[midPoint] custom name in resource

Jan Kaspar Caspi at seznam.cz
Mon Dec 18 05:29:20 CET 2017


Hi all,



I have a questions about admin accounts. I have a user populated from HR 
system to MidPoint and to AD.




I would liket o to create for him admin account on some unix systems. 
Basicaly it works with __NAME__.




i need to change his logon name in unix, because of naming convention for 
admin accounts. It have to be in 

format admin.lastname.




I tryed to build short script:





        $oldName = name.toString()

        $adminPrefix = "admin"

        $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)

        $outName = $adminPrefix + '.' + $adminName

        return $outName  





It return correct values but during provisioning i get error:





  Add object failed
  
 (http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-downloadXml)
  
 

 
 Operation
 Add object (Ucf)
 Message
 Add object failed
 Parameters
 
 
 additionalOperations	[[ ]]	
 resourceObject	[shadow:null(null)]	
 
 
 
 
 
 
 
 
   Create (Icf)
   
  (http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-downloadXml)
   
  
 
  
  Operation
  Create (Icf)
  Parameters
  
  
  objectClass	[ObjectClass: __ACCOUNT__]	
  options	[OperationOptions: {}]	
  attributes	[Attribute: {Name=uid, Value=[16]}, Attribute: {Name=__PASSWORD
  __, Value=[org.identityconnectors.common.security.GuardedString at e71c9d
  98]}, Attribute: {Name=homeDir, Value=[/home/admin.wright]}, Attribute: 
  {Name=shell, Value=[/bin/bash]}, Attribute: {Name=__NAME__, Value=[admin.
  wright]}, Attribute: {Name=comment, Value=[Hector Wright]}, Attribute: 
  {Name=__ENABLE__, Value=[true]}]	
  auxiliaryObjectClasses	[]	
  
  Context
  
  
  connector	[class org.identityconnectors.framework.impl.api.local.
  LocalConnectorFacadeImpl]	
  
  Error
  show
  java.lang.NullPointerException
  
  
 
 
 
 
 















     <objectType id="2">

         <kind>account</kind>

         <displayName>Normal Account</displayName>

         <default>true</default>

         <objectClass>ri:AccountObjectClass</objectClass>

         <attribute id="4">

            <c:ref>icfs:name</c:ref>

            <displayName>Distinguished Name</displayName>

            <limitations>

               <minOccurs>0</minOccurs>

               <access>

                  <read>true</read>

                  <add>true</add>

                  <modify>true</modify>

               </access>

            </limitations>

            <tolerant>false</tolerant>

            <exclusiveStrong>false</exclusiveStrong>

            <outbound>

               <authoritative>false</authoritative>

               <exclusive>false</exclusive>

               <strength>normal</strength>

               <source>

                  <c:path>$user/name</c:path>

               </source>

               <expression>

                  <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"

                          xsi:type="c:ScriptExpressionEvaluatorType">

                     <code>

        $oldName = name.toString()

        $adminPrefix = "admin"

        $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)

        $outName = $adminPrefix + '.' + $adminName

        return $outName  

    </code>

                  </script>

               </expression>

            </outbound>

         </attribute>

         <attribute id="5">

            <c:ref>icfs:uid</c:ref>

            <displayName>Entry UUID</displayName>

            <limitations>

               <access>

                  <read>true</read>

                  <add>false</add>

                  <modify>true</modify>

               </access>

            </limitations>

         </attribute>

         <attribute id="6">

            <c:ref>ri:comment</c:ref>

            <displayName>Comment</displayName>

            <tolerant>false</tolerant>

            <exclusiveStrong>false</exclusiveStrong>

            <outbound>

               <source>

                  <c:path>fullName</c:path>

               </source>

            </outbound>

         </attribute>

         <attribute id="7">

            <c:ref>ri:homeDir</c:ref>

            <displayName>Home directory</displayName>

            <tolerant>false</tolerant>

            <exclusiveStrong>false</exclusiveStrong>

            <outbound>

               <authoritative>false</authoritative>

               <exclusive>false</exclusive>

               <strength>normal</strength>

               <source>

                  <c:path>name</c:path>

               </source>

               <expression>

                  <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"

                          xsi:type="c:ScriptExpressionEvaluatorType">

                     <code>

        $oldName = name.toString()

        $adminPrefix = "admin"

        $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)

        return '/home/' + $adminPrefix + '.' + $adminName   

    </code>

                  </script>

               </expression>

            </outbound>

         </attribute>

         <attribute id="8">

            <c:ref>ri:uid</c:ref>

            <displayName>Unix UID</displayName>

            <outbound>

               <source>

                  <c:path>employeeNumber</c:path>

               </source>

            </outbound>

         </attribute>

         <attribute id="9">

            <c:ref>ri:shell</c:ref>

            <displayName>Shell</displayName>

            <outbound>

               <expression>

                  <value>/bin/bash</value>

               </expression>

            </outbound>

         </attribute>

         <association id="10">

            <c:ref>ri:unixGroup</c:ref>

            <displayName>LDAP Group Membership</displayName>

            <kind>entitlement</kind>

            <intent>unixGroup</intent>

            <direction>subjectToObject</direction>

            <associationAttribute>ri:groups</associationAttribute>

            <valueAttribute>icfs:name</valueAttribute>

         </association>

         <protected>

            <icfs:name>midpoint</icfs:name>

         </protected>

         <protected>

            <icfs:name>root</icfs:name>

         </protected>

         <activation>

            <administrativeStatus>

               <outbound id="11">

                  <expression>

                     <asIs xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"

                           xsi:type="c:AsIsExpressionEvaluatorType"/>

                  </expression>

               </outbound>

            </administrativeStatus>

         </activation>

         <credentials>

            <password xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                      xsi:type="c:ResourcePasswordDefinitionType">

               <outbound>

                  <expression>

                     <asIs xsi:type="c:AsIsExpressionEvaluatorType"/>

                  </expression>

               </outbound>

            </password>

         </credentials>

      </objectType>





Following question is if i am able to create two accounts to one resource. 
Reason is the same. User has his personall account and also admin account.

it will be driven by assigned role. 




Thanks 




Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171218/b67841cf/attachment.htm>


More information about the midPoint mailing list