<div dir="ltr">Hi Pavol<div><br></div><div>Thanks for the information.</div><div><br></div><div>I think it is nice and sufficient information. As you have mentioned there are very few icf attributes, I will modify my code to set the appropriate namespace so there should not be any issue.</div><div><br></div><div><br></div><div>Thanks!</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 3, 2015 at 3:26 AM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Dharmendra,<br>
<br>
generally speaking, the <ref> element in the inducement
requires the namespace to be present and to be declared in order
to function correctly. <br>
Maybe in 3.2 we'll change this, as is discussed in <a href="https://jira.evolveum.com/browse/MID-2191" target="_blank">MID-2191</a>,
but for 3.1 it is definitely so.<span class=""><br>
<br>
<blockquote type="cite">
<div>We have added this inducement by web-service client and at
that point we do not have information about correct namespace
so how can we get rid of this.</div>
<div>The problem we have is at that point we do not know if the
attribute is icf attribute or not so we cannot add the
namespace. So is it necessary to have the correct namespace or
is it a problem in midpoint?</div>
</blockquote>
<br></span>
I'm not sure I understand you fully.<br>
<br>
I think you can safely add the following namespace:<br>
<br>
Either <b>xmlns:ri=<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</a></b>
for majority of attribute names, or<br>
<b>xmlns:icfs=<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"</a></b>
for special names, like icfs:name, icfs:uid, icfs:groups and a few
others, less frequently used.<br>
<br>
It does not matter if you create a role or its inducement via GUI,
import objects, or via web service. In all the cases you can (and
should) use the correct namespace.<br>
<br>
One note regarding undeclared namespaces (like qn43:groups without
declaring qn43). In midPoint 3.1, these are not checked, and
result of using them is generally unpredictable. In current
master, we added a code that checks for such situations, and
forbids using object with such undeclared namespaces (as described
in MID-2191). This check can be temporarily turned off via
Configuration->Internals configuration->Internals
config->Tolerate undeclared prefixes...); when releasing 3.1.1
it will be probably turned OFF by default. Maybe the role search
in your case is failing because of this (but I'm not sure); please
check the midPoint logs. Anyway, it is strictly necessary to use
correctly defined namespaces in <ref> elements.<br>
<br>
Hope this helps,<br>
Pavol<br>
<br>
PS: I'm on a vacation this week. So perhaps someone else on this
list would be able to help you further, or I'll be back on March
8th (or perhaps during evenings/nights, but without warranty).<div><div class="h5"><br>
<br>
<br>
On 2. 3. 2015 8:36, Dharmendra Parakh wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Hi
<div><br>
</div>
<div>I have a situation where my role search is failing when i
search by name/oid or type.</div>
<div><br>
</div>
<div>As per my observation this role has an inducement in which
there is certain attribute without namespace defined:</div>
<div><br>
</div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"><inducement id="2"></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> <construction></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> <resourceRef
oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef"
type="ResourceType"><!-- Active Directory
Resource --></resourceRef></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> <attribute></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font color="#ff0000" size="1">
<ref>qn43:groups</ref></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> <outbound></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1">
<strength>strong</strength></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> <expression></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1">
<value>cn=portal_support,ou=groups,dc=confluxsys,dc=com</value></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> </expression></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> </outbound></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> </attribute></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> </construction></font></div>
</div>
</blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div><font size="1"> </inducement></font></div>
</div>
</blockquote>
</blockquote>
<div><br>
</div>
<div>Now when i added appropriate namespace it worked for me.</div>
<div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1"><inducement
id="2"></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<construction></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<resourceRef
oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eaef"
type="ResourceType"><!-- Active Directory Resource
--></resourceRef></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<attribute></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font color="#ff0000" size="1">
<ref </font><font color="#ff0000" size="1">xmlns:qn43="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</font><span style="color:rgb(255,0,0);font-size:x-small">>qn43:groups</ref></span></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<outbound></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<strength>strong</strength></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<expression></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
<value>cn=portal_support,ou=groups,dc=confluxsys,dc=com</value></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
</expression></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
</outbound></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
</attribute></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
</construction></font></blockquote>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font size="1">
</inducement></font></blockquote>
</div>
<div><br>
</div>
<div><br>
</div>
<div>We have added this inducement by web-service client and at
that point we do not have information about correct namespace
so how can we get rid of this.</div>
<div>The problem we have is at that point we do not know if the
attribute is icf attribute or not so we cannot add the
namespace. So is it necessary to have the correct namespace or
is it a problem in midpoint?</div>
<div><br>
</div>
<div>Please provide some assistance on this.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Dharmendra</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 12, 2015 at 6:57 PM,
Dharmendra Parakh <span dir="ltr"><<a href="mailto:dharmendra@confluxsys.com" target="_blank">dharmendra@confluxsys.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey Pavol
<div><br>
</div>
<div>I missed that equal thing.</div>
<div><br>
</div>
<div>Thanks, that worked like a charm.</div>
<div><br>
</div>
<div>Regards</div>
<span><font color="#888888">
<div>Dharmendra</div>
<div><br>
</div>
</font></span></div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 12, 2015 at 6:34
PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Dharmendra,<br>
<br>
it is not supported to test references using
<equal> condition. You have to use
<ref> one. <br>
<br>
So I suggest to replace "<equal ..."
section in .parseSearchFilterType() call with
this one<span><br>
<br>
<ref><br>
<path>assignment/targetRef</path><br>
<value><br>
</span> <oid><b><font color="#cc0000"> ... put roleOid here ...
</font></b></oid><span><br>
<type>RoleType</type><br>
</value><br>
</ref><br>
<br>
</span> It should work. :-) If not, please let
me know.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>I tried it but didn't work for me,
I am using following code:</div>
<div><br>
</div>
<div>
<div><span style="white-space:pre-wrap"> </span>private
static List<UserType>
searchRoleMembers(ModelPortType
modelPort, String roleOid) throws
SAXException, IOException,
FaultMessage, JAXBException {</div>
<div><span style="white-space:pre-wrap"> </span>//
WARNING: in a real case make sure
that the username is properly</div>
<div><span style="white-space:pre-wrap"> </span>//
escaped before putting it in XML</div>
<div><span style="white-space:pre-wrap"> </span>SearchFilterType
filter = ModelClientUtil</div>
<div><span style="white-space:pre-wrap"> </span>.parseSearchFilterType("<equal
xmlns='<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>'
xmlns:c='<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'
>"</div>
<div><span style="white-space:pre-wrap"> </span>+
"<path>assignment/targetRef</path>"
+ "<value><oid>" +
roleOid + "</oid>
<type>RoleType</type>
</value>" + "</equal>");</div>
<div><span style="white-space:pre-wrap"> </span>QueryType
query = new QueryType();</div>
<div><span style="white-space:pre-wrap"> </span>query.setFilter(filter);</div>
<div><span style="white-space:pre-wrap"> </span>SelectorQualifiedGetOptionsType
options = new
SelectorQualifiedGetOptionsType();</div>
<div><span style="white-space:pre-wrap"> </span>Holder<ObjectListType>
objectListHolder = new
Holder<ObjectListType>();</div>
<div><span style="white-space:pre-wrap"> </span>Holder<OperationResultType>
resultHolder = new
Holder<OperationResultType>();</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>modelPort.searchObjects(ModelClientUtil.getTypeQName(UserType.class),
query, options, objectListHolder,
resultHolder);</div>
<div><br>
</div>
<div><span style="white-space:pre-wrap"> </span>ObjectListType
objectList = objectListHolder.value;</div>
<div><span style="white-space:pre-wrap"> </span>List<ObjectType>
objects = objectList.getObject();</div>
<div><span style="white-space:pre-wrap"> </span>if
(objects.isEmpty()) {</div>
<div><span style="white-space:pre-wrap"> </span>return
null;</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span>List<UserType>
result = new
ArrayList<>(objects.size());</div>
<div><span style="white-space:pre-wrap"> </span>for(ObjectType
object: objects ){</div>
<div><span style="white-space:pre-wrap"> </span>result.add((UserType)
object);</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span>return
result;</div>
<div><span style="white-space:pre-wrap"> </span>}</div>
<div><span style="white-space:pre-wrap"> </span></div>
</div>
<div>Am i doing anything wrong?</div>
<div><br>
</div>
<div>Thanks!</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 12,
2015 at 4:36 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>You can easily get all users
that have <b>directly</b>
assigned a role - it is a search
on UserType using the following
criteria:<br>
<br>
<ref><br>
<path>assignment/targetRef</path><br>
<value><br>
<oid>00000000-0000-0000-0000-000000000004</oid><br>
<type>RoleType</type><br>
</value><br>
</ref><br>
<br>
(replace
00000000-0000-0000-0000-000000000004
with the OID of your role)<br>
<br>
However, this does not find
users that have such a role
assigned indirectly (e.g. as
inducement in another role).
This is not currently supported.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">HI
<div><br>
</div>
<div>Thanks for the
information, this works.</div>
<div><br>
</div>
<div>One more thing Our
requirement is to
reconcile users
associated to some
specific role, So is
there a way to get the
users associated to a
role without iterating
all the users.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks!</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Thu, Feb 12, 2015 at
3:27 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Manish,<br>
<br>
I've just pushed a
sample code that
demonstrates this.<br>
<br>
Here is the java
code - actually,
it's an empty
modification with
RECONCILE option
set (see red
lines):<br>
<br>
<p><span><span>
</span>private
static void
reconcileUser(ModelPortType
modelPort,
String oid)
throws
FaultMessage {</span></p>
<span> </span>
<p><span><span>
</span>ObjectDeltaType
userDelta =
new
ObjectDeltaType();</span></p>
<p><span><span>
</span>userDelta.setOid(oid);</span></p>
<p><span><span>
</span>userDelta.setObjectType(ModelClientUtil.getTypeQName(UserType.class));</span></p>
<p><span><span> </span><span>
</span>userDelta.setChangeType(ChangeTypeType.MODIFY);</span></p>
<p><span> </span></p>
<p><span><span>
</span>ObjectDeltaListType
deltaList =
new
ObjectDeltaListType();</span></p>
<p><span><span>
</span>deltaList.getDelta().add(userDelta);</span></p>
<p><span> </span></p>
<p><font color="#cc0000"><span><span>
</span>ModelExecuteOptionsType
optionsType =
new
ModelExecuteOptionsType();</span></font></p>
<font color="#cc0000">
</font>
<p><font color="#cc0000"><span><span>
</span>optionsType.setReconcile(true);</span></font></p>
<font color="#cc0000">
</font>
<p><span><span>
</span>modelPort.executeChanges(deltaList,
optionsType);</span></p>
<p><span><span>
</span>}</span></p>
<br>
This is how it
looks like in XML:<br>
<br>
<font size="-1"><soap:Body><br>
<ns8:executeChanges
<br>
xmlns:ns2=<a href="http://prism.evolveum.com/xml/ns/public/types-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
<br>
xmlns:ns3=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
<br>
xmlns:ns8=<a href="http://midpoint.evolveum.com/xml/ns/public/model/model-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/model/model-3"</a>
<br>
xmlns:ns9=<a href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"</a>><br>
<br>
<ns8:deltaList><br>
<ns9:delta><br>
<ns2:changeType>modify</ns2:changeType><br>
<ns2:objectType>ns3:UserType</ns2:objectType><br>
<ns2:oid>c0c010c0-d34d-b33f-f00d-11111111ec1e</ns2:oid><br>
</ns9:delta><br>
</ns8:deltaList><br>
<font color="#cc0000">
<ns8:options><br>
<ns3:reconcile>true</ns3:reconcile><br>
</ns8:options><br>
</font>
</ns8:executeChanges><br>
</soap:Body></font><br>
<br>
Hope this helps.<br>
Pavol
<div>
<div><br>
<br>
On 10. 2. 2015
22:40, Manish
Baid wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:14px">
<div dir="ltr">Hi,</div>
<div dir="ltr">Using
webservice
client, can
you please
share some
pointers on
how to:
programmatically
"reconcile a
user"?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Basically,
we are trying
to re-enforce
role-inducement
updates to
"affected"
users.<br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Thanks<br>
</div>
<div dir="ltr"> </div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>