From sanyakirilloff at gmail.com  Wed Sep 20 18:25:41 2023
From: sanyakirilloff at gmail.com (=?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCa0LjRgNC40LvQu9C+0LI=?=)
Date: Wed, 20 Sep 2023 23:25:41 +0700
Subject: [Midpoint-dev] Problem importing groups as roles from Active
 Directory to MidPoint
Message-ID: <CAO20-iAOJwHQ5p-LNr8aVMkdXfT7cCr=U=-HUSGH_8=6GkoMuw@mail.gmail.com>

Hello community!

I have an AD resource configured. I need to import AD groups into MidPoint
as roles. I have specified the following configuration:
```





































































*<objectType id="2">            <kind>entitlement</kind>
<intent>group</intent>            <displayName>AD Group</displayName>
      <default>true</default>
<objectClass>ri:group</objectClass>            <focus>
<type>c:RoleType</type>            </focus>            <attribute id="22">
              <ref>ri:dn</ref>                <matchingRule
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3
<http://prism.evolveum.com/xml/ns/public/matching-rule-3>">mr:stringIgnoreCase</matchingRule>
              <outbound>                    <source>
<path>$focus/name</path>                    </source>
<expression>                        <script>
<code>                                'CN=' + name +
',CN=Users,DC=idm,DC=ru'                            </code>
        </script>                    </expression>
</outbound>            </attribute>            <attribute id="23">
      <ref>ri:name</ref>                <outbound>
<source>                        <path>$focus/name</path>
</source>                </outbound>                <inbound id="26">
              <target>                        <path>name</path>
        </target>                </inbound>            </attribute>
    <attribute id="24">                <ref>ri:description</ref>
    <outbound>                    <strength>strong</strength>
      <source>                        <path>description</path>
      </source>                </outbound>                <inbound
id="27">                    <target>
<path>description</path>                    </target>
</inbound>            </attribute>            <correlation>
<correlators>                    <items id="157">
<item id="158">                            <ref>name</ref>
      </item>                    </items>                </correlators>
        </correlation>            <synchronization>
<reaction id="159">                    <situation>unmatched</situation>
                <actions>                        <addFocus id="160"/>
              </actions>                </reaction>
</synchronization>        </objectType>*
```
I also configured the task to import groups from AD. The trick is that of
all existing groups, only half are added in the form of roles; for the
remaining roles, MidPoint throws the following error:

*Error processing focus(role:null(Operators Server)): constraint violation:
Found conflicting existing object with property name =
PP({.../common/common-3}name):[PPV(PolyString:* *Operators Server*
*)]: role:471cba00-1b15-45d3-94c4-287fa0ff661e(Administrators)*
In *<correlation> *I added

* matchingRule:*
*<matchingRule>polyStringNorm</matchingRule>*

This fixed the bugs - the task of adding groups now completes without them.
But this did not solve the problem that, as before, of all groups, exactly
half are added as roles, the rest are simply ignored.

Tell me how this can be fixed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint-dev/attachments/20230920/948f8556/attachment.htm>

From topplerjason at gmail.com  Mon Sep 25 15:37:59 2023
From: topplerjason at gmail.com (Jason Toppler)
Date: Mon, 25 Sep 2023 20:37:59 +0700
Subject: [Midpoint-dev] Problem creating a mailbox on an Exchange server
 using an SSH connector
Message-ID: <CAKPiRxj7xmE0_zWKGt=th4etobACha62-YQ+=NfVY+=9pPBWrA@mail.gmail.com>

Hi, all!

I have an Active Directory resource to which I added an SSH connector. My
goal is to create a mailbox on the Exchange server for a new user. For this
I use the following script:
























*        <script>            <host>resource</host>
<language>powershell</language>            <argument>
<name>givenName</name>                <path>$user/givenName</path>
  </argument>            <argument>                <name>familyName</name>
              <path>$user/familyName</path>            </argument>
  <argument>                <name>email</name>                <script>
              <code>                     email = user.getGivenName() +
user.getFamilyName() + '@idm.ru <http://idm.ru/>'
 return email                  </code>                </script>
</argument>
<code>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command ".
'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1';
Connect-ExchangeServer -auto -ClientApplication:ManagementShell;
New-Mailbox -Name $givenName$familyName -UserPrincipalName $email -Password
(ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)"</code>
        <operation>modify</operation>            <order>after</order>
  </script>*
The command to be executed looks like this:

*$givenName = 'Assol'; $familyName = 'Vandenguk2'; $email =
'AssolVandenguk2 at idm.ru <AssolVandenguk2 at idm.ru>';
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command ".
'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1';
Connect-ExchangeServer -auto -ClientApplication:ManagementShell;
New-Mailbox -Name $givenName$familyName -UserPrincipalName $email -Password
(ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force)"*

This doesn't work. I understand this because the command is executed in
cmd.exe, not powershell.

Is it possible to somehow make the command work?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint-dev/attachments/20230925/87168ded/attachment.htm>