[midPoint] Active Directory userAccountControl modification problem
Ivan Noris
ivan.noris at evolveum.com
Wed Mar 23 14:50:34 CET 2016
Hi Patrick,
are you using the mapping like this?
<activation>
<administrativeStatus>
<outbound/>
</administrativeStatus>
</activation>
This is everything you need to map midPoint's administrativeStatus
attribute from User to AD account flag "disabled".
Ivan
On 03/23/2016 02:43 PM, Schlehuber, Patrick wrote:
>
> I am wanting to manage the ACCOUNTDISABLE flag , 0x0002. This does not
> work as I expect when I utilize the activation/administrativeStatus
>
>
>
> Pat
>
>
>
> *From:*Jason Everling [mailto:jeverling at bshp.edu]
> *Sent:* Tuesday, March 22, 2016 4:13 PM
> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject:* Re: [midPoint] Active Directory userAccountControl
> modification problem
>
>
>
> I
>
>
> JASON
>
>
>
> On Tue, Mar 22, 2016 at 4:08 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Patrick,
>
> what are you trying to achieve?
> Active Directory connector allows you to interact with
> userAccountControl by using the following "virtual" attributes:
> - passwordExpired (icfs:passwordExpired)
> - PasswordNeverExpires (ri:PasswordNeverExpires)
>
> and of course the activation/administrativeStatus
>
> If you need to update the other bits of userAccountControl, I'm
> not sure AD connector is capable of doing this.
>
> I have never tried/needed to directly modify userAccountControl yet.
>
> Regards,
> Ivan
>
>
>
> On 03/22/2016 08:11 PM, Schlehuber, Patrick wrote:
>
> I am wanting to modify the userAccountControl attribute on an
> account that is visible by my AD resource. I have extended
> the AD schema and added the attribute, I do see this attribute
> populated correctly when I view an AD account. When I try to
> change this attribute I receive the following error:
>
> I have tried changing the Resource definition to make this
> attribute, string, int, long, base64Binary all with the same
> result. What am I missing to make this attribute modifiable
> within midPoint?
>
>
>
>
>
> ConnectorServer.exe Error: 0 : Exception :
>
> Type: System.InvalidCastException
>
> Message: Specified cast is not valid.
>
> Source: FrameworkInternal
>
> Stacktrace:
>
> at
> Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
> oclass, UpdateType type, DirectoryEntry directoryEntry,
> ConnectorAttribute attribute)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
> 667
>
> at
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
> oclass, DirectoryEntry directoryEntry, ICollection`1
> attributes, UpdateType type, ActiveDirectoryConfiguration config)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
> 258
>
> at
> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
> type, ObjectClass oclass, ICollection`1 attributes,
> OperationOptions options)
>
> in
> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
> 1091
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
> objectClass, Uid uid, ICollection`1 valuesToAdd,
> OperationOptions options)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> 1712
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
> proxy, MethodInfo method, Object[] args)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
> 247
>
> at ___proxy1.AddAttributeValues(ObjectClass , Uid ,
> ICollection`1 , OperationOptions )
>
> at
> Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
> proxy, MethodInfo method, Object[] args)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
> 1344
>
> at ___proxy1.AddAttributeValues(ObjectClass , Uid ,
> ICollection`1 , OperationOptions )
>
> at
> Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
> request)
>
> in
> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
> 626
>
>
>
> Thank you,
>
> Pat
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>
>
>
>
> --
>
> Ing. Ivan Noris
>
> Senior Identity Management Engineer & IDM Architect
>
> evolveum.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=>
> evolveum.com/blog/
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=>
>
> ___________________________________________________
>
> "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160323/dac2a290/attachment.htm>
More information about the midPoint
mailing list