[midPoint] New to midpoint, trying to figure out how things work
Ivan Noris
ivan.noris at evolveum.com
Thu Jul 18 12:31:41 CEST 2013
Hi Salim,
On 07/18/2013 12:05 PM, Salim Boulkour wrote:
>
> Hi Ivan,
>
> I’ve been using Opera, and the green bar stating the success of the
> import didn’t show up, nor a orange or red one saying a problem occurred.
>
> I tried with Firefox and now have the detailed errors about the XML
> import J
>
Great, so this was/is opera problem. I'll check this browser support
status. Meanwhile please continue evaluating/testing with Firefox or
Chrome (these are the best).
> The advanced schema doesn’t work out of the box with OpenLDAP.
>
> Midpoint is looking for ‘ds-pwp-account-disabled’ wich is specific to
> OpenDS from what I understood. So I used values 0 and 1 in attribute
> ‘roomNumber’ to get rid of related errors.
>
Yes, that attribute is specific to OpenDS / OpenDJ to support account
activation/deactivation (enable/disable). I don't have OpenLDAP
configured right now, so just by googling I've found:
pwdAccountLockedTime: 000001010000Z
(the value above means account is locked, from
http://comments.gmane.org/gmane.network.openldap.general/40519)
To configure your resource, this *might* work:
<capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2">
<configured>
<cap:activation>
<cap:enableDisable>
<cap:attribute>ri:pwdAccountLockedTime</cap:attribute>
<cap:enableValue/>
<cap:disableValue>000001010000Z</cap:disableValue>
</cap:enableDisable>
</cap:activation>
</configured>
</capabilities>
But it is only a long shot, can't test it now. Anyway your test with
other attribute (roomNumber) should have already showed you how the
activation works. Please if the above example works, tell us. Also, if
it does not :)
> For short, thanks to your help, I managed to make it work !
>
> Next steps : roles, and role based provisioning.
>
> I might send some more questions later in the day ;)
>
Feel free to contact us :)
Thanks for the feedback.
Regards,
Ivan
> Regards,
>
> Salim
>
> *De :*midpoint-bounces at lists.evolveum.com
> [mailto:midpoint-bounces at lists.evolveum.com] *De la part de* Ivan Noris
> *Envoyé :* mercredi 17 juillet 2013 23:06
> *À :* midPoint General Discussion
> *Objet :* Re: [midPoint] New to midpoint, trying to figure out how
> things work
>
> Hi Salim,
>
> the top right thing may be related to your browser (but this is just a
> guess). In current trunk (2.2) midPoint I haven't seen this (but I
> remember I have seen it some time ago). What browser is this?
>
> But: after importing a resource, did you see a green/red bar above the
> upload button (in the page body)? This should be the result, and it is
> clickable to show some subresults. See attached screenshot.
>
> But - if you see the resource in the RESOURCES page, with "?" icon,
> that becomes green after clicking, the test connection is successfull
> and you have imported it successfully.
>
> To use "automatic" filling of the values, the sample you have imported
> is "too basic" :-) It has no configuration for such things, you can
> only manually fill the account attributes.
>
> For more real-world example, please use the
> "opendj-localhost-resource-sync-no-extension-advanced.xml" sample.
> This sample is configured for both-way synchronization and
> provisioning, but you don't need the synchronization for using the
> provisioning.
>
> In this sample, the sn, cn, uid attributes are mapped to midPoint user
> attributes and DN is constructed using midPoint name and
> ou=people,dc=example,dc=com suffix (be sure to change if your suffix
> differs). There are also some other attributes, but these are the
> mandatory for directory servers.
>
> You can see how the attributes are mapped in the sample, see
> <schemaHandling> section and the LDAP attributes and their <outbound>
> expressions. To understand it further, please see at least:
>
> https://wiki.evolveum.com/display/midPoint/Mappings+and+Expressions
>
> and pages referenced from there. But you should get an idea just by
> looking.
>
> Good luck!
>
> Regards,
> Ivan
>
> On 07/17/2013 05:38 PM, Salim Boulkour wrote:
>
> Hey Ivan,
>
> Thanks for your feedback.
>
> I’ve been trying to create a new resource with the basic OpenDJ
> sample. Couldn’t find simpler LDAP example (renamed in “Basic
> OpenLDAP” here)
>
> I replaced few things like the admin, the secret, the IP adress
> and the base DN.
>
> When importing I have no error in logs :
>
> 2013-07-17 17:27:54,988 [MODEL] [http-8080-1] INFO
> (com.evolveum.midpoint.model.importer.ObjectImporter): Imported
> object resource:bc5a0cea-10c8-4b04-b4c9-d28c4a638992(Basic
> <resource:bc5a0cea-10c8-4b04-b4c9-d28c4a638992%28Basic> OpenLDAP)
>
> But I get the red error message on the top right with no more clue :
>
> In the resources page, the Basic OpenLDAP is here, but status info
> stay at “?”. When testing connexion everything turns to green.
>
> So, is there a bug here ?
>
> Then, I try to attache an account to an already created user.
>
> Fillin’ in the account attributes doesn’t work. How can I use
> attributes from the user to fill in the account attributes ?
> (variable operator ?)
>
>
>
>
> --
> Ing. Ivan Noris
> Consultant
> Evolveum, s.r.o
> ___________________________________________________
> "Semper cautus - semper paratus - semper idem Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Consultant
Evolveum, s.r.o
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130718/79262cc0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 1110 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130718/79262cc0/attachment.png>
More information about the midPoint
mailing list