[midPoint] Push out existing password to newly added resource
Peter Healy
phealy3330 at gmail.com
Thu Mar 2 18:32:59 CET 2017
Hi Gustav,
I have MP v 3.5
>From About:
Version 3.5
Git describe git-v3.5
Build at Wed, 21 Dec 2016 14:01:34 +0000
When I use the import objects GUI I get:
Operation Import objects (Model)
Message XML parsing error: Illegal processing instruction target ("xml");
xml (case insensitive) is reserved by the specs. at [row,col
{unknown-source}]: [2,5]
Parameters
options com.evolveum.midpoint.xml.ns._public.common.api_types_3.ImportOptionsType at 1f57ce1a
[overwrite=false,keepOid=false,stopAfterErrors=<null>,summarizeSucceses=true,summarizeErrors=true,referentialIntegrity=false,validateStaticSchema=false,validateDynamicSchema=false,encryptProtectedValues=true,fetchResourceSchema=false,keepMetadata=<null>]
Error Illegal processing instruction target ("xml"); xml (case insensitive)
is reserved by the specs. at [row,col {unknown-source}]: [2,5]
I took out the first line <?xml...> and got this error instead:
Schema violation: Item '{http://midpoint.
evolveum.com/xml/ns/public/model/scripting/extension-3}executeScript'
without definition can't be saved.
-Peter
On Thu, Mar 2, 2017 at 10:38 AM, <midpoint-request at lists.evolveum.com>
wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. Re: Push out existing password to newly added resource
> (Peter Healy)
> 2. Re: Push out existing password to newly added resource
> (Pálos Gustáv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 Mar 2017 10:12:23 -0500
> From: Peter Healy <phealy3330 at gmail.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Push out existing password to newly added
> resource
> Message-ID:
> <CADnbc=xxsVkzp4aeEn=EQTUjFFtUzsnmOHC6-zzthdJPoYTTGg at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Gustav,
> Thanks so much for your reply!
> I have another question though, I am very new to midpoint and am having
> trouble running your example. When I paste it into bulk actions I get:
> Provided text is not a bulk action object. An instance of
> {scripting-3}ScriptingExpressionType is expected; you have provided class
> com.evolveum.prism.xml.ns._public.types_3.RawType instead.
>
> It then occurred to me that since you've given me a whole xml object this
> is probably intended me to use an API call, so I tried this after changing
> to OID to my resource:
>
> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml" -X
> POST http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d @example.xml
>
> But I get:
> * Server auth using Basic with user 'administrator'
> > POST /midpoint/model/rest/tasks HTTP/1.1
> > User-Agent: curl/7.47.0
> > Accept: */*
> > Content-Type: application/xml
> > Content-Length: 2494
> > Expect: 100-continue
> >
> < HTTP/1.1 100 Continue
> * We are completely uploaded and fine
> < HTTP/1.1 500
> < Date: Thu, 02 Mar 2017 14:32:43 GMT
> < Server: Apache/2.4.25 (Debian)
> [..omitted..]
>
> <div>Unexpected error occurred, if necessary please contact system
> administrator.</div>
> </p>
>
> [..omitted..]
>
> Based on https://wiki.evolveum.com/display/midPoint/REST+API I also tried
> /ws/as the path instead
>
> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml" -X
> POST http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d @example.xml
>
> But got the same 500 error
>
> How should I use this, "tasks" is the correct endpoint for this type of
> object correct?
>
>
>
> On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
> wrote:
>
> > Send midPoint mailing list submissions to
> > midpoint at lists.evolveum.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> > or, via email, send a message with subject or body 'help' to
> > midpoint-request at lists.evolveum.com
> >
> > You can reach the person managing the list at
> > midpoint-owner at lists.evolveum.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of midPoint digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Push out existing password to newly added resource (Peter Healy)
> > 2. Re: Push out existing password to newly added resource
> > (Pálos Gustáv)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Wed, 1 Mar 2017 16:43:27 -0500
> > From: Peter Healy <phealy3330 at gmail.com>
> > To: midpoint at lists.evolveum.com
> > Subject: [midPoint] Push out existing password to newly added
> > resource
> > Message-ID:
> > <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.
> > gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi All,
> > I currently have midpoint set up to manage one resource with the resource
> > shadows linked to a midpoint account for a number of users.
> >
> > I am wondering how I can trigger an outbound password sync down to a
> second
> > resource I just added.
> > The new resource accounts have been linking automatically to the midpoint
> > accounts.
> >
> > I am pretty sure that if I set a new password or re-set the same password
> > it will get pushed down into the linked accounts in the new resource
> but, I
> > need to do this for ~50 accounts and would like a better way to do this
> in
> > bulk and without having to do a lot of custom scripting.
> >
> > What is the best mechanism to force a user's current password down to a
> > new resource?
> >
> > Thanks,
> > Peter
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> > attachments/20170301/66d2828a/attachment-0001.html>
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Wed, 1 Mar 2017 23:43:30 +0100
> > From: Pálos Gustáv <gustav.palos at evolveum.com>
> > To: midPoint General Discussion <midpoint at lists.evolveum.com>
> > Subject: Re: [midPoint] Push out existing password to newly added
> > resource
> > Message-ID:
> > <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.
> > gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi Peter,
> >
> > you can do this over bulk task, next sample send password for all users
> who
> > has an account in resource with mentioned resourceOid
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/
> common/common-3
> > "
> > xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> > xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
> > http://prism.evolveum.com/xml/ns/public/types-3"
> > xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> "
> > xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
> > connector/icf-1/resource-schema-3"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
> >
> >
> > <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
> > <name>Replace passwords on Resource - all users</name>
> > <extension>
> > <scext:executeScript xmlns:scext="http://midpoint.
> > evolveum.com/xml/ns/public/model/scripting/extension-3">
> > <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
> > model/scripting-3">
> > <s:type>c:UserType</s:type>
> > <s:action>
> > <s:type>execute-script</s:type>
> > <s:parameter>
> > <s:name>script</s:name>
> > <c:value xsi:type="c:ScriptExpressionEvaluatorType"
> xmlns:c="
> > http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> > <c:code>
> > import com.evolveum.midpoint.prism.delta.builder.*
> > import com.evolveum.midpoint.xml.ns._
> > public.common.common_3.*
> > import com.evolveum.prism.xml.ns._public.types_3.*
> >
> > def resourceOid = '3d566aa3-e9f2-4e8d-8218-
> 72c0aad5273b'
> > // resource OID where you need to send pwd
> > def prismContext = midpoint.getPrismContext()
> >
> > log.info('Processing user: {}', input)
> > input.linkRef
> > .findAll { midpoint.resolveReference(it)?
> > .resourceRef.oid
> > == resourceOid }
> > .each {
> > log.info(' - Processing shadow: {}', it)
> > def delta = DeltaBuilder.deltaFor(ShadowType.class, prismContext)
> > .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
> > PasswordType.F_VALUE)
> > .replace(input.credentials.password.value)
> > .asObjectDelta(it.oid)
> > log.info(' - delta: {}', delta.debugDump())
> > midpoint.modifyObject(delta, null)
> > }
> > </c:code>
> > </c:value>
> > </s:parameter>
> > </s:action>
> > </s:search>
> > </scext:executeScript>
> > </extension>
> > <ownerRef oid="00000000-0000-0000-0000-000000000002" />
> > <executionStatus>suspended</executionStatus>
> >
> > <category>BulkActions</category>
> > <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> > model/scripting/handler-3</handlerUri>
> > <recurrence>single</recurrence>
> > </task>
> >
> > </objects>
> >
> > Gustav
> >
> >
> >
> > > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> > >
> > >> Hi All,
> > >> I currently have midpoint set up to manage one resource with the
> > resource
> > >> shadows linked to a midpoint account for a number of users.
> > >>
> > >> I am wondering how I can trigger an outbound password sync down to a
> > >> second resource I just added.
> > >> The new resource accounts have been linking automatically to the
> > midpoint
> > >> accounts.
> > >>
> > >> I am pretty sure that if I set a new password or re-set the same
> > password
> > >> it will get pushed down into the linked accounts in the new resource
> > but, I
> > >> need to do this for ~50 accounts and would like a better way to do
> this
> > in
> > >> bulk and without having to do a lot of custom scripting.
> > >>
> > >> What is the best mechanism to force a user's current password down
> to a
> > >> new resource?
> > >>
> > >> Thanks,
> > >> Peter
> > >>
> > >> _______________________________________________
> > >> midPoint mailing list
> > >> midPoint at lists.evolveum.com
> > >> http://lists.evolveum.com/mailman/listinfo/midpoint
> > >>
> > >>
> > >
> > >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> > attachments/20170301/2ac87926/attachment-0001.html>
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
> > ------------------------------
> >
> > End of midPoint Digest, Vol 59, Issue 10
> > ****************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170302/de826b0b/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 2 Mar 2017 16:38:01 +0100
> From: Pálos Gustáv <gustav.palos at evolveum.com>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Push out existing password to newly added
> resource
> Message-ID:
> <CAPXQVkfTLUX9bmAv0xHzVWtyzSkDdNfwxc_1QEHA=udhem+=bQ at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Peter,
>
> what is your's MP version where you try to import?
> I tried it in 3.5 and it is working for me as I sent to you.
> execute-script feature is supported from MP v. 3.4.1:
> https://wiki.evolveum.com/display/midPoint/Bulk+actions
>
> Do you try also over MP GUI Configuration-->Import objects?
>
> Best regards,
>
> Gustav
>
>
> 2017-03-02 16:12 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>
> > Hi Gustav,
> > Thanks so much for your reply!
> > I have another question though, I am very new to midpoint and am having
> > trouble running your example. When I paste it into bulk actions I get:
> > Provided text is not a bulk action object. An instance of {scripting-3}
> ScriptingExpressionType
> > is expected; you have provided class com.evolveum.prism.xml.ns._
> public.types_3.RawType
> > instead.
> >
> > It then occurred to me that since you've given me a whole xml object this
> > is probably intended me to use an API call, so I tried this after
> changing
> > to OID to my resource:
> >
> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> > -X POST http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
> > @example.xml
> >
> > But I get:
> > * Server auth using Basic with user 'administrator'
> > > POST /midpoint/model/rest/tasks HTTP/1.1
> > > User-Agent: curl/7.47.0
> > > Accept: */*
> > > Content-Type: application/xml
> > > Content-Length: 2494
> > > Expect: 100-continue
> > >
> > < HTTP/1.1 100 Continue
> > * We are completely uploaded and fine
> > < HTTP/1.1 500
> > < Date: Thu, 02 Mar 2017 14:32:43 GMT
> > < Server: Apache/2.4.25 (Debian)
> > [..omitted..]
> >
> > <div>Unexpected error occurred, if necessary please contact system
> > administrator.</div>
> > </p>
> >
> > [..omitted..]
> >
> > Based on https://wiki.evolveum.com/display/midPoint/REST+API I also
> tried
> > /ws/as the path instead
> >
> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> > -X POST http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d
> @example.xml
> >
> > But got the same 500 error
> >
> > How should I use this, "tasks" is the correct endpoint for this type of
> > object correct?
> >
> >
> >
> > On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
> > wrote:
> >
> >> Send midPoint mailing list submissions to
> >> midpoint at lists.evolveum.com
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> or, via email, send a message with subject or body 'help' to
> >> midpoint-request at lists.evolveum.com
> >>
> >> You can reach the person managing the list at
> >> midpoint-owner at lists.evolveum.com
> >>
> >> When replying, please edit your Subject line so it is more specific
> >> than "Re: Contents of midPoint digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >> 1. Push out existing password to newly added resource (Peter Healy)
> >> 2. Re: Push out existing password to newly added resource
> >> (Pálos Gustáv)
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Wed, 1 Mar 2017 16:43:27 -0500
> >> From: Peter Healy <phealy3330 at gmail.com>
> >> To: midpoint at lists.evolveum.com
> >> Subject: [midPoint] Push out existing password to newly added
> >> resource
> >> Message-ID:
> >> <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.gm
> >> ail.com>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> Hi All,
> >> I currently have midpoint set up to manage one resource with the
> resource
> >> shadows linked to a midpoint account for a number of users.
> >>
> >> I am wondering how I can trigger an outbound password sync down to a
> >> second
> >> resource I just added.
> >> The new resource accounts have been linking automatically to the
> midpoint
> >> accounts.
> >>
> >> I am pretty sure that if I set a new password or re-set the same
> password
> >> it will get pushed down into the linked accounts in the new resource
> but,
> >> I
> >> need to do this for ~50 accounts and would like a better way to do this
> in
> >> bulk and without having to do a lot of custom scripting.
> >>
> >> What is the best mechanism to force a user's current password down to a
> >> new resource?
> >>
> >> Thanks,
> >> Peter
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
> >> 20170301/66d2828a/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> Message: 2
> >> Date: Wed, 1 Mar 2017 23:43:30 +0100
> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> >> Subject: Re: [midPoint] Push out existing password to newly added
> >> resource
> >> Message-ID:
> >> <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.gm
> >> ail.com>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >>
> >> Hi Peter,
> >>
> >> you can do this over bulk task, next sample send password for all users
> >> who
> >> has an account in resource with mentioned resourceOid
> >>
> >> <?xml version="1.0" encoding="UTF-8"?>
> >>
> >> <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/
> >> common-3"
> >> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> >> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
> >> http://prism.evolveum.com/xml/ns/public/types-3"
> >> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/
> resource/instance-3"
> >> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
> >> connector/icf-1/resource-schema-3"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
> >>
> >>
> >> <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
> >> <name>Replace passwords on Resource - all users</name>
> >> <extension>
> >> <scext:executeScript xmlns:scext="http://midpoint.
> >> evolveum.com/xml/ns/public/model/scripting/extension-3">
> >> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
> >> model/scripting-3">
> >> <s:type>c:UserType</s:type>
> >> <s:action>
> >> <s:type>execute-script</s:type>
> >> <s:parameter>
> >> <s:name>script</s:name>
> >> <c:value xsi:type="c:ScriptExpressionEvaluatorType"
> xmlns:c="
> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> >> <c:code>
> >> import com.evolveum.midpoint.prism.delta.builder.*
> >> import com.evolveum.midpoint.xml.ns._
> >> public.common.common_3.*
> >> import com.evolveum.prism.xml.ns._public.types_3.*
> >>
> >> def resourceOid = '3d566aa3-e9f2-4e8d-8218-
> 72c0aad5273b'
> >> // resource OID where you need to send pwd
> >> def prismContext = midpoint.getPrismContext()
> >>
> >> log.info('Processing user: {}', input)
> >> input.linkRef
> >> .findAll { midpoint.resolveReference(it)?
> >> .resourceRef.oid
> >> == resourceOid }
> >> .each {
> >> log.info(' - Processing shadow: {}', it)
> >> def delta = DeltaBuilder.deltaFor(ShadowType.class,
> prismContext)
> >> .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
> >> PasswordType.F_VALUE)
> >> .replace(input.credentials.password.value)
> >> .asObjectDelta(it.oid)
> >> log.info(' - delta: {}', delta.debugDump())
> >> midpoint.modifyObject(delta, null)
> >> }
> >> </c:code>
> >> </c:value>
> >> </s:parameter>
> >> </s:action>
> >> </s:search>
> >> </scext:executeScript>
> >> </extension>
> >> <ownerRef oid="00000000-0000-0000-0000-000000000002" />
> >> <executionStatus>suspended</executionStatus>
> >>
> >> <category>BulkActions</category>
> >> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> >> model/scripting/handler-3</handlerUri>
> >> <recurrence>single</recurrence>
> >> </task>
> >>
> >> </objects>
> >>
> >> Gustav
> >>
> >>
> >>
> >> > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> >> >
> >> >> Hi All,
> >> >> I currently have midpoint set up to manage one resource with the
> >> resource
> >> >> shadows linked to a midpoint account for a number of users.
> >> >>
> >> >> I am wondering how I can trigger an outbound password sync down to a
> >> >> second resource I just added.
> >> >> The new resource accounts have been linking automatically to the
> >> midpoint
> >> >> accounts.
> >> >>
> >> >> I am pretty sure that if I set a new password or re-set the same
> >> password
> >> >> it will get pushed down into the linked accounts in the new resource
> >> but, I
> >> >> need to do this for ~50 accounts and would like a better way to do
> >> this in
> >> >> bulk and without having to do a lot of custom scripting.
> >> >>
> >> >> What is the best mechanism to force a user's current password down
> to
> >> a
> >> >> new resource?
> >> >>
> >> >> Thanks,
> >> >> Peter
> >> >>
> >> >> _______________________________________________
> >> >> midPoint mailing list
> >> >> midPoint at lists.evolveum.com
> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >>
> >> >>
> >> >
> >> >
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
> >> 20170301/2ac87926/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> Subject: Digest Footer
> >>
> >> _______________________________________________
> >> midPoint mailing list
> >> midPoint at lists.evolveum.com
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
> >>
> >> ------------------------------
> >>
> >> End of midPoint Digest, Vol 59, Issue 10
> >> ****************************************
> >>
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170302/e42d7d52/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 59, Issue 12
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170302/b7958f36/attachment.htm>
More information about the midPoint
mailing list