[midPoint] Push out existing password to newly added resource

Pálos Gustáv gustav.palos at evolveum.com
Thu Mar 2 16:38:01 CET 2017 

Hi Peter,

what is your's MP version where you try to import?
I tried it in 3.5 and it is working for me as I sent to you.
execute-script feature is supported from MP v. 3.4.1:
https://wiki.evolveum.com/display/midPoint/Bulk+actions

Do you try also over MP GUI Configuration-->Import objects?

Best regards,

Gustav


2017-03-02 16:12 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:

> Hi Gustav,
> Thanks so much for your reply!
> I have another question though, I am very new to midpoint and am having
> trouble running your example. When I paste it into bulk actions I get:
> Provided text is not a bulk action object. An instance of {scripting-3}ScriptingExpressionType
> is expected; you have provided class com.evolveum.prism.xml.ns._public.types_3.RawType
> instead.
>
> It then occurred to me that since you've given me a whole xml object this
> is probably intended me to use an API call, so I tried this after changing
> to OID to my resource:
>
> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> -X POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
> @example.xml
>
> But I get:
> * Server auth using Basic with user 'administrator'
> > POST /midpoint/model/rest/tasks HTTP/1.1
> > User-Agent: curl/7.47.0
> > Accept: */*
> > Content-Type: application/xml
> > Content-Length: 2494
> > Expect: 100-continue
> >
> < HTTP/1.1 100 Continue
> * We are completely uploaded and fine
> < HTTP/1.1 500
> < Date: Thu, 02 Mar 2017 14:32:43 GMT
> < Server: Apache/2.4.25 (Debian)
> [..omitted..]
>
> <div>Unexpected error occurred, if necessary please contact system
> administrator.</div>
> </p>
>
> [..omitted..]
>
> Based on https://wiki.evolveum.com/display/midPoint/REST+API I also tried
> /ws/as the path instead
>
> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> -X POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d @example.xml
>
> But got the same 500 error
>
> How should I use this, "tasks" is the correct endpoint for this type of
> object correct?
>
>
>
> On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
> wrote:
>
>> Send midPoint mailing list submissions to
>>         midpoint at lists.evolveum.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> or, via email, send a message with subject or body 'help' to
>>         midpoint-request at lists.evolveum.com
>>
>> You can reach the person managing the list at
>>         midpoint-owner at lists.evolveum.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of midPoint digest..."
>>
>>
>> Today's Topics:
>>
>>    1.  Push out existing password to newly added resource (Peter Healy)
>>    2. Re: Push out existing password to newly added resource
>>       (Pálos Gustáv)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Wed, 1 Mar 2017 16:43:27 -0500
>> From: Peter Healy <phealy3330 at gmail.com>
>> To: midpoint at lists.evolveum.com
>> Subject: [midPoint]  Push out existing password to newly added
>>         resource
>> Message-ID:
>>         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.gm
>> ail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hi All,
>> I currently have midpoint set up to manage one resource with the resource
>> shadows linked to a midpoint account for a number of users.
>>
>> I am wondering how I can trigger an outbound password sync down to a
>> second
>> resource I just added.
>> The new resource accounts have been linking automatically to the midpoint
>> accounts.
>>
>> I am pretty sure that if I set a new password or re-set the same password
>> it will get pushed down into the linked accounts in the new resource but,
>> I
>> need to do this for ~50 accounts and would like a better way to do this in
>> bulk and without having to do a lot of custom scripting.
>>
>> What is the best mechanism to force a user's current  password down to a
>> new resource?
>>
>> Thanks,
>> Peter
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> 20170301/66d2828a/attachment-0001.html>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Wed, 1 Mar 2017 23:43:30 +0100
>> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> Subject: Re: [midPoint] Push out existing password to newly added
>>         resource
>> Message-ID:
>>         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.gm
>> ail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>>
>> Hi Peter,
>>
>> you can do this over bulk task, next sample send password for all users
>> who
>> has an account in resource with mentioned resourceOid
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/
>> common-3"
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
>> http://prism.evolveum.com/xml/ns/public/types-3"
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
>> connector/icf-1/resource-schema-3"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
>>
>>
>> <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
>> <name>Replace passwords on Resource - all users</name>
>> <extension>
>> <scext:executeScript xmlns:scext="http://midpoint.
>> evolveum.com/xml/ns/public/model/scripting/extension-3">
>> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
>> model/scripting-3">
>> <s:type>c:UserType</s:type>
>> <s:action>
>> <s:type>execute-script</s:type>
>>  <s:parameter>
>>             <s:name>script</s:name>
>>             <c:value xsi:type="c:ScriptExpressionEvaluatorType" xmlns:c="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>>                 <c:code>
>>                  import com.evolveum.midpoint.prism.delta.builder.*
>>                  import com.evolveum.midpoint.xml.ns._
>> public.common.common_3.*
>>                  import com.evolveum.prism.xml.ns._public.types_3.*
>>
>>                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0aad5273b'
>> // resource OID where you need to send pwd
>>                  def prismContext = midpoint.getPrismContext()
>>
>>                  log.info('Processing user: {}', input)
>>                  input.linkRef
>>                      .findAll { midpoint.resolveReference(it)?
>> .resourceRef.oid
>> == resourceOid }
>>                      .each {
>>        log.info(' - Processing shadow: {}', it)
>>        def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
>>         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
>> PasswordType.F_VALUE)
>>         .replace(input.credentials.password.value)
>>         .asObjectDelta(it.oid)
>>        log.info(' - delta: {}', delta.debugDump())
>>        midpoint.modifyObject(delta, null)
>>                      }
>>                 </c:code>
>>             </c:value>
>>         </s:parameter>
>> </s:action>
>> </s:search>
>> </scext:executeScript>
>> </extension>
>> <ownerRef oid="00000000-0000-0000-0000-000000000002" />
>> <executionStatus>suspended</executionStatus>
>>
>> <category>BulkActions</category>
>> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
>> model/scripting/handler-3</handlerUri>
>> <recurrence>single</recurrence>
>> </task>
>>
>> </objects>
>>
>> Gustav
>>
>>
>>
>> > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >
>> >> Hi All,
>> >> I currently have midpoint set up to manage one resource with the
>> resource
>> >> shadows linked to a midpoint account for a number of users.
>> >>
>> >> I am wondering how I can trigger an outbound password sync down to a
>> >> second resource I just added.
>> >> The new resource accounts have been linking automatically to the
>> midpoint
>> >> accounts.
>> >>
>> >> I am pretty sure that if I set a new password or re-set the same
>> password
>> >> it will get pushed down into the linked accounts in the new resource
>> but, I
>> >> need to do this for ~50 accounts and would like a better way to do
>> this in
>> >> bulk and without having to do a lot of custom scripting.
>> >>
>> >> What is the best mechanism to force a user's current  password down to
>> a
>> >> new resource?
>> >>
>> >> Thanks,
>> >> Peter
>> >>
>> >> _______________________________________________
>> >> midPoint mailing list
>> >> midPoint at lists.evolveum.com
>> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >>
>> >>
>> >
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> 20170301/2ac87926/attachment-0001.html>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> ------------------------------
>>
>> End of midPoint Digest, Vol 59, Issue 10
>> ****************************************
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170302/e42d7d52/attachment.htm>

More information about the midPoint mailing list