
<!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body><div data-html-editor-font-wrapper="true" style="font-family: arial, sans-serif; font-size: 13px;">Hi Andrea,<br><br>just be creative ;-). Here is a snippet from our user schema extension:<br> <pre><?xml version="1.0" encoding="UTF-8" standalone="yes"?> <xsd:schema elementFormDefault="qualified" targetNamespace="http://curms.rsint.net/xml/ns/curms/extension" xmlns:tns="http://curms.rsint.net/xml/ns/curms/extension" xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3" /> <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/types-3" /> <xsd:complexType name="UserExtensionType"> <xsd:annotation> <xsd:documentation> The R&amp;S UserType Extension. This extends the standard midPoint UserType schema to include custom attributes as required. </xsd:documentation> <xsd:appinfo> <a:extension ref="c:UserType" /> </xsd:appinfo> </xsd:annotation> <xsd:sequence> <xsd:element name="rsUniqueId" type="xsd:string" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation> R&amp;S Unique ID </xsd:documentation> <xsd:appinfo> <a:indexed>true</a:indexed> <a:displayName>user.hcm.uniqueid.disp</a:displayName> <a:displayOrder>100</a:displayOrder> <a:help>user.hcm.uniqueid.help</a:help> </xsd:appinfo> </xsd:annotation> </xsd:element> </pre><br>Here we chose http://curms.rsint.net/xml/ns/curms/extension as the targetNamespace. We could have chosen anything really.<br><br>Regards,<br>Chris.<br><br>September 25, 2020 12:44 PM, "Andrea Picconi via midPoint" <<a target="_blank" tabindex="-1" href="mailto:midpoint@lists.evolveum.com?to=%22Andrea%20Picconi%20via%20midPoint%22%20<midpoint@lists.evolveum.com>">midpoint@lists.evolveum.com</a>> wrote:<br> <blockquote><div><div lang="IT" vlink="purple"><div><p><span lang="EN-US">Hi,</span></p><p><span lang="EN-US">thank you for your help Ivan. </span></p><p><span lang="EN-US">I need some clarification regarding the personal “targetNamespace”: how can I generate a custom one that is good for my usage (like the ones I saw from your example and Ethan’s)? </span></p><p><span lang="EN-US">Forgive me if the question may seem silly, but this is the first time I’m working on something like this </span><span lang="EN-US" style='font-family: "Segoe UI Emoji",sans-serif'>😊</span></p><p><span lang="EN-US">Thank you and regards,</span></p><p><span lang="EN-US">Andrea</span></p><div><div style="border: none;border-top: solid #E1E1E1 1.0pt;padding: 3.0pt 0cm 0cm 0cm"><p><b><span style="mso-fareast-language: IT">From:</span></b><span style="mso-fareast-language: IT"> midPoint <<a target="_blank" rel="noopener noreferrer" href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>> <b>On Behalf Of </b>Ivan Noris via midPoint<br><b>Sent:</b> Friday, September 25, 2020 12:12 PM<br><b>To:</b> <a target="_blank" rel="noopener noreferrer" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br><b>Cc:</b> Ivan Noris <<a target="_blank" rel="noopener noreferrer" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>><br><b>Subject:</b> Re: [midPoint] Problem with correlation and external attribute</span></p></div></div><p>Hi Andrea,</p><p>take an inspiration from e.g. <a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd"> https://github.com/Evolveum/midpoint-samples/blob/master/samples/schema/extension-piracy.xsd</a></p><p>See targetNamespace and xmlns:tns definitions in <xsd:schema element.</p><p>Ivan</p><div><p>On 25. 9. 2020 11:50, Andrea Picconi via midPoint wrote:</p></div> <blockquote style="margin-top: 5.0pt;margin-bottom: 5.0pt"><p><span lang="EN-US">Hi Ethan,</span></p><p><span lang="EN-US">it's probably just that ... I'll try to find a way to create it myself, even if I don't know how.</span></p><p><span lang="EN-US">Thanks again Ethan, thanks Ivan</span></p><div><div style="border: none;border-top: solid #E1E1E1 1.0pt;padding: 3.0pt 0cm 0cm 0cm"><p><b><span lang="EN-US" style="mso-fareast-language: IT">From:</span></b><span lang="EN-US" style="mso-fareast-language: IT"> midPoint <a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midpoint-bounces@lists.evolveum.com"><midpoint-bounces@lists.evolveum.com></a> <b>On Behalf Of </b>Ethan Kromhout via midPoint<br><b>Sent:</b> Friday, September 25, 2020 11:25 AM<br><b>To:</b> <a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br><b>Cc:</b> Ethan Kromhout <a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:kromhout@unc.edu"><kromhout@unc.edu></a><br><b>Subject:</b> Re: [midPoint] Problem with correlation and external attribute</span></p></div></div><p><span lang="EN-US">Ivan and Andrea,</span></p><p><span lang="EN-US">Is it problematic that the targetNamespace used in this extension could collide with one of the midPoint provided ones? I've always use a URN unique to my organization.</span></p><p><span lang="EN-US">Ethan</span></p><div><p><span lang="EN-US">On 9/25/20 4:10 AM, Ivan Noris via midPoint wrote:</span></p></div><blockquote style="margin-top: 5.0pt;margin-bottom: 5.0pt"><p><span lang="EN-US">Hi Andrea,</span></p><p><span lang="EN-US">can you try searching by that extension attribute in midPoint using Query playground?</span></p><p><span lang="EN-US">Ivan</span></p><div><p><span lang="EN-US">On 25. 9. 2020 9:44, Andrea Picconi via midPoint wrote:</span></p></div><blockquote style="margin-top: 5.0pt;margin-bottom: 5.0pt"><p><span lang="EN-US">Hi again,</span></p><p><span lang="EN-US">I also tried </span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:kromhout@unc.edu"><span lang="EN-US" style='font-family: "Calibri",sans-serif;text-decoration: none'>@Ethan Kromhout</span></a><span lang="EN-US">’s example, but it still gives me the two errors I showed you in the previous mail.</span></p><p><span lang="EN-US">I probably did something wrong in the setting, below how I set it all up:</span></p><p><span lang="EN-US">this is my extension_user_field schema namespace:</span></p><p><span lang="EN-US"><xsd:schema elementFormDefault=<i>"qualified"</i></span></p><p><span lang="EN-US">targetNamespace=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><i><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></i></a></p><p><span lang="EN-US">xmlns:tns=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><i><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></i></a></p><p><span lang="EN-US">xmlns:a=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://prism.evolveum.com/xml/ns/public/annotation-3"><i><span lang="EN-US">"http://prism.evolveum.com/xml/ns/public/annotation-3"</span></i></a></p><p><span lang="EN-US">xmlns:c=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><i><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</span></i></a></p><p><span lang="EN-US">xmlns:xsd=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://www.w3.org/2001/XMLSchema"><i><span lang="EN-US">"http://www.w3.org/2001/XMLSchema"</span></i></a><span lang="EN-US">></span></p><p><span lang="EN-US">here the indexed attribute:</span></p><p><span lang="EN-US"><xsd:element name=<i>"uidLDAP"</i> type=<i>"xsd:string"</i> minOccurs=<i>"0"</i> maxOccurs=<i>"1"</i>></span></p><p><span lang="EN-US"><xsd:annotation></span></p><p><span lang="EN-US"><xsd:appinfo></span></p><p><span lang="EN-US"><a:indexed>true</a:indexed></span></p><p><span lang="EN-US"><a:displayName>LDAP UID</a:displayName></span></p><p><span lang="EN-US"><a:displayOrder>550</a:displayOrder></span></p><p><span lang="EN-US"><a:help>UID from LDAP</a:help></span></p><p><span lang="EN-US"></xsd:appinfo></span></p><p><span lang="EN-US"></xsd:annotation></span></p><p><span lang="EN-US"></xsd:element></span></p><p><span lang="EN-US">here instead the correlation that I have tried, starting from what you have seen above:</span></p><p><span lang="EN-US"><correlation></span></p><p><span lang="EN-US"><q:equal></span></p><p><span lang="EN-US"><q:path xmlns:ri=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></a><span lang="EN-US">>extension/uidLDAP</q:path></span></p><p><span lang="EN-US"><expression></span></p><p><span lang="EN-US"><path xmlns:ri=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></a><span lang="EN-US">></span></p><p><span lang="EN-US">declare namespace ri=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></a><span lang="EN-US">;</span></p><p><span lang="EN-US">$projection/attributes/ri:sAMAccountName</span></p><p><span lang="EN-US"></path></span></p><p><span lang="EN-US"></expression></span></p><p><span lang="EN-US"></q:equal></span></p><p><span lang="EN-US"></correlation></span></p><p><span lang="EN-US">Could you tell me where I'm wrong?</span></p><p><span lang="EN-US">Thank you,</span></p><p><span lang="EN-US">Andrea</span></p><div><div style="border: none;border-top: solid #E1E1E1 1.0pt;padding: 3.0pt 0cm 0cm 0cm"><p><b><span lang="EN-US" style="mso-fareast-language: IT">From:</span></b><span lang="EN-US" style="mso-fareast-language: IT"> midPoint </span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midpoint-bounces@lists.evolveum.com"><span lang="EN-US" style="mso-fareast-language: IT"><midpoint-bounces@lists.evolveum.com></span></a><span style="mso-fareast-language: IT"> </span><b><span lang="EN-US" style="mso-fareast-language: IT">On Behalf Of </span> </b><span lang="EN-US" style="mso-fareast-language: IT">Ethan Kromhout via midPoint<br><b>Sent:</b> Wednesday, September 23, 2020 3:12 PM<br><b>To:</b> </span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midpoint@lists.evolveum.com"><span lang="EN-US" style="mso-fareast-language: IT">midpoint@lists.evolveum.com</span></a><br><span lang="EN-US" style="mso-fareast-language: IT"><b>Cc:</b> Ethan Kromhout </span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:kromhout@unc.edu"><span lang="EN-US" style="mso-fareast-language: IT"><kromhout@unc.edu></span></a><br><span lang="EN-US" style="mso-fareast-language: IT"><b>Subject:</b> Re: [midPoint] Problem with correlation and external attribute</span></p></div></div><p><span lang="EN-US">I have used an extension attribute in a similar way, though it wasn't with AD. In my case I explicitly called out the namespace of the custom schema, not sure if that was required, but it works okay. Do note that the custom attribute must be indexed.</span></p><p><span lang="EN-US">In my schema I have the namespace and indexed attribute, note the "targetNamespace":</span></p><p><span lang="EN-US"><?xml version="1.0" encoding="UTF-8" standalone="yes"?><br><xsd:schema elementFormDefault="qualified"<br>targetNamespace=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://unc.edu/xml/ns/uncPerson"><span lang="EN-US">"http://unc.edu/xml/ns/uncPerson"</span></a><br><span lang="EN-US">xmlns:tns=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://example.com/xml/ns/mySchema"><span lang="EN-US">"http://example.com/xml/ns/mySchema"</span></a><br><span lang="EN-US">xmlns:a=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://prism.evolveum.com/xml/ns/public/annotation-3"><span lang="EN-US">"http://prism.evolveum.com/xml/ns/public/annotation-3"</span></a><br><span lang="EN-US">xmlns:c=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</span></a><br><span lang="EN-US">xmlns:xsd=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://www.w3.org/2001/XMLSchema"><span lang="EN-US">"http://www.w3.org/2001/XMLSchema"</span></a><span lang="EN-US">></span></p><p style="margin-bottom: 12.0pt"><span lang="EN-US"><xsd:element name="subId" type="xsd:string" minOccurs="0" maxOccurs="1"><br><xsd:annotation><br><xsd:appinfo><br><a:indexed>true</a:indexed><br><a:displayName>subId</a:displayName><br><a:help>Subject ID</a:help><br><a:displayOrder>150</a:displayOrder><br></xsd:appinfo><br></xsd:annotation><br></xsd:element></span></p><p><span lang="EN-US">Then in the correlation I reference that namespace as uncPerson:</span></p><p><span lang="EN-US"><correlation><br><q:equal><br><q:path xmlns:uncPerson=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://unc.edu/xml/ns/uncPerson"><span lang="EN-US">"http://unc.edu/xml/ns/uncPerson"</span></a><span lang="EN-US">>extension/uncPerson:subId</q:path><br><expression><br><path xmlns:ri=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></a><span lang="EN-US">><br>declare namespace ri=</span><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"><span lang="EN-US">"http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"</span></a><span lang="EN-US">;<br>$account/attributes/ri:pid<br></path><br></expression><br></q:equal><br></correlation></span></p><p><span lang="EN-US">Ethan</span></p><div><p><span lang="EN-US">On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:</span></p></div><blockquote style="margin-top: 5.0pt;margin-bottom: 5.0pt"><p><span lang="EN-US">Hi all,</span></p><p><span lang="EN-US">I have a problem for which I have searched for a solution everywhere, but I couldn’t find anything: I am making a correlation between an extended attribute present in the user in midpoint (<b><i>uidLDAP</i></b>) and the <b><i>sAMAccountName</i></b> attribute of an AD account that I need to import.</span></p><p><span lang="EN-US">below, you can see one of the tests made (of the many)</span></p><p><img border="0" width="758" height="132" style="width: 7.8958in;height: 1.375in" class="lazy" alt src="cid:image001.png@01D69338.1961CDA0"></p><p><span lang="EN-US">but this does not give me any errors, it just tells me that the correlation has reported an unmatched:</span></p><p><img border="0" width="312" height="62" style="width: 3.25in;height: .6458in" class="lazy" alt src="cid:image002.png@01D69338.1961CDA0"><span lang="EN-US"> </span><img border="0" width="455" height="118" style="width: 4.7395in;height: 1.2291in" class="lazy" alt src="cid:image003.jpg@01D69338.1961CDA0"></p><p><span lang="EN-US">But if I try to force the correlation by choosing the "change owner" option and going to grab the correct user by hand in midpoint, it works</span></p><p><img border="0" width="329" height="245" style="width: 3.427in;height: 2.552in" class="lazy" alt src="cid:image004.png@01D69338.1961CDA0"></p><p><span lang="EN-US">So i think the problem comes from the attribute path on midpoint (the extended one):</span></p><p><img border="0" width="700" height="23" style="width: 7.2916in;height: .2395in" class="lazy" alt src="cid:image005.png@01D69338.1961CDA0"></p><p><span lang="EN-US">Has anyone already tried to use an extended attribute in the first correlation path?</span></p><p><span lang="EN-US">Could you help me?</span></p><p><span lang="EN-US">Thank you and regards,</span></p><p><b><span style="font-size: 10.0pt;mso-fareast-language: IT">Andrea Picconi</span></b></p><p><i><span style="font-size: 10.0pt;mso-fareast-language: IT">IAM (Identity Access Management)</span></i><br><br><br><br> </p><p><span lang="EN-US" style="mso-fareast-language: IT"><img border="0" width="136" height="33" style="width: 1.4166in;height: .3437in" alt="Innovery" class="lazy" src="cid:image006.png@01D69338.1961CDA0"></span><br><span style="font-size: 10.0pt;mso-fareast-language: IT">Skype: precons</span><br><span style="font-size: 10.0pt;mso-fareast-language: IT">T: +39 06 51963439 (int. 196) </span><br><br><span style="font-size: 10.0pt;color: black;mso-fareast-language: IT">Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori, 20057 Assago (MI).</span><br><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="http://www.innovery.net/"><span lang="EN-US" style="font-size: 10.0pt;color: #0563C1;mso-fareast-language: IT">www.innovery.net</span></a><span lang="EN-US" style="font-size: 10.0pt;mso-fareast-language: IT"> | T: +39 06 519 63 439</span></p><p><br><br><br> </p><pre><span lang="EN-US">_______________________________________________</span></pre><pre><span lang="EN-US">midPoint mailing list</span></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="https://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a></pre></blockquote><p><br><br> </p><pre><span lang="EN-US">_______________________________________________</span></pre><pre><span lang="EN-US">midPoint mailing list</span></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="https://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a></pre></blockquote><pre><span lang="EN-US">-- </span></pre><pre><span lang="EN-US">Ivan Noris</span></pre><pre><span lang="EN-US">Senior Identity Engineer</span></pre><pre><span lang="EN-US">evolveum.com</span></pre><p><br><br> </p><pre><span lang="EN-US">_______________________________________________</span></pre><pre><span lang="EN-US">midPoint mailing list</span></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="https://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a></pre></blockquote><p><br> </p><pre>_______________________________________________</pre><pre>midPoint mailing list</pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></pre><pre><a rel="external nofollow noopener noreferrer" target="_blank" tabindex="-1" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a></pre></blockquote><pre>-- </pre><pre>Ivan Noris</pre><pre>Senior Identity Engineer</pre><pre>evolveum.com</pre></div></div></div></blockquote><br><br><signature></signature></div></body></html>