<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Richard,</p>
<p>concerning plugins: yes, Eclipse plugin still sort-of works, but
it's a dead code now (it always was "write-only" prototype code).</p>
<p> IntelliJ IDEA plugin is getting better each day (thanks,
Viliam!) After release of midPoint 4.2 I will integrate the trace
viewing feature to master branch for this plugin.</p>
<p>
<blockquote type="cite">Higher education funding in the US is
complicated right now to put it lightly. As time allows, I will
be trying to actively contribute back the best I can to the
community. Doesn't pay the bills right now, but hopefully will
get more involved in the community. That particular blog post
went up quick because I wrote it as I did it on one system, and
then used it to make the correct changes on another. I have
several more to write.
</blockquote>
I can imagine the funding situation. And I am looking forward to
your blog posts :)</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 27/08/2020 02:30, Richard Frovarp
via midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ccf3ce474a6185afdff4f01e11b71385eb7d9a6d.camel@ndsu.edu">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>Thank you for the extraordinary help. Been a long day here,
but had a chance to get a decent understanding of what you've
said, and even give it a bit of a test. More comments inline.</div>
<div><br>
</div>
<div>On Wed, 2020-08-26 at 10:24 +0200, Pavol Mederly via midPoint
wrote:</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<p><br>
</p>
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
</blockquote>
Most probably yes. I was confused originally a little bit as
well, because I do not know this part of midPoint into great
depth.
<p>This is crucial (from <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete">https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete</a>):
<br>
</p>
<p> "That means if there is a valid assignment for that
account <b>or if the account is allowed by any other policy
(such as
</b><b><a
href="https://wiki.evolveum.com/display/midPoint/Projection+Policy"
moz-do-not-send="true">Projection Policy</a></b><b>).</b>"</p>
<p>In your case, the default (<i>relative</i>) projection policy
ensures that - assuming there is no change in the assignment -
any existing account is considered legal. On the contrary,
under
<i>full </i>projection policy, only really assigned accounts
are considered legal. (As I say, I didn't realize this fact.)<br>
</p>
</blockquote>
<div><br>
</div>
<div>Working on getting those values correct for our different
resources and how we want it to work. I understand why the
default is the default for the software, but it's a confusing
bit to come to on one's own. Getting this right will eliminate
some of the confusion I've bumped into with other resources. For
anyone else following along, I'm going with full projection
policy by default, then source resources are getting a none with
a legalize on them. It feels like this is touched on somewhere,
probably the book(?) but it isn't coming to me right now. I'll
have to review other documentation I've seen in the past.</div>
<div><br>
</div>
<div><br>
</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
</blockquote>
Yes. The XML document is so large because it contains almost
everything I need to analyze the situation - all evaluations of
all scripts/mappings, almost all objects used, detailed logs
from the processing, etc. It is so to avoid round trips with
customers like "send me logs from X", then "run it again and
please give me also Y and Z", etc.
<p>And yes, it can contain sensitive information. I thought you
have only a kind of playground installation, so no real data.
Anyway, as you said, you managed to remove sensitive info.
(You can now remove the whole file.)</p>
<p>BTW, here is also the reason one should use config properties
for passwords, etc: such properties will not be part of these
trace files, only if there would be a bug somewhere. (Unlike
things that are present in resource XML objects. They are part
of these files by design.)<br>
</p>
</blockquote>
<div><br>
</div>
<div>Yeah, we're using constants from the config file for pretty
much everything. There was one encrypted password in there I
think for the admin account that I removed. Then there were
things like my DoB and employee number that I took care of a
little bit. Config properties are awesome.</div>
<div><br>
</div>
<div><br>
</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
<pre>
</pre>
</blockquote>
This is a point I don't understand: The Target - Grouper NDSU
Subjects is your target resource. You are managing its content
from midPoint. And you use the content in Grouper. So far so
good.
<p>But why you use this same resource as a <i>source</i> for
midPoint (using live sync)? Was it just for the sake of
demonstration of this issue?<br>
</p>
</blockquote>
<div><br>
</div>
<div>No. I think we had a misunderstanding on how to make such
resources work. </div>
<div><br>
</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
</blockquote>
<pre>
</pre>
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
</blockquote>
<p>Well, this is about what level of details you set in the
trace viewer. (What kinds of operations should it show.) So if
I select e.g. only an overview, I will see all the mappings,
but with no particular context. If I select all operations, I
will find the context but then I can get lost in the
processing. (I am speaking of the viewer used in IntelliJ IDEA
plugin, because I haven't used the web GUI viewer for a long
time.) So, currently the viewers require some amount of
midPoint knowledge to be used effectively. I hope that
gradually they will be improved to be suitable also for wider
audience.</p>
<p>But, overall, you managed to find the issue and resolution
yourself, so I think it was of some help to you. :-)<br>
</p>
</blockquote>
<div><br>
</div>
<div>Yes it was of some help. I'll have to give the IntelliJ IDEA
plugin a try later this fall. I have the Eclipse one working for
managing the XML, which serves me well enough for now.</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
<pre>
</pre>
</blockquote>
<p>---</p>
<p>A personal note: The analysis I have done for you is
something that I really love to do. We do that regularly for
our customers. I did it here just because I liked your work
(e.g. the blogpost about Grouper integration) and your
approach to midPoint. And I love the academy as such, being
myself from this environment. But it's not sustainable - I did
this on my own time (which I have almost zero, and this work
was almost 2 hours for me), and now I have to return to work
for our customers and midPoint development as such. So,
please, do really consider purchasing a subscription. Maybe
you'll be surprised that the price is not that high for HE
sector. Then we would be able to cooperate in a regular way,
not on "best effort" (which I have depleted for longer time
now) basis. :-)<br>
</p>
<p><br>
</p>
<p><br>
</p>
</blockquote>
<div><br>
</div>
<div>Thank you very much for this extra personal effort. It
certainly wasn't expected. Higher education funding in the US is
complicated right now to put it lightly. As time allows, I will
be trying to actively contribute back the best I can to the
community. Doesn't pay the bills right now, but hopefully will
get more involved in the community. That particular blog post
went up quick because I wrote it as I did it on one system, and
then used it to make the correct changes on another. I have
several more to write.
</div>
<div><br>
</div>
<div>Thank you once again,</div>
<div>Richard</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>