FIM XPath and Security Group filter

Hi,

I'm able to create a SG with a simple xpath filter like this: /Person[(ObjectID = '7fb2b853-24f0-4498-9534-4e10589723c4')]

Now, I want to crate a SG with a more complex filter like this one:

/Person[ObjectID = /UserEntityAssociation[EntityRef = /Entity[EntityCode = '100'] and RoleRef=Role[DisplayName = RESP]]/Manager]

The Expression I'm using in the filter works on a FIM Webservice defaultClient.Enumerate

Is this a FIM limitation or a configuration issue?

I doubt it's a permissions issues because I'm able to change the xpath expression. I just cant put a more complicated one.

The error I get on the portal is this:

Error processing your request: The server was unwilling to perform the requested operation.
Reason: Unspecified.
Attributes:
Correlation Id: e8a666f0-4b7b-4e4d-b64e-3d3e8c7538ad
Request Id:
Details: Request could not be dispatched.

Many thanks,

DD



  • Edited by DevDiver Tuesday, February 24, 2015 4:54 PM
February 24th, 2015 7:28pm

Thanks Sylvain, that's quite helpfull.

Attention to the link you mentioned, it has some chars at the end invalidating the navigation.

the link helped me to understand the existing limitations, so I created a set with the desired Objects to work with.

Althouh, I cannot create a SG with this filter:

Person[ObjectID = /Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb']/ComputedMember/Utilizador]

I cant even create a set with these:

/Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb']/ComputedMember

These xpath expressions are valid, they work via the webservice enumerate and they are not included in the FIM Service limitations, I think.

Is there anyway I can make this work?

Many thanks,

DD


  • Edited by DevDiver Tuesday, February 24, 2015 8:15 PM
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2015 11:12pm

In fact, you can only use "ComputedMember"  with object type "Set" or "Group" for that kind of Xpath for the group filter (and only "Set" for the Set filter).

Regards,

February 25th, 2015 7:57am

Yes, that did work. I mean the expression was accepted by FIM.

The Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb'] gives me a custom Resource. I need to get the "Person" out of it via the "Utilizador" attribute but I cant figure out how.

The "Utilizador" attribute is a reference to Person.

Any idea?

Many thanks,

DD


  • Edited by DevDiver Wednesday, February 25, 2015 10:03 AM
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 12:52pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics