[midPoint] custom name in resource
Jan Kaspar
Caspi at seznam.cz
Mon Dec 18 05:29:20 CET 2017
Hi all,
I have a questions about admin accounts. I have a user populated from HR
system to MidPoint and to AD.
I would liket o to create for him admin account on some unix systems.
Basicaly it works with __NAME__.
i need to change his logon name in unix, because of naming convention for
admin accounts. It have to be in
format admin.lastname.
I tryed to build short script:
$oldName = name.toString()
$adminPrefix = "admin"
$adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
$outName = $adminPrefix + '.' + $adminName
return $outName
It return correct values but during provisioning i get error:
Add object failed
(http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-downloadXml)
Operation
Add object (Ucf)
Message
Add object failed
Parameters
additionalOperations [[ ]]
resourceObject [shadow:null(null)]
Create (Icf)
(http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-downloadXml)
Operation
Create (Icf)
Parameters
objectClass [ObjectClass: __ACCOUNT__]
options [OperationOptions: {}]
attributes [Attribute: {Name=uid, Value=[16]}, Attribute: {Name=__PASSWORD
__, Value=[org.identityconnectors.common.security.GuardedString at e71c9d
98]}, Attribute: {Name=homeDir, Value=[/home/admin.wright]}, Attribute:
{Name=shell, Value=[/bin/bash]}, Attribute: {Name=__NAME__, Value=[admin.
wright]}, Attribute: {Name=comment, Value=[Hector Wright]}, Attribute:
{Name=__ENABLE__, Value=[true]}]
auxiliaryObjectClasses []
Context
connector [class org.identityconnectors.framework.impl.api.local.
LocalConnectorFacadeImpl]
Error
show
java.lang.NullPointerException
<objectType id="2">
<kind>account</kind>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute id="4">
<c:ref>icfs:name</c:ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$user/name</c:path>
</source>
<expression>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
$oldName = name.toString()
$adminPrefix = "admin"
$adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
$outName = $adminPrefix + '.' + $adminName
return $outName
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="5">
<c:ref>icfs:uid</c:ref>
<displayName>Entry UUID</displayName>
<limitations>
<access>
<read>true</read>
<add>false</add>
<modify>true</modify>
</access>
</limitations>
</attribute>
<attribute id="6">
<c:ref>ri:comment</c:ref>
<displayName>Comment</displayName>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<source>
<c:path>fullName</c:path>
</source>
</outbound>
</attribute>
<attribute id="7">
<c:ref>ri:homeDir</c:ref>
<displayName>Home directory</displayName>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>name</c:path>
</source>
<expression>
<script xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
$oldName = name.toString()
$adminPrefix = "admin"
$adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
return '/home/' + $adminPrefix + '.' + $adminName
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="8">
<c:ref>ri:uid</c:ref>
<displayName>Unix UID</displayName>
<outbound>
<source>
<c:path>employeeNumber</c:path>
</source>
</outbound>
</attribute>
<attribute id="9">
<c:ref>ri:shell</c:ref>
<displayName>Shell</displayName>
<outbound>
<expression>
<value>/bin/bash</value>
</expression>
</outbound>
</attribute>
<association id="10">
<c:ref>ri:unixGroup</c:ref>
<displayName>LDAP Group Membership</displayName>
<kind>entitlement</kind>
<intent>unixGroup</intent>
<direction>subjectToObject</direction>
<associationAttribute>ri:groups</associationAttribute>
<valueAttribute>icfs:name</valueAttribute>
</association>
<protected>
<icfs:name>midpoint</icfs:name>
</protected>
<protected>
<icfs:name>root</icfs:name>
</protected>
<activation>
<administrativeStatus>
<outbound id="11">
<expression>
<asIs xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance"
xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</outbound>
</administrativeStatus>
</activation>
<credentials>
<password xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ResourcePasswordDefinitionType">
<outbound>
<expression>
<asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</outbound>
</password>
</credentials>
</objectType>
Following question is if i am able to create two accounts to one resource.
Reason is the same. User has his personall account and also admin account.
it will be driven by assigned role.
Thanks
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171218/b67841cf/attachment.htm>
More information about the midPoint
mailing list