<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#073763">Hi guys, thank you for your replies. I finally created one Jira Connector and two resources (one for each operation: create and disable users) so it enters always on the 'createTicketAdd' with all mapped attributes. I'll check the setting returnedByDefault, It can help us in other situations. </div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#073763"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#073763">Regarding the Martin suggestions:</div><div class="gmail_default" style=""><ul style=""><li style=""><font color="#073763" face="arial, helvetica, sans-serif">The plugin does not implement the executeQuery method so it is never asked about user information. So I can't return empty values. But the approach is ok, we are using it in other connectors. </font></li><li style="">We are already filtering attributes changed but when It finds the expected one (effectiveStatus) it doesn't has the user context to create the ticket (organizational unit, manager and so on).</li></ul><div>Kind regards,</div><div><br></div><div><br></div></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Oficina: +54 (11) 4552-3050</font></font></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><font color="#999999">Móvil: +54 (911) 6041-3920<br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Nov 28, 2018 at 7:21 AM Oskar Butovič - AMI Praha a.s. <<a href="mailto:oskar.butovic@ami.cz">oskar.butovic@ami.cz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi Nicolas,<div><br></div><div>to force update I am using <ra:returnedByDefault>false</ra:returnedByDefault> in schema. It makes the midPoint somewhat blind to the attribute and updates it every time. But for ITSM it would probably be too often. </div><div>In another connector, I created a hack. I added configuration attribute called send full but it would also probably not work for ITSM because it gets the object attributes from end system and repeats unchanged attributes in an update.</div><div>I think it should be possible to create hack in the connector that the connector ignores update if the update contains only "returnedByDefault false" attributes and no other actually changed attribute.</div><div><br></div><div>Best Regards</div><div>Oskar Butovič</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">st 28. 11. 2018 v 10:59 odesílatel Martin Lízner - AMI Praha a.s. <<a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a>> napsal:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi, so you are doing ITSM plugin? ITSM plugin behaves in a simillar way as ordinary connectors, so in the java part of connector you get attributes that need to be updated. Strong mapping only really says how the update should be calculated on mp side, but if the value is not to be changed, connector will not get the information afaik.</div><div dir="ltr"><br></div><div>Maybe there is a way to force midpoint to send attribute anyway. I havent investigate it alot, but this ugly workaround may be possible:</div><div>- Create any-strength mapping on this "additional" attribute</div><div>- Make sure plugin always return empty value when reading the attribute</div><div>- Midpoint will try to update the attribute with every user recompute</div><div>- Filter out attribute on connector level - e.g. if only this "additional" attribute is changed and no other, dont create actual ticket</div><div><br></div><div>The (big) downside is that mp will try to update such manual account every time it has a chance. Therefore I cant really recommend it, but maybe somebody knows better way, Im no ICF expert :-)</div><div><br></div><div>Also you can try to remotely connect to midPoint from the actual connector java and retrieve information from UserType. This may be even uglier hack since it criples architecture with critical dependencies.</div><div dir="ltr"><br></div><div dir="ltr"><div>M.<br clear="all"><div><div dir="ltr" class="m_-2650999134843045884m_1499998613794700481gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:13px"><p><strong>Martin Lízner</strong><br><span style="font-size:11px;color:rgb(128,128,128)">chief solution architect</span></p></div><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">gsm: [+420] 737 745 571<br>e‑mail: <a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px"><strong>AMI Praha a.s.</strong><br>Pláničkova 11, 162 00 Praha 6</p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">tel.: [+420] 274 783 239 | web: <a href="http://www.ami.cz" target="_blank">www.ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;margin-top:20px"><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p><p style="font-family:Arial,sans-serif;font-size:11px;color:rgb(170,170,170)">Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><span style="font-size:6px"> </span><br>Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování<br>nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím<br>odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním<br>s neoprávněně získanými informacemi se vystavujete riziku právního postihu.</p></div></div></div></div></div></div></div></div></div></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">pá 23. 11. 2018 v 19:39 odesílatel Nicolas Rossi <<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>> napsal:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#073763">Hi guys, we are also developing a Manual Connector for Jira. It is almost done and It works fine but there is an issue: we defined some mappings with strong strength but it didn't work. There is no reference to this attributes on the changes collection unless they were changed.</div><div><div dir="ltr" class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(7,55,99)">Have you tried it ?</span></font></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><span class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(7,55,99)"></span><br><br><font color="#444444">Ing Nicolás Rossi</font><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br><font color="#999999">Oficina: +54 (11) 4552-3050</font></font></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><font color="#999999">Móvil: +54 (911) 6041-3920<br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 13, 2018 at 1:49 AM Alexandre Zia <<a href="mailto:alexandre.zia@ifood.com.br" target="_blank">alexandre.zia@ifood.com.br</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Other small issue, <br></div><div><br></div><div>When I ran in My PC using embedded database it all went well.</div><div>On my Server using PostgreSQL and midpoint crashed because <br></div><div><br></div><div>Caused by: org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: missing column [comment] in table [m_case_wi]</div><div><br></div><div>Had to mannually create 2 fields :</div><div><br></div><div>ALTER TABLE public.m_case_wi ADD comment varchar(255) NULL;<br>ALTER TABLE public.m_case ADD description varchar(255) NULL;<br></div><div><br></div><div>And all went well, <br></div><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 12, 2018 at 11:49 PM, Alexandre Zia <span dir="ltr"><<a href="mailto:alexandre.zia@ifood.com.br" target="_blank">alexandre.zia@ifood.com.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hey Brandon, <br></div><div>Thanks again <br></div><div><br></div><div></div><div></div><div>Managed to apply your Pull Request over "3.8-support" branch and it worked as expected !</div><div><br></div>however I think I may have found a small issue, not sure if is a bug to be honest, but worth mention:<br><div><br></div><div>Worked like a charm if using Grace period, like this :<br></div><div><br></div><consistency><br> <pendingOperationGracePeriod>PT15M</pendingOperationGracePeriod><br> </consistency><br><div><br></div><div>But if not using grace period it did not remove the shadow on delete, neither marked it as <dead>true</dead><br></div><div><br></div><div>Not a big deal though, I tested with grace period of 1 second and it worked.</div><div><br></div><div>Thanks again for this contribution</div><div>Regards Alexandre<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306HOEnZb"><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 12, 2018 at 8:24 PM, Brandon Powers <span dir="ltr"><<a href="mailto:brandon@exclamationlabs.com" target="_blank">brandon@exclamationlabs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="color:rgb(33,33,33);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;white-space:nowrap">Alexandre,</span><span><div dir="ltr"><div><span style="color:rgb(33,33,33);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;white-space:nowrap"><br></span></div><div><div style="color:rgb(33,33,33)"> <i> - Once operators close the case, "shadow refresh task" process the shadows, but shadows still contain the related pending operations not closed / finished<br></i></div><div style="color:rgb(33,33,33)"><i> - If it is a delete account operation, Shadow account is not deleted and we have to delete the shadows manually</i></div></div><div style="color:rgb(33,33,33)"><br></div></div></span><div dir="ltr"><div style="color:rgb(33,33,33)">You are correct assuming that there is an issue with the pending operations being applied to the shadow attributes. This is an issue we recently identified ourselves. We have applied a fix and submitted a Pull Request for inclusion in a future midPoint release.</div><div style="color:rgb(33,33,33)"><br></div><div style="color:rgb(33,33,33)">In the mean time, we currently use a custom task script to delete shadows containing a pending delete operation.</div><div style="color:rgb(33,33,33)"><br></div><div style="color:rgb(33,33,33)">The pull request is here for reference: <a href="https://github.com/Evolveum/midpoint/pull/85" target="_blank">https://github.com/Evolveum/midpoint/pull/85</a></div><div style="color:rgb(33,33,33)">With these changes, the shadow refresh task correctly updates shadow (cache) attributes as well as removes deleted shadows. Pending operations that are completed are also removed from the shadow.</div><div style="color:rgb(33,33,33)"><br></div><div style="color:rgb(33,33,33)">Note, we are also working on a fix to the shadow refresh task to update the shadow <i>name</i> when a namingAttribute is modified. </div><div style="color:rgb(33,33,33)"><br></div><div style="color:rgb(33,33,33)">Hope this helps.</div><span class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089HOEnZb"><font color="#888888"><div style="color:rgb(33,33,33)">Brandon</div></font></span></div><div><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089h5"><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 12, 2018 at 5:27 PM Alexandre Zia <<a href="mailto:alexandre.zia@ifood.com.br" target="_blank">alexandre.zia@ifood.com.br</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi Brandon,</div><div><br></div><div>Thanks for the thorough explanation about manual connector</div><div>And double thanks about your company contribution to Midpoint regarding the cases UI and everything related.</div><div><br></div><div>It took me a while to put all of this to work according to your instructions because we were stuck on MP 3.7.2 , I had to make Google connector work with MP 3.8 and upgrade our MP Prod server cluster.</div><div><br></div><div>Now we did several tests and configuration on manual connectors, and we have almost everything working as expected, however still have small issues that I would like to check if we are doing something wrong or if this is how MP works.</div><div><br></div> - We have created and configured manual connector resource<br><div> - We have created a "shadow refresh task"</div><div><br></div><div> - Users are able to request Roles</div><div> - MP put the requests under Approval Workflow</div><div> - Once requests are approved a case is started, email notifications are sent to operators asking them to execute the changes and close the case</div><div> - Operators close the case <br></div><div> </div><div></div><div> - At this point, I would like to get advice:</div><div> - Once operators close the case, "shadow refresh task" process the shadows, but shadows still contain the related pending operations not closed / finished<br></div><div> - If it is a delete account operation, Shadow account is not deleted and we have to delete the shadows manually<br></div><div><br></div><div>Is this behavior ok? <br></div><div>MP will not delete the shadows even after operator close the delete account case?<br></div><div>Is the same for other operations? pending operations will remain in the shadow?<br></div><div><br></div><div>Looking at the shadows, after Operatos closes the case, the pending operation shows "unknown" resultStatus:<br></div><div></div><div><executionStatus>executing</executionStatus><br><resultStatus>unknown</resultStatus></div><div><br></div><div>I'm trying to test now semi-manual Resource using Manual-Connector as base connector and Scripted-Rest-Connector as additional connector</div><div>Because we have several systems were we have to manually create, delete and modify accounts, but we have REST API to list users and get users details</div><div>This way MP will be able to verify if the remote system status is the way it should be according to MP state, <br></div><div>Do you think this semi-manual resource will be able to update the shadows, finishing pending operations, deleting shadows, etc?<br></div><div><br></div><div>Thais again,</div><div>Alexandre</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div></div><div class="gmail_extra"></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 5, 2018 at 10:39 AM, Brandon Powers <span dir="ltr"><<a href="mailto:brandon@exclamationlabs.com" target="_blank">brandon@exclamationlabs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div>We have provided the following information in a similar question from another contact. Hope this helps (I know its a long response, but I've tried to explain the manual resource / case process well):</div><div><br></div><div><div style="color:rgb(33,33,33);font-size:13px">The MidPoint Cases UI is a combination of pages allowing administrators to view, close, and audit cases both created automatically using manual/semi-manual resource connectors, and those created manually by the user. </div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">A quick overview of cases and case work items:</div><div style="color:rgb(33,33,33);font-size:13px">A case is a task that needs to be completed associated with a particular resource, and most often, a change to a resource account (shadow). A case is assigned to users through "case work items". A case can have any number of case work items. Each case work item is assigned to a single user. Closing any case work item closes the entire case.</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">To view the Cases UI, simply add the appropriate authorizations for the user roles needing access. Here are some common authorizations:</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">UI Authorization Actions</div><div style="color:rgb(33,33,33);font-size:13px">- <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItemsAll" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItemsAll</a> - enables the "All case work items" page showing all case work items assigned to any user.<br></div><div style="color:rgb(33,33,33);font-size:13px">- <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItemsAllocatedToMe" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItemsAllocatedToMe</a> - enables the "My case work items" page showing all case work items assigned to the logged in user.<br></div><div style="color:rgb(33,33,33);font-size:13px">- <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItem" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#caseWorkItem</a> - allows access to create a case page<br></div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">Model Authorization Actions</div><div style="color:rgb(33,33,33);font-size:13px">- <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#readAllWorkItems" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#readAllWorkItems</a> - used in conjunction with object type `CaseWorkItemType`, allows reading all case work items<br></div><div style="color:rgb(33,33,33);font-size:13px">- Standard model actions in conjunction with object type `CaseType` to allow read/modify/etc access on Cases</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">Once the appropriate authorizations are present, the Cases UI will be accessible from the menu</div><div style="color:rgb(33,33,33);font-size:13px">Work Items -> All Cases - All Case objects</div><div style="color:rgb(33,33,33);font-size:13px">Work Items -> My Cases - All case objects assigned to logged in user</div><div style="color:rgb(33,33,33);font-size:13px">Work Items -> All Case Work Items - all case work items, filterable by resource, actor (assignee), and case state (open/closed)</div><div style="color:rgb(33,33,33);font-size:13px">Work Items -> My Case Work Items - all case work items assigned to the logged in user</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px">Clicking on the case work item "description" in the table will display a page showing detailed information about the case and case work item, such as assignee, timestamps, change deltas, etc. This page also offers the ability to "close" the case with option to add a comment or upload a file for evidence (useful for purely manual resources where midPoint has no way of accurately knowing the result of a change on an external system, provides evidence for auditing purposes).</div><div style="color:rgb(33,33,33);font-size:13px"><br></div><div style="color:rgb(33,33,33);font-size:13px"><div>Cases are automatically generated by midPoint for manual and semi-manual resources when their respective resource accounts (shadows) change (account details such as first/last name, or entitlements such as permission/roles).</div><div><br></div><div>For this to happen, a resource must be configured with the connector type `ManualConnector`. Additionally, another connector may be specified as an `additionalConnnector` for semi-manual resources (see <a href="https://wiki.evolveum.com/display/midPoint/Manual+Resource+Configuration#ManualResourceConfiguration-Semi-ManualResources" target="_blank">https://wiki.evolveum.com/display/midPoint/Manual+Resource+Configuration#ManualResourceConfiguration-Semi-ManualResources</a>)</div><div>To specify users that should be assigned to the automatically generated cases, you must add business operators to the resource. See the example here: <a href="https://github.com/Evolveum/midpoint/blob/master/provisioning/provisioning-impl/src/test/resources/manual/resource-manual.xml" target="_blank">https://github.com/Evolveum/midpoint/blob/master/provisioning/provisioning-impl/src/test/resources/manual/resource-manual.xml</a></div><div>(Note that `operatorRef`s can include a specific user OID, or a filter can be used to select a user based on attributes, such as username.</div><div><br></div><div>Additionally, if you would like email notifications, the `simpleCaseManagementNotifier` can be configured in the system configuration. (I don't believe Evolveum has any documentation on this yet either, but it operates similar to the other notifiers. Here is a link to the class: <a href="https://github.com/Evolveum/midpoint/blob/master/model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/notifiers/SimpleCaseManagementNotifier.java" target="_blank">https://github.com/Evolveum/midpoint/blob/master/model/notifications-impl/src/main/java/com/evolveum/midpoint/notifications/impl/notifiers/SimpleCaseManagementNotifier.java</a>)</div><div><br></div><div>As you mentioned, there is also the option to use ITSM plugin instead of the internal midPoint case management functionality.</div><div><br></div><div>- Brandon</div></div><div><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037h5"><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 5, 2018 at 3:24 AM Radovan Semancik <<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-cite-prefix">Hi,<br>
<br>
Manual connectors are quite an interesting functionality of
midPoint. However, it was created in small parts. It was never a
completely funded work. As mostly unfunded work we have focused on
the code. The code is solid, and in fact it recently went over a
significant consolidation and cleanup as part of Galileo
development. However, the documentation leaves much to be desired.
We have made significant investment to manual connector
functionality during last few years. And unfortunately, we do not
have any more resources to invest even more funds in the
documentation.<br>
<br>
Therefore I can only recommend the options that I'm recommending
all the time (with a little twist):<br>
<br>
1) Get midPoint subscription. Ideally platform subscription.
Income from the subscription can be used to improve documentation.<br>
<br>
2) Sponsor the work on midPoint book:<br>
<a class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-txt-link-freetext" href="https://evolveum.com/midpoint/midpoint-guide-about-practical-identity-management/" target="_blank">https://evolveum.com/midpoint/midpoint-guide-about-practical-identity-management/</a><br>
The book was praised by many people. However, Evolveum has been
the only sponsor of this effort so far. It was quite an effort
already. But there is still too many things to write down. And the
book is not going to write itself. I can do it. In fact, I would
absolutely love to do it. But further work on the book needs
funding.<br>
<br>
3) Source code is available. You can read through the code and
contribute the documentation.<br>
<br>
I know that this answer does not help much. But asking questions
without contributing anything back is not going to help the
project either.</div></div><div text="#000000" bgcolor="#FFFFFF"><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-cite-prefix"><br>
<br>
<pre class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-signature" cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a></pre></div></div><div text="#000000" bgcolor="#FFFFFF"><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-cite-prefix">
<br>
<br>
On 09/04/2018 04:16 AM, Alexandre Zia wrote:<br>
</div></div><div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">Hi all,<br>
<br>
I'm Having a hard time trying to understand how manual
connector actually works.<br>
I've tried several approaches, but always end up with some
<br>
"collateral effects"<br>
I've read all I could find about manual resources, MP
Confluence, mailing list, <br>
provisioned all the examples, tried several different
configs, but the fact<br>
is that there is no comprehensive explanation on how manual
resources works <br>
So I'm asking for help here at least to check if I'm doing
something terrible wrong<br>
<br>
1. Pure manual connector:<br>
<br>
- Created Role to induce account creation works fine,<br>
<br>
- Upon role assignment the resulting operation it creates a
shadow for the <br>
account in the connector, however the assignment operation
never completes, <br>
stays in IN_PROGRESS forever and the shadows keeps
pendingOperations and <br>
there is no way to get rid of them.<br>
<br>
- Upon role unassignment the role is unassigned but the
projection in the <br>
resource (shadow) is not removed, stays there forever until
we manually <br>
delete the shadow and run a reconciliation<br>
<br>
2. Semi manual with CSV connector as additionalConnector:<br>
<br>
- Same as above, except:<br>
<br>
- I can see the accounts appearing in resource <br>
(Accounts tab in resource, searching in the resource
side)<br>
when the accounts appears in the CSV, but seems to do
nothing<br>
regarding the shadow.<br>
<br>
- when unassigning the role, same thing, when the
account vanishes from CSV<br>
nothing happens to the shadow and the projection
remains<br>
<br>
I have also created a Shadow Refresh Task, and it even reports
that is processing the shadows, but nothing changes actually.<br>
<br>
Other thing we are trying to do here is how to notify
operator when he needs <br>
to manually create or delete the accounts?<br>
We have created an extra approval named something like:
"Wait for the <br>
operator to create the account" but again there is room for
improvement here:<br>
- We have approvers assigned to the role and an approval
stage <br>
- So we have added operators as "owners" and filtering the
"wait for the <br>
operator" approval by the "owner" but this is not working
properly.<br>
<br>
Can someone share a bit about the subject?<br>
What is the best approach to work with manual connectors?<br>
<br>
If we setup an ITSM plugin (we use Jira here) will it work
as expected?<br>
By expected I mean will the assignments and unassignments
work properly?<br>
The projections will be deleted upon unassignments?<br>
ITSM plugin is the right way to notify operators?<br>
<br>
<br>
Thanks for reading the entire email, I know it's huge ;)<br>
<br>
Regards,<br>
Alexandre<br>
<br>
<br>
<br>
<br>
<br>
</div>
</div>
<br>
<fieldset class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<pre class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674m_-4798854064500959342moz-signature" cols="72"></pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div></div></div></div></div><span class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037HOEnZb"><font color="#888888">-- <br><div dir="ltr" class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037m_-7803802993595780674gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Brandon Powers</div><div><div>Exclamation Labs</div><div>300 Washington Street</div><div>Cumberland, MD 21502</div><div><a>888.545.5008</a> or <a>301.722.5008 ext 144</a></div><div>fax <a>301.722.2183</a></div><div><a>brandon@exclamationlabs.com</a></div><div><a>www.exclamationlabs.com</a></div></div></div></div>
</font></span><br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br></div><div class="gmail_extra"><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833m_-943521613487731037gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-size:12.8px"><table style="font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td colspan="2"><font style="font-size:small;line-height:normal;font-weight:bold" size="2" face="tahoma, sans-serif" color="#888888"><div style="font-family:tahoma,sans-serif;display:inline">Alexandre Roberto Zia</div></font></td></tr><tr><td colspan="2" style="font-size:12px;line-height:2em"><b><font color="#d52623"><div style="font-family:tahoma,sans-serif;display:inline">Security<br></div></font></b></td></tr><tr><td colspan="2" style="font-size:11px"><br></td></tr><tr><td colspan="2"><b style="font-size:11px"><font face="arial narrow, sans-serif">TEL:</font></b><span style="font-size:11px"> </span><font style="font-size:11px" color="#999999"><a value="+551136343360" style="color:rgb(34,34,34)">+55 (11) 3634-3360</a></font><br></td></tr><tr><td colspan="2"><span style="font-size:11px"></span><br></td></tr><tr><td colspan="2"><span style="font-size:11px"><a href="http://www.ifood.com.br/" target="_blank"><font face="verdana, sans-serif">www.ifood.com.br</font></a></span><br><br></td></tr><tr></tr><tr><td rowspan="3" width="76"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/logo_ifood_ass.png" alt="" width="76" height="77"></td><td> </td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_assinatura.png" alt="" width="150" height="16"></td></tr></tbody></table></td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td width="25"><a href="https://itunes.apple.com/br/app/ifood-delivery-e-entrega-comida/id483017239?mt=8" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_iphone.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://play.google.com/store/apps/details?id=br.com.brainweb.ifood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_android.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://www.facebook.com/iFood?fref=ts" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_facebook.png" alt="" width="17" height="20"></a></td><td width="12"><a href="https://twitter.com/iFood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_twitter.png" alt="" width="17" height="20"></a></td><td width="70"> </td></tr></tbody></table></td></tr></tbody></table></div></div></div></div></div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>-- <br><div dir="ltr" class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089m_-3284755652120595781m_-8356730661667802833gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Brandon Powers</div><div><div>Exclamation Labs</div><div>300 Washington Street</div><div>Cumberland, MD 21502</div><div><a>888.545.5008</a> or <a>301.722.5008 ext 144</a></div><div>fax <a>301.722.2183</a></div><div><a>brandon@exclamationlabs.com</a></div><div><a>www.exclamationlabs.com</a></div></div></div></div></div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306m_-7328393403039240089gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-size:12.8px"><table style="font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td colspan="2"><font style="font-size:small;line-height:normal;font-weight:bold" size="2" face="tahoma, sans-serif" color="#888888"><div style="font-family:tahoma,sans-serif;display:inline">Alexandre Roberto Zia</div></font></td></tr><tr><td colspan="2" style="font-size:12px;line-height:2em"><b><font color="#d52623"><div style="font-family:tahoma,sans-serif;display:inline">Security<br></div></font></b></td></tr><tr><td colspan="2" style="font-size:11px"><br></td></tr><tr><td colspan="2"><b style="font-size:11px"><font face="arial narrow, sans-serif">TEL:</font></b><span style="font-size:11px"> </span><font style="font-size:11px" color="#999999"><a value="+551136343360" style="color:rgb(34,34,34)">+55 (11) 3634-3360</a></font><br></td></tr><tr><td colspan="2"><span style="font-size:11px"></span><br></td></tr><tr><td colspan="2"><span style="font-size:11px"><a href="http://www.ifood.com.br/" target="_blank"><font face="verdana, sans-serif">www.ifood.com.br</font></a></span><br><br></td></tr><tr></tr><tr><td rowspan="3" width="76"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/logo_ifood_ass.png" alt="" width="76" height="77"></td><td> </td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_assinatura.png" alt="" width="150" height="16"></td></tr></tbody></table></td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td width="25"><a href="https://itunes.apple.com/br/app/ifood-delivery-e-entrega-comida/id483017239?mt=8" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_iphone.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://play.google.com/store/apps/details?id=br.com.brainweb.ifood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_android.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://www.facebook.com/iFood?fref=ts" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_facebook.png" alt="" width="17" height="20"></a></td><td width="12"><a href="https://twitter.com/iFood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_twitter.png" alt="" width="17" height="20"></a></td><td width="70"> </td></tr></tbody></table></td></tr></tbody></table></div></div></div></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="m_-2650999134843045884m_1499998613794700481m_4933775012269764667m_-7240378798599573306gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(34,34,34);font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-size:12.8px"><table style="font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td colspan="2"><font style="font-size:small;line-height:normal;font-weight:bold" size="2" color="#888888" face="tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;display:inline">Alexandre Roberto Zia</div></font></td></tr><tr><td colspan="2" style="font-size:12px;line-height:2em"><b><font color="#d52623"><div style="font-family:tahoma,sans-serif;display:inline">Security<br></div></font></b></td></tr><tr><td colspan="2" style="font-size:11px"><br></td></tr><tr><td colspan="2"><b style="font-size:11px"><font face="arial narrow, sans-serif">TEL:</font></b><span style="font-size:11px"> </span><font style="font-size:11px" color="#999999"><a value="+551136343360" style="color:rgb(34,34,34)">+55 (11) 3634-3360</a></font><br></td></tr><tr><td colspan="2"><span style="font-size:11px"></span><br></td></tr><tr><td colspan="2"><span style="font-size:11px"><a href="http://www.ifood.com.br/" target="_blank"><font face="verdana, sans-serif">www.ifood.com.br</font></a></span><br><br></td></tr><tr></tr><tr><td rowspan="3" width="76"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/logo_ifood_ass.png" alt="" width="76" height="77"></td><td> </td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_assinatura.png" alt="" width="150" height="16"></td></tr></tbody></table></td></tr><tr><td><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td width="20"> </td><td width="25"><a href="https://itunes.apple.com/br/app/ifood-delivery-e-entrega-comida/id483017239?mt=8" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_iphone.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://play.google.com/store/apps/details?id=br.com.brainweb.ifood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_app_android.png" alt="" width="17" height="20"></a></td><td width="25"><a href="https://www.facebook.com/iFood?fref=ts" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_facebook.png" alt="" width="17" height="20"></a></td><td width="12"><a href="https://twitter.com/iFood" target="_blank"><img src="http://pro-bee-beepro-img.s3-website-eu-west-1.amazonaws.com/17011/images/ifood_twitter.png" alt="" width="17" height="20"></a></td><td width="70"> </td></tr></tbody></table></td></tr></tbody></table></div></div></div></div></div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_-2650999134843045884gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:13px"><p><strong>Oskar Butovič</strong><br><span style="font-size:11px;color:rgb(128,128,128)">solution architect</span></p></div><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">gsm: [+420] 774 480 101<br>e‑mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px"><strong>AMI Praha a.s.</strong><br>Pláničkova 11, 162 00 Praha 6</p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">tel.: [+420] 274 783 239 | web: <a href="https://www.ami.cz/" target="_blank">www.ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;margin-top:20px"><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p><p style="font-family:Arial,sans-serif;font-size:11px;color:rgb(170,170,170)">Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><span style="font-size:6px"> </span><br>Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování<br>nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím<br>odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním<br>s neoprávněně získanými informacemi se vystavujete riziku právního postihu.</p></div></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>