
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <p>Hi Aivo,</p>

    <p><br>

    </p>

    <p>are you ADDING projection or assigning role? IMHO add projection

      always uses kind=account and intent=default (as of now).</p>

    <p><br>

    </p>

    <p>You should assign a role with construction to your role.</p>

    <p><br>

    </p>

    <p>Regards,</p>

    <p>Ivan<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 12/12/2016 10:48 AM, Aivo Kuhlberg

      wrote:<br>

    </div>

    <blockquote cite="mid:1481536095635.31444@rmit.ee" type="cite">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} p

        {margin-top:0;

        margin-bottom:0}--></style>

      <p>Hi,<br>

        I am trying to sync midPoint role to scriptedSQL table "Groups"

        but for some reason every time when I add resource projection to

        role it tries to run CreateScript.groovy with __ACCOUNT__

        objectClass. I have specified sync parameters for both accounts

        and groups but for some reason it does not help to find

        entitlement. However importing groups works OK - groups in

        MariaDB Groups table are imported correctly to mipdPoint.  <br>

        Here are some of the configuration settings I use for

        ScriptedSQL connector:<br>

        <br>

           <schemaHandling><br>

              <objectType><br>

                 <kind>account</kind><br>

                 <intent>account</intent><br>

                 <default>true</default><br>

                

        <objectClass>ri:AccountObjectClass</objectClass><br>

        ...<br>

              <objectType><br>

                 <kind>entitlement</kind><br>

                 <intent>group</intent><br>

                 <default>true</default><br>

                

        <objectClass>ri:CustomGroupObjectClass</objectClass><br>

        ...<br>

           <synchronization><br>

              <objectSynchronization><br>

                 <name>DBAT1 users sync</name><br>

                

        <objectClass>ri:AccountObjectClass</objectClass><br>

                 <kind>account</kind><br>

                 <intent>account</intent><br>

                 <enabled>true</enabled><br>

        ...<br>

              </objectSynchronization><br>

              <objectSynchronization><br>

                 <name>DBAT1 Groups sync</name><br>

                

        <objectClass>ri:CustomGroupObjectClass</objectClass><br>

                 <kind>entitlement</kind><br>

                 <intent>group</intent><br>

                 <focusType>RoleType</focusType><br>

                 <enabled>true</enabled><br>

        ...<br>

        <br>

        And here is what I see in log when I try to add projection to

        Role with name "DBAT1_test3"  <br>

        2016-12-12 11:18:57,096 [] [Thread-12] WARN

(com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):

        Can't do reconciliation. Account context doesn't contain current

        version of account.<br>

        2016-12-12 11:18:57,550 [] [Thread-12] INFO

        (com.evolveum.midpoint.provisioning.impl.ConnectorManager):

        Created new connector instance for

        <a class="moz-txt-link-freetext" href="resource:12784dc4-defd-4ab5-b9bd-70af099d0b38(DBAT1)">resource:12784dc4-defd-4ab5-b9bd-70af099d0b38(DBAT1)</a>:

        org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector

        v1.1.2.0.em3<br>

        2016-12-12 11:18:58,426 [] [Thread-12] DEBUG

        (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector):

        method: null msg:Entering CREATE Script for the objectClass

        __ACCOUNT__<br>

        2016-12-12 11:18:58,461 [] [Thread-12] DEBUG

        (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector):

        method: null msg:Create parameter options is: [:]<br>

        2016-12-12 11:18:58,461 [] [Thread-12] DEBUG

        (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector):

        method: null msg:Create parameter id is: DBAT1_test3<br>

        2016-12-12 11:18:58,487 [] [Thread-12] DEBUG

        (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector):

        method: null msg:Create parameter description is: null<br>

        2016-12-12 11:18:58,488 [] [Thread-12] DEBUG

        (org.forgerock.openicf.misc.scriptedcommon.ScriptedConnector):

        method: null msg:Create parameter attributes is:

        [__ENABLE__:[true]]<br>

        <br>

        Regards,<br>

        Aivo Kuhlberg<br>

      </p>

      <p><br>

      </p>

      <br>

      <hr>

      <font color="Gray" face="Arial" size="2">Käesolev e-kiri võib

        sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.<br>

        This e-mail may contain information which is classified for

        official use.</font>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

midPoint mailing list

<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Ivan Noris

Senior Identity Engineer

evolveum.com

</pre>

  </body>

</html>