<div dir="ltr"><div>Hi Jan</div><div><br></div>Basically, your script does not find "org" and then you call getOid() on null object. I think that surrounding that assignment creation code with if(org != null) should suffice.<div><br></div><div>Best Regards</div><div>Oskar Butovič</div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-01-20 19:56 GMT+01:00 Jan Kaspar <span dir="ltr"><<a href="mailto:Caspi@seznam.cz" target="_blank">Caspi@seznam.cz</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="margin-bottom:32px;font-size:14px"><div style="font-size:16px;line-height:1.3;margin-left:72px;margin-top:8px;overflow-x:auto">Hi all,<div><br></div><div>I need help with modification of template. I have following mapping in template:</div><div><br></div><div><div>   <mapping id="13"></div><div>      <name>User - AD Role mapping</name></div><div>      <authoritative>true</<wbr>authoritative></div><div>      <strength>strong</strength></div><div>      <source></div><div>         <name>ADGroup</name></div><div>         <c:path>extension/ADGroups</<wbr>c:path></div><div>      </source></div><div>      <expression></div><div>         <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener" target="_blank">http://www.w3.org/<wbr>2001/XMLSchema-instance</a>"</div><div>                 xsi:type="c:<wbr>ScriptExpressionEvaluatorType"<wbr>></div><div>            <code></div><div><span style="white-space:pre-wrap">               </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.assignmenttype/" rel="noopener" target="_blank">com.evolveum.midpoint.<wbr>xml.ns._public.common.common_<wbr>3.AssignmentType</a>;</div><div><span style="white-space:pre-wrap">               </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.objectreferencetype/" rel="noopener" target="_blank">com.evolveum.midpoint.<wbr>xml.ns._public.common.common_<wbr>3.ObjectReferenceType</a>;</div><div><span style="white-space:pre-wrap">             </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.roletype/" rel="noopener" target="_blank">com.evolveum.midpoint.<wbr>xml.ns._public.common.common_<wbr>3.RoleType</a>;</div><div><span style="white-space:pre-wrap">           </span>   import <a href="http://com.evolveum.midpoint.xml.ns._public.common.common_3.orgtype/" rel="noopener" target="_blank">com.evolveum.midpoint.<wbr>xml.ns._public.common.common_<wbr>3.OrgType</a>;</div><div><span style="white-space:pre-wrap">             </span>   import java.util.*;</div><div><span style="white-space:pre-wrap">         </span>   </div><div><span style="white-space:pre-wrap">            </span>   log.warn("AD Role mapping {}" , ADGroup)</div><div><span style="white-space:pre-wrap">          </span>   if (ADGroup != null){</div><div><span style="white-space:pre-wrap">                               </span>orgName = ADGroup;</div><div><span style="white-space:pre-wrap">                       </span>    </div><div>                org = midpoint.searchObjectByName(<wbr>RoleType.class, orgName);</div><div><span style="background-color:transparent">                    <a href="http://log.info" target="_blank">log.info</a>("org {}" , org)</span><br></div><div>                    orgOrt = new ObjectReferenceType();</div><div><span style="white-space:pre-wrap">      </span>    <span style="white-space:pre-wrap"> </span>    orgOrt.setOid(org.getOid());</div><div>      <span style="white-space:pre-wrap">     </span>        orgOrt.setType(RoleType.<wbr>COMPLEX_TYPE);</div><div><span style="white-space:pre-wrap">                    </span>        AssignmentType assignment = new AssignmentType();</div><div><span style="white-space:pre-wrap">                    </span>        assignment.<wbr>asPrismContainerValue()</div><div><span style="white-space:pre-wrap">                        </span>        assignment.setTargetRef(<wbr>orgOrt);</div><div><span style="white-space:pre-wrap">                  </span>        return assignment</div><div><br></div><div><span style="white-space:pre-wrap">           </span>   }</div><div><span style="white-space:pre-wrap">           </span>   </code></div><div>         </script></div><div>      </expression></div><div>      <target></div><div>         <c:path>assignment</c:path></div><div>      </target></div><div>      <condition></div><div>         <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" rel="noopener" target="_blank">http://www.w3.org/<wbr>2001/XMLSchema-instance</a>"</div><div>                 xsi:type="c:<wbr>ScriptExpressionEvaluatorType"<wbr>></div><div>            <code></div><div><span style="white-space:pre-wrap">       </span>        <a href="http://log.info" target="_blank">log.info</a>("AD Role mapping {}, ADGroup {}" , (ADGroup != null), ADGroup)</div><div>            <span style="white-space:pre-wrap">   </span>return ADGroup != null</div><div>            </code></div><div>         </script></div><div>      </condition></div><div>   </mapping></div></div><div><br></div><div><br></div><div>It works fine, users are imported with attribute ADGroups and all is OK. But some users have in thei attributes groups,</div><div>that are not managed and imported to IDM. Typicaly protected admins group. (Schema Admins, SQL Admins etc.)</div><div><br></div><div>How can I update this template to skip those groups? Now i am getting error:</div><div><br></div><div><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Couldn't reconcile user user:f4f60447-77d9-4a9e-a5f7-<wbr>6f43b34c834f(jan.kaspar).</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;border:0px"></table></dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><table style="box-sizing:border-box;border-spacing:0px;border-collapse:collapse;background-color:transparent;border:0px"></table></dd><dt style="box-sizing:border-box;line-height:1.42857;font-weight:700;float:left;width:100px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px">Error</dt><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><a href="http://java.lang.nullpointerexception/" rel="noopener" target="_blank">java.lang.NullPointerException</a><wbr>: Cannot invoke method getOid() on null object in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-<wbr>11e2-b582-001e8c717e5b(Default User Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-<wbr>11e2-b582-001e8c717e5b(Default User Template)</dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;word-break:break-word;color:rgb(51,51,51);font-family:'Source Sans Pro','Helvetica Neue',Helvetica,Arial,sans-serif;font-size:14px"><a style="box-sizing:border-box;color:rgb(60,141,188);text-decoration-line:none;background-color:transparent">show</a></dd><dd style="box-sizing:border-box;line-height:1.42857;margin-left:130px;font-family:monospace;white-space:pre-wrap;font-size:11px;word-break:break-word;color:rgb(51,51,51)"><a href="http://com.evolveum.midpoint.util.exception.expressionevaluationexception/" rel="noopener" target="_blank">com.evolveum.midpoint.util.<wbr>exception.<wbr>ExpressionEvaluationException</a>: <a href="http://java.lang.nullpointerexception/" rel="noopener" target="_blank">java.lang.NullPointerException</a><wbr>: Cannot invoke method getOid() on null object in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-<wbr>11e2-b582-001e8c717e5b(Default User Template)(ADGroup=Schema Admins; ) in expression in mapping 'User - AD Role mapping' in template mapping 'User - AD Role mapping' in objectTemplate:84769304-7776-<wbr>11e2-b582-001e8c717e5b(Default User Template)</dd></div><div><br></div><div>So basicaly i need condition to check if coresponding role exist... </div><span class="HOEnZb"><font color="#888888"><div><br></div><div>Jan</div><div><br></div></font></span></div></div><div style="margin-bottom:32px;font-size:14px"><div></div></div></div><br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important;width:116px"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>