<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Jared,</p>
<p>it is possible to search shadow object using Distinguished Name
attribute with the current LTS 4.8.3. I have also tried on 4.4.8
but without success.<br>
</p>
<p><br>
</p>
<p>The DistinguishedName is available with path *attributes/ri:dn*
in the shadow object.</p>
<p><br>
</p>
<p>Let me note that shadow is specific object as it is representing
real object (usually account or group) located on the resource -
external system. In case, you show the content of the shadow (e.g.
user - projection, resource - accounts ) you see the information
which is updated / merged with the current information on the
resource. In the midPoint's repository there is not stored all the
information you see in GUI (except the case you show the raw
object or list repository objects directly). By default there is
stored only identifiers (both primary and secondaries) from the
resource's attributes on the shadow object in the repository.</p>
<p><br>
</p>
<p>You can search also over the attributes which is not stored in
midPoint's shadow object but in that case there is utilized
communication with the resource and the resulting time may be
impacted. In case you want to search over the attribute stored in
the repository you can use options *raw* or *noFetch* to keep
searching (and also result) only on the content stored in the
midPoint's repository - the benefit could be response time. It is
design question on your implementation what you prefer / need. One
of the options could be also adding the additional secondary
identifier in the resource setting.</p>
<p><br>
</p>
<p>With midPoint release 4.9+ there will be introduced caching
feature on resource. This may help you also reduce communication
with the resource and related response time.</p>
<p><br>
</p>
<p>OK, back to your question... You can try yourself with our demo -
<a class="moz-txt-link-freetext" href="https://demo.evolveum.com/">https://demo.evolveum.com/</a> (credentials are visible on the login
page) .<br>
</p>
<p><br>
</p>
<p>example of the call with the filter:</p>
<p> - query causing communication with relevant resource :<br>
curl -u administrator:<password> -H "Content-Type:
application/json" -H "Accept: application/json" -X POST
<a class="moz-txt-link-freetext" href="https://demo.evolveum.com/midpoint/ws/rest/shadows/search">https://demo.evolveum.com/midpoint/ws/rest/shadows/search</a>
--data-binary @filter-file</p>
<p><br>
</p>
<p> - query limited to the midPoint's repository content :<br>
curl -u administrator:<password> -H "Content-Type:
application/json" -H "Accept: application/json" -X POST
<a class="moz-txt-link-freetext" href="https://demo.evolveum.com/midpoint/ws/rest/shadows/search?options=raw">https://demo.evolveum.com/midpoint/ws/rest/shadows/search?options=raw</a>
--data-binary @filter-file</p>
<p></p>
<p><br>
</p>
<p>where the content of the filter-file is:</p>
<p>{<br>
"query": {<br>
"filter": {<br>
"text": "resourceRef matches (oid =
\"ebd0bf7b-7e80-4175-ba5e-4fd5de2ecd62\") and kind = \"account\"
and intent = \"default\" and attributes/dn =
\"uid=raphael,ou=people,dc=example,dc=com\" "<br>
},<br>
"paging": {<br>
"maxSize": 5<br>
}<br>
}<br>
}</p>
<p><br>
</p>
<p>Please note that the kind and intent are required to be able to
match proper schema.</p>
<p><br>
</p>
<p>I hope this information will help you to solve the issue.<br>
</p>
<p><br>
</p>
<p>Relevant links to the docs:</p>
<p> -
<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/support-4.8/concepts/query/midpoint-query-language/search-using-shadow-attributes/#free-form-search">https://docs.evolveum.com/midpoint/reference/support-4.8/concepts/query/midpoint-query-language/search-using-shadow-attributes/#free-form-search</a></p>
<p> -
<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/rest/operations/get-op-rest/">https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/rest/operations/get-op-rest/</a></p>
<p> -
<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/rest/operations/shadow-op-rest/">https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/rest/operations/shadow-op-rest/</a></p>
<p> - <a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/demo/">https://docs.evolveum.com/midpoint/demo/</a></p>
<p><br>
</p>
<p></p>
<div class="moz-signature">
<p>Best Regards,</p>
<p style="margin: 0px;"><span
style="font-family: 'arial' , 'helvetica' , sans-serif , 'font-size';"><strong>Kamil
Jires</strong> | <span style="font-size: medium;"><small>Identity
Engineer</small></span></span></p>
<p style="margin: 0px;"><span
style="font-family: 'arial' , 'helvetica' , sans-serif;"><a
href="https://evolveum.com/"
rel="nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank"><img
src="https://evolveum.com/wp-content/uploads/evolveum-email-signature-evolveum-logo.png"
width="299" height="73"></a><br>
</span> <a href="mailto:kamil.jires@evolveum.com"
style="font-size: 13.3333px;"
rel="nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank" class="moz-txt-link-freetext">kamil.jires@evolveum.com</a>
<span style="font-size: 13.3333px;"> | </span> <a
href="http://www.evolveum.com/" style="font-size: 13.3333px;"
rel="nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank">www.evolveum.com</a><br>
<span style="font-size: medium;"><small> </small></span></p>
<div style="line-height: 40%;"></div>
<div class="moz-signature"><a
href="https://www.linkedin.com/company/evolveum"
rel="nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank"><img alt="Evolveum LinkedIn"
src="https://evolveum.com/wp-content/uploads/2017/04/LinkedIn.png"
width="23" height="23" border="0"></a> <a
href="https://twitter.com/evolveum"
rel="noopener nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank"><img alt="Evolveum Twitter"
src="https://evolveum.com/wp-content/uploads/Twitter-new.png" width="23"
height="23" border="0"></a> <a
href="https://www.facebook.com/evolveum"
rel="noopener nofollow noopener noreferrer nofollow noopener noreferrer"
target="_blank"><img alt="Evolveum Facebook"
src="https://evolveum.com/wp-content/uploads/Facebook.png"
width="23" height="23" border="0"></a></div>
<p style="margin: 0px;"><span style="font-size: 9pt;">Disclaimer:
The contents of this e-mail and attachment(s) thereto are
confidential and intended for the named recipient(s) only. It
shall not attach any liability on the originator or Evolveum
s.r.o. or its affiliates. Any views or opinions presented in
this email are solely those of the author and may not
necessarily reflect the opinions of Evolveum s.r.o. or its
affiliates. Any form of reproduction, dissemination, copying,
disclosure, modification, distribution and / or publication of
this message without the prior written consent of the author
of this e-mail is strictly prohibited. If you have received
this email in error please delete it and notify the sender
immediately.<br>
<br>
</span></p>
</div>
<div class="moz-cite-prefix">On 7/15/24 15:04, Crowe, Jared via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CH0PR11MB53131B0C110E3EDE6CE851BDA5A12@CH0PR11MB5313.namprd11.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Hello.</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
I'd like to use the distinguishedName matching rule to search
shadow data via the REST API. Is this supported in 4.4.8 (or in
some later version)? If so, does anyone have a working example
they could share?</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
E.g. (what I'm trying)</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
{</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"@ns": <a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>,</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"query": {</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"filter": {</div>
<div class="elementToProof"
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"text": "resourceRef matches (oid = \"11111111-1111-1111-111-111111100001\") and name equal [distinguishedName] \"uid=user,ou=Production, ou=People, dc=someorg, dc=edu\""</div>
<div class="elementToProof"
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
},</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"paging": {</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
"maxSize": 5</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
}</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
}</div>
<div
style="line-height: 18px; white-space: pre; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
}</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
Thanks in advance!</div>
<div class="elementToProof"
style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<p style="background-color: white; margin: 0in;"><span
style="color: rgb(19, 41, 75);"><b>JARED CROWE</b></span><span
style="color: black;"><br>
</span><span style="color: rgb(19, 41, 75);"><i>ASSISTANT
DIRECTOR INTEGRATIONS</i></span></p>
<p style="background-color: white; margin: 0in;"><span
style="color: rgb(19, 41, 75);">Administrative Information
Technology Services</span><span
style="color: rgb(31, 73, 125);"> (AITS)</span><span
style="color: black;"><br>
</span><span style="color: rgb(19, 41, 75);">University of
Illinois System</span><span style="color: black;"><br>
</span><span style="color: rgb(19, 41, 75);">50 Gerty Dr.
#133d | M/C 673</span><span style="color: rgb(31, 73, 125);"> |
Champaign, IL 61820</span><span style="color: black;"><br>
</span><span style="color: rgb(19, 41, 75);">217.333.2098 | </span><span
style="color: rgb(31, 73, 125);"><a
href="mailto:jmcrowe@illinois.edu" target="_blank"
id="OWAcebbf8c6-b7ac-7340-c036-540108bcfcc1"
class="OWAAutoLink moz-txt-link-freetext"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">jmcrowe@illinois.edu</a></span><span
style="color: black;"><br>
</span><span style="color: rgb(19, 41, 75);"><a
href="http://www.aits.uillinois.edu/" target="_blank"
id="OWA725a27c3-832d-b11f-06f1-723bc3a484cb"
class="OWAAutoLink"
style="margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true">www.aits.uillinois.edu</a></span></p>
<p
style="text-align: left; background-color: white; margin: 0in;"><span
style="color: rgb(19, 41, 75);"> </span></p>
<p style="text-align: left; background-color: white;"><span
style="color: black;"><a href="https://www.uillinois.edu/"
target="_blank"
id="OWA59c34614-c249-c402-9ca9-5634473a07a0"
class="OWAAutoLink"
style="color: black; margin-top: 0px; margin-bottom: 0px;"
moz-do-not-send="true"><img
style="width: 255px; height: 18px; margin-top: 0px; margin-bottom: 0px;"
data-outlook-trace="F:1|T:1"
src="cid:part1.5Rie33w0.7YH0EEER@evolveum.com" class=""
width="255" height="18"></a><br>
<br>
</span><span style="color: rgb(102, 102, 102);"><i>Under the
Illinois Freedom of Information Act any written
communication to or from university employees regarding
university business is a public record and may be subject
to public disclosure. </i></span></p>
<p style="background-color: white;"> </p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>