<html><body><div style="margin-bottom:32px;font-size:14px"><div style="font-size:16px;line-height:1.3;margin-left:72px;margin-top:8px;overflow-x:auto">Hi all,<div><br></div><div>I need help with modification of template. I have following mapping in template:</div><div><br></div><div><div>   <mapping id="13"></div><div>      <name>User - AD Role mapping</name></div><div>      <authoritative>true</authoritative></div><div>      <strength>strong</strength></div><div>      <source></div><div>         <name>ADGroup</name></div><div>         <c:path>extension/ADGroups</c:path></div><div>      </source></div><div>      <expression></div><div>         <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener">http://www.w3.org/2001/XMLSchema-instance</a>"</div><div>                 xsi:type="c:ScriptExpressionEvaluatorType"></div><div>            <code></div><div><span style="white-space:pre">           </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.assignmenttype/" rel="noopener">com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType</a>;</div><div><span style="white-space:pre">                </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.objectreferencetype/" rel="noopener">com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType</a>;</div><div><span style="white-space:pre">              </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.roletype/" rel="noopener">com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType</a>;</div><div><span style="white-space:pre">            </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.orgtype/" rel="noopener">com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType</a>;</div><div><span style="white-space:pre">              </span>   import java.util.*;</div><div><span style="white-space:pre">              </span>   </div><div><span style="white-space:pre">         </span>   log.warn("AD Role mapping {}" , ADGroup)</div><div><span style="white-space:pre">               </span>   if (ADGroup != null){</div><div><span style="white-space:pre">                            </span>orgName = ADGroup;</div><div><span style="white-space:pre">                    </span>    </div><div>                org = midpoint.searchObjectByName(RoleType.class, orgName);</div><div><span style="background-color:transparent">                    log.info("org {}" , org)</span><br></div><div>                    orgOrt = new ObjectReferenceType();</div><div><span style="white-space:pre">        </span>    <span style="white-space:pre">  </span>    orgOrt.setOid(org.getOid());</div><div>      <span style="white-space:pre">  </span>        orgOrt.setType(RoleType.COMPLEX_TYPE);</div><div><span style="white-space:pre">                    </span>        AssignmentType assignment = new AssignmentType();</div><div><span style="white-space:pre">                 </span>        assignment.asPrismContainerValue()</div><div><span style="white-space:pre">                        </span>        assignment.setTargetRef(orgOrt);</div><div><span style="white-space:pre">                  </span>        return assignment</div><div><br></div><div><span style="white-space:pre">                </span>   }</div><div><span style="white-space:pre">                </span>   </code></div><div>         </script></div><div>      </expression></div><div>      <target></div><div>         <c:path>assignment</c:path></div><div>      </target></div><div>      <condition></div><div>         <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener">http://www.w3.org/2001/XMLSchema-instance</a>"</div><div>                 xsi:type="c:ScriptExpressionEvaluatorType"></div><div>            <code></div><div><span style="white-space:pre">       </span>        log.info("AD Role mapping {}, ADGroup {}" , (ADGroup != null), ADGroup)</div><div>            <span style="white-space:pre">  </span>return ADGroup != null</div><div>            </code></div><div>         </script></div><div>      </condition></div><div>   </mapping></div></div><div><br></div><div><br></div><div>It works fine, users are imported with attribute ADGroups and all is OK. But some users have in thei attributes groups,</div><div>that are not managed and imported to IDM. Typicaly protected admins group. (Schema Admins, SQL Admins etc.)</div><div><br></div><div>How can I update this template to skip those groups? Now i am getting error:</div><div><br></div><div><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Couldn't reconcile user user:f4f60447-77d9-4a9e-a5f7-6f43b34c834f(jan.kaspar).</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;border:0px"></table></dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;border:0px"></table></dd><dt style="box-sizing:border-box;line-height:1.42857;font-weight:700;float:left;width:100px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Error</dt><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><a href="http://java.lang.nullpointerexception/" rel="noopener">java.lang.NullPointerException</a>: Cannot invoke method getOid() on null object in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><a style="box-sizing:border-box;color:rgb(60,141,188);text-decoration-line:none;background-color:transparent">show</a></dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;font-family:monospace;white-space:pre-wrap;font-size:11px;word-break:break-word;color:rgb(51,51,51)"><a href="http://com.evolveum.midpoint.util.exception.expressionevaluationexception/" rel="noopener">com.evolveum.midpoint.util.exception.ExpressionEvaluationException</a>: <a href="http://java.lang.nullpointerexception/" rel="noopener">java.lang.NullPointerException</a>: Cannot invoke method getOid() on null object in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-11e2-b582-001e8c717e5b(Default User Template)</dd></div><div><br></div><div>So basicaly i need condition to check if coresponding role exist... </div><div><br></div><div>Jan</div><div><br></div></div></div><div style="margin-bottom:32px;font-size:14px"><div></div></div></body></html>