<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>if using roles is a functional workaround, you can stick to it.</p>
<p>I really don't know/have not used the assignmentTargetSearch for
ResourceType. Someone else still may have answer.</p>
<p>For target resources, assigning roles is always better as you can
have mappings in the role.</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 02/22/2017 05:16 PM, Prabhakara Rao
Doddapaneni wrote:<br>
</div>
<blockquote
cite="mid:631612893.2555748.1487780178279@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:16px">
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span>Ivan,</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span><br>
</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span
id="yui_3_16_0_ym19_1_1487755132568_79065">You are correct.
It worked when i remove the resource from the template and
induce it to the role i am adding.</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span
id="yui_3_16_0_ym19_1_1487755132568_79066">I was trying to
assign a resource different from source.</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span><br>
</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span>Thank,</span></div>
<div id="yui_3_16_0_ym19_1_1487755132568_78738"><span>Prabhakar.</span></div>
<div class="qtdSeparateBR"
id="yui_3_16_0_ym19_1_1487755132568_78733"><br>
<br>
</div>
<div class="yahoo_quoted"
id="yui_3_16_0_ym19_1_1487755132568_78729" style="display:
block;">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;" id="yui_3_16_0_ym19_1_1487755132568_78728">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;" id="yui_3_16_0_ym19_1_1487755132568_78727">
<div dir="ltr" id="yui_3_16_0_ym19_1_1487755132568_78726">
<font id="yui_3_16_0_ym19_1_1487755132568_78725"
face="Arial" size="2">
<hr id="yui_3_16_0_ym19_1_1487755132568_78734"
size="1"> <b
id="yui_3_16_0_ym19_1_1487755132568_78724"><span
style="font-weight:bold;"
id="yui_3_16_0_ym19_1_1487755132568_78723">From:</span></b>
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-request@lists.evolveum.com">"midpoint-request@lists.evolveum.com"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:midpoint-request@lists.evolveum.com"><midpoint-request@lists.evolveum.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
<a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Wednesday, February 22, 2017 7:04 AM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
midPoint Digest, Vol 58, Issue 37<br>
</font> </div>
<div class="y_msg_container"
id="yui_3_16_0_ym19_1_1487755132568_78730"><br>
Send midPoint mailing list submissions to<br>
<a moz-do-not-send="true"
ymailto="mailto:midpoint@lists.evolveum.com"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web,
visit<br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank"
id="yui_3_16_0_ym19_1_1487755132568_78796">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
or, via email, send a message with subject or body
'help' to<br>
<a moz-do-not-send="true"
ymailto="mailto:midpoint-request@lists.evolveum.com"
href="mailto:midpoint-request@lists.evolveum.com">midpoint-request@lists.evolveum.com</a><br>
<br>
You can reach the person managing the list at<br>
<a moz-do-not-send="true"
ymailto="mailto:midpoint-owner@lists.evolveum.com"
href="mailto:midpoint-owner@lists.evolveum.com">midpoint-owner@lists.evolveum.com</a><br>
<br>
When replying, please edit your Subject line so it is
more specific<br>
than "Re: Contents of midPoint digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: One-way synchronization of accounts from
resources.<br>
(Ivan Noris)<br>
2. Re: Assigning a different resource during the
import of<br>
accounts from external resource. (Ivan Noris)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 22 Feb 2017 13:01:42 +0100<br>
From: Ivan Noris <<a moz-do-not-send="true"
ymailto="mailto:ivan.noris@evolveum.com"
href="mailto:ivan.noris@evolveum.com"
id="yui_3_16_0_ym19_1_1487755132568_78799">ivan.noris@evolveum.com</a>><br>
To: <a moz-do-not-send="true"
ymailto="mailto:midpoint@lists.evolveum.com"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject: Re: [midPoint] One-way synchronization of
accounts from<br>
resources.<br>
Message-ID: <<a moz-do-not-send="true"
ymailto="mailto:d04a08c8-87fe-c859-271a-96ef7179fe8f@evolveum.com"
href="mailto:d04a08c8-87fe-c859-271a-96ef7179fe8f@evolveum.com"
id="yui_3_16_0_ym19_1_1487755132568_78797">d04a08c8-87fe-c859-271a-96ef7179fe8f@evolveum.com</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hi,<br>
<br>
DELETED situation means, the object does not exist
anymore, and unlink<br>
should not even attempt to delete object on resource.<br>
<br>
So for me it seems OK.<br>
<br>
Ivan<br>
<br>
<br>
On 02/22/2017 09:00 AM, Wojciech Staszewski wrote:<br>
> And when I create synchronization reaction and
situation "Deleted" with a non-deleting action, eg.
"unlink"? Woult it be ok?<br>
><br>
> W dniu 22.02.2017 o 08:46, Ivan Noris pisze:<br>
>> Hi,<br>
>><br>
>> if you configure your resource with inbound
mappings only (remove all outbounds), midPoint will not
try to push any attribute changes to that resource.<br>
>><br>
>> In addition you can configure capatilibies of
the resource to completely disable create, update and/or
delete operations:<br>
>><br>
>> ...<br>
>><br>
>> </schemaHandling><br>
>><br>
>> <capabilities xmlns:cap="<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3</a>"><br>
>> <configured><br>
>>
<cap:create><br>
>>
<cap:enabled>false</cap:enabled><br>
>>
</cap:create><br>
>>
<cap:update><br>
>>
<cap:enabled>false</cap:enabled><br>
>>
</cap:update><br>
>>
<cap:delete><br>
>>
<cap:enabled>false</cap:enabled><br>
>>
</cap:delete><br>
>> </configured><br>
>> </capabilities><br>
>> <synchronization><br>
>> ...<br>
>><br>
>> See also: <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Resource+Capabilities"
target="_blank">https://wiki.evolveum.com/display/midPoint/Resource+Capabilities</a><br>
>><br>
>> Please note that when midPoint user is deleted,
midPoint will try to delete also that account, but as
the operation is disabled, it will never delete it and
show warning "Operation not supported". There is an
issue <a moz-do-not-send="true"
href="https://jira.evolveum.com/browse/MID-2144"
target="_blank">https://jira.evolveum.com/browse/MID-2144
</a>to completely ignore such operations even in GUI.<br>
>><br>
>> Of course with custom connectors/meta
connectors (ScriptedSQL for example) you are able to do
the same on the connector side - by not implementing the
DeleteOp operation (or any other). What I describe here
is midPoint configurable way which works for any
connector.<br>
>><br>
>> Best regards,<br>
>> Ivan<br>
>><br>
>> On 02/22/2017 04:56 AM, Prabhakara Rao
Doddapaneni wrote:<br>
>>> Hello,<br>
>>><br>
>>> I have external identity stores that i
configured to sync with midpoint repository. I need to
configure the synchronization so that only changes in
the store to be updated in midpoint but not in reverse.
The changes to the users i make in midpoint should not
be carried to the external resource.<br>
>>><br>
>>> As of now when i use the resource
configuration examples in github, when i delete a user
in midpoint, the relevant account is being deleted in
the external store. I dont want to do that.<br>
>>><br>
>>> Please help by explaining how to configure
only inbound synchronization but ignore the outbound
synchronization. I am blocked in my POC because of
this.<br>
>>><br>
>>> Thanks,<br>
>>> Prabhakar.<br>
>>><br>
>>><br>
>>>
_______________________________________________<br>
>>> midPoint mailing list<br>
>>> <a moz-do-not-send="true"
ymailto="mailto:midPoint@lists.evolveum.com"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
>>> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
>> -- <br>
>> Ivan Noris<br>
>> Senior Identity Engineer<br>
>> evolveum.com<br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> midPoint mailing list<br>
>> <a moz-do-not-send="true"
ymailto="mailto:midPoint@lists.evolveum.com"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
>> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
>><br>
<br>
-- <br>
Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 22 Feb 2017 13:04:27 +0100<br>
From: Ivan Noris <<a moz-do-not-send="true"
ymailto="mailto:ivan.noris@evolveum.com"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br>
To: <a moz-do-not-send="true"
ymailto="mailto:midpoint@lists.evolveum.com"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject: Re: [midPoint] Assigning a different resource
during the<br>
import of accounts from external resource.<br>
Message-ID: <<a moz-do-not-send="true"
ymailto="mailto:d1e6d554-415c-0186-1085-ab68bf8c4101@evolveum.com"
href="mailto:d1e6d554-415c-0186-1085-ab68bf8c4101@evolveum.com"
id="yui_3_16_0_ym19_1_1487755132568_78846">d1e6d554-415c-0186-1085-ab68bf8c4101@evolveum.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Unfortunately, I have never assigned resource accounts
(without roles).<br>
<br>
So maybe someone else knows if this should work (and
how).<br>
<br>
What is the resource which you are trying to assign? The
source or<br>
something else? (You can use roles as a workaround.)<br>
<br>
Ivan<br>
<br>
<br>
On 02/22/2017 12:48 PM, Prabhakara Rao Doddapaneni
wrote:<br>
> I configured two resources; one inbound and second
both-ways. For the<br>
> inbound resource, configured unmatched situation to
add user with the<br>
> following template:<br>
><br>
><br>
><br>
> <mapping><br>
> <description><br>
> Property mapping.<br>
> Defines how properties of user object are set
up.<br>
> This specific definition sets a full name as a
concatenation<br>
> of givenName and familyName.<br>
> </description><br>
> <strength>weak</strength><br>
> <source><br>
> <c:path>$user/givenName</c:path><br>
> </source><br>
> <source><br>
> <c:path>$user/familyName</c:path><br>
> </source><br>
> <expression><br>
> <script><br>
> <language><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</a></language><br>
> <code><br>
> givenName + ' ' + familyName<br>
> </code><br>
> </script><br>
> </expression><br>
> <target><br>
> <c:path>fullName</c:path><br>
> </target><br>
> </mapping><br>
> <mapping><br>
> <name>Default Role</name><br>
> <strength>strong</strength><br>
> <expression><br>
> <assignmentTargetSearch><br>
>
<targetType>c:RoleType</targetType><br>
>
<oid>00000000-0000-0000-0000-000000000008</oid><br>
> </assignmentTargetSearch><br>
> </expression><br>
> <target><br>
> <c:path>assignment</c:path><br>
> </target><br>
> </mapping><br>
> <mapping><br>
> <name>Default Resource</name><br>
> <strength>strong</strength><br>
> <expression><br>
> <assignmentTargetSearch><br>
>
<targetType>c:ResourceType</targetType><br>
>
<oid>ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee</oid><br>
> </assignmentTargetSearch><br>
> </expression><br>
> <target><br>
> <c:path>assignment</c:path><br>
> </target><br>
> </mapping><br>
><br>
> My intention was to assign the above role and
resource to the new user<br>
> imported. It is failing to add the resource with
the cause: Caused<br>
> by: java.lang.ClassCastException:<br>
>
com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType<br>
> cannot be cast to<br>
>
com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType<br>
> at<br>
>
com.evolveum.midpoint.model.impl.lens.AssignmentEvaluator.evaluateAssignmentWithResolvedTarget(AssignmentEvaluator.java:368)<br>
> ~[model-impl-3.5.jar:na]<br>
><br>
><br>
> When I tried with the following mapping to assign
the resource:<br>
> <mapping><br>
> <strength>strong</strength><br>
> <expression><br>
> <value><br>
> <assignment><br>
> <construction><br>
> <resourceRef
oid="ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee"<br>
> type="ResourceType"/><br>
> </construction><br>
> </assignment><br>
> </value> <br>
> </expression><br>
> <target><br>
> <path>assignment</path><br>
> </target><br>
> </mapping><br>
> I get the following exception:<br>
> 2017-02-22 06:31:17,086 []
[midPointScheduler_Worker-6] ERROR<br>
>
(com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeResultHandler):<br>
> Import of object<br>
>
shadow:07c95824-ee5f-40b1-abba-1935c578b632(************)
from<br>
> <a class="moz-txt-link-freetext" href="resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3ffff(Demo">resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3ffff(Demo</a>
CAS DBTable)<br>
> failed: Item<br>
> {<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>}assignment<br>
> has no definition (in container value CTD<br>
> ({.../common/common-3}AssignmentType))while parsing
(<br>
> {...common/common-3}assignment => (
{...common/common-3}construction<br>
> => ( {...common/common-3}resourceRef => ( oid
=> parser<br>
> ValueParser(DOMa, oid:
ef2bc95b-76e0-48e2-86d6-3d4f02d3eeee) type =><br>
> parser ValueParser(DOMa, type: ResourceType) ) ) )
)<br>
> Please help me know the mistake i am doing.<br>
> Thanks,<br>
> Prabhakar.<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> midPoint mailing list<br>
> <a moz-do-not-send="true"
ymailto="mailto:midPoint@lists.evolveum.com"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
> <a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
-- <br>
Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a moz-do-not-send="true"
href="http://lists.evolveum.com/pipermail/midpoint/attachments/20170222/c1b0aec8/attachment.html"
target="_blank">http://lists.evolveum.com/pipermail/midpoint/attachments/20170222/c1b0aec8/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
ymailto="mailto:midPoint@lists.evolveum.com"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
<br>
------------------------------<br>
<br>
End of midPoint Digest, Vol 58, Issue 37<br>
****************************************<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>