[midPoint] Active Directory userAccountControl modification problem
Ivan Noris
ivan.noris at evolveum.com
Wed Mar 23 14:56:30 CET 2016
Hi Jason,
<expression><asIs/></expression> is the "copy value" expression.
Empty <outbound> or <inbound> is the same.
Regards,
Ivan
On 03/23/2016 02:53 PM, Jason Everling wrote:
> I am interested in what you are experiencing also. Ours seems to be
> working as expected, I checked multiple accounts in AD that were
> disabled in midpoint and they are correct with 0x202 (Disabled, Normal
> Account). Although I have been using the below but not sure how
> different that is from Ivan's,
>
> <activation>
> <administrativeStatus>
> <outbound>
> <expression>
> <asIs/>
> </expression>
> </outbound>
> <inbound>
> <expression>
> <asIs/>
> </expression>
> </inbound>
> </administrativeStatus>
> </activation>
>
> JASON
>
> On Wed, Mar 23, 2016 at 8:50 AM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
> Hi Patrick,
>
> are you using the mapping like this?
>
> <activation>
> <administrativeStatus>
> <outbound/>
> </administrativeStatus>
> </activation>
>
> This is everything you need to map midPoint's administrativeStatus
> attribute from User to AD account flag "disabled".
>
> Ivan
>
>
> On 03/23/2016 02:43 PM, Schlehuber, Patrick wrote:
>>
>> I am wanting to manage the ACCOUNTDISABLE flag , 0x0002. This
>> does not work as I expect when I utilize the
>> activation/administrativeStatus
>>
>>
>>
>> Pat
>>
>>
>>
>> *From:*Jason Everling [mailto:jeverling at bshp.edu]
>> *Sent:* Tuesday, March 22, 2016 4:13 PM
>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>> <mailto:midpoint at lists.evolveum.com>
>> *Subject:* Re: [midPoint] Active Directory userAccountControl
>> modification problem
>>
>>
>>
>> I
>>
>>
>> JASON
>>
>>
>>
>> On Tue, Mar 22, 2016 at 4:08 PM, Ivan Noris
>> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>>
>> Hi Patrick,
>>
>> what are you trying to achieve?
>> Active Directory connector allows you to interact with
>> userAccountControl by using the following "virtual" attributes:
>> - passwordExpired (icfs:passwordExpired)
>> - PasswordNeverExpires (ri:PasswordNeverExpires)
>>
>> and of course the activation/administrativeStatus
>>
>> If you need to update the other bits of userAccountControl,
>> I'm not sure AD connector is capable of doing this.
>>
>> I have never tried/needed to directly modify
>> userAccountControl yet.
>>
>> Regards,
>> Ivan
>>
>>
>>
>> On 03/22/2016 08:11 PM, Schlehuber, Patrick wrote:
>>
>> I am wanting to modify the userAccountControl attribute
>> on an account that is visible by my AD resource. I have
>> extended the AD schema and added the attribute, I do see
>> this attribute populated correctly when I view an AD
>> account. When I try to change this attribute I receive
>> the following error:
>>
>> I have tried changing the Resource definition to make
>> this attribute, string, int, long, base64Binary all with
>> the same result. What am I missing to make this attribute
>> modifiable within midPoint?
>>
>>
>>
>>
>>
>> ConnectorServer.exe Error: 0 : Exception :
>>
>> Type: System.InvalidCastException
>>
>> Message: Specified cast is not valid.
>>
>> Source: FrameworkInternal
>>
>> Stacktrace:
>>
>> at
>> Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
>> oclass, UpdateType type, DirectoryEntry directoryEntry,
>> ConnectorAttribute attribute)
>>
>> in
>> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
>> 667
>>
>> at
>> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
>> oclass, DirectoryEntry directoryEntry, ICollection`1
>> attributes, UpdateType type, ActiveDirectoryConfiguration
>> config)
>>
>> in
>> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
>> 258
>>
>> at
>> Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
>> type, ObjectClass oclass, ICollection`1 attributes,
>> OperationOptions options)
>>
>> in
>> d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
>> 1091
>>
>> at
>> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
>> objectClass, Uid uid, ICollection`1 valuesToAdd,
>> OperationOptions options)
>>
>> in
>> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
>> 1712
>>
>> at
>> Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
>> proxy, MethodInfo method, Object[] args)
>>
>> in
>> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
>> 247
>>
>> at ___proxy1.AddAttributeValues(ObjectClass , Uid ,
>> ICollection`1 , OperationOptions )
>>
>> at
>> Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
>> proxy, MethodInfo method, Object[] args)
>>
>> in
>> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
>> 1344
>>
>> at ___proxy1.AddAttributeValues(ObjectClass , Uid ,
>> ICollection`1 , OperationOptions )
>>
>> at
>> Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
>> request)
>>
>> in
>> c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
>> 626
>>
>>
>>
>> Thank you,
>>
>> Pat
>>
>>
>>
>> _______________________________________________
>>
>> midPoint mailing list
>>
>> midPoint at lists.evolveum.com
>> <mailto:midPoint at lists.evolveum.com>
>>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>
>>
>>
>>
>> --
>>
>> Ing. Ivan Noris
>>
>> Senior Identity Management Engineer & IDM Architect
>>
>> evolveum.com
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=>
>> evolveum.com/blog/
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=>
>>
>> ___________________________________________________
>>
>> "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=>
>>
>>
>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and
>> may contain information that is privileged. You should not
>> retain, copy or use this e-mail or any attachments for any
>> purpose, or disclose all or any part of the contents to any
>> person. Any views or opinions expressed in this e-mail are those
>> of the author and do not represent those of the Baptist School of
>> Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any
>> review, dissemination, distribution or copying of this
>> communication is prohibited by the sender and to do so might
>> constitute a violation of the Electronic Communications Privacy
>> Act, 18 U.S.C. section 2510-2521. Please immediately notify the
>> sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160323/090b709a/attachment.htm>
More information about the midPoint
mailing list