<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Martin,</p>
<p>could you please try with midPoint built from git branch named
support-3.4?</p>
<p>Thanks,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 11/21/2016 03:48 PM, Martin Marchese
wrote:<br>
</div>
<blockquote
cite="mid:CAG3rmdp7ZJm=5THvVwaoqBdmjuYy-zJnrSTKDN-r8BVnR6fS+A@mail.gmail.com"
type="cite">
<div dir="ltr">Ivan,
<div><br>
</div>
<div>We run the same test within a 3.4.1 environment and within
a 3.5-SNAPSHOT one. Same objects. It worked OK in 3.5-SNAPSHOT
but again, it did not work in 3.4.1.</div>
<div><br>
</div>
<div>Any package logging you recommend to enable in order to
debug this?</div>
<div><br>
</div>
<div>The following are our objects:</div>
<div><br>
</div>
<div>Student Role:</div>
<div>-------------------</div>
<div><br>
</div>
<div>
<div><role xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> oid="00000000-0000-1de4-0004-000000000010"></div>
<div> <name>STUDENT</name></div>
<div></role></div>
</div>
<div><br>
</div>
<div>Teacher Role:</div>
<div>-------------------</div>
<div><br>
</div>
<div>
<div><role xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> oid="00000000-0000-1de4-0004-000000000011"></div>
<div> <name>TEACHER</name></div>
<div></role></div>
</div>
<div><br>
</div>
<div>MetaRole:</div>
<div>--------------</div>
<div><br>
</div>
<div>
<div><role xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> oid="00000000-0000-1de4-0004-000000000099"></div>
<div> <name>META_ROL</name></div>
<div> <inducement id="1"></div>
<div> <targetRef
oid="00000000-0000-1de4-0004-000000000010"
type="c:RoleType">STUDENT</targetRef></div>
<div> <order>2</order></div>
<div> <focusType>UserType</focusType></div>
<div> <condition></div>
<div> <source></div>
<div>
<c:path>$focusAssignment/extension/metaRelation</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code>metaRelation ==
'STUDENT'</code></div>
<div> </script></div>
<div> </expression></div>
<div> </condition></div>
<div> </inducement></div>
<div> <inducement id="2"></div>
<div> <targetRef
oid="00000000-0000-1de4-0004-000000000011"
type="c:RoleType"></targetRef></div>
<div> <order>2</order></div>
<div> <focusType>UserType</focusType></div>
<div> <condition></div>
<div> <source></div>
<div>
<c:path>$focusAssignment/extension/metaRelation</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script></div>
<div> <code>metaRelation ==
'TEACHER'</code></div>
<div> </script></div>
<div> </expression></div>
<div> </condition></div>
<div> </inducement></div>
<div></role></div>
</div>
<div><br>
</div>
<div>Org:</div>
<div>------</div>
<div><br>
</div>
<div>
<div><org xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> oid="00000000-0000-1de4-0010-000000000001"></div>
<div> <name>ORG21</name></div>
<div> <assignment id="1"></div>
<div> <targetRef
oid="00000000-0000-1de4-0004-000000000099"
type="c:RoleType"></targetRef></div>
<div> </assignment></div>
<div></org></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Org Assignment to User:</div>
<div>-----------------------------------</div>
<div><br>
</div>
<div>
<div><assignment id="1"></div>
<div> <extension xmlns:icfcassig="<a
moz-do-not-send="true"
href="http://midpoint.identicum.com/xml/ns/metaAssignment">http://midpoint.identicum.com/xml/ns/metaAssignment</a>"></div>
<div>
<icfcassig:metaRelation>STUDENT</icfcassig:metaRelation></div>
<div> </extension></div>
<div> <targetRef
oid="00000000-0000-1de4-0010-000000000001"
type="c:OrgType"><!-- ORG1 --></targetRef></div>
<div></assignment></div>
</div>
<div><br>
</div>
<div>Thanks in Advance</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com"
target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com"
target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Sat, Nov 19, 2016 at 8:52 AM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Ivan.Noris@evolveum.com" target="_blank">Ivan.Noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="font-family:times new roman,new
york,times,serif;font-size:12pt;color:#000000">
<div>Hi Martin,<br>
</div>
<div><br>
</div>
<div>that's a surprise for me, because I'm not using
master but 3.4-based branch... and the main logic is
similar to what I'm using, even in older versions...<br>
</div>
<div><br>
</div>
<div>It just didn't work or there were some errors
displayed/logged? Maybe the developers would know
according to that behaviour.<br>
</div>
<div><br>
</div>
<div>Regards,<br>
</div>
<div>Ivan<br>
</div>
<div><br>
</div>
<hr id="m_-469257949677563685zwchr">
<blockquote style="border-left:2px solid
#1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From:
</b>"Martin Marchese" <<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com"
target="_blank">mmarchese@identicum.com</a>><br>
<b>To: </b>"midPoint General Discussion" <<a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"
target="_blank">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Friday, November 18, 2016 11:20:18 PM<br>
<b>Subject: </b>Re: [midPoint] UserTemplate - Role
Assignment based on Org Assignment Property
<div>
<div class="h5"><br>
<div><br>
</div>
<div dir="ltr">Thanks Ivan that worked like charm!
And it's a very nice solution!
<div><br>
</div>
<div>However, just to let you know, it worked
only on MidPoint 3.5 snapshot, we tested that
in 3.4.1 with no luck.</div>
<div><br>
</div>
<div>Regards</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div
class="m_-469257949677563685gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img
moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com" target="_blank">www.identicum.com</a><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, Nov 18, 2016 at
4:19 PM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div>
<p>Hi,</p>
<p>there might be a way how to do this in
object template, but it could be
complicated.<br>
</p>
<p>I would probably try metarole instead:</p>
<p>1. all organizations should have a
metarole assigned (not induced)<br>
</p>
<p>2. roles STUDENT and TEACHER will be
defined by you to do whatever needed for
users<br>
</p>
<p>3. the metarole would have two order=2
inducements for users which have the
organization assigned. One of the
inducement would induce the STUDENT role
if the assignment parameter metaRelation
for "this" organization is STUDENT. The
other would assign the TEACHER role if
the assignment parameter for "this"
organization is TEACHER. The inducements
would be indirect, i.e. you would not
see the STUDENT/TEACHER role assigned in
user's Assignments tab <b>(this may or
may not be a problem for you)</b>.<br>
</p>
<p>Technically it would mean that one
person with 20 organizations assigned as
TEACHER would end with 20 assignments of
the same role TEACHER, but I believe
that midPoint will "normalize" this and
only one role TEACHER would be assigned
in real.</p>
<p>The metarole should look similar to
this (untested):</p>
<p><role ...></p>
<p> <name>Teacher/Student Org
Metarole</name></p>
<p> <inducement><br>
<targetRef
oid="00000000-dc00-dc00-0004-<wbr>000000000078"
type="c:RoleType"><!-- STUDENT
--></targetRef></p>
<p> <condition><br>
<source><br>
<path>$focusAssignment/xyz:<wbr>metaRelation</path><!--
xyz is your namespace --><br>
</source><br>
<expression><br>
<script><br>
<code>metaRelation ==
'STUDENT'</code><br>
</script><br>
</expression><br>
</condition></p>
<p> <focusType>c:UserType</<wbr>focusType><!--
to apply only to users even if
organization is assigned to another
organization --><br>
</p>
<p>
<order>2</order><!-- to
apply to users which have the
organization assigned --><br>
</p>
<p> </inducement><br>
</p>
<p> <inducement><br>
<targetRef
oid="00000000-dc00-dc00-0004-<wbr>000000000111"
type="c:RoleType"><!-- TEACHER
--></targetRef></p>
<p> <condition><br>
<source><br>
<path>$focusAssignment/xyz:<wbr>metaRelation</path><!--
xyz your namespace --><br>
</source><br>
<expression><br>
<script><br>
<code>metaRelation ==
'TEACHER'</code><br>
</script><br>
</expression><br>
</condition></p>
<p> <focusType>c:UserType</<wbr>focusType></p>
<p> <order>2</order><br>
</p>
<p> </inducement><br>
</role></p>
<p>I hope I'm correct. I have done similar
stuff, but not this specific one.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<div>
<div class="m_-469257949677563685h5">
<div
class="m_-469257949677563685m_8006541839308906901moz-cite-prefix">On
11/18/2016 06:44 PM, Martin Marchese
wrote:<br>
</div>
<blockquote>
<div dir="ltr">Hi Ivan thanks for
your answer,
<div><br>
</div>
<div>Yes that's correct, they
should be assigned without any
parameters based on the org
assignment types.</div>
<div><br>
</div>
<div>Regards</div>
</div>
<div class="gmail_extra"><br
clear="all">
<div>
<div
class="m_-469257949677563685m_8006541839308906901gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín
Marchese</b><br>
<img
moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>
Jorge Newbery
3226<br>
Tel: +54 (11)
4552-3050<br>
<a
moz-do-not-send="true"
href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a
moz-do-not-send="true"
href="http://www.identicum.com" target="_blank">www.identicum.com</a><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Fri,
Nov 18, 2016 at 12:34 PM, Ivan
Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<p>Hi Martin,</p>
<p>the STUDENT and TEACHER
roles are "static" in
means of assignment
parameters? They are
(should be) just assigned
without any parameters
whenever used has any org
with STUDENT-type
assignment or any role
with TEACHER-type
assignment?</p>
<p><br>
</p>
Ivan
<div>
<div
class="m_-469257949677563685m_8006541839308906901h5"><br>
<br>
<div
class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785moz-cite-prefix">On
11/16/2016 08:37 PM,
Martin Marchese wrote:<br>
</div>
</div>
</div>
<blockquote>
<div>
<div
class="m_-469257949677563685m_8006541839308906901h5">
<div dir="ltr">Hi All,
<div><br>
</div>
<div>We had our
AssignmentType
extended with a
"metaRelation"
extension
property.</div>
<div><br>
</div>
<div>Users are
assigned to an
OrgType</div>
<div><br>
</div>
<div>Our OrgType
represent schools
and within this
"metaRelation"
property, we store
wether the
assigned user is a
STUDENT or a
TEACHER.</div>
<div><br>
</div>
<div>Besides, we
have 2 Roles
(STUDENT and
TEACHER roles).</div>
<div><br>
</div>
<div>We would like
to use our user
template to assign
the corresponding
role to the user
based on shich
"metaRelation" it
has within the
Org.</div>
<div><br>
</div>
<div>Users could be
STUDENT and/or
TEACHER on more
than one Org, so
while the user has
at least one of
this assignments,
it needs to have
the corresponding
role assigned.</div>
<div><br>
</div>
<div>We are thinking
if there's a way
to query the user
Org assignments
within the
template and use
it as source for
the target role
assignment.</div>
<div><br>
</div>
<div>Is this the
best/correct way
to do it? Do you
recommend any
other way?</div>
<div><br>
</div>
<div>Thanks in
Advance</div>
<div>Regards,</div>
<div><br clear="all">
<div>
<div
class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín
Marchese</b><br>
<img
moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>
Jorge Newbery
3226<br>
Tel: +54 (11)
4552-3050<br>
<a
moz-do-not-send="true"
href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a
moz-do-not-send="true"
href="http://www.identicum.com" target="_blank">www.identicum.com</a><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><span class="m_-469257949677563685m_8006541839308906901HOEnZb"><span style="color:#888888">
</span></span></pre><span class="m_-469257949677563685m_8006541839308906901HOEnZb"><span style="color:#888888"> </span></span></blockquote><pre class="m_-469257949677563685m_8006541839308906901m_-3711948596778577785moz-signature">--
Ivan Noris
Senior Identity Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre></div>______________________________<wbr>_________________ midPoint mailing list <a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a> <a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</blockquote></div></div><fieldset class="m_-469257949677563685m_8006541839308906901mimeAttachmentHeader"></fieldset><pre>______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" class="m_-469257949677563685m_8006541839308906901moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="m_-469257949677563685m_8006541839308906901moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</pre></blockquote><pre class="m_-469257949677563685m_8006541839308906901moz-signature">--
Ivan Noris
Senior Identity Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre></div></div></div>
______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</blockquote></div>
</div>
______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</div></div></blockquote><div><div class="h5"><div>
</div><div>
</div><div>--
</div><div><span name="x"></span>Ivan Noris
Senior Identity Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a><span name="x"></span>
</div></div></div></div></div>
______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</blockquote></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre></body></html>