If the attribute input is set to strong it should be replaced, right?
> 
> Markus
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20231016/7923983a/attachment-0001.htm
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 16 Oct 2023 21:03:34 -0300
> From: Alcides Moraes alcides.neto at gmail.com
> 
> To: midPoint General Discussion midpoint at lists.evolveum.com
> 
> Subject: [midPoint] Update from 4.4.3 to 4.4.6 breaking LDAP
> authentication
> Message-ID: 22561763-4DCF-4B19-B7D8-8E23798F2E0D at gmail.com
> 
> Content-Type: text/plain; charset="utf-8"
> 
> Hello list,
> 
> I’m having some issues with ldap authentication, hope someone can shed some light
> 
> After updating from 4.4.3 to 4.4.6, I could not login to our test midpoint anymore using our LDAP server.
> I had to use the /auth/emergency to log in using local administrator.
> 
> This is the log I was getting:
> 2023-10-16T17:50:50.669 ERROR [com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider] (http-nio-8080-exec-10) Authentication (runtime) error: web.security.provider.invalid
> org.springframework.security.authentication.AuthenticationServiceException: web.security.provider.invalid
> 
> We haven’t configured authentication using security policy yet, we were using the old spring security ldap configuration.
> 
> So I tried configuring our ldap using security policy, since the spring security configuration is not supported anymore.
> It didn’t work either, here’s the log
> 2023-10-16T20:41:38.107 ERROR [com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider] (http-nio-8080-exec-2) Authentication (runtime) error: Invalid username and/or password.
> org.springframework.security.authentication.BadCredentialsException: Invalid username and/or password.
>> Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]
> 
> I’m very sure the users and passwords for both bind user and the login form are correct. If I rollback everything it works again.
> Emergency login using internal database still works.
> Below is my authentication configuration, pretty simple.
> 
> Thanks in advance for any help on this.
> <authentication>
> 
> <modules>
> 
> <loginForm>
> 
> <name>internalLoginForm</name>
> 
> <description>Internal username/password authentication, default user password, login form</description>
> 
> </loginForm>
> 
> <httpBasic>
> 
> <name>internalHttpBasic</name>
> 
> <description>Http basic username/password authentication, default user password</description>
> 
> </httpBasic>
> 
> <ldap>
> 
> <name>ldapAuth</name>
> 
> <host>ldap://serverip:389/DC=midpointhml,DC=local</host>
> 
> <userDn>CN=bind,OU=BIND,DC=midpointhml,DC=local</userDn>
> 
> <userPassword>
> 
> <t:clearValue>testpassword</t:clearValue>
> 
> </userPassword>
> 
> <search>
> 
> <pattern>(sAMAccountName={0})</pattern>
> 
> <subtree>true</subtree>
> 
> </search>
> 
> </ldap>
> 
> </modules>
> 
> <sequence>
> 
> <name>gui-ldap</name>
> 
> <channel>
> 
> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
> 
> <default>true</default>
> 
> <urlSuffix>default</urlSuffix>
> 
> </channel>
> 
> <module>
> 
> <name>ldapAuth</name>
> 
> <order>30</order>
> 
> <necessity>sufficient</necessity>
> 
> </module>
> 
> </sequence>
> 
> <sequence>
> 
> <name>admin-gui-emergency</name>
> 
> <description>
> 
> Special GUI authentication sequence that is using just the internal user password.
> It is used only in emergency.
> </description>
> 
> <channel>
> 
> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
> 
> <default>false</default>
> 
> <urlSuffix>admin</urlSuffix>
> 
> </channel>
> 
> <requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType">
> 
> <!-- Superuser -->
> 
> </requireAssignmentTarget>
> 
> <module>
> 
> <name>internalLoginForm</name>
> 
> <order>1</order>
> 
> <necessity>sufficient</necessity>
> 
> </module>
> 
> </sequence>
> 
> <sequence>
> 
> <name>rest-basic</name>
> 
> <channel>
> 
> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
> 
> <default>true</default>
> 
> <urlSuffix>default</urlSuffix>
> 
> </channel>
> 
> <module>
> 
> <name>internalHttpBasic</name>
> 
> <order>1</order>
> 
> <necessity>sufficient</necessity>
> 
> </module>
> 
> </sequence>
> 
> <ignoredLocalPath>/actuator</ignoredLocalPath>
> 
> <ignoredLocalPath>/actuator/health</ignoredLocalPath>
> 
> </authentication>
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20231016/f73f8a8f/attachment.htm
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
> 
> 
> ------------------------------
> 
> End of midPoint Digest, Vol 138, Issue 13
> *****************************************

More information about the midPoint mailing list