[midPoint] Push out existing password to newly added resource

Peter Healy phealy3330 at gmail.com
Thu Mar 2 20:04:37 CET 2017


I think it was failing because of the linebreaks that got inserted when I
copied and pasted, I look through and cleaned it up a bit and I can now
successfully import the object and run the task.

I'm getting a permission error from the Active Directory backend now so I
have to investigate that but your bulk action import worked.

I have a couple of extra questions about the task that I ran:
1 is that I think there are a handful of users that haven't been driven
though the Midpoint password portal yet, so they have NULL passwords. One
of these users stopped the task from completing. What additional code can I
insert into the bulk action script so that I can skip users that don't have
a password?

2 is that I have specified
def resourceOid = 'edeb52fb-99a0-485f-bce4-7e61827945e2'
replacing your example OID with the OID for my "AWS Enterprise Active
Directory (LDAP)" that I wanted to push passwords to.

But, in the Task run summary under the "Environmental Performance" tab and
the "Provisioning operations information" heading
I see both of my resources listed:
"AWS Simple Active Directory (LDAP)" - this was my first resource that is
setup and working, has oid=746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2
and
"AWS Enterprise Active Directory (LDAP)" (has
oid=edeb52fb-99a0-485f-bce4-7e61827945e2),
this is the new one I was pushing passwords to.

AWS Simple Active Directory (LDAP) shows 18 in the "Get OK" and "All
operations" columns, 0 in all other columns including the "Update OK"

Is this normal? Does it mean that it performed operations on that resource
as well? I spot checked a few users and the password last set timestamp
does not say today, so I don't think it did anything on that resource which
is expected.

The new one AWS Enterprise Active Directory (LDAP) has 18 in "Get OK" and
17 in "Fail", which is something I have to troubleshoot with the actual AD
backend.

Thanks again for all of your time and help!
-Peter


On Thu, Mar 2, 2017 at 12:40 PM, <midpoint-request at lists.evolveum.com>
wrote:

> Send midPoint mailing list submissions to
>         midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
>         midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
>         midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1. Fwd: Push out existing password to newly added resource
>       (Pálos Gustáv)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 Mar 2017 18:38:37 +0100
> From: Pálos Gustáv <gustav.palos at evolveum.com>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Subject: [midPoint] Fwd: Push out existing password to newly added
>         resource
> Message-ID:
>         <CAPXQVkdEYuJ_dE25mjQV5Wh2o97mj3GM2cdHJuTTu0
> _JQu6CLA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> hmm, can you please send me the file what you try to upload?
> If I copy my sample, I can upload to same MP version without any error.
>
> Best regards.
>
> Gustav
>
> 2017-03-02 18:32 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>
> > Hi Gustav,
> > I have MP v 3.5
> > From About:
> > Version 3.5
> > Git describe git-v3.5
> > Build at Wed, 21 Dec 2016 14:01:34 +0000
> >
> > When I use the import objects GUI I get:
> > Operation Import objects (Model)
> > Message XML parsing error: Illegal processing instruction target ("xml");
> > xml (case insensitive) is reserved by the specs. at [row,col
> > {unknown-source}]: [2,5]
> > Parameters
> > options com.evolveum.midpoint.xml.ns._public.common.api_type
> > s_3.ImportOptionsType at 1f57ce1a[overwrite=false,keepOid=
> > false,stopAfterErrors=<null>,summarizeSucceses=true,summari
> > zeErrors=true,referentialIntegrity=false,validateStaticSchem
> > a=false,validateDynamicSchema=false,encryptProtectedValues=
> > true,fetchResourceSchema=false,keepMetadata=<null>]
> > Error Illegal processing instruction target ("xml"); xml (case
> > insensitive) is reserved by the specs. at [row,col {unknown-source}]:
> [2,5]
> >
> > I took out the first line <?xml...> and got this error instead:
> >
> > Schema violation: Item '{http://midpoint. evolveum.com/xml/ns/public/mod
> > el/scripting/extension-3}executeScript
> > <http://evolveum.com/xml/ns/public/model/scripting/
> extension-3%7DexecuteScript>'
> > without definition can't be saved.
> >
> > -Peter
> >
> > On Thu, Mar 2, 2017 at 10:38 AM, <midpoint-request at lists.evolveum.com>
> > wrote:
> >
> >> Send midPoint mailing list submissions to
> >>         midpoint at lists.evolveum.com
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
> >> or, via email, send a message with subject or body 'help' to
> >>         midpoint-request at lists.evolveum.com
> >>
> >> You can reach the person managing the list at
> >>         midpoint-owner at lists.evolveum.com
> >>
> >> When replying, please edit your Subject line so it is more specific
> >> than "Re: Contents of midPoint digest..."
> >>
> >>
> >> Today's Topics:
> >>
> >>    1. Re: Push out existing password to newly added resource
> >>       (Peter Healy)
> >>    2. Re: Push out existing password to newly added resource
> >>       (Pálos Gustáv)
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Thu, 2 Mar 2017 10:12:23 -0500
> >> From: Peter Healy <phealy3330 at gmail.com>
> >> To: midpoint at lists.evolveum.com
> >> Subject: Re: [midPoint] Push out existing password to newly added
> >>         resource
> >> Message-ID:
> >>         <CADnbc=xxsVkzp4aeEn=EQTUjFFtUzsnmOHC6-zzthdJPoYTTGg at mail.gm
> >> ail.com>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> Hi Gustav,
> >> Thanks so much for your reply!
> >> I have another question though, I am very new to midpoint and am having
> >> trouble running your example. When I paste it into bulk actions I get:
> >> Provided text is not a bulk action object. An instance of
> >> {scripting-3}ScriptingExpressionType is expected; you have provided
> class
> >> com.evolveum.prism.xml.ns._public.types_3.RawType instead.
> >>
> >> It then occurred to me that since you've given me a whole xml object
> this
> >> is probably intended me to use an API call, so I tried this after
> changing
> >> to OID to my resource:
> >>
> >> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> >> -X
> >> POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
> @example.xml
> >>
> >> But I get:
> >> * Server auth using Basic with user 'administrator'
> >> > POST /midpoint/model/rest/tasks HTTP/1.1
> >> > User-Agent: curl/7.47.0
> >> > Accept: */*
> >> > Content-Type: application/xml
> >> > Content-Length: 2494
> >> > Expect: 100-continue
> >> >
> >> < HTTP/1.1 100 Continue
> >> * We are completely uploaded and fine
> >> < HTTP/1.1 500
> >> < Date: Thu, 02 Mar 2017 14:32:43 GMT
> >> < Server: Apache/2.4.25 (Debian)
> >> [..omitted..]
> >>
> >> <div>Unexpected error occurred, if necessary please contact system
> >> administrator.</div>
> >> </p>
> >>
> >> [..omitted..]
> >>
> >> Based on https://wiki.evolveum.com/display/midPoint/REST+API I also
> tried
> >> /ws/as the path instead
> >>
> >> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type: application/xml"
> >> -X
> >> POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d @example.xml
> >>
> >> But got the same 500 error
> >>
> >> How should I use this, "tasks" is the correct endpoint for this type of
> >> object correct?
> >>
> >>
> >>
> >> On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
> >> wrote:
> >>
> >> > Send midPoint mailing list submissions to
> >> >         midpoint at lists.evolveum.com
> >> >
> >> > To subscribe or unsubscribe via the World Wide Web, visit
> >> >         http://lists.evolveum.com/mailman/listinfo/midpoint
> >> > or, via email, send a message with subject or body 'help' to
> >> >         midpoint-request at lists.evolveum.com
> >> >
> >> > You can reach the person managing the list at
> >> >         midpoint-owner at lists.evolveum.com
> >> >
> >> > When replying, please edit your Subject line so it is more specific
> >> > than "Re: Contents of midPoint digest..."
> >> >
> >> >
> >> > Today's Topics:
> >> >
> >> >    1.  Push out existing password to newly added resource (Peter
> Healy)
> >> >    2. Re: Push out existing password to newly added resource
> >> >       (Pálos Gustáv)
> >> >
> >> >
> >> > ------------------------------------------------------------
> ----------
> >> >
> >> > Message: 1
> >> > Date: Wed, 1 Mar 2017 16:43:27 -0500
> >> > From: Peter Healy <phealy3330 at gmail.com>
> >> > To: midpoint at lists.evolveum.com
> >> > Subject: [midPoint]  Push out existing password to newly added
> >> >         resource
> >> > Message-ID:
> >> >         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.
> >> > gmail.com>
> >> > Content-Type: text/plain; charset="utf-8"
> >> >
> >> > Hi All,
> >> > I currently have midpoint set up to manage one resource with the
> >> resource
> >> > shadows linked to a midpoint account for a number of users.
> >> >
> >> > I am wondering how I can trigger an outbound password sync down to a
> >> second
> >> > resource I just added.
> >> > The new resource accounts have been linking automatically to the
> >> midpoint
> >> > accounts.
> >> >
> >> > I am pretty sure that if I set a new password or re-set the same
> >> password
> >> > it will get pushed down into the linked accounts in the new resource
> >> but, I
> >> > need to do this for ~50 accounts and would like a better way to do
> this
> >> in
> >> > bulk and without having to do a lot of custom scripting.
> >> >
> >> > What is the best mechanism to force a user's current  password down
> to a
> >> > new resource?
> >> >
> >> > Thanks,
> >> > Peter
> >> > -------------- next part --------------
> >> > An HTML attachment was scrubbed...
> >> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> >> > attachments/20170301/66d2828a/attachment-0001.html>
> >> >
> >> > ------------------------------
> >> >
> >> > Message: 2
> >> > Date: Wed, 1 Mar 2017 23:43:30 +0100
> >> > From: Pálos Gustáv <gustav.palos at evolveum.com>
> >> > To: midPoint General Discussion <midpoint at lists.evolveum.com>
> >> > Subject: Re: [midPoint] Push out existing password to newly added
> >> >         resource
> >> > Message-ID:
> >> >         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.
> >> > gmail.com>
> >> > Content-Type: text/plain; charset="utf-8"
> >> >
> >> > Hi Peter,
> >> >
> >> > you can do this over bulk task, next sample send password for all
> users
> >> who
> >> > has an account in resource with mentioned resourceOid
> >> >
> >> > <?xml version="1.0" encoding="UTF-8"?>
> >> >
> >> > <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/com
> >> mon-3
> >> > "
> >> > xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> >> > xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
> >> > http://prism.evolveum.com/xml/ns/public/types-3"
> >> > xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resourc
> >> e/instance-3"
> >> > xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
> >> > connector/icf-1/resource-schema-3"
> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
> >> >
> >> >
> >> > <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
> >> > <name>Replace passwords on Resource - all users</name>
> >> > <extension>
> >> > <scext:executeScript xmlns:scext="http://midpoint.
> >> > evolveum.com/xml/ns/public/model/scripting/extension-3">
> >> > <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
> >> > model/scripting-3">
> >> > <s:type>c:UserType</s:type>
> >> > <s:action>
> >> > <s:type>execute-script</s:type>
> >> >  <s:parameter>
> >> >             <s:name>script</s:name>
> >> >             <c:value xsi:type="c:ScriptExpressionEvaluatorType"
> >> xmlns:c="
> >> > http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> >> >                 <c:code>
> >> >                  import com.evolveum.midpoint.prism.delta.builder.*
> >> >                  import com.evolveum.midpoint.xml.ns._
> >> > public.common.common_3.*
> >> >                  import com.evolveum.prism.xml.ns._public.types_3.*
> >> >
> >> >                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0a
> >> ad5273b'
> >> > // resource OID where you need to send pwd
> >> >                  def prismContext = midpoint.getPrismContext()
> >> >
> >> >                  log.info('Processing user: {}', input)
> >> >                  input.linkRef
> >> >                      .findAll { midpoint.resolveReference(it)?
> >> > .resourceRef.oid
> >> > == resourceOid }
> >> >                      .each {
> >> >        log.info(' - Processing shadow: {}', it)
> >> >        def delta = DeltaBuilder.deltaFor(ShadowType.class,
> >> prismContext)
> >> >         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
> >> > PasswordType.F_VALUE)
> >> >         .replace(input.credentials.password.value)
> >> >         .asObjectDelta(it.oid)
> >> >        log.info(' - delta: {}', delta.debugDump())
> >> >        midpoint.modifyObject(delta, null)
> >> >                      }
> >> >                 </c:code>
> >> >             </c:value>
> >> >         </s:parameter>
> >> > </s:action>
> >> > </s:search>
> >> > </scext:executeScript>
> >> > </extension>
> >> > <ownerRef oid="00000000-0000-0000-0000-000000000002" />
> >> > <executionStatus>suspended</executionStatus>
> >> >
> >> > <category>BulkActions</category>
> >> > <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> >> > model/scripting/handler-3</handlerUri>
> >> > <recurrence>single</recurrence>
> >> > </task>
> >> >
> >> > </objects>
> >> >
> >> > Gustav
> >> >
> >> >
> >> >
> >> > > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> >> > >
> >> > >> Hi All,
> >> > >> I currently have midpoint set up to manage one resource with the
> >> > resource
> >> > >> shadows linked to a midpoint account for a number of users.
> >> > >>
> >> > >> I am wondering how I can trigger an outbound password sync down to
> a
> >> > >> second resource I just added.
> >> > >> The new resource accounts have been linking automatically to the
> >> > midpoint
> >> > >> accounts.
> >> > >>
> >> > >> I am pretty sure that if I set a new password or re-set the same
> >> > password
> >> > >> it will get pushed down into the linked accounts in the new
> resource
> >> > but, I
> >> > >> need to do this for ~50 accounts and would like a better way to do
> >> this
> >> > in
> >> > >> bulk and without having to do a lot of custom scripting.
> >> > >>
> >> > >> What is the best mechanism to force a user's current  password down
> >> to a
> >> > >> new resource?
> >> > >>
> >> > >> Thanks,
> >> > >> Peter
> >> > >>
> >> > >> _______________________________________________
> >> > >> midPoint mailing list
> >> > >> midPoint at lists.evolveum.com
> >> > >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> > >>
> >> > >>
> >> > >
> >> > >
> >> > -------------- next part --------------
> >> > An HTML attachment was scrubbed...
> >> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> >> > attachments/20170301/2ac87926/attachment-0001.html>
> >> >
> >> > ------------------------------
> >> >
> >> > Subject: Digest Footer
> >> >
> >> > _______________________________________________
> >> > midPoint mailing list
> >> > midPoint at lists.evolveum.com
> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >
> >> >
> >> > ------------------------------
> >> >
> >> > End of midPoint Digest, Vol 59, Issue 10
> >> > ****************************************
> >> >
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20
> >> 170302/de826b0b/attachment-0001.html>
> >>
> >> ------------------------------
> >>
> >> Message: 2
> >> Date: Thu, 2 Mar 2017 16:38:01 +0100
> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> >> Subject: Re: [midPoint] Push out existing password to newly added
> >>         resource
> >> Message-ID:
> >>         <CAPXQVkfTLUX9bmAv0xHzVWtyzSkDdNfwxc_1QEHA=udhem+=bQ at mail.gm
> >> ail.com>
> >> Content-Type: text/plain; charset="utf-8"
> >>
> >> Hi Peter,
> >>
> >> what is your's MP version where you try to import?
> >> I tried it in 3.5 and it is working for me as I sent to you.
> >> execute-script feature is supported from MP v. 3.4.1:
> >> https://wiki.evolveum.com/display/midPoint/Bulk+actions
> >>
> >> Do you try also over MP GUI Configuration-->Import objects?
> >>
> >> Best regards,
> >>
> >> Gustav
> >>
> >>
> >> 2017-03-02 16:12 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> >>
> >> > Hi Gustav,
> >> > Thanks so much for your reply!
> >> > I have another question though, I am very new to midpoint and am
> having
> >> > trouble running your example. When I paste it into bulk actions I get:
> >> > Provided text is not a bulk action object. An instance of
> >> {scripting-3}ScriptingExpressionType
> >> > is expected; you have provided class com.evolveum.prism.xml.ns._pub
> >> lic.types_3.RawType
> >> > instead.
> >> >
> >> > It then occurred to me that since you've given me a whole xml object
> >> this
> >> > is probably intended me to use an API call, so I tried this after
> >> changing
> >> > to OID to my resource:
> >> >
> >> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
> application/xml"
> >> > -X POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
> >> > @example.xml
> >> >
> >> > But I get:
> >> > * Server auth using Basic with user 'administrator'
> >> > > POST /midpoint/model/rest/tasks HTTP/1.1
> >> > > User-Agent: curl/7.47.0
> >> > > Accept: */*
> >> > > Content-Type: application/xml
> >> > > Content-Length: 2494
> >> > > Expect: 100-continue
> >> > >
> >> > < HTTP/1.1 100 Continue
> >> > * We are completely uploaded and fine
> >> > < HTTP/1.1 500
> >> > < Date: Thu, 02 Mar 2017 14:32:43 GMT
> >> > < Server: Apache/2.4.25 (Debian)
> >> > [..omitted..]
> >> >
> >> > <div>Unexpected error occurred, if necessary please contact system
> >> > administrator.</div>
> >> > </p>
> >> >
> >> > [..omitted..]
> >> >
> >> > Based on https://wiki.evolveum.com/display/midPoint/REST+API I also
> >> tried
> >> > /ws/as the path instead
> >> >
> >> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
> application/xml"
> >> > -X POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d
> >> @example.xml
> >> >
> >> > But got the same 500 error
> >> >
> >> > How should I use this, "tasks" is the correct endpoint for this type
> of
> >> > object correct?
> >> >
> >> >
> >> >
> >> > On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
> >> > wrote:
> >> >
> >> >> Send midPoint mailing list submissions to
> >> >>         midpoint at lists.evolveum.com
> >> >>
> >> >> To subscribe or unsubscribe via the World Wide Web, visit
> >> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >> or, via email, send a message with subject or body 'help' to
> >> >>         midpoint-request at lists.evolveum.com
> >> >>
> >> >> You can reach the person managing the list at
> >> >>         midpoint-owner at lists.evolveum.com
> >> >>
> >> >> When replying, please edit your Subject line so it is more specific
> >> >> than "Re: Contents of midPoint digest..."
> >> >>
> >> >>
> >> >> Today's Topics:
> >> >>
> >> >>    1.  Push out existing password to newly added resource (Peter
> Healy)
> >> >>    2. Re: Push out existing password to newly added resource
> >> >>       (Pálos Gustáv)
> >> >>
> >> >>
> >> >> ------------------------------------------------------------
> ----------
> >> >>
> >> >> Message: 1
> >> >> Date: Wed, 1 Mar 2017 16:43:27 -0500
> >> >> From: Peter Healy <phealy3330 at gmail.com>
> >> >> To: midpoint at lists.evolveum.com
> >> >> Subject: [midPoint]  Push out existing password to newly added
> >> >>         resource
> >> >> Message-ID:
> >> >>         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.gm
> >> >> ail.com>
> >> >> Content-Type: text/plain; charset="utf-8"
> >> >>
> >> >> Hi All,
> >> >> I currently have midpoint set up to manage one resource with the
> >> resource
> >> >> shadows linked to a midpoint account for a number of users.
> >> >>
> >> >> I am wondering how I can trigger an outbound password sync down to a
> >> >> second
> >> >> resource I just added.
> >> >> The new resource accounts have been linking automatically to the
> >> midpoint
> >> >> accounts.
> >> >>
> >> >> I am pretty sure that if I set a new password or re-set the same
> >> password
> >> >> it will get pushed down into the linked accounts in the new resource
> >> but,
> >> >> I
> >> >> need to do this for ~50 accounts and would like a better way to do
> >> this in
> >> >> bulk and without having to do a lot of custom scripting.
> >> >>
> >> >> What is the best mechanism to force a user's current  password down
> to
> >> a
> >> >> new resource?
> >> >>
> >> >> Thanks,
> >> >> Peter
> >> >> -------------- next part --------------
> >> >> An HTML attachment was scrubbed...
> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
> >> >> 20170301/66d2828a/attachment-0001.html>
> >> >>
> >> >> ------------------------------
> >> >>
> >> >> Message: 2
> >> >> Date: Wed, 1 Mar 2017 23:43:30 +0100
> >> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
> >> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> >> >> Subject: Re: [midPoint] Push out existing password to newly added
> >> >>         resource
> >> >> Message-ID:
> >> >>         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.gm
> >> >> ail.com>
> >> >> Content-Type: text/plain; charset="utf-8"
> >> >>
> >> >>
> >> >> Hi Peter,
> >> >>
> >> >> you can do this over bulk task, next sample send password for all
> users
> >> >> who
> >> >> has an account in resource with mentioned resourceOid
> >> >>
> >> >> <?xml version="1.0" encoding="UTF-8"?>
> >> >>
> >> >> <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/
> >> >> common-3"
> >> >> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> >> >> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
> >> >> http://prism.evolveum.com/xml/ns/public/types-3"
> >> >> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resourc
> >> e/instance-3"
> >> >> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
> >> >> connector/icf-1/resource-schema-3"
> >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
> >> >>
> >> >>
> >> >> <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
> >> >> <name>Replace passwords on Resource - all users</name>
> >> >> <extension>
> >> >> <scext:executeScript xmlns:scext="http://midpoint.
> >> >> evolveum.com/xml/ns/public/model/scripting/extension-3">
> >> >> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
> >> >> model/scripting-3">
> >> >> <s:type>c:UserType</s:type>
> >> >> <s:action>
> >> >> <s:type>execute-script</s:type>
> >> >>  <s:parameter>
> >> >>             <s:name>script</s:name>
> >> >>             <c:value xsi:type="c:ScriptExpressionEvaluatorType"
> >> xmlns:c="
> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> >> >>                 <c:code>
> >> >>                  import com.evolveum.midpoint.prism.delta.builder.*
> >> >>                  import com.evolveum.midpoint.xml.ns._
> >> >> public.common.common_3.*
> >> >>                  import com.evolveum.prism.xml.ns._public.types_3.*
> >> >>
> >> >>                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0a
> >> ad5273b'
> >> >> // resource OID where you need to send pwd
> >> >>                  def prismContext = midpoint.getPrismContext()
> >> >>
> >> >>                  log.info('Processing user: {}', input)
> >> >>                  input.linkRef
> >> >>                      .findAll { midpoint.resolveReference(it)?
> >> >> .resourceRef.oid
> >> >> == resourceOid }
> >> >>                      .each {
> >> >>        log.info(' - Processing shadow: {}', it)
> >> >>        def delta = DeltaBuilder.deltaFor(ShadowType.class,
> >> prismContext)
> >> >>         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
> >> >> PasswordType.F_VALUE)
> >> >>         .replace(input.credentials.password.value)
> >> >>         .asObjectDelta(it.oid)
> >> >>        log.info(' - delta: {}', delta.debugDump())
> >> >>        midpoint.modifyObject(delta, null)
> >> >>                      }
> >> >>                 </c:code>
> >> >>             </c:value>
> >> >>         </s:parameter>
> >> >> </s:action>
> >> >> </s:search>
> >> >> </scext:executeScript>
> >> >> </extension>
> >> >> <ownerRef oid="00000000-0000-0000-0000-000000000002" />
> >> >> <executionStatus>suspended</executionStatus>
> >> >>
> >> >> <category>BulkActions</category>
> >> >> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
> >> >> model/scripting/handler-3</handlerUri>
> >> >> <recurrence>single</recurrence>
> >> >> </task>
> >> >>
> >> >> </objects>
> >> >>
> >> >> Gustav
> >> >>
> >> >>
> >> >>
> >> >> > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
> >> >> >
> >> >> >> Hi All,
> >> >> >> I currently have midpoint set up to manage one resource with the
> >> >> resource
> >> >> >> shadows linked to a midpoint account for a number of users.
> >> >> >>
> >> >> >> I am wondering how I can trigger an outbound password sync down
> to a
> >> >> >> second resource I just added.
> >> >> >> The new resource accounts have been linking automatically to the
> >> >> midpoint
> >> >> >> accounts.
> >> >> >>
> >> >> >> I am pretty sure that if I set a new password or re-set the same
> >> >> password
> >> >> >> it will get pushed down into the linked accounts in the new
> resource
> >> >> but, I
> >> >> >> need to do this for ~50 accounts and would like a better way to do
> >> >> this in
> >> >> >> bulk and without having to do a lot of custom scripting.
> >> >> >>
> >> >> >> What is the best mechanism to force a user's current  password
> down
> >> to
> >> >> a
> >> >> >> new resource?
> >> >> >>
> >> >> >> Thanks,
> >> >> >> Peter
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> midPoint mailing list
> >> >> >> midPoint at lists.evolveum.com
> >> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >> -------------- next part --------------
> >> >> An HTML attachment was scrubbed...
> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
> >> >> 20170301/2ac87926/attachment-0001.html>
> >> >>
> >> >> ------------------------------
> >> >>
> >> >> Subject: Digest Footer
> >> >>
> >> >> _______________________________________________
> >> >> midPoint mailing list
> >> >> midPoint at lists.evolveum.com
> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >>
> >> >>
> >> >> ------------------------------
> >> >>
> >> >> End of midPoint Digest, Vol 59, Issue 10
> >> >> ****************************************
> >> >>
> >> >
> >> >
> >> > _______________________________________________
> >> > midPoint mailing list
> >> > midPoint at lists.evolveum.com
> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >> >
> >> >
> >>
> >>
> >> --
> >> Gustáv Pálos
> >> Identity Engineer
> >> evolveum.com
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20
> >> 170302/e42d7d52/attachment.html>
> >>
> >> ------------------------------
> >>
> >> Subject: Digest Footer
> >>
> >> _______________________________________________
> >> midPoint mailing list
> >> midPoint at lists.evolveum.com
> >> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>
> >>
> >> ------------------------------
> >>
> >> End of midPoint Digest, Vol 59, Issue 12
> >> ****************************************
> >>
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
>
>
> --
> s pozdravom
>
> Gustáv Pálos
>
>
>
> --
> Gustáv Pálos
> Identity Engineer
> evolveum.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170302/00bc1d84/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 59, Issue 15
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170302/37fbbbef/attachment.htm>


More information about the midPoint mailing list