Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 31 2019 18:04

    mederly on master

    Fix requestee.name reference in… (compare)

  • Jan 31 2019 16:50

    skublik on master

    removing of duplicate (compare)

  • Jan 31 2019 15:34

    skublik on master

    adding of tests for attachments Merge remote-tracking branch 'r… (compare)

  • Jan 31 2019 15:28

    skublik on admin-dashboard

    sending jasper and dashboard re… (compare)

  • Jan 31 2019 14:46

    mederly on master

    Fix TestNotifications Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 14:45

    PetrGasparik on master

    Translation update, WIP (compare)

  • Jan 31 2019 14:23

    mederly on master

    Fix YAML !!binary tag treatment… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 13:35

    KaterynaHonchar on master

    MID-5116 Admin GUI support for … Merge branch 'master' of https:… (compare)

  • Jan 31 2019 11:43

    mederly on master

    Implement easy parsing of xsd:a… (compare)

  • Jan 31 2019 10:40

    mederly on master

    Add skeleton for notification a… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 10:11

    KaterynaHonchar on master

    induced entitlement fixes fix for expression panel Merge branch 'master' of https:… (compare)

  • Jan 31 2019 10:03

    skublik on master

    removing css issue in debug pag… adding attachments to mail noti… Merge remote-tracking branch 'r… and 2 more (compare)

  • Jan 31 2019 09:50

    mederly on master

    Adapt admin-gui tests Now we c… Merge remote-tracking branch 'o… (compare)

  • Jan 31 2019 08:56

    mederly on netid-fixes

    Add assignment path variables t… Merge branch 'support-3.9' into… (compare)

  • Jan 30 2019 20:50

    KaterynaHonchar on master

    MID-5121 Induced entitlement er… Merge branch 'master' of https:… (compare)

  • Jan 30 2019 17:15

    semancik on master

    Improved archetype sample (MID-… (compare)

  • Jan 30 2019 16:48

    semancik on master

    Archetype UX experiments and sa… (compare)

  • Jan 30 2019 16:20

    katkav on gui-wrapper

    gui prism panels and wrappers r… (compare)

  • Jan 30 2019 15:37

    semancik on master

    Fixed handling of secondary ide… (compare)

  • Jan 30 2019 09:05

    KaterynaHonchar on master

    more authorization checks for r… (compare)

Hiroyuki Wada
@wadahiro
@semancik Happy New Year!
I've developed three new connectors! Could you list them on the connector list table?
Radovan Semancik
@semancik
Thank you, @wadahiro. The connectors are added to the list.
fefa2k
@fefa2k
Hello there, I'm evaluating midpoint and on my checklist I have "the ability to push events after a change happens" like when a user has been deleted, to push those changes to a RabbitMQ queue, is that possible nowadays with midpoint?
mederly
@mederly
@fefa2k If you want midPoint to emit simple notifications like "this object was added, modified or deleted", you can use so called custom notification transport - see https://wiki.evolveum.com/display/midPoint/Custom+notification+transport+HOWTO. (I.e. you would need to insert your own Groovy, JS, or whatever code that would send appropriate message to a RabbitMQ queue.) However, starting from 4.3-M1 there is an experimental feature of "serious" asynchronous provisioning - see https://wiki.evolveum.com/display/midPoint/Asynchronous+%28Messaging%29+Outbound+Resources. The difference between the two approaches is that the latter can utilize the full power of midPoint transformational engine (using mappings, object templates, metaroles, and the like) to derive the content of messages that are sent out. In order words, you can create a remote "projection" of your midPoint users and manage it just like you manage your LDAP, AD, CSV, or whatever "online" resources. Just refer to the wiki links above.
fefa2k
@fefa2k
great, thank you @mederly, the idea we have is to have an already deployed software that reads from a RMQ queue and applies whatever changes were done to the users in their local system (ie. DB, Google admin, whatever...)
mederly
@mederly
@fefa2k Yes. I understand. In usual midPoint deployments, however, this functionality is provided by (synchronous) midPoint connectors. The direct advantage is better troubleshooting, and - in particular - the ability to do "full reconciliation" of a target resource against midPoint. I would recommend to lean towards this architecture, at least in the long run.
Petr Gašparík
@PetrGasparik
@fefa2k if you want just synchronization hub, the idea is ok. Once you need to do auditing and reporting, that's different level.
Sven Lukrafka
@sven.lukrafka_gitlab
Hello, we are planning a contribution to the Ldap-Connector. Does one of you have time for a chat about this?
Radovan Semancik
@semancik
Hi Sven. Any contribution is more than welcome. Let's chat here.
Hiroyuki Wada
@wadahiro
@semancik Hello, I've developed new connector, GitHub Connector. Could you add to the connector list? Thanks in advance.
https://github.com/openstandia/connector-github
Radovan Semancik
@semancik
Thank you Hiroyuki, connector added to the list. Looks like you got up to speed with connector development. I really appreciate that!
Viliam Repan
@1azyman
Hi all, new version of intellij idea midpoint studio plugin was just published and is available on jetbrains marketplace:
milestone: 4.4-125
nightly: 4.4-216-nightly
smntx
@smntx
Hi, everybody. Please excuse the noob question - I'm in need of looking into authorized user session objects. Could someone direct me to the right debugging tech to do it, please?
Brandon Powers
@bpowers1215

Hi everyone. When we implement MidPoint for our clients, we take full advantage of the RBAC capabilities by applying inducements to the org hierarchy orgs and other roles. This grants a standard set of access to the identities by way of things like a person's job title/position. Since there are exceptions to every rule, occasionally identities have direct assignments of specific roles.

The user assignments page is great in that it shows all assignments a user has - broken down by both direct and indirect assignments (granted through the org/role inducements).

Our current challenge is that occasionally, a user's direct assignment may be elevated to a standard indirect assignment by way of org/role inducements (e.g. the exception becomes part of the RBAC - no longer an exception). In such scenarios, we'd like the direct assignment to somehow be auto lifted, but we're finding it difficult to get at the direct/indirect assignment information that the user assignments tab presents.

Is there midpoint utility or model that easily calculates or otherwise reports all direct and indirect assignments (and which they are) to be used in such a scenario? (note, user role membership refs don't inform how the role got there, just that it is there)

mederly
@mederly
Hello @bpowers1215 ! This should be the code that obtains the assignment information to be displayed on the user assignments tab: https://github.com/Evolveum/midpoint/blob/109771af5260d38ccc0e9e67e007a824d51fb397/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/PageAdminFocus.java#L642-L711.
The "interface" (i.e. the EvaluatedAssignment class and its content) is not very clean nor documented - yet. But maybe you would be able to obtain the information you need.
Anyway, what you need - if I am not mistaken - is to obtain a set of EvaluatedAssignments and their targets, and check if a specific target is reachable both directly and indirectly, via different values of $user/assignment. Be sure to check for validity, condition status, inducement orders, and so on. Everything should be there (so no need to e.g. evaluate conditions yourself), but be sure to take those flags into account.
Brandon Powers
@bpowers1215
Thanks @mederly. We actually have been taking a look at that very code. But we found that it seems to be dependent on a user model that is only attainable through an event like modification, or in this case, recomputation? So a recompute task is kicked off in the function you mentioned to obtain this. Am I reading this correctly, or is there another way to detect this information? It seem context will be matter as we are hoping to achieve insight of direct/indirect assignments to remove duplicate direct assignments either in a scripted task or an inbound mapping using assignment target search.
mederly
@mederly
Yes. The information about direct/indirect assignment details is a by-product of a processing of user in so-called Projector. That's a central component in midPoint that takes a situation (focus object, optionally its deltas, and projections), and computes changes that should be applied on the object and its projections. Besides many other things, this projector evaluates also user assignments and their implications. Currently this is the only way how to get this information about assignment details. (I.e. it is not stored in the repository.)
So it is not a "cheap" operation (taking let's say milliseconds or tens of milliseconds). It will take more, depending on your particular situation, maybe hundreds of milliseconds or more.
But this Projector processing can be invoked in any situation. No specific requirements are there.
These are two key lines from the code snipped we are talking about:
Instead of Collections.singleton(delta) you should send an empty collection of deltas - as there are none to be processed.
And you can use this code safely in e.g. scripted task. That would be the best place in my opinion.
mederly
@mederly
If the performance is a concern, you could experiment with so-called partial processing options to disable parts of the Projector processing. E.g. inbound and outbound mappings can be safely turned off, I think. For the overview of the whole Projector process please see this (unfinished) document: https://docs.evolveum.com/midpoint/devel/design/projector-and-clockwork-internals/
1 reply
Hiroyuki Wada
@wadahiro
Hello. On the connector list page, some connectors are named Okta Connector. (For example, the Service Now Connector: https://docs.evolveum.com/connectors/connectors/net.tirasa.connid.bundles.servicenow.ServiceNow/ ).
Could you please fix them?
igor-farinic
@igor-farinic
Hi Hiro, thank you for the report. I have fixed the names
1 reply
Andrew
@davidandrewcope
Hello all. We have a contribution that we would like to discuss. We have a situation were we need to access csv files via windows network share, so we have some proposed changes to the csv connector that provides this support. Proposed changes here for now: https://github.com/ExclamationLabs/connector-csv/commits/feature/add_network_file_support We would like feed back if this is a good feature for this connector, or should it be a new fork of the csv connector. Thoughts?
Viliam Repan
@1azyman
@davidandrewcope Hi Andrew, how are you doing? I'm not sure whether having csv on network drive is good idea, mainly because of performance. Is there a possiblity to mount smb folder and then use it as local one? However I'll ask around about whether we'd like to incorporate such option in connector or not. I also had a quick look at 3 commits here https://github.com/ExclamationLabs/connector-csv/commits/feature/add_network_file_support I noticed spring-core lib being added to dependencies (probably not needed). your new dependencies make csv connector go from 90kb to 6,4mb. (probably due to bouncycastle being bundled in).
igor-farinic
@igor-farinic
@davidandrewcope : the java connector server might resolve the situation with remote access to csv files. We have resurrected the java connector server and are tracking the progress here: https://jira.evolveum.com/browse/MID-7427
Brandon Powers
@bpowers1215

Hi everyone. Is there any effort being made or planned to release the MidPoint Client Library (https://github.com/Evolveum/midpoint-client-java) for midPoint version 4.4? We are hoping to leverage the library, but it seems the current release is 4.3 (and 4.3-M3 at that). Additionally, i'm having trouble importing it because of internal dependencies on non-existent SNAPSHOT versions from the Evolveum nexus-release repository (e.g. Could not find artifact com.evolveum.midpoint.infra:schema-pure-jaxb:pom:4.3-SNAPSHOT in nexus-release).

Any thoughts?

Zegorax
@Zegorax

Hello everyone,
I have a quick question about the LDAP group assignment. I'm not sure if it's a bug.
Let's assume the following : OU for users are ou=People,dc=corp,dc=com
User 1 is uid=user1,ou=People,dc=corp,dc=com and Group1 is cn=Group1,ou=Groups,dc=corp,dc=com

The LDAP Group Metarole is working correctly, and successfully creates LDAP group based on the roles that have the "LDAP Group Metarole".

However, when User1 is assigned the group "Group 1", in the projection of the group (i.e. the OpenLDAP server), the member attribute is "uid=user1,ou=people,dc=corp,dc=com" instead of "uid=user1,ou=People,dc=corc,dc=com" (The upper case letter of "People" is missing).

Is this a bug on the projection detection or is it intended ? I noticed this issue now and it can cause issues with case sensitive systems using LDAP

Emil Militzer
@emilitzerjo
Hello everyone, i created a Evolveum/connector-sap#8 to the SAP Connector. I would be glad to receive some feedback and wanted to know how the release policy is for the sap connector. Currently it seems to stay on the 1.2-SNAPSHOT version.
Hiroyuki Wada
@wadahiro
@semancik Hello, I released new connector, Auth0 Connector! Could you add it to the connector list? Thanks in advance.
https://github.com/openstandia/connector-auth0
igor-farinic
@igor-farinic
@wadahiro , thank you very much for your contribution. We have created page for Auth0 connector: https://docs.evolveum.com/connectors/connectors/jp.openstandia.connector.auth0.Auth0Connector/
Let us know if any information shall be updated.
Barada456
@Barada456
Hi, is there detailed documentation for configuring a GitHub connector on Midpoint? I am facing many problems during the configuration. Please kindly guide me and help me.
Barada456
@Barada456
@wadahiro Hi, is there detailed documentation for configuring a GitHub connector on Midpoint? I am facing many problems during the configuration. Please kindly guide me and help me.
1 reply
Attempt to add resource object without any attributes: shadow:null(null) getting this error while projecting a user to gitlab connector
Hiroyuki Wada
@wadahiro

@semancik @igor-farinic I have also released a new connector, SmartHR Connector.
https://github.com/openstandia/connector-smarthr

Could you add it to the connector list?

Note: SmartHR is HR cloud service optimized for labor management solutions in Japan.
https://smarthr.co.jp/en/

igor-farinic
@igor-farinic
Thank you again for the contribution. Keep rolling out great connectors.
Barada456
@Barada456
image.png
hey , am trying to build Zoom Connector provided by Exclamation Labs , anyone have .jar file or guide me to build . am getting build error like : Username must not be null!
Andrew
@davidandrewcope
@Barada456 Sorry about this. As a security measure, we locked down our Artifactory repository, and forgot that there were dependencies there. We are going to fix this, but in the short term, you can download 2 compiled jars that you need here: https://paste.exclamationlabs.com/?4b4f2fc995c22da8#4w9cc5CudtVZmtkh3oncYFVBDuwowu5ESYTDa7MotzxB and https://paste.exclamationlabs.com/?c0bbc4249c6f13f6#BGaJjAQx8CDggYQimz8DM9RCJF2tfV9Wvogm2wUzLsjP
brahn
@brahn:matrix.org
[m]
Hello, should this resource be functioning?
http://oss.jfrog.org/artifactory/oss-snapshot-local/com/evolveum/polygon/connector-ldap/3.0/connector-ldap-3.0.pom
every jfrog reference we've been using is gone, I don't know if it's intentional or not.
2 replies
Brian
@bdmorin
Also - is anyone aware the nexus is down? https://nexus.evolveum.com/
1 reply
Stefano
@Muxxx
Hi everyone, I understand the official M365 Graph Connector is still experimental, but based on the documentation basic group membership functionality should work. Should this connector return the members of an M365 or Security Group from the Microsoft Graph? We can definitely add and remove users, but the members attribute doesn't seem to populate in the respository, which makes midpoint think the user wasn't added and attempts to add them again. Is this expected behaviour or is this a misconfiguration on our end? Just want to understand expected behaviour of this connector before we go troubleshooting further or we look at forking the repo to add functionality ourselves. Thank you
7 replies
trevop
@trevop
Hello everyone. Is it planned that https://demo.evolveum.com/midpoint is down?
2 replies
trevop
@trevop

Hi everyone! Has anyone tried to connect OpenLDAP to MidPoint with sshPublicKey stored in LDAP? I am receiving the error trying to list accounts - "Couldn't convert resource object from ConnID to midPoint: Name=Attribute: {Name=NAME, Value=[uid=username,ou=users,dc=company,dc=test]}} refers to auxiliary object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}ldapPublicKey which is not in the schema"

What am I doing wrong? Basically as a part of PoC I am trying to replicate similar behaviour that is in Demo - so that account,groups and OU are synced