[midPoint] Active Directory userAccountControl modification problem

Schlehuber, Patrick schlehub at uillinois.edu
Wed Mar 23 14:43:57 CET 2016 

I am wanting to manage the ACCOUNTDISABLE flag , 0x0002. This does not work as I expect when I utilize the activation/administrativeStatus

Pat

From: Jason Everling [mailto:jeverling at bshp.edu]
Sent: Tuesday, March 22, 2016 4:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Active Directory userAccountControl modification problem

I

JASON

On Tue, Mar 22, 2016 at 4:08 PM, Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>> wrote:
Hi Patrick,

what are you trying to achieve?
Active Directory connector allows you to interact with userAccountControl by using the following "virtual" attributes:
- passwordExpired (icfs:passwordExpired)
- PasswordNeverExpires (ri:PasswordNeverExpires)

and of course the activation/administrativeStatus

If you need to update the other bits of userAccountControl, I'm not sure AD connector is capable of doing this.

I have never tried/needed to directly modify userAccountControl yet.

Regards,
Ivan

On 03/22/2016 08:11 PM, Schlehuber, Patrick wrote:
I am wanting to modify the userAccountControl  attribute on an account  that is visible by my  AD resource. I have extended the AD schema and added the attribute, I do see this attribute populated correctly when I view an AD account. When I try to change this attribute I receive the following error:
I have tried changing the Resource definition to make this attribute, string, int, long, base64Binary all with the same result. What am I missing to make this attribute modifiable within midPoint?


ConnectorServer.exe Error: 0 : Exception :
Type: System.InvalidCastException
Message: Specified cast is not valid.
Source: FrameworkInternal
Stacktrace:
   at Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass oclass, UpdateType type, DirectoryEntry directoryEntry, ConnectorAttribute attribute)
                 in d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line 667
   at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass oclass, DirectoryEntry directoryEntry, ICollection`1 attributes, UpdateType type, ActiveDirectoryConfiguration config)
                 in d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 258
   at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType type, ObjectClass oclass, ICollection`1 attributes, OperationOptions options)
                 in d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 1091
   at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass objectClass, Uid uid, ICollection`1 valuesToAdd, OperationOptions options)
                 in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 1712
   at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args)
                 in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 247
   at ___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1 , OperationOptions )
   at Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object proxy, MethodInfo method, Object[] args)
                 in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line 1344
   at ___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1 , OperationOptions )
   at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request)
                 in c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line 626

Thank you,
Pat


_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=>                     evolveum.com/blog/<https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160323/3cd92fd7/attachment.htm>

More information about the midPoint mailing list