[midPoint] Creating AD account automatically

Ivan Noris ivan.noris at evolveum.com
Wed Apr 13 10:22:32 CEST 2016 

Hi Aivo,

please try to update the <attribute> with this:
                            <attribute>
                                        <ref>icfs:name</ref>
                                        <displayName>Distinguished
Name</displayName>
   *                                     <limitations>**
**                                                <minOccurs>0</minOccurs>**
**                                       
</limitations>                                  *
...

This will "fix" the problem when GUI requires the value being present
even if it's computed in the mappings.
See the samples for AD (samples/resources/ad/) if using the ADSI based
AD connector.
You may need the same for other attributes such as "sn", sAMAccountName,
etc.

Regards,
Ivan

On 04/13/2016 09:37 AM, Aivo Kuhlberg wrote:
>
> How can I create AD user account automatically when I assign resource
> account to user in midPoint 3.3.1? Currently when I add resource
> assignment to user and click 'Save' button it complains: "'ConnId
> Name' is required". When I fill in the 'ConnId Name' attribute then
> the user account is created in AD. Why it does not use outbound
> mapping in schema handling?
> icfs:name mapping is currently following:
> ...
>             <attribute>
>                 <c:ref
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">icfs:name</c:ref>
>                 <tolerant>true</tolerant>
>                 <exclusiveStrong>false</exclusiveStrong>
>                 <outbound>
>                     <source>
>                         <c:path>$user/givenName</c:path>
>                     </source>
>                     <source>
>                         <c:path>$user/familyName</c:path>
>                     </source>
>                     <expression>
>                         <script>
>                             <code>
>                                 return 'CN=' + givenName + ' ' +
> familyName + ',OU=Users,OU=TEST2,DC=proov,DC=domain'
>                             </code>
>                         </script>
>                     </expression>
>                     <condition>
>                         <script>
>                             <code>givenName != null &&
> familyName != null</code>
>                         </script>
>                     </condition>
>                 </outbound>
>             </attribute>
> ...
> Thanks,
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160413/262a9f08/attachment.htm>

More information about the midPoint mailing list