[midPoint] Creating AD account automatically
Aivo Kuhlberg
aivo.kuhlberg at rmit.ee
Wed Apr 13 10:36:54 CEST 2016
Hi Ivan,
Thanks for helping. This solved my problem.
Regards,
Aivo Kuhlberg
________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelIvan Noris <ivan.noris at evolveum.com>
Saadetud: 13. aprill 2016 11:22
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Creating AD account automatically
Hi Aivo,
please try to update the <attribute> with this:
<attribute>
<ref>icfs:name</ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
...
This will "fix" the problem when GUI requires the value being present even if it's computed in the mappings.
See the samples for AD (samples/resources/ad/) if using the ADSI based AD connector.
You may need the same for other attributes such as "sn", sAMAccountName, etc.
Regards,
Ivan
On 04/13/2016 09:37 AM, Aivo Kuhlberg wrote:
How can I create AD user account automatically when I assign resource account to user in midPoint 3.3.1? Currently when I add resource assignment to user and click 'Save' button it complains: "'ConnId Name' is required". When I fill in the 'ConnId Name' attribute then the user account is created in AD. Why it does not use outbound mapping in schema handling?
icfs:name mapping is currently following:
...
<attribute>
<c:ref xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>>icfs:name</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<source>
<c:path>$user/givenName</c:path>
</source>
<source>
<c:path>$user/familyName</c:path>
</source>
<expression>
<script>
<code>
return 'CN=' + givenName + ' ' + familyName + ',OU=Users,OU=TEST2,DC=proov,DC=domain'
</code>
</script>
</expression>
<condition>
<script>
<code>givenName != null && familyName != null</code>
</script>
</condition>
</outbound>
</attribute>
...
Thanks,
Aivo Kuhlberg
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160413/8f56039b/attachment.htm>
More information about the midPoint
mailing list