[midPoint] Account Creation, Not Being created in AD
Ivan Noris
ivan.noris at evolveum.com
Fri Dec 5 09:10:51 CET 2014
Jason,
I've just tried the original iterator (User in midPoint) problem and it
seems to be fixed in git-v3.0.1devel-703-g8c40b63.
I've tested with LiveSync CSV sample from you, used user template either
referenced from the unmatched action or global template. Username is
generated in midPoint:
(username - fullname)
cypecienka - Cyrus Pecienka
cypecienka2 - Cyrusov Pecienka
cypecienka3 - Cyril Pecienka
cypecienka4 - Cyrhoza Pecienka
Please retest it once after you upgrade to 3.1 or the master snapshot.
Thank you.
Regards,
Ivan
On 11/07/2014 04:23 PM, Jason Everling wrote:
> Thanks, it is working, like you said, will be easier to manage in the
> long run! Keep me posted on the bug fix,
>
> For now, I am just cleaning up objects and playing with other functions,
>
> JASON
>
> On Fri, Nov 7, 2014 at 2:56 AM, Ivan Noris <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> yes you can use switch in one mapping instead of having many
> mappings - I'm using it very often. It will be more simple to
> maintain.
>
> Just be sure to pass all required attributes as source. In your
> case, organization does not have to be source attribute, because
> you are not referencing it in the mapping expression
> nor conditions.
>
> You can further simplify the switch statement as:
>
> switch (*costCenter*) {
> . . .
>
> - no basic.stringify() is needed, because the attribute type is
> String and not Polystring. Having it there would not do any harm
> though.
> - you can address the attribute as "costCenter", because it's
> implicitly stored in that "variable" as it is declared as source
> attribute
>
> Hope this helps you with designing your mappings.
>
> Regards,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Jason Everling" <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>>
> *To: *"midPoint General Discussion"
> <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Thursday, November 6, 2014 6:00:04 PM
>
> *Subject: *Re: [midPoint] Account Creation, Not Being created
> in AD
>
> Oh Ok thanks,
>
> Can you look at this and make sure it is correct, if you look
> at the CSV User template I had sent I had a condition for each
> program, I did some more digging on github and found a sample
> similar to this,
>
> Would the below work instead of all the conditions for mapping,
>
> <mapping>
> <source>
> <path>$user/costCenter</path>
> </source>
> <source>
> <path>$user/organization</path>
> </source>
> <expression>
> <script>
> <code>
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> switch (basic.stringify(user.getCostCenter())) {
> case 'ASGA':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'AAD':
> tmpOU = 'OU=AAD,' + tmpOU
> break
> case 'ASHIT':
> tmpOU = 'OU=AAS HIT,' + tmpOU
> break
> case 'BSHM':
> tmpOU = 'OU=BSHM,' + tmpOU
> break
> case 'BSN':
> tmpOU = 'OU=BSN,' + tmpOU
> break
> case 'ASIM':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'CT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'MRI':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'RT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'VT':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'SO':
> tmpOU = 'OU=DMIT,' + tmpOU
> break
> case 'PN':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'ND':
> tmpOU = 'OU=DPN,' + tmpOU
> break
> case 'ASGT':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'ST':
> tmpOU = 'OU=DST,' + tmpOU
> break
> case 'VN':
> tmpOU = 'OU=DVN,' + tmpOU
> break
> case 'GEN':
> tmpOU = 'OU=GENED,' + tmpOU
> break
> case 'LVRN':
> tmpOU = 'OU=LVRN,' + tmpOU
> break
> case 'PO':
> tmpOU = 'OU=PNP,' + tmpOU
> break
> default:
> tmpOU = 'OU=SHP Students,DC=TEST,DC=LOCAL'
> }
> return tmpOU
> </code>
> </script>
> </expression>
> <target>
> <path>organization</path>
> </target>
> </mapping>
>
> On Thu, Nov 6, 2014 at 10:36 AM, Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> it seems you've hit a bug. I've replicated it on midPoint
> master.
>
> The issue is now being investigated by our developers in
> order to fix it. I will drop a message to the list when
> it's resolved.
>
> Regards,
> Ivan
>
>
> On 11/05/2014 03:13 PM, Jason Everling wrote:
>
> So the role that gets assigned is nothing special, I
> just created a new role in the GUI and added the
> inducement for AD Resource. Eventually I will change
> the permissions on the roles to match what they need
> to be in production.
>
> I attached the AD Resource and AD User Template,
>
> JASON
>
> On Wed, Nov 5, 2014 at 3:17 AM, Ivan Noris
> <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> yes I think it's somehow depending on the fact
> that you are generating username.
>
> Can you please share details how AD accounts are
> constructed from the midpoint's username? What
> attributes are depending on user/name? DN?
> sAMAccountName? ... ?
> Also, could you send the role definition? I have
> some conditional roles that are assigned to user,
> but don't do anything if the condition is false.
> Which resembles your situation...
>
> BTW it's really strange for me so far. I'd expect
> at least some exception...
>
> Thanks,
> regards,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Jason Everling" <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>>
> *To: *"midPoint General Discussion"
> <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Tuesday, November 4, 2014 5:19:31 PM
> *Subject: *Re: [midPoint] Account Creation,
> Not Being created in AD
>
>
> So yes, those are from today but instead of
> digging through to yesterday I just added a
> new line to the CSV feed, so new
> firstname,lastname, employeeID so that it
> would create a new account.
>
> I actually added 3 new lines to the CSV and
> all 3 get created in Midpoint, Role Assigned
> with AD inducement, and Org Assigned, the AD
> account never gets created though until I
> modify the account in Midpoint.
>
> That is the only log entry I get when the CSV
> feed is updated and new account is created in
> Midpoint,
>
> Using Midpoint 3.0
>
> Version 3.0
> Git describe git-v3.0
>
>
> If I remove the username generation and add a
> username attribute to the CSV feed it works as
> expected, this is just when generating the
> username, is it maybe because the role is
> getting assigned before Midpoint has time to
> generate the username and such?
>
> Jason
>
> On Tue, Nov 4, 2014 at 9:57 AM, Ivan Noris
> <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Jason,
>
> just to be sure: these error messages have
> timestamp from today; but you've reported
> your problem to the list yesterday.
>
> Could you please:
>
> 1) double check that the log is the
> correct one / or find the (supposed) error
> messages in previously rotated log (stored
> in the same directory as idm.log, but the
> name derived from the date..)
> 2) replicate the issue and send current
> idm.log fragment
>
> The messages referenced here are ok = we
> don't see anything yet.
>
> Also please, what version of midPoint are
> you using..?
>
> Thanks,
> regards,
> Ivan
>
>
> On 11/04/2014 03:25 PM, Jason Everling wrote:
>
> I added a new line to the CSV so it
> could create a new user, it gets
> created in Midpoint and the role and
> org assigned, the only item in the log
> that stands out is,
>
> 2014-11-04 08:22:11,914 [PROVISIONING]
> [midPointScheduler_Worker-2] WARN
> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
> The resource: SonisWeb-Generate
> (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
> does not provide definition for null
> value of simulated activation attribute
>
> There is no other errors besides that,
>
> 2014-11-04 08:09:00,859 [REPOSITORY]
> [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:09:29,824 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:12:20,134 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:12:20,247 [REPOSITORY]
> [midPointScheduler_Worker-9] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:14:00,397 [REPOSITORY]
> [midPointScheduler_Worker-9] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:22:00,465 [REPOSITORY]
> [midPointScheduler_Worker-3] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:22:06,150 [REPOSITORY]
> [midPointScheduler_Worker-2] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:22:06,271 [REPOSITORY]
> [midPointScheduler_Worker-2] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it
> still contained JDBC statements
> 2014-11-04 08:22:11,914 [PROVISIONING]
> [midPointScheduler_Worker-2] WARN
> (com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter):
> The resource: SonisWeb-Generate
> (OID:af2bc95b-76e0-48e2-86d6-3d4f02d3fafa)
> does not provide definition for null
> value of simulated activation attribute
>
> On Tue, Nov 4, 2014 at 1:17 AM, Ivan
> Noris <Ivan.Noris at evolveum.com
> <mailto:Ivan.Noris at evolveum.com>> wrote:
>
> Jason,
>
> could you please check error
> messages from idm.log from the
> time of the supposed creation?
>
> Thanks,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Jason Everling"
> <jeverling at bshp.edu
> <mailto:jeverling at bshp.edu>>
> *To: *"midPoint General
> Discussion"
> <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> *Sent: *Monday, November 3,
> 2014 11:50:06 PM
> *Subject: *[midPoint] Account
> Creation, Not Being created in AD
>
>
> So my director wanted to see
> it fully automated so all I
> basically had to do was modify
> the CSV resource to generate
> the usernames and email
> addresses, done, this works.
>
> The account gets created in
> Midpoint from the CSV, gets an
> Org assigned and gets a Role
> assigned. The role has an
> inducement for active
> directory but even though the
> account gets the role assigned
> an account in AD does not get
> created. Now if I modify the
> user in midpoint, lets say
> just change a letter in the
> personal email address field
> the AD account creation kicks off.
>
> I cannot seem to figure out
> why the AD account does not
> get created even though it
> gets the role assigned and
> before I changed it to create
> the usernames it was creating
> those accounts in AD.
>
> I attached the CSV Resource
> and the CSV Template that is
> being used,
>
> Thanks,
> JASON
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any
> attachments is proprietary and
> confidential; intended for
> only the recipient(s) named
> above and may contain
> information that is
> privileged. You should not
> retain, copy or use this
> e-mail or any attachments for
> any purpose, or disclose all
> or any part of the contents to
> any person. Any views or
> opinions expressed in this
> e-mail are those of the author
> and do not represent those of
> the Baptist School of Health
> Professions. If you have
> received this e-mail in error,
> or are not the named
> recipient(s), you are hereby
> notified that any review,
> dissemination, distribution or
> copying of this communication
> is prohibited by the sender
> and to do so might constitute
> a violation of the Electronic
> Communications Privacy Act, 18
> U.S.C. section 2510-2521.
> Please immediately notify the
> sender and delete this e-mail
> and any attachments from your
> computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper
> idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any
> attachments is proprietary and
> confidential; intended for only the
> recipient(s) named above and may
> contain information that is
> privileged. You should not retain,
> copy or use this e-mail or any
> attachments for any purpose, or
> disclose all or any part of the
> contents to any person. Any views or
> opinions expressed in this e-mail are
> those of the author and do not
> represent those of the Baptist School
> of Health Professions. If you have
> received this e-mail in error, or are
> not the named recipient(s), you are
> hereby notified that any review,
> dissemination, distribution or copying
> of this communication is prohibited by
> the sender and to do so might
> constitute a violation of the
> Electronic Communications Privacy Act,
> 18 U.S.C. section 2510-2521. Please
> immediately notify the sender and
> delete this e-mail and any attachments
> from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is
> proprietary and confidential; intended for
> only the recipient(s) named above and may
> contain information that is privileged. You
> should not retain, copy or use this e-mail or
> any attachments for any purpose, or disclose
> all or any part of the contents to any person.
> Any views or opinions expressed in this e-mail
> are those of the author and do not represent
> those of the Baptist School of Health
> Professions. If you have received this e-mail
> in error, or are not the named recipient(s),
> you are hereby notified that any review,
> dissemination, distribution or copying of this
> communication is prohibited by the sender and
> to do so might constitute a violation of the
> Electronic Communications Privacy Act, 18
> U.S.C. section 2510-2521. Please immediately
> notify the sender and delete this e-mail and
> any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is
> proprietary and confidential; intended for only the
> recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use
> this e-mail or any attachments for any purpose, or
> disclose all or any part of the contents to any
> person. Any views or opinions expressed in this e-mail
> are those of the author and do not represent those of
> the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named
> recipient(s), you are hereby notified that any review,
> dissemination, distribution or copying of this
> communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic
> Communications Privacy Act, 18 U.S.C. section
> 2510-2521. Please immediately notify the sender and
> delete this e-mail and any attachments from your
> computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above
> and may contain information that is privileged. You should not
> retain, copy or use this e-mail or any attachments for any
> purpose, or disclose all or any part of the contents to any
> person. Any views or opinions expressed in this e-mail are
> those of the author and do not represent those of the Baptist
> School of Health Professions. If you have received this e-mail
> in error, or are not the named recipient(s), you are hereby
> notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and
> to do so might constitute a violation of the Electronic
> Communications Privacy Act, 18 U.S.C. section 2510-2521.
> Please immediately notify the sender and delete this e-mail
> and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com <http://evolveum.com>
> ___________________________________________
> "Idem per idem - semper idem Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com evolveum.com/blog/
_____________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141205/449574ba/attachment.htm>
More information about the midPoint
mailing list