[midPoint] - How to connect file server (Linux+Samba+LDAP+smbldaptools)?

Petr Gašparík - AMI Praha a.s. petr.gasparik at ami.cz
Thu Dec 22 13:40:48 CET 2016


Hi,
we needed something similar, calling script for adding/removing VPN users
via SSH commands.
So far we ended with calling SSH directly on model hook level.

--

s pozdravem

Petr Gašparík
solution architect

gsm: [+420] 603 523 860
e-mail: petr.gasparik at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.


2016-12-22 13:09 GMT+01:00 Radovan Semancik <radovan.semancik at evolveum.com>:

> Hi,
>
> Yes. And that would be actually the right place to do it. We have taken
> the Unix connector from the ConnId project and we have significantly
> improved it. And contributed the changes back to ConnId project. You can do
> the same thing and implement the scripting support there.
>
> --
> Radovan Semancik
> Software Architect
> evolveum.com
>
>
>
> On 12/22/2016 12:12 PM, Wojciech Staszewski wrote:
>
>> Thank you for your answer.
>>
>> Adding scripting support for Unix connector would be nice too.
>> I have several dozens of servers hosting virtual machines (proxmox VE).
>> Users allowed to manage virtual machines must be added by running shell
>> command "pveum useradd $user at pam && pveum aclmod / -user $user at pam -role
>> Administrator".
>> And deleting users in the same way.
>> Unfortunately Unix connector can't execute scripts, so it must be done by
>> workaround (i'm thinking right now how to do it).
>>
>> Greets!
>> WS
>>
>> W dniu 22.12.2016 o 11:28, Radovan Semancik pisze:
>>
>>> Hi,
>>>
>>> I think you already know the answer: there is no good way how to do this
>>> now. However, there are two options for future midPoint development:
>>>
>>> 1) Add ssh scripting support to the LDAP connector. This should be quite
>>> simple. And there is a precedent for this. The LDAP-based AD connector
>>> (which is in the same bundle) already has powershell scripting support.
>>> This is quite easy and very practical solution. Yet the application is
>>> somehow limited.
>>>
>>> 2) Implement a way how to use scripting methods from one resource in
>>> another resource. The ConnId script execution operations are not bound to
>>> any account or provisioning operation. So this is theoretically possible.
>>> However, midPoint was designed with good interface design and encapsulation
>>> in mind and this is currently not directly possible. However it can be
>>> added if needed - and it would still be quite clean. This would be nice and
>>> generic feature. E.g. it could be used to combine CSV
>>> connector with ssh scripts (from Unix connector) to copy the file from
>>> remote server - and this could do a lot of interesting tricks.
>>>
>>> As usual, these are the options: https://wiki.evolveum.com/disp
>>> lay/midPoint/I+Need+New+Feature
>>>
>>> We are now preparing development plan for midPoint 3.6. It looks like
>>> there will be a lot of sponsored features and the development team will be
>>> very busy. But some sponsoring is still not confirmed so there may still be
>>> some place in the plan. First come, first serve.
>>>
>>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161222/f85aec5c/attachment.htm>


More information about the midPoint mailing list