[midPoint] Push out existing password to newly added resource
Pálos Gustáv
gustav.palos at evolveum.com
Wed Mar 1 23:43:30 CET 2017
Hi Peter,
you can do this over bulk task, next sample send password for all users who
has an account in resource with mentioned resourceOid
<?xml version="1.0" encoding="UTF-8"?>
<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
connector/icf-1/resource-schema-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
<task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
<name>Replace passwords on Resource - all users</name>
<extension>
<scext:executeScript xmlns:scext="http://midpoint.
evolveum.com/xml/ns/public/model/scripting/extension-3">
<s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
model/scripting-3">
<s:type>c:UserType</s:type>
<s:action>
<s:type>execute-script</s:type>
<s:parameter>
<s:name>script</s:name>
<c:value xsi:type="c:ScriptExpressionEvaluatorType" xmlns:c="
http://midpoint.evolveum.com/xml/ns/public/common/common-3">
<c:code>
import com.evolveum.midpoint.prism.delta.builder.*
import com.evolveum.midpoint.xml.ns._
public.common.common_3.*
import com.evolveum.prism.xml.ns._public.types_3.*
def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0aad5273b'
// resource OID where you need to send pwd
def prismContext = midpoint.getPrismContext()
log.info('Processing user: {}', input)
input.linkRef
.findAll { midpoint.resolveReference(it)?.resourceRef.oid
== resourceOid }
.each {
log.info(' - Processing shadow: {}', it)
def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
.item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
PasswordType.F_VALUE)
.replace(input.credentials.password.value)
.asObjectDelta(it.oid)
log.info(' - delta: {}', delta.debugDump())
midpoint.modifyObject(delta, null)
}
</c:code>
</c:value>
</s:parameter>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002" />
<executionStatus>suspended</executionStatus>
<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/
model/scripting/handler-3</handlerUri>
<recurrence>single</recurrence>
</task>
</objects>
Gustav
> 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>
>> Hi All,
>> I currently have midpoint set up to manage one resource with the resource
>> shadows linked to a midpoint account for a number of users.
>>
>> I am wondering how I can trigger an outbound password sync down to a
>> second resource I just added.
>> The new resource accounts have been linking automatically to the midpoint
>> accounts.
>>
>> I am pretty sure that if I set a new password or re-set the same password
>> it will get pushed down into the linked accounts in the new resource but, I
>> need to do this for ~50 accounts and would like a better way to do this in
>> bulk and without having to do a lot of custom scripting.
>>
>> What is the best mechanism to force a user's current password down to a
>> new resource?
>>
>> Thanks,
>> Peter
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170301/2ac87926/attachment.htm>
More information about the midPoint
mailing list