[midPoint] change ArcheType on import/livesynch
Pavol Mederly
mederly at evolveum.com
Tue Oct 17 10:17:11 CEST 2023
> https://docs.evolveum.com/midpoint/reference/schema/archetypes/configuration/#limitations
> "Archetype assignments are not supposed to change during the lifetime of an object."
> Which is what I'd like to do.
Good point! Actually, I addressed only the "technical" part of your
problem - how to make sure the correct value is applied.
The question of whether to use archetypes in your case at all - and, as
you ask, what should be the correct way - is a different one...
Having the views is easy, having the icons and colors ... I don't know.
I hope someone from the community will help you.
> "the complexity and power of this product is sometimes mind-boggling"
Yes. The hard question is how to maximize the power while minimizing the
complexity. :)
--
Pavol Mederly
Software developer
evolveum.com
On 17/10/2023 10:10, Markus Calmius via midPoint wrote:
> Hi,
>
> OK, so reading some more information I saw this:
> https://docs.evolveum.com/midpoint/reference/schema/archetypes/configuration/#limitations
> "Archetype assignments are not supposed to change during the lifetime of an object."
> Which is what I'd like to do.
>
> To be fair, what I am actually after is to have the three different User-views/filters and different colored icons.
>
> Assigning a role that induces an archetype does not seem to work, which is why I wanted three different archetype depending on where in the life-cycle the user is.
>
> Is there another way to do this?
>
> oh, and it should have said:
> "the complexity and power of this product is sometimes mind-boggling"
>
> TiA
> Markus
>
> ------- Original Message -------
> On Tuesday, October 17th, 2023 at 02:03, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:
>
>
>> Send midPoint mailing list submissions to
>> midpoint at lists.evolveum.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>> or, via email, send a message with subject or body 'help' to
>> midpoint-request at lists.evolveum.com
>>
>> You can reach the person managing the list at
>> midpoint-owner at lists.evolveum.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of midPoint digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Ninja on Windows-Server (Florian Dürr)
>> 2. change ArcheType on import/livesynch (Markus Calmius)
>> 3. Update from 4.4.3 to 4.4.6 breaking LDAP authentication
>> (Alcides Moraes)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 16 Oct 2023 14:36:10 +0000
>> From: Florian Dürr florian.duerr at itconcepts.ch
>>
>> To: sb45 via midPoint midpoint at lists.evolveum.com
>>
>> Subject: [midPoint] Ninja on Windows-Server
>> Message-ID:
>> GV0P278MB0671E0E66DFE2C61731FD18EFAD7A at GV0P278MB0671.CHEP278.PROD.OUTLOOK.COM
>>
>>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi all
>>
>> Summary:
>> I am trying to export midPoint-configuration on a Windows-Installation (to migrate to a more recent LTS-Linux-Installation!).
>> OS: Windows Server 2016
>> Java: 17.0.2
>> Database: some MS-SQL-Server (version unknown)
>> midPoint: 4.4.3 (working fine, so the database-connection is probably not the issue)
>>
>> Symptom:
>> Whatever I try to due with ninja, I get one of the following errors:
>>
>> Example 1:
>> c:\Program Files\midpoint-4.4.3\lib>java -jar ninja.jar -m "c:\Program Files\midpoint-4.4.3" verify
>>
>> Initializing using midpoint home; with repository connection
>> Unexpected exception occurred (class org.springframework.beans.factory.BeanDefinitionStoreException), reason: Failed to parse configuration class [com.evolveum.midpoint.repo.sql.SqlRepositoryBeanConfig]; nested exception is java.lang.IllegalStateException: Error processing condition on com.evolveum.midpoint.repo.sql.SqlRepositoryBeanConfig
>>
>> (Note: I've tried variations for the midPoint-Homefolder-Parameter - none work)
>>
>> Example 2:
>> c:\Program Files\midpoint-4.4.3\bin>ninja export -O "c:\temp\test.xml"
>>
>> Using MIDPOINT_HOME: "c:\Program Files\midpoint-4.4.3\bin\..\var"
>> Using LOADER_PATH:
>> Using RUN_JAVA: "C:\Program Files\Java\jdk-17.0.2\bin\java"
>> Initializing using midpoint home; with repository connection
>> Unexpected exception occurred (class org.springframework.beans.factory.UnsatisfiedDependencyException), reason: Error creating bean with name 'auditFactory': Unsatisfied dependency expressed through field 'availableServiceFactories'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'sqlAuditServiceFactory' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Unsatisfied dependency expressed through method 'sqlAuditServiceFactory' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'baseHelper' defined in URL [jar:file:/C:/Program%20Files/midpoint-4.4.3/lib/ninja.jar!/BOOT-INF/lib/repo-sql-impl-4.4.3.jar!/com/evolveum/midpoint/repo/sql/helpers/BaseHelper.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'sessionFactory' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Unsatisfied dependency expressed through method 'sessionFactory' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dataSource' defined in class path resource [com/evolveum/midpoint/repo/sql/SqlRepositoryBeanConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.sql.DataSource]: Factory method 'dataSource' threw exception; nested exception is com.evolveum.midpoint.repo.api.RepositoryServiceFactoryException: Couldn't initialize datasource, reason: Failed to load driver class com.microsoft.sqlserver.jdbc.SQLServerDriver in either of HikariConfig class loader or Thread context classloader
>>
>> To me it looks like some issue with connectivity to the SQL-Server, but since midPoint is working fine and ninja is using connectivity-information from config.xml, this should not be the case...
>>
>> Any Ideas?
>>
>> Thanks and best,
>> Florian
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 16 Oct 2023 14:58:55 +0000
>> From: Markus Calmius markus.calmius at proton.ch
>>
>> To: midPoint General Discussion midpoint at lists.evolveum.com
>>
>> Subject: [midPoint] change ArcheType on import/livesynch
>> Message-ID:
>> EBSd1bjN6obYY-XBLiRziPYde3XCKo494onuJRJyXK5pTziP9SAloetJx75xktiaFNuebGzld8rnH6nKyHVMHJg4qPkwVk0JUv0xBEgWw1M=@proton.ch
>>
>>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hi,
>>
>> the complexity of this product is sometimes mind-boggling. You think you understand something, and then: stacktrace ;)
>>
>> So, I read this "In this demo, we use archetypes Full time employee, Part time employee, Contractor, and Retired. Archetype is assigned to a user during import from resource based on his employment type"
>> from: https://docs.evolveum.com/midpoint/demo/
>>
>> and I'm doing something similar. Basically we have a column in the csv file that has one of three values:
>> pre-employee
>> current-employee
>> post-employee
>>
>> I created ArcheTypes for these different kind of users, then automatically assigned them on import. All good.
>> However, if I change the value and re-import (or use live synch) I get:
>> "ERROR (com.evolveum.midpoint.model.impl.sync.reactions.SynchronizationActionExecutor): SYNCHRONIZATION: Error in synchronization on resource:<redacted_resource> for situation LINKED: SchemaException: Found [archetype:<oid>(pre_employee), archetype:<oid>(current_employee)] structural archetypes; only a single one is supported"
>>
>>
>> I removed oids to make it easier to read.
>> Do I need to check (another hook?) if a user changes archetype and remove the previous one first? It seems a bit...well unnecessary. If the attribute input is set to strong it should be replaced, right?
>>
>> Markus
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20231016/7923983a/attachment-0001.htm
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Mon, 16 Oct 2023 21:03:34 -0300
>> From: Alcides Moraes alcides.neto at gmail.com
>>
>> To: midPoint General Discussion midpoint at lists.evolveum.com
>>
>> Subject: [midPoint] Update from 4.4.3 to 4.4.6 breaking LDAP
>> authentication
>> Message-ID: 22561763-4DCF-4B19-B7D8-8E23798F2E0D at gmail.com
>>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello list,
>>
>> I’m having some issues with ldap authentication, hope someone can shed some light
>>
>> After updating from 4.4.3 to 4.4.6, I could not login to our test midpoint anymore using our LDAP server.
>> I had to use the /auth/emergency to log in using local administrator.
>>
>> This is the log I was getting:
>> 2023-10-16T17:50:50.669 ERROR [com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider] (http-nio-8080-exec-10) Authentication (runtime) error: web.security.provider.invalid
>> org.springframework.security.authentication.AuthenticationServiceException: web.security.provider.invalid
>>
>> We haven’t configured authentication using security policy yet, we were using the old spring security ldap configuration.
>>
>> So I tried configuring our ldap using security policy, since the spring security configuration is not supported anymore.
>> It didn’t work either, here’s the log
>> 2023-10-16T20:41:38.107 ERROR [com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider] (http-nio-8080-exec-2) Authentication (runtime) error: Invalid username and/or password.
>> org.springframework.security.authentication.BadCredentialsException: Invalid username and/or password.
>> …
>> Caused by: org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580]
>>
>> I’m very sure the users and passwords for both bind user and the login form are correct. If I rollback everything it works again.
>> Emergency login using internal database still works.
>> Below is my authentication configuration, pretty simple.
>>
>> Thanks in advance for any help on this.
>> <authentication>
>>
>> <modules>
>>
>> <loginForm>
>>
>> <name>internalLoginForm</name>
>>
>> <description>Internal username/password authentication, default user password, login form</description>
>>
>> </loginForm>
>>
>> <httpBasic>
>>
>> <name>internalHttpBasic</name>
>>
>> <description>Http basic username/password authentication, default user password</description>
>>
>> </httpBasic>
>>
>> <ldap>
>>
>> <name>ldapAuth</name>
>>
>> <host>ldap://serverip:389/DC=midpointhml,DC=local</host>
>>
>> <userDn>CN=bind,OU=BIND,DC=midpointhml,DC=local</userDn>
>>
>> <userPassword>
>>
>> <t:clearValue>testpassword</t:clearValue>
>>
>> </userPassword>
>>
>> <search>
>>
>> <pattern>(sAMAccountName={0})</pattern>
>>
>> <subtree>true</subtree>
>>
>> </search>
>>
>> </ldap>
>>
>> </modules>
>>
>> <sequence>
>>
>> <name>gui-ldap</name>
>>
>> <channel>
>>
>> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
>>
>> <default>true</default>
>>
>> <urlSuffix>default</urlSuffix>
>>
>> </channel>
>>
>> <module>
>>
>> <name>ldapAuth</name>
>>
>> <order>30</order>
>>
>> <necessity>sufficient</necessity>
>>
>> </module>
>>
>> </sequence>
>>
>> <sequence>
>>
>> <name>admin-gui-emergency</name>
>>
>> <description>
>>
>> Special GUI authentication sequence that is using just the internal user password.
>> It is used only in emergency.
>> </description>
>>
>> <channel>
>>
>> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
>>
>> <default>false</default>
>>
>> <urlSuffix>admin</urlSuffix>
>>
>> </channel>
>>
>> <requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType">
>>
>> <!-- Superuser -->
>>
>> </requireAssignmentTarget>
>>
>> <module>
>>
>> <name>internalLoginForm</name>
>>
>> <order>1</order>
>>
>> <necessity>sufficient</necessity>
>>
>> </module>
>>
>> </sequence>
>>
>> <sequence>
>>
>> <name>rest-basic</name>
>>
>> <channel>
>>
>> <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
>>
>> <default>true</default>
>>
>> <urlSuffix>default</urlSuffix>
>>
>> </channel>
>>
>> <module>
>>
>> <name>internalHttpBasic</name>
>>
>> <order>1</order>
>>
>> <necessity>sufficient</necessity>
>>
>> </module>
>>
>> </sequence>
>>
>> <ignoredLocalPath>/actuator</ignoredLocalPath>
>>
>> <ignoredLocalPath>/actuator/health</ignoredLocalPath>
>>
>> </authentication>
>>
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20231016/f73f8a8f/attachment.htm
>>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> ------------------------------
>>
>> End of midPoint Digest, Vol 138, Issue 13
>> *****************************************
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list