[midPoint] New to midpoint, trying to figure out how things work

Salim Boulkour salim.boulkour at arismore.fr
Thu Jul 18 16:08:12 CEST 2013 

Hey Ivan,

 

OK to test that OpenLDAP attribute. But I’m using out of the box OpenLDAP so if there’s something to activate it wouldn’t work on my current system ...

 

Some comes the question about modifying an object.

I know how to create and delete object but not how to modify one. Importing it again (with same OID) just tells me object already exists and doesn’t overwrite it.

 

 

Regards,

Salim

 

 

De : midpoint-bounces at lists.evolveum.com [mailto:midpoint-bounces at lists.evolveum.com] De la part de Ivan Noris
Envoyé : jeudi 18 juillet 2013 12:32
À : midpoint at lists.evolveum.com
Objet : Re: [midPoint] New to midpoint, trying to figure out how things work

 

Hi Salim,

On 07/18/2013 12:05 PM, Salim Boulkour wrote:

	Hi Ivan,

	 

	I’ve been using Opera, and the green bar stating the success of the import didn’t show up, nor a orange or red one saying a problem occurred.

	I tried with Firefox and now have the detailed errors about the XML import J


Great, so this was/is opera problem. I'll check this browser support status. Meanwhile please continue evaluating/testing with Firefox or Chrome (these are the best).




 

The advanced schema doesn’t work out of the box with OpenLDAP.

Midpoint is looking for ‘ds-pwp-account-disabled’ wich is specific to OpenDS from what I understood. So I used values 0 and 1 in attribute ‘roomNumber’ to get rid of related errors.


Yes, that attribute is specific to OpenDS / OpenDJ to support account activation/deactivation (enable/disable). I don't have OpenLDAP configured right now, so just by googling I've found:

pwdAccountLockedTime: 000001010000Z


(the value above means account is locked, from http://comments.gmane.org/gmane.network.openldap.general/40519)

To configure your resource, this might work:

  <capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2" <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-2> >
        <configured>
            <cap:activation>
                <cap:enableDisable>
                    <cap:attribute>ri:pwdAccountLockedTime</cap:attribute>
                    <cap:enableValue/>
                    <cap:disableValue>000001010000Z</cap:disableValue>
                </cap:enableDisable>
            </cap:activation>
        </configured>
    </capabilities>


But it is only a long shot, can't test it now. Anyway your test with other attribute (roomNumber) should have already showed you how the activation works. Please if the above example works, tell us. Also, if it does not :)




 

 

For short, thanks to your help, I managed to make it work !

 

Next steps : roles, and role based provisioning.

I might send some more questions later in the day ;)


Feel free to contact us :)
Thanks for the feedback.

Regards,
Ivan




 

 

 

Regards,

Salim

 

De : midpoint-bounces at lists.evolveum.com [mailto:midpoint-bounces at lists.evolveum.com] De la part de Ivan Noris
Envoyé : mercredi 17 juillet 2013 23:06
À : midPoint General Discussion
Objet : Re: [midPoint] New to midpoint, trying to figure out how things work

 

Hi Salim,

the top right thing may be related to your browser (but this is just a guess). In current trunk (2.2) midPoint I haven't seen this (but I remember I have seen it some time ago). What browser is this?

But: after importing a resource, did you see a green/red bar above the upload button (in the page body)? This should be the result, and it is clickable to show some subresults. See attached screenshot.

But - if you see the resource in the RESOURCES page, with "?" icon, that becomes green after clicking, the test connection is successfull and you have imported it successfully.

To use "automatic" filling of the values, the sample you have imported is "too basic" :-) It has no configuration for such things, you can only manually fill the account attributes.

For more real-world example, please use the "opendj-localhost-resource-sync-no-extension-advanced.xml" sample. This sample is configured for both-way synchronization and provisioning, but you don't need the synchronization for using the provisioning.

In this sample, the sn, cn, uid attributes are mapped to midPoint user attributes and DN is constructed using midPoint name and ou=people,dc=example,dc=com suffix (be sure to change if your suffix differs). There are also some other attributes, but these are the mandatory for directory servers.

You can see how the attributes are mapped in the sample, see <schemaHandling> section and the LDAP attributes and their <outbound> expressions. To understand it further, please see at least:

https://wiki.evolveum.com/display/midPoint/Mappings+and+Expressions

and pages referenced from there. But you should get an idea just by looking.

Good luck!

Regards,
Ivan

On 07/17/2013 05:38 PM, Salim Boulkour wrote:

	Hey Ivan,

	 

	Thanks for your feedback.

	I’ve been trying to create a new resource with the basic OpenDJ sample. Couldn’t find simpler LDAP example (renamed in “Basic OpenLDAP” here)

	 

	I replaced few things like the admin, the secret, the IP adress and the base DN.

	When importing I have no error in logs :

	2013-07-17 17:27:54,988 [MODEL] [http-8080-1] INFO (com.evolveum.midpoint.model.importer.ObjectImporter): Imported object resource:bc5a0cea-10c8-4b04-b4c9-d28c4a638992(Basic <resource:bc5a0cea-10c8-4b04-b4c9-d28c4a638992%28Basic>  OpenLDAP)

	 

	But I get the red error message on the top right with no more clue :

	 

	 

	In the resources page, the Basic OpenLDAP is here, but status info stay at “?”. When testing connexion everything turns to green.

	So, is there a bug here ?

	 

	 

	Then, I try to attache an account to an already created user.

	Fillin’ in the account attributes doesn’t work. How can I use attributes from the user to fill in the account attributes ? (variable operator ?)

	 

	 







-- 
  Ing. Ivan Noris
  Consultant
  Evolveum, s.r.o
  ___________________________________________________
  "Semper cautus - semper paratus - semper idem Vix."






_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint





-- 
  Ing. Ivan Noris
  Consultant
  Evolveum, s.r.o
  ___________________________________________________
  "Semper cautus - semper paratus - semper idem Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130718/85749061/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1110 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130718/85749061/attachment.png>

More information about the midPoint mailing list