[midPoint] Push out existing password to newly added resource

Wed Mar 1 23:43:30 CET 2017

Hi Peter,

you can do this over bulk task, next sample send password for all users who
has an account in resource with mentioned resourceOid

<?xml version="1.0" encoding="UTF-8"?>

<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
connector/icf-1/resource-schema-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >

<task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
<name>Replace passwords on Resource - all users</name>
<extension>
<scext:executeScript xmlns:scext="http://midpoint.
evolveum.com/xml/ns/public/model/scripting/extension-3">
<s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
model/scripting-3">
<s:type>c:UserType</s:type>
<s:action>
<s:type>execute-script</s:type>
 <s:parameter>
            <s:name>script</s:name>
            <c:value xsi:type="c:ScriptExpressionEvaluatorType" xmlns:c="
http://midpoint.evolveum.com/xml/ns/public/common/common-3">
                <c:code>
                 import com.evolveum.midpoint.prism.delta.builder.*
                 import com.evolveum.midpoint.xml.ns._
public.common.common_3.*
                 import com.evolveum.prism.xml.ns._public.types_3.*

                 def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0aad5273b'
// resource OID where you need to send pwd
                 def prismContext = midpoint.getPrismContext()

                 log.info('Processing user: {}', input)
                 input.linkRef
                     .findAll { midpoint.resolveReference(it)?.resourceRef.oid
== resourceOid }
                     .each {
       log.info(' - Processing shadow: {}', it)
       def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
        .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
PasswordType.F_VALUE)
        .replace(input.credentials.password.value)
        .asObjectDelta(it.oid)
       log.info(' - delta: {}', delta.debugDump())
       midpoint.modifyObject(delta, null)
                     }
                </c:code>
            </c:value>
        </s:parameter>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002" />
<executionStatus>suspended</executionStatus>

<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/
model/scripting/handler-3</handlerUri>
<recurrence>single</recurrence>
</task>

</objects>

Gustav

> 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>
>> Hi All,
>> I currently have midpoint set up to manage one resource with the resource
>> shadows linked to a midpoint account for a number of users.
>>
>> I am wondering how I can trigger an outbound password sync down to a
>> second resource I just added.
>> The new resource accounts have been linking automatically to the midpoint
>> accounts.
>>
>> I am pretty sure that if I set a new password or re-set the same password
>> it will get pushed down into the linked accounts in the new resource but, I
>> need to do this for ~50 accounts and would like a better way to do this in
>> bulk and without having to do a lot of custom scripting.
>>
>> What is the best mechanism to force a user's current  password down to a
>> new resource?
>>
>> Thanks,
>> Peter
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170301/2ac87926/attachment.htm>