[midPoint] midPoint Digest, Vol 145, Issue 2

Tushar Walaskar tusharwalaskar1 at weber.edu
Thu May 2 15:14:04 CEST 2024 

Hi Markus,

I was able to resolve the issue by fixing the mappings in the correlation
settings with weight, tier and correct mapping with Personal number. I
appreciate your reaching out to me.


On Thu, May 2, 2024 at 4:09 AM <midpoint-request at lists.evolveum.com> wrote:

> Send midPoint mailing list submissions to
>         midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
>         midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
>         midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1. Re: Issue with correlation with AD (Markus Calmius)
>    2. Entitlements and Object Templates (Hilmar Kistemaker)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 01 May 2024 10:32:19 +0000
> From: Markus Calmius <markus.calmius at proton.ch>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Issue with correlation with AD
> Message-ID:
>
> <VxQjscnAQfxY2uhp3FfMbFFWo2zuCt9DM1whfoX-IRG9SCGDGjymHxBkesyxrLniJATVDsP8CSUNqVCV4SscR-Ezj4tZkoT460v7EtTi1gY=@
> proton.ch>
>
> Content-Type: text/plain; charset=utf-8
>
>
> Hi Tushar,
>
> not that I use AD, but maybe you can you the resource configuration?
>
> Kind regards,
> Markus
>
>
> On Wednesday, 1 May 2024 at 12:00, midpoint-request at lists.evolveum.com <
> midpoint-request at lists.evolveum.com> wrote:
>
> > Send midPoint mailing list submissions to
> > midpoint at lists.evolveum.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.evolveum.com/mailman/listinfo/midpoint
> > or, via email, send a message with subject or body 'help' to
> > midpoint-request at lists.evolveum.com
> >
> > You can reach the person managing the list at
> > midpoint-owner at lists.evolveum.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of midPoint digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Smart Correlation Webinar Video & Blog Post (Evolveum Marketing)
> > 2. Issue with correlation with AD (Tushar Walaskar)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Tue, 30 Apr 2024 16:45:58 +0200
> > From: Evolveum Marketing vera at evolveum.com
> >
> > To: midPoint General Discussion midpoint at lists.evolveum.com
> >
> > Subject: [midPoint] Smart Correlation Webinar Video & Blog Post
> > Message-ID: cb08f098-7698-4329-8d9d-97ab67985434 at evolveum.com
> >
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >
> > Dear midPoint Community,
> >
> > We invite you to check out our blog post or watch the webinar recording
> > featuring our Senior Software Developer, Pavol Mederly, discussing smart
> > correlation. The webinar provides insights into how to effectively use
> > smart correlation to align identity data with existing focus objects in
> > the repository. In the blog post, you'll also find Pavol's responses to
> > audience questions.
> >
> > Learn more here: Smart Correlation Webinar Summary
> > https://evolveum.com/smart-correlation-webinar-summary/.
> >
> >
> > Enjoy exploring these resources!
> >
> > --
> >
> > Veronika Kolpascikova
> > Marketing Specialist
> > evolveum.com
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> https://lists.evolveum.com/pipermail/midpoint/attachments/20240430/8fe5ed94/attachment-0001.htm
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Tue, 30 Apr 2024 11:33:48 -0600
> > From: Tushar Walaskar tusharwalaskar1 at weber.edu
> >
> > To: midpoint at lists.evolveum.com
> > Subject: [midPoint] Issue with correlation with AD
> > Message-ID:
> > CA+Xa8fcs=ACv=Nnqwv5LF1ddbFSE05BsmPC9vdogmMXW6dd=UA at mail.gmail.com
> >
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi everyone,
> >
> > I am having an issue with Correlation in Midpoint with AD.
> >
> > A bit of context, I am trying to import AD users into Midpoint, which
> > already has some users from the HR System. I used the correlation of
> > EmployeeNumber in AD to PersonalNumber in Midpoint.
> >
> > When I am trying to import preview the objects which are already existing
> > in both AD and HR systems, the items are "unmatched" even though they
> > should be "unlinked" Also while running the reconciliation job I get this
> > error frequently,
> >
> > 4/30/24, 5:23 PM com.evolveum.midpoint.util.exception.SystemException:
> > Error occurred during resource object shadow owner lookup, reason: No
> > correlation items in
> >
> CorrelatorContext{configurationBean=PCV(23):[PP({.../common/common-3}name):[PPV(String:personalNumber-correlation)],
> > PP({.../common/common-3}description):[PPV(String:Correlation using
> > personalNumber. Please note: inbound mapping for personalNumber is used
> > only during correlation.)],
> > PP({.../common/common-3}enabled):[PPV(Boolean:true)],
> >
> PC(composition):[PCV(null):[PP({.../common/common-3}tier):[PPV(Integer:1)]]]]}
> >
> > Can anyone help make sense of this and if possible help solving this
> issue?
> >
> > --
> > Warmest Regards,
> >
> > Tushar Walaskar MS MIS, CISSP, CCSP, CIPM
> > *Senior IAM Engineer *
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
> https://lists.evolveum.com/pipermail/midpoint/attachments/20240430/ccbd9fbb/attachment-0001.htm
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > https://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
> > ------------------------------
> >
> > End of midPoint Digest, Vol 145, Issue 1
> > ****************************************
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 1 May 2024 18:38:59 +0200
> From: Hilmar Kistemaker <hilmar.kistemaker at mollie.com>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] Entitlements and Object Templates
> Message-ID:
>         <
> CAHLViaJtt0iwPOn0CDsJJkkEmG9AM8Fu9w1FHVXbZ7OwHAHShA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> I'm encountering an issue with entitlements and object templates in
> midPoint and could use some assistance in resolving it.
>
> The condition in the object template checks the Team attribute on the
> user's midPoint profile. If the condition is true, the expression searches
> for an organization object that matches the display name and assigns the
> correct organization object to the user. The organization object contains 2
> inducements: 1 Google Group and 1 Okta group. The user does get added to
> the groups in the systems when the Object Template assigns the organization
> object to the user.
>
> The problem arises during unassignment. When a user moves teams, the
> organization object gets unassigned, and the new organization object gets
> assigned. However, the user is not removed from the old team Google/Okta
> group.
>
> If I manually unassign an organization object, the user does get removed
> from the Google/Okta groups.
>
> This is the object template mapping I use:
>
> <mapping>
>     <name>Team</name>
>     <source>
>         <path
>
> xmlns:gen849="urlRedacted/xml/ns/extension">c:extension/gen849:team
>         </path>
>     </source>
>     <source>
>         <path
>
> xmlns:gen569="urlRedacted/xml/ns/extension">c:extension/gen569:domain
>         </path>
>     </source>
>     <expression>
>         <script>
>             <code>
>   import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>   import com.evolveum.midpoint.prism.delta.builder.*
>   import com.evolveum.midpoint.prism.query.ObjectFilter;
>   import com.evolveum.midpoint.schema.SelectorOptions;
>   import com.evolveum.midpoint.schema.GetOperationOptions;
>   import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>   import com.evolveum.midpoint.model.api.*
>
>   teamName = team
>   orgName = domain
>
>   if (orgName != null) {
>     ObjectFilter domainFilter = prismContext.queryFor(OrgType.class)
>     .item(OrgType.F_DISPLAY_NAME).eq(orgName)
>     .buildFilter();
>
>   fetchedOrgs = midpoint.searchObjects(OrgType.class,
> prismContext.queryFactory().createQuery(domainFilter));
>
>   if (fetchedOrgs[0] != null) {
>     assignmentTargetOid = fetchedOrgs[0].getOid()
>
>     ObjectFilter teamFilter = prismContext.queryFor(OrgType.class)
>     .item(OrgType.F_DISPLAY_NAME).eq(teamName)
>     .and()
>
>
> .item(OrgType.F_ASSIGNMENT,AssignmentType.F_TARGET_REF).ref(assignmentTargetOid)
>     .buildFilter();
>
>     fetchedTeams = midpoint.searchObjects(OrgType.class,
> prismContext.queryFactory().createQuery(teamFilter));
>
>     if (fetchedTeams[0] != null) {
>         roleOrt = new ObjectReferenceType();
>         roleOrt.setOid(fetchedTeams[0].getOid());
>         roleOrt.setType(OrgType.COMPLEX_TYPE);
>
>         AssignmentType assignment = new AssignmentType();
>         assignment.asPrismContainerValue()
>         assignment.setTargetRef(roleOrt);
>
>         return assignment
>     } else {
>         log.warn("No Team orgs found!")
>     }
>
>    }
>   } else {
>     log.warn("No Domain set on user profile. Skipping Team assignment.")
>   }
>   </code>
>         </script>
>     </expression>
>     <target>
>         <path>c:assignment</path>
>     </target>
>     <condition>
>         <script>
>             <code>
>       fetchedTeam = team;
>        if (fetchedTeam != null) {
>         log.warn("Team not empty, try to assign OU in MP")
>         return true
>       } else {
>           log.warn("User has no team assigned!")
>       }
>    </code>
>         </script>
>     </condition>
>     <enabled>true</enabled>
> </mapping>
>
> Thanks,
> Hilmar
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.evolveum.com/pipermail/midpoint/attachments/20240501/58dbde48/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 145, Issue 2
> ****************************************
>


-- 
*Warmest Regards,*

*Tushar Walaskar MS MIS, CISSP, CCSP, CIPM*
*Senior IAM Engineer *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240502/b719db22/attachment-0001.htm>

More information about the midPoint mailing list