[midPoint] custom name in resource
Jan Kaspar
Caspi at seznam.cz
Thu Dec 21 11:59:54 CET 2017
Hi Ivan,
thank you for your answer. Intent works like a charm. exactly as it is described.
Probably there will be another issue with password. Because now I understand that admin
account and personal account will have both same password. That have to be solved as a next step.
Second problem was solved by restarting of Tomcat. Then it started work.<br>
So thank you now help.
Regards
Jan<br>
> Hi,
>
> first of all, to have more than one accounts for the same user on the
> same resource, you need to use multiple intents. One intent will be for
> standard accounts and the other one (e.g. named "admin") will be for
> admin accounts. All intents need to have separate schema handling
> configuration, in the same resouce. This also implies that the naming
> conventions must be different.
>
> You can start with
> <a href='https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass'>https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass</a>
>
> I can't find a sample with configuration of two account intents right
> now, but I'm sure there is something. We are also teaching this during
> the midPoint training.
>
> Regarding the NPE you should post information from idm.log with the
> stack trace to the list.
>
> Best regards,
>
> Ivan
On 18.12.2017 05:29, Jan Kaspar wrote:
><i> Hi all,
</i>><i>
</i>><i> I have a questions about admin accounts. I have a user populated from
</i>><i> HR system to MidPoint and to AD.
</i>><i>
</i>><i> I would liket o to create for him admin account on some unix systems.
</i>><i> Basicaly it works with __NAME__.
</i>><i>
</i>><i> i need to change his logon name in unix, because of naming convention
</i>><i> for admin accounts. It have to be in
</i>><i> format admin.lastname.
</i>><i>
</i>><i> I tryed to build short script:
</i>><i>
</i>><i> $oldName = name.toString()
</i>><i> $adminPrefix = "admin"
</i>><i> $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
</i>><i> $outName = $adminPrefix + '.' + $adminName
</i>><i> return $outName
</i>><i>
</i>><i> It return correct values but during provisioning i get error:
</i>><i>
</i>><i> Add object failed
</i>><i> <<a href='http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-downloadXml'>http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-downloadXml</a>>
</i>><i>
</i>><i> Operation
</i>><i> Add object (Ucf)
</i>><i> Message
</i>><i> Add object failed
</i>><i> Parameters
</i>><i> additionalOperations [[ ]]
</i>><i> resourceObject [shadow:null(null)]
</i>><i>
</i>><i>
</i>><i> Create (Icf)
</i>><i> <<a href='http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-downloadXml'>http://192.168.2.103:8080/midpoint/admin/user/265b6984-20de-4698-be59-e00b7f1e1ab0?45-1.ILinkListener-feedbackContainer-feedback-list-0-message-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-1-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-details-type-subresults-2-subresult-detailsBox-details-type-subresults-0-subresult-detailsBox-downloadXml</a>>
</i>><i>
</i>><i> Operation
</i>><i> Create (Icf)
</i>><i> Parameters
</i>><i> objectClass [ObjectClass: __ACCOUNT__]
</i>><i> options [OperationOptions: {}]
</i>><i> attributes [Attribute: {Name=uid, Value=[16]}, Attribute:
</i>><i> {Name=__PASSWORD__,
</i>><i> Value=[<a href='http://lists.evolveum.com/mailman/listinfo/midpoint'>org.identityconnectors.common.security.GuardedString at e71c9d98</a>]},
</i>><i> Attribute: {Name=homeDir, Value=[/home/admin.wright]}, Attribute:
</i>><i> {Name=shell, Value=[/bin/bash]}, Attribute: {Name=__NAME__,
</i>><i> Value=[admin.wright]}, Attribute: {Name=comment, Value=[Hector
</i>><i> Wright]}, Attribute: {Name=__ENABLE__, Value=[true]}]
</i>><i> auxiliaryObjectClasses []
</i>><i>
</i>><i> Context
</i>><i> connector [class
</i>><i> org.identityconnectors.framework.impl.api.local.LocalConnectorFacadeImpl]
</i>><i>
</i>><i>
</i>><i> Error
</i>><i>
</i>><i> show
</i>><i> java.lang.NullPointerException
</i>><i>
</i>><i>
</i>><i>
</i>><i>
</i>><i>
</i>><i> <objectType id="2">
</i>><i> <kind>account</kind>
</i>><i> <displayName>Normal Account</displayName>
</i>><i> <default>true</default>
</i>><i> <objectClass>ri:AccountObjectClass</objectClass>
</i>><i> <attribute id="4">
</i>><i> <c:ref>icfs:name</c:ref>
</i>><i> <displayName>Distinguished Name</displayName>
</i>><i> <limitations>
</i>><i> <minOccurs>0</minOccurs>
</i>><i> <access>
</i>><i> <read>true</read>
</i>><i> <add>true</add>
</i>><i> <modify>true</modify>
</i>><i> </access>
</i>><i> </limitations>
</i>><i> <tolerant>false</tolerant>
</i>><i> <exclusiveStrong>false</exclusiveStrong>
</i>><i> <outbound>
</i>><i> <authoritative>false</authoritative>
</i>><i> <exclusive>false</exclusive>
</i>><i> <strength>normal</strength>
</i>><i> <source>
</i>><i> <c:path>$user/name</c:path>
</i>><i> </source>
</i>><i> <expression>
</i>><i> <script
</i>><i> xmlns:xsi="<a href='http://www.w3.org/2001/XMLSchema-instance'>http://www.w3.org/2001/XMLSchema-instance</a>"
</i>><i> xsi:type="c:ScriptExpressionEvaluatorType">
</i>><i> <code>
</i>><i> $oldName = name.toString()
</i>><i> $adminPrefix = "admin"
</i>><i> $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
</i>><i> $outName = $adminPrefix + '.' + $adminName
</i>><i> return $outName
</i>><i> </code>
</i>><i> </script>
</i>><i> </expression>
</i>><i> </outbound>
</i>><i> </attribute>
</i>><i> <attribute id="5">
</i>><i> <c:ref>icfs:uid</c:ref>
</i>><i> <displayName>Entry UUID</displayName>
</i>><i> <limitations>
</i>><i> <access>
</i>><i> <read>true</read>
</i>><i> <add>false</add>
</i>><i> <modify>true</modify>
</i>><i> </access>
</i>><i> </limitations>
</i>><i> </attribute>
</i>><i> <attribute id="6">
</i>><i> <c:ref>ri:comment</c:ref>
</i>><i> <displayName>Comment</displayName>
</i>><i> <tolerant>false</tolerant>
</i>><i> <exclusiveStrong>false</exclusiveStrong>
</i>><i> <outbound>
</i>><i> <source>
</i>><i> <c:path>fullName</c:path>
</i>><i> </source>
</i>><i> </outbound>
</i>><i> </attribute>
</i>><i> <attribute id="7">
</i>><i> <c:ref>ri:homeDir</c:ref>
</i>><i> <displayName>Home directory</displayName>
</i>><i> <tolerant>false</tolerant>
</i>><i> <exclusiveStrong>false</exclusiveStrong>
</i>><i> <outbound>
</i>><i> <authoritative>false</authoritative>
</i>><i> <exclusive>false</exclusive>
</i>><i> <strength>normal</strength>
</i>><i> <source>
</i>><i> <c:path>name</c:path>
</i>><i> </source>
</i>><i> <expression>
</i>><i> <script
</i>><i> xmlns:xsi="<a href='http://www.w3.org/2001/XMLSchema-instance'>http://www.w3.org/2001/XMLSchema-instance</a>"
</i>><i> xsi:type="c:ScriptExpressionEvaluatorType">
</i>><i> <code>
</i>><i> $oldName = name.toString()
</i>><i> $adminPrefix = "admin"
</i>><i> $adminName = $oldName.substring($oldName.lastIndexOf(".")+1)
</i>><i> return '/home/' + $adminPrefix + '.' + $adminName
</i>><i> </code>
</i>><i> </script>
</i>><i> </expression>
</i>><i> </outbound>
</i>><i> </attribute>
</i>><i> <attribute id="8">
</i>><i> <c:ref>ri:uid</c:ref>
</i>><i> <displayName>Unix UID</displayName>
</i>><i> <outbound>
</i>><i> <source>
</i>><i> <c:path>employeeNumber</c:path>
</i>><i> </source>
</i>><i> </outbound>
</i>><i> </attribute>
</i>><i> <attribute id="9">
</i>><i> <c:ref>ri:shell</c:ref>
</i>><i> <displayName>Shell</displayName>
</i>><i> <outbound>
</i>><i> <expression>
</i>><i> <value>/bin/bash</value>
</i>><i> </expression>
</i>><i> </outbound>
</i>><i> </attribute>
</i>><i> <association id="10">
</i>><i> <c:ref>ri:unixGroup</c:ref>
</i>><i> <displayName>LDAP Group Membership</displayName>
</i>><i> <kind>entitlement</kind>
</i>><i> <intent>unixGroup</intent>
</i>><i> <direction>subjectToObject</direction>
</i>><i> <associationAttribute>ri:groups</associationAttribute>
</i>><i> <valueAttribute>icfs:name</valueAttribute>
</i>><i> </association>
</i>><i> <protected>
</i>><i> <icfs:name>midpoint</icfs:name>
</i>><i> </protected>
</i>><i> <protected>
</i>><i> <icfs:name>root</icfs:name>
</i>><i> </protected>
</i>><i> <activation>
</i>><i> <administrativeStatus>
</i>><i> <outbound id="11">
</i>><i> <expression>
</i>><i> <asIs
</i>><i> xmlns:xsi="<a href='http://www.w3.org/2001/XMLSchema-instance'>http://www.w3.org/2001/XMLSchema-instance</a>"
</i>><i> xsi:type="c:AsIsExpressionEvaluatorType"/>
</i>><i> </expression>
</i>><i> </outbound>
</i>><i> </administrativeStatus>
</i>><i> </activation>
</i>><i> <credentials>
</i>><i> <password
</i>><i> xmlns:xsi="<a href='http://www.w3.org/2001/XMLSchema-instance'>http://www.w3.org/2001/XMLSchema-instance</a>"
</i>><i> xsi:type="c:ResourcePasswordDefinitionType">
</i>><i> <outbound>
</i>><i> <expression>
</i>><i> <asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
</i>><i> </expression>
</i>><i> </outbound>
</i>><i> </password>
</i>><i> </credentials>
</i>><i> </objectType>
</i>><i>
</i>><i> Following question is if i am able to create two accounts to one
</i>><i> resource. Reason is the same. User has his personall account and also
</i>><i> admin account.
</i>><i> it will be driven by assigned role.
</i>><i>
</i>><i> Thanks
</i>><i>
</i>><i> Jan</i>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171221/d834bb1b/attachment.htm>
More information about the midPoint
mailing list