From d2f17b805a46648e5f11cb809f857d5d4b43c468 Mon Sep 17 00:00:00 2001 From: "Katarina Valalikova (katkav)" Date: Tue, 14 Oct 2014 15:35:48 +0200 Subject: [PATCH] fixing object not found handling - situation when it is expected that shadow does not exist + added new test - science --- .../icf/dummy/resource/DummyResource.java | 5 +- .../midpoint/model/impl/lens/LensUtil.java | 5 +- .../projector/ConsolidationProcessor.java | 2 +- .../impl/lens/projector/ContextLoader.java | 1 + .../impl/ProvisioningServiceImpl.java | 6 + .../midpoint/testing/story/TestScience.java | 229 ++++++++++++++ .../src/test/resources/schema/science.xsd | 67 ++++ .../test/resources/science/group-stats.ldif | 4 + .../science/resource-dummy-stats.xml | 149 +++++++++ .../resources/science/resource-dummy-unix.xml | 189 +++++++++++ .../science/resource-opendj-ad-simulation.xml | 293 ++++++++++++++++++ .../resources/science/role-statistics.xml | 37 +++ 12 files changed, 983 insertions(+), 4 deletions(-) create mode 100644 testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestScience.java create mode 100644 testing/story/src/test/resources/schema/science.xsd create mode 100644 testing/story/src/test/resources/science/group-stats.ldif create mode 100644 testing/story/src/test/resources/science/resource-dummy-stats.xml create mode 100644 testing/story/src/test/resources/science/resource-dummy-unix.xml create mode 100644 testing/story/src/test/resources/science/resource-opendj-ad-simulation.xml create mode 100644 testing/story/src/test/resources/science/role-statistics.xml diff --git a/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyResource.java b/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyResource.java index 535021a0b6f..089d30978a6 100644 --- a/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyResource.java +++ b/icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyResource.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; +import java.util.Random; import java.util.Set; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; @@ -458,8 +459,8 @@ private synchronized String addObject(Map map, //this is "resource-generated" attribute (used to simulate resource which generate by default attributes which we need to sync) if (generateDefaultValues){ - int internalId = allObjects.size(); - newObject.addAttributeValue(DummyAccount.ATTR_INTERNAL_ID, internalId++); +// int internalId = allObjects.size(); + newObject.addAttributeValue(DummyAccount.ATTR_INTERNAL_ID, new Random().nextInt()); } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java index 2715a86f8ca..0a31fe47a58 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/LensUtil.java @@ -610,8 +610,11 @@ public static void loadFullAccount(LensContext context LOGGER.trace("Loading full account {} from provisioning", accCtx); try{ + GetOperationOptions getOptions = GetOperationOptions.createDoNotDiscovery(); + getOptions.setAllowNotFound(true); + Collection> options = SelectorOptions.createCollection(getOptions); PrismObject objectOld = provisioningService.getObject(ShadowType.class, - accCtx.getOid(), SelectorOptions.createCollection(GetOperationOptions.createDoNotDiscovery()), + accCtx.getOid(), options, null, result); // TODO: use setLoadedObject() instead? accCtx.setObjectCurrent(objectOld); diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ConsolidationProcessor.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ConsolidationProcessor.java index c6d4b96146b..159ec18a23d 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ConsolidationProcessor.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ConsolidationProcessor.java @@ -162,7 +162,7 @@ private ObjectDelta consolidateValuesToModifyD LensProjectionContext projCtx, boolean addUnchangedValues, OperationResult result) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException { - + // "Squeeze" all the relevant mappings into a data structure that we can process conveniently. We want to have all the // (meta)data about relevant for a specific attribute in one data structure, not spread over several account constructions. MappingExtractor, F> attributeExtractor = new MappingExtractor, F>() { diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java index 08f2d919636..7af73990208 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/ContextLoader.java @@ -896,6 +896,7 @@ private void finishLoadOfProjectionContext(LensContext projContext.setExists(true); GetOperationOptions rootOptions = projContext.isDoReconciliation() ? GetOperationOptions.createDoNotDiscovery() : GetOperationOptions.createNoFetch(); + rootOptions.setAllowNotFound(true); Collection> options = SelectorOptions.createCollection(rootOptions); try{ PrismObject objectOld = provisioningService.getObject( diff --git a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java index 519919ab367..c620348564c 100644 --- a/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java +++ b/provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningServiceImpl.java @@ -265,6 +265,9 @@ public PrismObject getObject(Class type, String oid } catch (ObjectNotFoundException e) { if (!GetOperationOptions.isAllowNotFound(rootOptions)){ recordFatalError(LOGGER, result, "Error getting object OID=" + oid + ": " + e.getMessage(), e); + } else{ + result.muteLastSubresultError(); + result.computeStatus(); } throw e; } catch (CommunicationException e) { @@ -1475,6 +1478,9 @@ private PrismObject getRepoObject(Class type, Strin } catch (ObjectNotFoundException e) { if (!GetOperationOptions.isAllowNotFound(options)){ recordFatalError(LOGGER, result, "Can't get object with oid " + oid + ". Reason " + e.getMessage(), e); + } else { + result.muteLastSubresultError(); + result.computeStatus(); } throw e; } catch (SchemaException ex) { diff --git a/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestScience.java b/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestScience.java new file mode 100644 index 00000000000..7cdbdc4257d --- /dev/null +++ b/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestScience.java @@ -0,0 +1,229 @@ +package com.evolveum.midpoint.testing.story; +/* + * Copyright (c) 2013 Evolveum + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import static org.testng.AssertJUnit.assertFalse; +import static org.testng.AssertJUnit.assertNotNull; + +import java.io.File; + +import javax.xml.namespace.QName; + +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.testng.AssertJUnit; +import org.testng.annotations.AfterClass; +import org.testng.annotations.Test; + +import com.evolveum.icf.dummy.resource.DummyObjectClass; +import com.evolveum.icf.dummy.resource.DummyResource; +import com.evolveum.midpoint.prism.PrismObject; +import com.evolveum.midpoint.prism.PrismProperty; +import com.evolveum.midpoint.schema.result.OperationResult; +import com.evolveum.midpoint.task.api.Task; +import com.evolveum.midpoint.test.DummyResourceContoller; +import com.evolveum.midpoint.test.IntegrationTestTools; +import com.evolveum.midpoint.test.util.TestUtil; +import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.ResourceType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.RoleType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; + +/** + * + * @author Katarina Valalikova + * + */ + +@ContextConfiguration(locations = {"classpath:ctx-story-test-main.xml"}) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class TestScience extends AbstractStoryTest { + + private static final String TEST_DIR = "src/test/resources/science"; + + public static final String NS_SCIENCE_EXT = "http://midpoint.evolveum.com/xml/ns/science/user/ext"; + private static final QName SCIENCE_EXTENSION_UID_QNAME = new QName(NS_SCIENCE_EXT, "aixUserId"); + + private static final File ROLE_STATISTICS_FILE = new File(TEST_DIR, "/role-statistics.xml"); + private static final String ROLE_STATISTICS_OID = "23d90f70-1924-419e-9beb-78a8bde6d261"; + +// private static final File ROLE_MATH_FILE = new File(TEST_DIR, "/role-math.xml"); +// private static final String ROLE_MATH_OID = ""; + + private static final File GROUP_STATS_USERS_LDIF_FILE = new File(TEST_DIR, "group-stats.ldif"); + + private static final File RESOURCE_OPENDJ_AD_SIMULATION_FILE = new File(TEST_DIR, "resource-opendj-ad-simulation.xml"); + private static final String RESOURCE_OPENDJ_AD_SIMULATION_OID = "10000000-0000-0000-0000-0000000001ad"; + + private static final File RESOURCE_DUMMY_STATS_FILE = new File(TEST_DIR, "resource-dummy-stats.xml"); + private static final String RESOURCE_DUMMY_STATS_OID = "10000000-0000-0000-0000-0000000005sa"; + protected static final String RESOURCE_DUMMY_STATS_ID = "stats"; + + private static final File RESOURCE_DUMMY_UNIX_FILE = new File(TEST_DIR, "resource-dummy-unix.xml"); + private static final String RESOURCE_DUMMY_UNIX_OID = "10000000-0000-0000-0000-0000000004ax"; + protected static final String RESOURCE_DUMMY_UNIX_ID = "unix"; + + private static final String DUMMY_ACCOUNT_ATTRIBUTE_UNIX_SHELL_NAME = "Shell"; + private static final String DUMMY_ACCOUNT_ATTRIBUTE_UNIX_SYSTEM_NAME = "SYSTEM"; + private static final String DUMMY_ACCOUNT_ATTRIBUTE_UNIX_DIR_NAME = "Dir"; + private static final String DUMMY_ACCOUNT_ATTRIBUTE_UNIX_UID_NAME = "Uid"; + private static final String DUMMY_ACCOUNT_ATTRIBUTE_UNIX_DESCRIPTION_NAME = "Description"; + + private static final String DUMMY_ACCOUNT_ATTRIBUTE_STATS_DESC_NAME = "Desc"; + + + protected static DummyResource dummyResourceUnix; + protected static DummyResourceContoller dummyResourceCtlUnix; + protected ResourceType resourceDummyUnixType; + protected PrismObject resourceDummyUnix; + + protected static DummyResource dummyResourceStats; + protected static DummyResourceContoller dummyResourceCtlStats; + protected ResourceType resourceDummyStatsType; + protected PrismObject resourceDummyStats; + + protected ResourceType resourceOpenDjType; + protected PrismObject resourceOpenDj; + + @Override + protected void startResources() throws Exception { + openDJController.startCleanServer(); + } + + @AfterClass + public static void stopResources() throws Exception { + openDJController.stop(); + } + + @Override + public void initSystem(Task initTask, OperationResult initResult) throws Exception { + super.initSystem(initTask, initResult); + + // Roles + repoAddObjectFromFile(ROLE_STATISTICS_FILE, RoleType.class, initResult); +// repoAddObjectFromFile(ROLE_MATH_FILE, RoleType.class, initResult); + + resourceOpenDj = importAndGetObjectFromFile(ResourceType.class, RESOURCE_OPENDJ_AD_SIMULATION_FILE, RESOURCE_OPENDJ_AD_SIMULATION_OID, initTask, initResult); + resourceOpenDjType = resourceOpenDj.asObjectable(); + openDJController.setResource(resourceOpenDj); + + openDJController.addEntryFromLdifFile(GROUP_STATS_USERS_LDIF_FILE); + + // Resources + dummyResourceCtlUnix = DummyResourceContoller.create(RESOURCE_DUMMY_UNIX_ID, resourceDummyUnix); + dummyResourceCtlUnix.populateWithDefaultSchema(); + DummyObjectClass dummyUnixAccountObjectClass = dummyResourceCtlUnix.getDummyResource().getAccountObjectClass(); + dummyResourceCtlUnix.addAttrDef(dummyUnixAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_UNIX_DESCRIPTION_NAME, String.class, false, false); + dummyResourceCtlUnix.addAttrDef(dummyUnixAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_UNIX_DIR_NAME, String.class, false, false); + dummyResourceCtlUnix.addAttrDef(dummyUnixAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_UNIX_SHELL_NAME, String.class, false, false); + dummyResourceCtlUnix.addAttrDef(dummyUnixAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_UNIX_SYSTEM_NAME, String.class, false, false); + dummyResourceCtlUnix.addAttrDef(dummyUnixAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_UNIX_UID_NAME, Integer.class, false, false); +// dummyResourceCtlUnix.extendSchemaAd();; + dummyResourceUnix = dummyResourceCtlUnix.getDummyResource(); + resourceDummyUnix = importAndGetObjectFromFile(ResourceType.class, RESOURCE_DUMMY_UNIX_FILE, RESOURCE_DUMMY_UNIX_OID, initTask, initResult); + resourceDummyUnixType = resourceDummyUnix.asObjectable(); + dummyResourceCtlUnix.setResource(resourceDummyUnix); + + dummyResourceCtlStats = DummyResourceContoller.create(RESOURCE_DUMMY_STATS_ID, resourceDummyStats); + dummyResourceCtlStats.populateWithDefaultSchema(); + DummyObjectClass dummyStatsAccountObjectClass = dummyResourceCtlStats.getDummyResource().getAccountObjectClass(); + dummyResourceCtlStats.addAttrDef(dummyStatsAccountObjectClass, DUMMY_ACCOUNT_ATTRIBUTE_STATS_DESC_NAME, String.class, false, false); + + dummyResourceStats = dummyResourceCtlStats.getDummyResource(); + resourceDummyStats = importAndGetObjectFromFile(ResourceType.class, RESOURCE_DUMMY_STATS_FILE, RESOURCE_DUMMY_STATS_OID, initTask, initResult); + resourceDummyStatsType = resourceDummyStats.asObjectable(); + dummyResourceCtlStats.setResource(resourceDummyStats); + + } + + @Test + public void test000Sanity() throws Exception { + final String TEST_NAME = "test000Sanity"; + TestUtil.displayTestTile(this, TEST_NAME); + Task task = taskManager.createTaskInstance(TestScience.class.getName() + "." + TEST_NAME); + + OperationResult testResultStats = modelService.testResource(RESOURCE_DUMMY_STATS_OID, task); + TestUtil.assertSuccess(testResultStats); + + OperationResult testResultUnix = modelService.testResource(RESOURCE_DUMMY_UNIX_OID, task); + TestUtil.assertSuccess(testResultUnix); + + OperationResult testResultAd = modelService.testResource(RESOURCE_OPENDJ_AD_SIMULATION_OID, task); + TestUtil.assertSuccess(testResultAd); + + waitForTaskStart(TASK_TRIGGER_SCANNER_OID, true); + waitForTaskStart(TASK_VALIDITY_SCANNER_OID, true); + } + + @Test + public void test100jackAssignRoleStatistics() throws Exception { + final String TEST_NAME = "test100jackAssignRoleStatistics"; + TestUtil.displayTestTile(this, TEST_NAME); + Task task = taskManager.createTaskInstance(TestScience.class.getName() + "." + TEST_NAME); + + OperationResult result = task.getResult(); + + assignRole(USER_JACK_OID, ROLE_STATISTICS_OID); + + PrismObject userJack = repositoryService.getObject(UserType.class, USER_JACK_OID, null, result); + AssertJUnit.assertNotNull("User jack not found", userJack); + UserType jackType = userJack.asObjectable(); + + IntegrationTestTools.display("User Jack", jackType); + + AssertJUnit.assertEquals("Wrong number of link refs", 3, jackType.getLinkRef().size()); + + assertUserJack(userJack); + assertLinks(userJack, 3); + String accountStatsOid = getLinkRefOid(userJack, RESOURCE_DUMMY_STATS_OID); + String accountUnixOid = getLinkRefOid(userJack, RESOURCE_DUMMY_UNIX_OID); + String accountOpenDjOid = getLinkRefOid(userJack, RESOURCE_OPENDJ_AD_SIMULATION_OID); + + PrismObject shadowStats = provisioningService.getObject(ShadowType.class, accountStatsOid, null, task, result); + IntegrationTestTools.display("Stats account: ", shadowStats); + PrismObject shadowUnix = provisioningService.getObject(ShadowType.class, accountUnixOid, null, task, result); + IntegrationTestTools.display("Unix account: ", shadowUnix); + PrismObject shadowOpenDj = provisioningService.getObject(ShadowType.class, accountOpenDjOid, null, task, result); + IntegrationTestTools.display("AD account: ", shadowOpenDj); + + PrismProperty generatedValue = userJack.findExtensionItem(SCIENCE_EXTENSION_UID_QNAME); + assertNotNull("Generated id value must not be null", generatedValue); + assertFalse("Generated value must not be empty", generatedValue.isEmpty()); + + } + + + @Test + public void test200delteUserJack() throws Exception { + final String TEST_NAME = "test100jackAssignRoleStatistics"; + TestUtil.displayTestTile(this, TEST_NAME); + Task task = taskManager.createTaskInstance(TestScience.class.getName() + "." + TEST_NAME); + + OperationResult result = task.getResult(); + + deleteObject(UserType.class, USER_JACK_OID, task, result); + + result.computeStatus(); + + IntegrationTestTools.display("Result: ", result); + AssertJUnit.assertTrue("Unexpected failure", result.isSuccess()); + + + } + +} diff --git a/testing/story/src/test/resources/schema/science.xsd b/testing/story/src/test/resources/schema/science.xsd new file mode 100644 index 00000000000..f894427d1f2 --- /dev/null +++ b/testing/story/src/test/resources/schema/science.xsd @@ -0,0 +1,67 @@ + + + + + + + + + + + + + + + + + + false + AIX user ID + + + + + + + false + AIX home dir + + + + + + + false + AIX default shell + + + + + + + false + AIX description + + + + + + diff --git a/testing/story/src/test/resources/science/group-stats.ldif b/testing/story/src/test/resources/science/group-stats.ldif new file mode 100644 index 00000000000..e7bcc886a30 --- /dev/null +++ b/testing/story/src/test/resources/science/group-stats.ldif @@ -0,0 +1,4 @@ +dn: cn=StatsUsers,ou=groups,dc=example,dc=com +cn: StatsUsers +objectclass: top +objectclass: groupOfUniqueNames diff --git a/testing/story/src/test/resources/science/resource-dummy-stats.xml b/testing/story/src/test/resources/science/resource-dummy-stats.xml new file mode 100644 index 00000000000..2443454aefd --- /dev/null +++ b/testing/story/src/test/resources/science/resource-dummy-stats.xml @@ -0,0 +1,149 @@ + + + + + + Dummy Stats + + + + + connectorType + com.evolveum.icf.dummy.connector.DummyConnector + + + connectorVersion + 2.0 + + + + + + + + stats + true + uuid + + + + true + true + + + + + + + default + Default Account + true + ri:AccountObjectClass + + icfs:name + Username + + 0 + + + weak + + name + + + + + name + + + + + ri:Desc + + weak + + Created by midPoint + + + + + + relaxed + 20 + + + + + + + 2014-09-25T16:48:44.116+02:00 + 2f775cd4fc853ed-e27414e68419f226 + + + + + + + + + + connector + + + + + + + true + + + Correlation expression is a search query. + Following search queury will look for users that have "name" + equal to the "uid" attribute of the account. Simply speaking, + it will look for match in usernames in the IDM and the resource. + The correlation rule always looks for users, so it will not match + any other object type. + + + name + + $shadow/attributes/icfs:name + + + + + linked + true + + + unlinked + true + + + + + \ No newline at end of file diff --git a/testing/story/src/test/resources/science/resource-dummy-unix.xml b/testing/story/src/test/resources/science/resource-dummy-unix.xml new file mode 100644 index 00000000000..e390e747051 --- /dev/null +++ b/testing/story/src/test/resources/science/resource-dummy-unix.xml @@ -0,0 +1,189 @@ + + + + + + Dummy Unix + + + + + connectorType + com.evolveum.icf.dummy.connector.DummyConnector + + + connectorVersion + 2.0 + + + + + + + + unix + true + uuid + true + + + + true + true + + + + + + + account + default + Default Account + true + ri:AccountObjectClass + + icfs:name + Username + + 0 + + mr:stringIgnoreCase + + weak + + name + + + + + ri:Shell + + weak + + extension/ext:aixDefaultShell + + + + + extension/ext:aixDefaultShell + + + + + ri:SYSTEM + + weak + + KRB5LDAP + + + + + ri:Dir + + + extension/ext:aixHomeDir + + + + + ri:internalId + + + true + true + false + + + + weak + + extension/ext:aixUserId + + + + strong + + extension/ext:aixUserId + + + + + ri:Description + Description + + + $user/extension/ext:aixDescription + + + + + + relaxed + + + + + + + + + + + + + true + + + Correlation expression is a search query. + Following search queury will look for users that have "name" + equal to the "sAMAccountName" attribute of the account. Simply speaking, + it will look for match in usernames in the IDM and the resource. + The correlation rule always looks for users, so it will not match + any other object type. + + + name + + $shadow/attributes/icfs:name + + + + + unlinked + true + + + + + \ No newline at end of file diff --git a/testing/story/src/test/resources/science/resource-opendj-ad-simulation.xml b/testing/story/src/test/resources/science/resource-opendj-ad-simulation.xml new file mode 100644 index 00000000000..cc6f13d2333 --- /dev/null +++ b/testing/story/src/test/resources/science/resource-opendj-ad-simulation.xml @@ -0,0 +1,293 @@ + + + + + + + + Test AD (OpenDJ simulation) + + + Dummy description, just for the test + + + c:connectorType + org.identityconnectors.ldap.LdapConnector + + + + + + + true + true + + + 10389 + localhost + dc=example,dc=com + cn=directory manager + + secret + + uid + ds-pwp-account-disabled + + + + + + default + Default Account + true + ri:AccountObjectClass + + ri:givenName + Given Name + + + givenName + + + + + ri:sn + Surname + + + familyName + + + + + ri:uid + Login name + true + mr:stringIgnoreCase + + weak + + name + + + + + ri:displayName + Principal name + mr:stringIgnoreCase + + weak + + name + + + + + + + + ri:mail + + + emailAddress + + + + + icfs:name + Distinguished Name + + 0 + + true + true + + + mr:stringIgnoreCase + + weak + + givenName + + + familyName + + + + + + + + ri:o + Unix home directory + + + extension/ext:aixHomeDir + + + + + ri:ou + Aix login shell + + + extension/ext:aixDefaultShell + + + + + ri:roomNumber + Aix gecos + + + extension/ext:aixDescription + + + + + ri:title + Aix user ID + + + extension/ext:aixUserId + + + + + ri:initials + Logon script + + weak + + \someBatCommand.bat + + + + + + + + + + + + + + ri:employeeType + AIX Group ID + + weak + + 203 + + + + + + relaxed + 10 + true + + + ri:groups + true + mr:stringIgnoreCase + entitlement + math + stats + objectToSubject + ri:uniqueMember + icfs:name + + + 5 + + + + + + weak + + + + + + + + + entitlement + math + Science groups + true + ri:GroupObjectClass + + + entitlement + stats + Science groups + false + ri:GroupObjectClass + + + + + + true + + + Correlation expression is a search query. + Following search queury will look for users that have "name" + equal to the "sAMAccountName" attribute of the account. Simply speaking, + it will look for match in usernames in the IDM and the resource. + The correlation rule always looks for users, so it will not match + any other object type. + + + polyStringNorm + name + + $shadow/attributes/ri:uid + + + + + unlinked + true + + + + + diff --git a/testing/story/src/test/resources/science/role-statistics.xml b/testing/story/src/test/resources/science/role-statistics.xml new file mode 100644 index 00000000000..313e455c712 --- /dev/null +++ b/testing/story/src/test/resources/science/role-statistics.xml @@ -0,0 +1,37 @@ + + Stats + + + + + ri:groups + true + + + + + + attributes/icsf:name + CN=StatsUsers,OU=groups,DC=example,DC=com + + + true + + + + + + + + + + + + + + + + + \ No newline at end of file