[midPoint] Renaming of User

Ivan Noris ivan.noris at evolveum.com
Mon Nov 18 12:33:32 CET 2013 

Hi Lucie,

On 11/18/2013 12:22 PM, Lucie Rút Bittnerová wrote:
> Hello,
>
> I have one issue to the AD connector. When I let the connector create
> home directory and I rename the home directory in midpoint (I generate
> the home directory name from the given name and family name) the
> behaviour is not such as I would expect. The new home directory is
> created but empty and the old home directory remains on the server
> with all its content. I would expect that the old directory will be
> renamed to the new name.

First of all, we are using before/after scripts to create home directory
(and do anything more, like changing permissions etc.).

But our behaviour is the same. When user is renamed, we create new home
directory (we run the same script with new arguments) and DO NOT move
the contents, because the data may be in use, or moving the contents may
fail (if the target is on another filesystem).

So, if you really want to do that, I'd prefer to not use automatic
creation of home directory, but to use after script, and make the script
rename-aware. For example:

- the home directory is created as "JSmith_00123" (where the user is
John Smith and employee number is 00123)
- the home directory is renamed to "JSmythe_00123 (where the new user
name is John Smythe, and the employee number is 00123). Your script
shoulb detect if there is an directory named "*_00123"...

But of course, you may do anything. For example to name your directories
according to employee number :-)

Let me know if you need some hints regarding the scripts.

Best regards,
Ivan

>
> Lucie
>
> Dne 13.11.2013 9:25, Pavol Mederly napsal(a):
>> Hello Lucie,
>>
>> please have a look at the following two files:
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20069/openicf-dotnet-1.4.0.20069.zip
>>
>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/ActiveDirectory.Connector-1.0.0.20069.zip
>>
>>
>> Please unzip the files and replace your existing files in the
>> destination directory.
>>
>> Best regards,
>> Pavol
>>
>> On 11. 11. 2013 17:23, Lucie Rút Bittnerová wrote:
>>> Hi Ivan,
>>>
>>> thanks for your answer. I already discovered in openicf git, that
>>> the xml schema configuration has been changed and sAMAccountName
>>> attribute is no more not updatable. So I hope that you will make
>>> public some connector build ASAP, I wouldn't be happy if I had to
>>> start discovery how to build .NET project. :-)
>>>
>>> Lucie
>>>
>>> Dne 11.11.2013 16:49, Ivan Noris napsal(a):
>>>> Hi Lucie,
>>>>
>>>> short answer: renaming works ok if the appropriate connector works in
>>>> appropriate way :-)
>>>>
>>>> Long answer: you've just hit the original AD connector restriction
>>>> (can't speak of Googleapps).
>>>>
>>>> In general, it makes sense to change the login name as well as "DN"
>>>> for
>>>> example.
>>>> I have multiple resource configurations where icfs:name (DN) gets
>>>> renamed after user changes his/her family name, and user's login
>>>> changes
>>>> as well.
>>>>
>>>> The original OpenICF AD connector can't update sAMAccountName. We have
>>>> fixed this (among other things), because our customers need to change
>>>> login name when user is renamed. Please just stay tuned, we're
>>>> updating
>>>> our wiki and we will also post links here to updated AD connector.
>>>>
>>>> Regards,
>>>> Ivan
>>>>
>>>>
>>>> On 11/11/2013 02:49 PM, Lucie Rút Bittnerová wrote:
>>>>> Hi,
>>>>>
>>>>> how do you solve the task of user renaming? When e.g. some employee
>>>>> gets married and takes a new family name, I need to change her login
>>>>> name which usualy contains family name as a substring. But nor AD
>>>>> connector  neither googleapps connector (other connectors I have not
>>>>> yet tested) support login name modification. It looks very
>>>>> inconvenient, that I should rename all end system accounts manually.
>>>>>
>>>>> Lucie
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Consultant
  Evolveum, s.r.o
  ___________________________________________________
  "Semper cautus - semper paratus - semper idem Vix."

More information about the midPoint mailing list