<div dir="ltr">Hi<div><br></div><div>I have a situation where my role search is failing when i search by name/oid or type.</div><div><br></div><div>As per my observation this role has an inducement in which there is certain attribute without namespace defined:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"><inducement id="2"></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <construction></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <resourceRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef" type="ResourceType"><!-- Active Directory Resource --></resourceRef></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <attribute></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1" color="#ff0000"> <ref>qn43:groups</ref></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <outbound></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <strength>strong</strength></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <expression></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> <value>cn=portal_support,ou=groups,dc=confluxsys,dc=com</value></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> </expression></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> </outbound></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> </attribute></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> </construction></font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font size="1"> </inducement></font></div></div></blockquote></blockquote><div><br></div><div>Now when i added appropriate namespace it worked for me.</div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"><inducement id="2"></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <construction></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <resourceRef oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef" type="ResourceType"><!-- Active Directory Resource --></resourceRef></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <attribute></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1" color="#ff0000"> <ref </font><font size="1" color="#ff0000">xmlns:qn43="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</font><span style="color:rgb(255,0,0);font-size:x-small">>qn43:groups</ref></span></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <outbound></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <strength>strong</strength></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <expression></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> <value>cn=portal_support,ou=groups,dc=confluxsys,dc=com</value></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> </expression></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> </outbound></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> </attribute></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> </construction></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"> </inducement></font></blockquote></div><div><br></div><div><br></div><div>We have added this inducement by web-service client and at that point we do not have information about correct namespace so how can we get rid of this.</div><div>The problem we have is at that point we do not know if the attribute is icf attribute or not so we cannot add the namespace. So is it necessary to have the correct namespace or is it a problem in midpoint?</div><div><br></div><div>Please provide some assistance on this.</div><div><br></div><div><br></div><div>Thanks</div><div>Dharmendra</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 12, 2015 at 6:57 PM, Dharmendra Parakh <span dir="ltr"><<a href="mailto:dharmendra@confluxsys.com" target="_blank">dharmendra@confluxsys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey Pavol<div><br></div><div>I missed that equal thing.</div><div><br></div><div>Thanks, that worked like a charm.</div><div><br></div><div>Regards</div><span class="HOEnZb"><font color="#888888"><div>Dharmendra</div><div><br></div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 12, 2015 at 6:34 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Dharmendra,<br>
<br>
it is not supported to test references using <equal>
condition. You have to use <ref> one. <br>
<br>
So I suggest to replace "<equal ..." section in
.parseSearchFilterType() call with this one<span><br>
<br>
<ref><br>
<path>assignment/targetRef</path><br>
<value><br></span>
<oid><b><font color="#cc0000"> ... put roleOid here
... </font></b></oid><span><br>
<type>RoleType</type><br>
</value><br>
</ref><br>
<br></span>
It should work. :-) If not, please let me know.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div><div><div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>I tried it but didn't work for me, I am using following
code:</div>
<div><br>
</div>
<div>
<div><span style="white-space:pre-wrap"> </span>private
static List<UserType> searchRoleMembers(ModelPortType
modelPort, String roleOid) throws SAXException, IOException,
FaultMessage, JAXBException {</div>
<div><span style="white-space:pre-wrap"> </span>//
WARNING: in a real case make sure that the username is
properly</div>
<div><span style="white-space:pre-wrap"> </span>//
escaped before putting it in XML</div>
<div><span style="white-space:pre-wrap"> </span>SearchFilterType
filter = ModelClientUtil</div>
<div><span style="white-space:pre-wrap"> </span>.parseSearchFilterType("<equal
xmlns='<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>'
xmlns:c='<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'
>"</div>
<div><span style="white-space:pre-wrap"> </span>+
"<path>assignment/targetRef</path>" +
"<value><oid>" + roleOid + "</oid>
<type>RoleType</type> </value>" +
"</equal>");</div>
<div><span style="white-space:pre-wrap"> </span>QueryType
query = new QueryType();</div>
<div><span style="white-space:pre-wrap"> </span>query.setFilter(filter);</div>
<div><span style="white-space:pre-wrap"> </span>SelectorQualifiedGetOptionsType
options = new SelectorQualifiedGetOptionsType();</div>
<div><span style="white-space:pre-wrap"> </span>Holder<ObjectListType>
objectListHolder = new Holder<ObjectListType>();</div>
<div><span style="white-space:pre-wrap"> </span>Holder<OperationResultType>
resultHolder = new Holder<OperationResultType>();</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>modelPort.searchObjects(ModelClientUtil.getTypeQName(UserType.class),
query, options, objectListHolder, resultHolder);</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>ObjectListType
objectList = objectListHolder.value;</div>
<div><span style="white-space:pre-wrap"> </span>List<ObjectType>
objects = objectList.getObject();</div>
<div><span style="white-space:pre-wrap"> </span>if
(objects.isEmpty()) {</div>
<div><span style="white-space:pre-wrap"> </span>return
null;</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span>List<UserType>
result = new ArrayList<>(objects.size());</div>
<div><span style="white-space:pre-wrap"> </span>for(ObjectType
object: objects ){</div>
<div><span style="white-space:pre-wrap"> </span>result.add((UserType)
object);</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span>return
result;</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span></div>
</div>
<div>Am i doing anything wrong?</div>
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 12, 2015 at 4:36 PM, Pavol
Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>You can easily get all users that have <b>directly</b>
assigned a role - it is a search on UserType using the
following criteria:<br>
<br>
<ref><br>
<path>assignment/targetRef</path><br>
<value><br>
<oid>00000000-0000-0000-0000-000000000004</oid><br>
<type>RoleType</type><br>
</value><br>
</ref><br>
<br>
(replace 00000000-0000-0000-0000-000000000004 with the
OID of your role)<br>
<br>
However, this does not find users that have such a role
assigned indirectly (e.g. as inducement in another
role). This is not currently supported.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>Thanks for the information, this works.</div>
<div><br>
</div>
<div>One more thing Our requirement is to
reconcile users associated to some specific
role, So is there a way to get the users
associated to a role without iterating all the
users.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 12, 2015 at
3:27 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Manish,<br>
<br>
I've just pushed a sample code that
demonstrates this.<br>
<br>
Here is the java code - actually, it's an
empty modification with RECONCILE option
set (see red lines):<br>
<br>
<p><span><span> </span>private static
void reconcileUser(ModelPortType
modelPort, String oid) throws
FaultMessage {</span></p>
<span> </span>
<p><span><span> </span>ObjectDeltaType
userDelta = new ObjectDeltaType();</span></p>
<p><span><span> </span>userDelta.setOid(oid);</span></p>
<p><span><span> </span>userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));</span></p>
<p><span><span> </span><span> </span>userDelta.setChangeType(ChangeTypeType.MODIFY);</span></p>
<p><span> </span></p>
<p><span><span> </span>ObjectDeltaListType
deltaList = new ObjectDeltaListType();</span></p>
<p><span><span> </span>deltaList.getDelta().add(userDelta);</span></p>
<p><span> </span></p>
<p><font color="#cc0000"><span><span> </span>ModelExecuteOptionsType
optionsType = new
ModelExecuteOptionsType();</span></font></p>
<font color="#cc0000"> </font>
<p><font color="#cc0000"><span><span> </span>optionsType.setReconcile(true);</span></font></p>
<font color="#cc0000"> </font>
<p><span><span> </span>modelPort.executeChanges(deltaList,
optionsType);</span></p>
<p><span><span> </span>}</span></p>
<br>
This is how it looks like in XML:<br>
<br>
<font size="-1"><soap:Body><br>
<ns8:executeChanges <br>
xmlns:ns2=<a href="http://prism.evolveum.com/xml/ns/public/types-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
<br>
xmlns:ns3=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
<br>
xmlns:ns8=<a href="http://midpoint.evolveum.com/xml/ns/public/model/model-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/model/model-3"</a>
<br>
xmlns:ns9=<a href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a>><br>
<br>
<ns8:deltaList><br>
<ns9:delta><br>
<ns2:changeType>modify</ns2:changeType><br>
<ns2:objectType>ns3:UserType</ns2:objectType><br>
<ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid><br>
</ns9:delta><br>
</ns8:deltaList><br>
<font color="#cc0000">
<ns8:options><br>
<ns3:reconcile>true</ns3:reconcile><br>
</ns8:options><br>
</font>
</ns8:executeChanges><br>
</soap:Body></font><br>
<br>
Hope this helps.<br>
Pavol
<div>
<div><br>
<br>
On 10. 2. 2015 22:40, Manish Baid
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:14px">
<div dir="ltr">Hi,</div>
<div dir="ltr">Using webservice
client, can you please share some
pointers on how to:
programmatically "reconcile a
user"?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Basically, we are
trying to re-enforce
role-inducement updates to
"affected" users.<br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Thanks<br>
</div>
<div dir="ltr"> </div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>