<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} p
{margin-top:0;
margin-bottom:0}--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi Ivan,<br>
Thanks for the information. Yes I was ADDING a projection rather than adding a metarole with group inducement. Now when I assigned the metarole the group creation works!<br>
Thank you again.<br>
Regards,<br>
Aivo Kuhlberg<br>
</p>
<p><br>
</p>
<div style="color: rgb(33, 33, 33);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>Saatja:</b> midPoint <midpoint-bounces@lists.evolveum.com> nimelIvan Noris <ivan.noris@evolveum.com><br>
<b>Saadetud:</b> 12. detsember 2016 12:13<br>
<b>Adressaat:</b> midpoint@lists.evolveum.com<br>
<b>Teema:</b> Re: [midPoint] ScriptedSQL - create group tries to create account</font>
<div> </div>
</div>
<div>
<p>Hi Aivo,</p>
<p><br>
</p>
<p>are you ADDING projection or assigning role? IMHO add projection always uses kind=account and intent=default (as of now).</p>
<p><br>
</p>
<p>You should assign a role with construction to your role.</p>
<p><br>
</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 12/12/2016 10:48 AM, Aivo Kuhlberg wrote:<br>
</div>
<blockquote type="cite"><style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<p>Hi,<br>
I am trying to sync midPoint role to scriptedSQL table "Groups" but for some reason every time when I add resource projection to role it tries to run CreateScript.groovy with __ACCOUNT__ objectClass. I have specified sync parameters for both accounts and groups
but for some reason it does not help to find entitlement. However importing groups works OK - groups in MariaDB Groups table are imported correctly to mipdPoint. <br>
Here are some of the configuration settings I use for ScriptedSQL connector:<br>
<br>
<schemaHandling><br>
<objectType><br>
<kind>account</kind><br>
<intent>account</intent><br>
<default>true</default><br>
<objectClass>ri:AccountObjectClass</objectClass><br>
...<br>
<objectType><br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
<default>true</default><br>
<objectClass>ri:CustomGroupObjectClass</objectClass><br>
...<br>
<synchronization><br>
<objectSynchronization><br>
<name>DBAT1 users sync</name><br>
<objectClass>ri:AccountObjectClass</objectClass><br>
<kind>account</kind><br>
<intent>account</intent><br>
<enabled>true</enabled><br>
...<br>
</objectSynchronization><br>
<objectSynchronization><br>
<name>DBAT1 Groups sync</name><br>
<objectClass>ri:CustomGroupObjectClass</objectClass><br>
<kind>entitlement</kind><br>
<intent>group</intent><br>
<focusType>RoleType</focusType><br>
<enabled>true</enabled><br>
...<br>
<br>
And here is what I see in log when I try to add projection to Role with name "DBAT1_test3" <br>
2016-12-12 11:18:57,096 [] [Thread-12] WARN (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor): Can't do reconciliation. Account context doesn't contain current version of account.<br>
2016-12-12 11:18:57,550 [] [Thread-12] INFO (com.evolveum.midpoint.provisioning.impl.ConnectorManager): Created new connector instance for
<a class="moz-txt-link-freetext" href="">resource:12784dc4-defd-4ab5-b9bd-70af099d0b38(DBAT1)</a>: org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector v1.1.2.0.em3<br>
2016-12-12 11:18:58,426 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Entering CREATE Script for the objectClass __ACCOUNT__<br>
2016-12-12 11:18:58,461 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter options is: [:]<br>
2016-12-12 11:18:58,461 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter id is: DBAT1_test3<br>
2016-12-12 11:18:58,487 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter description is: null<br>
2016-12-12 11:18:58,488 [] [Thread-12] DEBUG (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector): method: null msg:Create parameter attributes is: [__ENABLE__:[true]]<br>
<br>
Regards,<br>
Aivo Kuhlberg<br>
</p>
<p><br>
</p>
<br>
<hr>
<font size="2" color="Gray" face="Arial">Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.<br>
This e-mail may contain information which is classified for official use.</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre>_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</div>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="2">Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.<br>
This e-mail may contain information which is classified for official use.</font>
</body>
</html>