[midPoint] Push out existing password to newly added resource

Peter Healy phealy3330 at gmail.com
Thu Mar 2 16:12:23 CET 2017


Hi Gustav,
Thanks so much for your reply!
I have another question though, I am very new to midpoint and am having
trouble running your example. When I paste it into bulk actions I get:
Provided text is not a bulk action object. An instance of
{scripting-3}ScriptingExpressionType is expected; you have provided class
com.evolveum.prism.xml.ns._public.types_3.RawType instead.

It then occurred to me that since you've given me a whole xml object this
is probably intended me to use an API call, so I tried this after changing
to OID to my resource:

curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml" -X
POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d @example.xml

But I get:
* Server auth using Basic with user 'administrator'
> POST /midpoint/model/rest/tasks HTTP/1.1
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: application/xml
> Content-Length: 2494
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 500
< Date: Thu, 02 Mar 2017 14:32:43 GMT
< Server: Apache/2.4.25 (Debian)
[..omitted..]

<div>Unexpected error occurred, if necessary please contact system
administrator.</div>
</p>

[..omitted..]

Based on https://wiki.evolveum.com/display/midPoint/REST+API I also tried
/ws/as the path instead

curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml" -X
POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d @example.xml

But got the same 500 error

How should I use this, "tasks" is the correct endpoint for this type of
object correct?



On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com> wrote:

> Send midPoint mailing list submissions to
>         midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
>         midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
>         midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1.  Push out existing password to newly added resource (Peter Healy)
>    2. Re: Push out existing password to newly added resource
>       (Pálos Gustáv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 1 Mar 2017 16:43:27 -0500
> From: Peter Healy <phealy3330 at gmail.com>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint]  Push out existing password to newly added
>         resource
> Message-ID:
>         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi All,
> I currently have midpoint set up to manage one resource with the resource
> shadows linked to a midpoint account for a number of users.
>
> I am wondering how I can trigger an outbound password sync down to a second
> resource I just added.
> The new resource accounts have been linking automatically to the midpoint
> accounts.
>
> I am pretty sure that if I set a new password or re-set the same password
> it will get pushed down into the linked accounts in the new resource but, I
> need to do this for ~50 accounts and would like a better way to do this in
> bulk and without having to do a lot of custom scripting.
>
> What is the best mechanism to force a user's current  password down to a
> new resource?
>
> Thanks,
> Peter
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170301/66d2828a/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 1 Mar 2017 23:43:30 +0100
> From: Pálos Gustáv <gustav.palos at evolveum.com>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Push out existing password to newly added
>         resource
> Message-ID:
>         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Peter,
>
> you can do this over bulk task, next sample send password for all users who
> has an account in resource with mentioned resourceOid
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
> "
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
> http://prism.evolveum.com/xml/ns/public/types-3"
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
> connector/icf-1/resource-schema-3"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
>
>
> <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
> <name>Replace passwords on Resource - all users</name>
> <extension>
> <scext:executeScript xmlns:scext="http://midpoint.
> evolveum.com/xml/ns/public/model/scripting/extension-3">
> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
> model/scripting-3">
> <s:type>c:UserType</s:type>
> <s:action>
> <s:type>execute-script</s:type>
>  <s:parameter>
>             <s:name>script</s:name>
>             <c:value xsi:type="c:ScriptExpressionEvaluatorType" xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>                 <c:code>
>                  import com.evolveum.midpoint.prism.delta.builder.*
>                  import com.evolveum.midpoint.xml.ns._
> public.common.common_3.*
>                  import com.evolveum.prism.xml.ns._public.types_3.*
>
>                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0aad5273b'
> // resource OID where you need to send pwd
>                  def prismContext = midpoint.getPrismContext()
>
>                  log.info('Processing user: {}', input)
>                  input.linkRef
>                      .findAll { midpoint.resolveReference(it)?
> .resourceRef.oid
> == resourceOid }
>                      .each {
>        log.info(' - Processing shadow: {}', it)
>        def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
> PasswordType.F_VALUE)
>         .replace(input.credentials.password.value)
>         .asObjectDelta(it.oid)
>        log.info(' - delta: {}', delta.debugDump())
>        midpoint.modifyObject(delta, null)
>                      }
>                 </c:code>
>             </c:value>
>         </s:parameter>
> </s:action>
> </s:search>
> </scext:executeScript>
> </extension>
> <ownerRef oid="00000000-0000-0000-0000-000000000002" />
> <executionStatus>suspended</executionStatus>
>
> <category>BulkActions</category>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> model/scripting/handler-3</handlerUri>
> <recurrence>single</recurrence>
> </task>
>
> </objects>
>
> Gustav
>
>
>
> > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> >
> >> Hi All,
> >> I currently have midpoint set up to manage one resource with the
> resource
> >> shadows linked to a midpoint account for a number of users.
> >>
> >> I am wondering how I can trigger an outbound password sync down to a
> >> second resource I just added.
> >> The new resource accounts have been linking automatically to the
> midpoint
> >> accounts.
> >>
> >> I am pretty sure that if I set a new password or re-set the same
> password
> >> it will get pushed down into the linked accounts in the new resource
> but, I
> >> need to do this for ~50 accounts and would like a better way to do this
> in
> >> bulk and without having to do a lot of custom scripting.
> >>
> >> What is the best mechanism to force a user's current  password down to a
> >> new resource?
> >>
> >> Thanks,
> >> Peter
> >>
> >> _______________________________________________
> >> midPoint mailing list
> >> midPoint at lists.evolveum.com
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
> >>
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170301/2ac87926/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 59, Issue 10
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170302/de826b0b/attachment.htm>


More information about the midPoint mailing list