<div dir="ltr"><div dir="ltr"><div>We figured out the origin of the issue.</div><div><br></div><div>Our template mapping was missing the <b>type</b> field.</div><div> <targetRef oid="xxxxxxxx"<b> type="RoleType"</b>/></div><div><br></div><div>The mapping worked, but it would add "ObjectType" to the assignment field targetType before 3.9. In 3.9, the value is FocusType.</div><div><br></div><div>Maybe there should be code in the 3.9 update process to fix this?</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em sex, 15 de mar de 2019 às 15:05, Alcides Carlos de Moraes Neto <<a href="mailto:alcides.neto@gmail.com">alcides.neto@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>I was able to fix it by deleting the assignment and adding a new corrected clone. Is this the best way to do this?</div><div>Deleting and adding on the same delta would not work, I guess it tried to add before the delete and would not do it, since the target was still there?<br></div><div><br></div><div><scext:executeScript<br> xmlns:scext="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3</a>"<br> xmlns:s="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"<br> xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"<br> xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"<br> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"><br> <s:search xmlns:s="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"><br> <s:type>c:UserType</s:type><br> <query xmlns="<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"><br> <filter><br> <equal><br> <matching>polyStringNorm</matching><br> <path>name</path><br> <value>testUser</value><br> </equal><br> </filter><br> </query><br> <s:action><br> <s:type>execute-script</s:type><br> <s:parameter><br> <s:name>script</s:name><br> <c:value xsi:type="c:ScriptExpressionEvaluatorType"><br> <c:code><br> import com.evolveum.midpoint.xml.ns._public.common.common_3.*<br> import com.evolveum.midpoint.prism.delta.builder.*<br> import com.evolveum.midpoint.model.api.*<br> import javax.xml.namespace.QName<br> <br> def assignmentsToDelete = []<br> def assignmentsToAdd = []<br> <br> for (a in input.assignment) {<br> if (a.targetRef != null) {<br> def ot = midpoint.resolveReferenceIfExists(a.targetRef)<br> if (ot == null) {<br> def removeAssignment = new AssignmentType()<br> removeAssignment.id = <a href="http://a.id" target="_blank">a.id</a><br> assignmentsToDelete.add removeAssignment.asPrismContainerValue()<br> } else if (a.targetRef?.type.localPart == 'ObjectType') {<br> def removeAssignment = new AssignmentType()<br> removeAssignment.id = <a href="http://a.id" target="_blank">a.id</a><br> assignmentsToDelete.add removeAssignment.asPrismContainerValue()<br> <br> def addAssignment = a.clone()<br> addAssignment.id = null<br> addAssignment.metadata = null<br> addAssignment.targetRef.type = new QName('<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>', ot.class.name.split("\\.")[-1])<br> assignmentsToAdd.add addAssignment.asPrismContainerValue()<br> } <br> }<br> }<br> if (!assignmentsToDelete.empty) {<br> log.debug "Assignments to delete: " + assignmentsToDelete<br> log.debug "Assignments to add: " + assignmentsToAdd<br> <br> def delta = DeltaBuilder.deltaFor(FocusType.class, prismContext).item(FocusType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(input.oid)<br> log.debug "Deleting" <br> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())<br> <br> delta = DeltaBuilder.deltaFor(FocusType.class, prismContext).item(FocusType.F_ASSIGNMENT).add(assignmentsToAdd).asObjectDelta(input.oid)<br> log.debug "Adding" <br> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())<br> }<br> </c:code><br> </c:value><br> </s:parameter><br> </s:action><br> </s:search><br> <options><br> <continueOnAnyError>true</continueOnAnyError><br> </options><br></scext:executeScript><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter, 12 de mar de 2019 às 15:39, Alcides Carlos de Moraes Neto <<a href="mailto:alcides.neto@gmail.com" target="_blank">alcides.neto@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div>Hello list,</div><div><br></div><div>We tried updating our test server from 3.8 to 3.9. The update seemed OK, but we were unable to login using AD/LDAP authentication. The logs would alert that our user objects were invalid, because they have an assignment with targetRef.type with value "ObjectType", which resulted in a parse object exception.</div><div><pre>2019-03-11 09:02:24,273 [REPOSITORY] [main] ERROR (com.evolveum.midpoint.repo.sql.helpers.ObjectRetriever): Couldn't parse object UserType e934a8e4-fea1-4518-9d93-503bf4ee950a: com.evolveum.midpoint.util.exception.SchemaException: Target type specified in reference {<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3%7DtargetRef" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3}targetRef</a> ({<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3%7DObjectType" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3}ObjectType</a>) does not match target type in schema ({<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3%7DFocusType" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3}FocusType</a>)
</pre></div><div><br></div><div>So we disabled ldap authentication and logged in with the administrator account. Looking at the users xml object, we see the faulty assignment:</div><div><br></div><div><pre> <assignment id="2">
<metadata>
<requestTimestamp>2018-06-19T16:54:51.349-03:00</requestTimestamp>
<requestorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default"
type="c:UserType"/>
<createTimestamp>2018-06-19T16:54:56.253-03:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default"
type="c:UserType"/>
<createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import" target="_blank">http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#import</a></createChannel>
<createTaskRef oid="5251c97d-8be4-46b1-bbb7-f5fc9f4d0213"
relation="org:default"
type="c:TaskType"/>
<originMappingName>User template mapping</originMappingName>
</metadata>
<targetRef oid="24a5f2be-aed1-49e2-b3f6-9a13ed397342"
relation="org:default"
<b>type="c:ObjectType"</b>/>
<activation>
<effectiveStatus>enabled</effectiveStatus>
</activation>
</assignment><br><br></pre><pre>These assignments were created by a user template mapping, using version 3.7. <br>Maybe it was a bug, I don't know, but they are everywhere.<br></pre><pre>So we reverted to 3.8 and tried a bulk task with some script in order to rewrite this value. <br>It didn't work, it actually erased all assignments and rewrote only the corrected one. <br>I guess I need some helping with these delta scripts, can anyone assist me, please?<br><br>The task definition is below:<br><br><scext:executeScript<br> xmlns:scext="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3</a>"<br> xmlns:s="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"<br> xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"<br> xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"<br> xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"><br> <s:search xmlns:s="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"><br> <s:type>c:UserType</s:type><br> <s:action><br> <s:type>execute-script</s:type><br> <s:parameter><br> <s:name>script</s:name><br> <c:value xsi:type="c:ScriptExpressionEvaluatorType"><br> <c:code><br> import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;<br> import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType;<br> import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;<br> import com.evolveum.midpoint.prism.delta.ObjectDelta;<br> import com.evolveum.midpoint.model.api.ModelExecuteOptions;<br> <br> userDelta = null;<br> allAssignments = input?.getAssignment();<br> allAssignments?.each {<br> if(it.getTargetRef()?.getType().getLocalPart() == "ObjectType") {<br> AssignmentType a = it.clone();<br> a.getTargetRef().setType(new QName('<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>', 'RoleType')); <br> if (userDelta == null){<br> userDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, input?.getOid(), UserType.F_ASSIGNMENT, midpoint.getPrismContext(), a);<br> } else {<br> userDelta.addModificationReplaceContainer(UserType.F_ASSIGNMENT, a);<br> }<br> <br> }<br> }<br> <br> if (userDelta != null){<br> midpoint.executeChanges([ userDelta ], ModelExecuteOptions.createRaw());<br> }<br> </c:code><br> </c:value><br> </s:parameter><br> </s:action><br> </s:search><br> <options><br> <continueOnAnyError>true</continueOnAnyError><br> </options><br></scext:executeScript><br><br><br></pre><pre><br></pre></div><div><br></div><div><br></div></div></div>
</blockquote></div>
</blockquote></div>