[midPoint] Renaming of User

Lucie Rút Bittnerová lucie.bittnerova at ami.cz
Mon Nov 18 13:44:03 CET 2013


Thanks for your answer,

I wanted to know, why is the behaviour of the AD connector like this, so 
I am content with the answer. I have configured creating of the home 
directory with scripts before I had the new version of AD connector now 
I was only testing the built-in functionality.

Lucie


Dne 18.11.2013 12:33, Ivan Noris napsal(a):
> Hi Lucie,
>
> On 11/18/2013 12:22 PM, Lucie Rút Bittnerová wrote:
>> Hello,
>>
>> I have one issue to the AD connector. When I let the connector create
>> home directory and I rename the home directory in midpoint (I generate
>> the home directory name from the given name and family name) the
>> behaviour is not such as I would expect. The new home directory is
>> created but empty and the old home directory remains on the server
>> with all its content. I would expect that the old directory will be
>> renamed to the new name.
> First of all, we are using before/after scripts to create home directory
> (and do anything more, like changing permissions etc.).
>
> But our behaviour is the same. When user is renamed, we create new home
> directory (we run the same script with new arguments) and DO NOT move
> the contents, because the data may be in use, or moving the contents may
> fail (if the target is on another filesystem).
>
> So, if you really want to do that, I'd prefer to not use automatic
> creation of home directory, but to use after script, and make the script
> rename-aware. For example:
>
> - the home directory is created as "JSmith_00123" (where the user is
> John Smith and employee number is 00123)
> - the home directory is renamed to "JSmythe_00123 (where the new user
> name is John Smythe, and the employee number is 00123). Your script
> shoulb detect if there is an directory named "*_00123"...
>
> But of course, you may do anything. For example to name your directories
> according to employee number :-)
>
> Let me know if you need some hints regarding the scripts.
>
> Best regards,
> Ivan
>
>> Lucie
>>
>> Dne 13.11.2013 9:25, Pavol Mederly napsal(a):
>>> Hello Lucie,
>>>
>>> please have a look at the following two files:
>>>
>>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/openicf-dotnet/1.4.0.20069/openicf-dotnet-1.4.0.20069.zip
>>>
>>> http://nexus.evolveum.com/nexus/content/repositories/openicf-releases/org/forgerock/openicf/dotnet/ActiveDirectory.Connector/1.0.0.20069/ActiveDirectory.Connector-1.0.0.20069.zip
>>>
>>>
>>> Please unzip the files and replace your existing files in the
>>> destination directory.
>>>
>>> Best regards,
>>> Pavol
>>>
>>> On 11. 11. 2013 17:23, Lucie Rút Bittnerová wrote:
>>>> Hi Ivan,
>>>>
>>>> thanks for your answer. I already discovered in openicf git, that
>>>> the xml schema configuration has been changed and sAMAccountName
>>>> attribute is no more not updatable. So I hope that you will make
>>>> public some connector build ASAP, I wouldn't be happy if I had to
>>>> start discovery how to build .NET project. :-)
>>>>
>>>> Lucie
>>>>
>>>> Dne 11.11.2013 16:49, Ivan Noris napsal(a):
>>>>> Hi Lucie,
>>>>>
>>>>> short answer: renaming works ok if the appropriate connector works in
>>>>> appropriate way :-)
>>>>>
>>>>> Long answer: you've just hit the original AD connector restriction
>>>>> (can't speak of Googleapps).
>>>>>
>>>>> In general, it makes sense to change the login name as well as "DN"
>>>>> for
>>>>> example.
>>>>> I have multiple resource configurations where icfs:name (DN) gets
>>>>> renamed after user changes his/her family name, and user's login
>>>>> changes
>>>>> as well.
>>>>>
>>>>> The original OpenICF AD connector can't update sAMAccountName. We have
>>>>> fixed this (among other things), because our customers need to change
>>>>> login name when user is renamed. Please just stay tuned, we're
>>>>> updating
>>>>> our wiki and we will also post links here to updated AD connector.
>>>>>
>>>>> Regards,
>>>>> Ivan
>>>>>
>>>>>
>>>>> On 11/11/2013 02:49 PM, Lucie Rút Bittnerová wrote:
>>>>>> Hi,
>>>>>>
>>>>>> how do you solve the task of user renaming? When e.g. some employee
>>>>>> gets married and takes a new family name, I need to change her login
>>>>>> name which usualy contains family name as a substring. But nor AD
>>>>>> connector  neither googleapps connector (other connectors I have not
>>>>>> yet tested) support login name modification. It looks very
>>>>>> inconvenient, that I should rename all end system accounts manually.
>>>>>>
>>>>>> Lucie
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint




More information about the midPoint mailing list