[midPoint] Active Directory userAccountControl modification problem
Ivan Noris
ivan.noris at evolveum.com
Tue Mar 22 22:08:43 CET 2016
Hi Patrick,
what are you trying to achieve?
Active Directory connector allows you to interact with
userAccountControl by using the following "virtual" attributes:
- passwordExpired (icfs:passwordExpired)
- PasswordNeverExpires (ri:PasswordNeverExpires)
and of course the activation/administrativeStatus
If you need to update the other bits of userAccountControl, I'm not sure
AD connector is capable of doing this.
I have never tried/needed to directly modify userAccountControl yet.
Regards,
Ivan
On 03/22/2016 08:11 PM, Schlehuber, Patrick wrote:
>
> I am wanting to modify the userAccountControl attribute on an account
> that is visible by my AD resource. I have extended the AD schema and
> added the attribute, I do see this attribute populated correctly when
> I view an AD account. When I try to change this attribute I receive
> the following error:
>
> I have tried changing the Resource definition to make this attribute,
> string, int, long, base64Binary all with the same result. What am I
> missing to make this attribute modifiable within midPoint?
>
>
>
>
>
> ConnectorServer.exe Error: 0 : Exception :
>
> Type: System.InvalidCastException
>
> Message: Specified cast is not valid.
>
> Source: FrameworkInternal
>
> Stacktrace:
>
> at
> Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
> oclass, UpdateType type, DirectoryEntry directoryEntry,
> ConnectorAttribute attribute)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
> 667
>
> at
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
> oclass, DirectoryEntry directoryEntry, ICollection`1 attributes,
> UpdateType type, ActiveDirectoryConfiguration config)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
> 258
>
> at
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
> type, ObjectClass oclass, ICollection`1 attributes, OperationOptions
> options)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
> 1091
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
> objectClass, Uid uid, ICollection`1 valuesToAdd, OperationOptions
> options)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> 1712
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
> proxy, MethodInfo method, Object[] args)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> 247
>
> at ___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1 ,
> OperationOptions )
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
> proxy, MethodInfo method, Object[] args)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
> 1344
>
> at ___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1 ,
> OperationOptions )
>
> at
> Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
> request)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
> 626
>
>
>
> Thank you,
>
> Pat
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160322/814fca30/attachment.htm>
More information about the midPoint
mailing list