[midPoint] Possible to sync lockoutStatus from AD?
Jason Everling
jeverling at bshp.edu
Wed Jan 20 16:25:28 CET 2016
Getting close! So far I had to add it to the resource like so in the schema
handling section because it was complaining of it not being found. I got
the below from icf resource schema 3. I tried both combinations. I searched
and lockoutStatusType returns NORMAL or LOCKED.
I am thinking maybe this only works for simulated lockout on systems that
do not fully support account lockouts and not AD?
<xsd:element minOccurs="0" ref="icfs:lockOut" type="xsd:boolean"/>
or
<xsd:element minOccurs="0" name="lockOut" type="xsd:boolean"/>
and then in the resource definition both icfs:lockOut and ri:lockOut
<attribute>
<c:ref>icfs:lockOut</c:ref>
<outbound>
<source>
<c:path>$user/activation/lockoutStatus</c:path>
</source>
</outbound>
<inbound>
<target>
<c:path>$user/activation/lockoutStatus</c:path>
</target>
</inbound>
</attribute>
and now I get the below which is farther that before.
operation.com.evolveum.midpoint.web.page.admin.users.PageUsers.unlockUser
- Couldn't unlock user user: astudent2
(OID:341c3cba-a231-481b-bb3e-487876f4c229).
- *Cause:*
Expected boolean type, but got class
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in
outbound mapping for {.../connector/icf-1/resource-schema-3}lockOut in
resource:10000000-2000-3000-4000-10000000ad01(Active Directory: Office 365,
Google Apps, Moodle)
[ SHOW ERROR STACK ]
- java.lang.IllegalArgumentException: Expected boolean type, but got
class
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in
outbound mapping for {.../resource/instance-3}lockOut
JASON
On Wed, Jan 20, 2016 at 1:35 AM, Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi Jason,
>
> haven't tried yet, but I suppose you need to specify the source/target
> attribute in the mappings. Please try $user/activation/lockoutStatus.
>
> Regards,
> Ivan
>
>
> On 01/19/2016 09:18 PM, Jason Everling wrote:
>
> Late response, I could not get it to work :(
>
> I tried the below,
>
> <attribute>
> <ref>icfs:lockOut</ref>
> <outbound>
> <expression>
> <asIs/>
> </expression>
> </outbound>
> <inbound>
> <expression>
> <asIs/>
> </expression>
> </inbound>
> </attribute>
>
> JASON
>
> JASON
>
> On Tue, Jan 12, 2016 at 8:31 AM, Jason Everling <jeverling at bshp.edu>
> wrote:
>
>> Nice! I will create a mapping for that, I was searching in github and
>> wiki for the connector for lock out, lockout, locked, etc.. no wonder why I
>> didn't see it.
>>
>> JASON
>>
>> JASON
>>
>> On Tue, Jan 12, 2016 at 4:36 AM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Jason,
>>>
>>> according to .Net AD Connector sources, there is an attribute called
>>> "__LOCK_OUT__" (icfs:lockOut in midPoint) that is filled-in by the
>>> connector.
>>>
>>> Do you use it? Have you an inbound mapping for it?
>>>
>>> Best regards,
>>> Pavol
>>>
>>> It is the .NET Connector, and it very well could be not implemented yet.
>>> I couldn't find anything on it. I haven't had much time with the new
>>> semester start to test out the new LDAP AD Connector,
>>>
>>> JASON
>>>
>>> JASON
>>>
>>> On Mon, Jan 11, 2016 at 9:45 AM, Ivan Noris < <ivan.noris at evolveum.com>
>>> ivan.noris at evolveum.com> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> which connector are you using? .NET/AD or the new LDAP/AD...?
>>>>
>>>> Do you have inbound mapping for that attribute?
>>>>
>>>> I have never yet tried this, but it might be unimplemented yet (Radovan
>>>> will know for LDAP/AD at least).
>>>>
>>>> Regards,
>>>> Ivan
>>>>
>>>>
>>>> On 01/11/2016 03:52 PM, Jason Everling wrote:
>>>>
>>>> I noticed that when a user account get's locked in AD it does not
>>>> update the lockoutStatus in midpoint. You have to expand the AD account and
>>>> then scroll to Lockout-Status and change it.
>>>>
>>>> Is there a setting I am missing somewhere in the resource config or is
>>>> that not supported by the AD connector?
>>>>
>>>> Thanks!
>>>> JASON
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> --
>>>> Ing. Ivan Noris
>>>> Senior Identity Management Engineer & IDM Architect
>>>> evolveum.com evolveum.com/blog/
>>>> ___________________________________________________
>>>> "Semper Id(e)M Vix."
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
--
CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential;
intended for only the recipient(s) named above and may contain information
that is privileged. You should not retain, copy or use this e-mail or any
attachments for any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail are those of the
author and do not represent those of the Baptist School of Health
Professions. If you have received this e-mail in error, or are not the
named recipient(s), you are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited by the sender
and to do so might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160120/7f50a62f/attachment.htm>
More information about the midPoint
mailing list