[midPoint] Push out existing password to newly added resource

Pálos Gustáv gustav.palos at gmail.com
Thu Mar 2 20:43:31 CET 2017


1) I never tried, but try condition like in .each section:
if (input.credentials.password.value !=null) {
...
}

2) yes, this is by design, get all accounts to have fresh data from
resources

Gustav


2017-03-02 20:04 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:

> I think it was failing because of the linebreaks that got inserted when I
> copied and pasted, I look through and cleaned it up a bit and I can now
> successfully import the object and run the task.
>
> I'm getting a permission error from the Active Directory backend now so I
> have to investigate that but your bulk action import worked.
>
> I have a couple of extra questions about the task that I ran:
> 1 is that I think there are a handful of users that haven't been driven
> though the Midpoint password portal yet, so they have NULL passwords. One
> of these users stopped the task from completing. What additional code can I
> insert into the bulk action script so that I can skip users that don't have
> a password?
>
> 2 is that I have specified
> def resourceOid = 'edeb52fb-99a0-485f-bce4-7e61827945e2'
> replacing your example OID with the OID for my "AWS Enterprise Active
> Directory (LDAP)" that I wanted to push passwords to.
>
> But, in the Task run summary under the "Environmental Performance" tab
> and the "Provisioning operations information" heading
> I see both of my resources listed:
> "AWS Simple Active Directory (LDAP)" - this was my first resource that is
> setup and working, has oid=746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2
> and
> "AWS Enterprise Active Directory (LDAP)" (has oid=edeb52fb-99a0-485f-bce4-7e61827945e2),
> this is the new one I was pushing passwords to.
>
> AWS Simple Active Directory (LDAP) shows 18 in the "Get OK" and "All
> operations" columns, 0 in all other columns including the "Update OK"
>
> Is this normal? Does it mean that it performed operations on that resource
> as well? I spot checked a few users and the password last set timestamp
> does not say today, so I don't think it did anything on that resource which
> is expected.
>
> The new one AWS Enterprise Active Directory (LDAP) has 18 in "Get OK" and
> 17 in "Fail", which is something I have to troubleshoot with the actual AD
> backend.
>
> Thanks again for all of your time and help!
> -Peter
>
>
> On Thu, Mar 2, 2017 at 12:40 PM, <midpoint-request at lists.evolveum.com>
> wrote:
>
>> Send midPoint mailing list submissions to
>>         midpoint at lists.evolveum.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> or, via email, send a message with subject or body 'help' to
>>         midpoint-request at lists.evolveum.com
>>
>> You can reach the person managing the list at
>>         midpoint-owner at lists.evolveum.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of midPoint digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Fwd: Push out existing password to newly added resource
>>       (Pálos Gustáv)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 2 Mar 2017 18:38:37 +0100
>> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> Subject: [midPoint] Fwd: Push out existing password to newly added
>>         resource
>> Message-ID:
>>         <CAPXQVkdEYuJ_dE25mjQV5Wh2o97mj3GM2cdHJuTTu0_JQu6CLA at mail.
>> gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>>
>> hmm, can you please send me the file what you try to upload?
>> If I copy my sample, I can upload to same MP version without any error.
>>
>> Best regards.
>>
>> Gustav
>>
>> 2017-03-02 18:32 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>>
>> > Hi Gustav,
>> > I have MP v 3.5
>> > From About:
>> > Version 3.5
>> > Git describe git-v3.5
>> > Build at Wed, 21 Dec 2016 14:01:34 +0000
>> >
>> > When I use the import objects GUI I get:
>> > Operation Import objects (Model)
>> > Message XML parsing error: Illegal processing instruction target
>> ("xml");
>> > xml (case insensitive) is reserved by the specs. at [row,col
>> > {unknown-source}]: [2,5]
>> > Parameters
>> > options com.evolveum.midpoint.xml.ns._public.common.api_type
>> > s_3.ImportOptionsType at 1f57ce1a[overwrite=false,keepOid=
>> > false,stopAfterErrors=<null>,summarizeSucceses=true,summari
>> > zeErrors=true,referentialIntegrity=false,validateStaticSchem
>> > a=false,validateDynamicSchema=false,encryptProtectedValues=
>> > true,fetchResourceSchema=false,keepMetadata=<null>]
>> > Error Illegal processing instruction target ("xml"); xml (case
>> > insensitive) is reserved by the specs. at [row,col {unknown-source}]:
>> [2,5]
>> >
>> > I took out the first line <?xml...> and got this error instead:
>> >
>> > Schema violation: Item '{http://midpoint.
>> evolveum.com/xml/ns/public/mod
>> > el/scripting/extension-3}executeScript
>> > <http://evolveum.com/xml/ns/public/model/scripting/extension
>> -3%7DexecuteScript>'
>>
>> > without definition can't be saved.
>> >
>> > -Peter
>> >
>> > On Thu, Mar 2, 2017 at 10:38 AM, <midpoint-request at lists.evolveum.com>
>> > wrote:
>> >
>> >> Send midPoint mailing list submissions to
>> >>         midpoint at lists.evolveum.com
>> >>
>> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> or, via email, send a message with subject or body 'help' to
>> >>         midpoint-request at lists.evolveum.com
>> >>
>> >> You can reach the person managing the list at
>> >>         midpoint-owner at lists.evolveum.com
>> >>
>> >> When replying, please edit your Subject line so it is more specific
>> >> than "Re: Contents of midPoint digest..."
>> >>
>> >>
>> >> Today's Topics:
>> >>
>> >>    1. Re: Push out existing password to newly added resource
>> >>       (Peter Healy)
>> >>    2. Re: Push out existing password to newly added resource
>> >>       (Pálos Gustáv)
>> >>
>> >>
>> >> ----------------------------------------------------------------------
>> >>
>> >> Message: 1
>> >> Date: Thu, 2 Mar 2017 10:12:23 -0500
>> >> From: Peter Healy <phealy3330 at gmail.com>
>> >> To: midpoint at lists.evolveum.com
>> >> Subject: Re: [midPoint] Push out existing password to newly added
>> >>         resource
>> >> Message-ID:
>> >>         <CADnbc=xxsVkzp4aeEn=EQTUjFFtUzsnmOHC6-zzthdJPoYTTGg at mail.gm
>> >> ail.com>
>> >> Content-Type: text/plain; charset="utf-8"
>> >>
>> >> Hi Gustav,
>> >> Thanks so much for your reply!
>> >> I have another question though, I am very new to midpoint and am having
>> >> trouble running your example. When I paste it into bulk actions I get:
>> >> Provided text is not a bulk action object. An instance of
>> >> {scripting-3}ScriptingExpressionType is expected; you have provided
>> class
>> >> com.evolveum.prism.xml.ns._public.types_3.RawType instead.
>> >>
>> >> It then occurred to me that since you've given me a whole xml object
>> this
>> >> is probably intended me to use an API call, so I tried this after
>> changing
>> >> to OID to my resource:
>> >>
>> >> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
>> application/xml"
>> >> -X
>> >> POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
>> @example.xml
>> >>
>> >> But I get:
>> >> * Server auth using Basic with user 'administrator'
>> >> > POST /midpoint/model/rest/tasks HTTP/1.1
>> >> > User-Agent: curl/7.47.0
>> >> > Accept: */*
>> >> > Content-Type: application/xml
>> >> > Content-Length: 2494
>> >> > Expect: 100-continue
>> >> >
>> >> < HTTP/1.1 100 Continue
>> >> * We are completely uploaded and fine
>> >> < HTTP/1.1 500
>> >> < Date: Thu, 02 Mar 2017 14:32:43 GMT
>> >> < Server: Apache/2.4.25 (Debian)
>> >> [..omitted..]
>> >>
>> >> <div>Unexpected error occurred, if necessary please contact system
>> >> administrator.</div>
>> >> </p>
>> >>
>> >> [..omitted..]
>> >>
>> >> Based on https://wiki.evolveum.com/display/midPoint/REST+API I also
>> tried
>> >> /ws/as the path instead
>> >>
>> >> curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
>> application/xml"
>> >> -X
>> >> POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d @example.xml
>> >>
>> >> But got the same 500 error
>> >>
>> >> How should I use this, "tasks" is the correct endpoint for this type of
>> >> object correct?
>> >>
>> >>
>> >>
>> >> On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com>
>> >> wrote:
>> >>
>> >> > Send midPoint mailing list submissions to
>> >> >         midpoint at lists.evolveum.com
>> >> >
>> >> > To subscribe or unsubscribe via the World Wide Web, visit
>> >> >         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> > or, via email, send a message with subject or body 'help' to
>> >> >         midpoint-request at lists.evolveum.com
>> >> >
>> >> > You can reach the person managing the list at
>> >> >         midpoint-owner at lists.evolveum.com
>> >> >
>> >> > When replying, please edit your Subject line so it is more specific
>> >> > than "Re: Contents of midPoint digest..."
>> >> >
>> >> >
>> >> > Today's Topics:
>> >> >
>> >> >    1.  Push out existing password to newly added resource (Peter
>> Healy)
>> >> >    2. Re: Push out existing password to newly added resource
>> >> >       (Pálos Gustáv)
>> >> >
>> >> >
>> >> > ------------------------------------------------------------
>> ----------
>> >> >
>> >> > Message: 1
>> >> > Date: Wed, 1 Mar 2017 16:43:27 -0500
>> >> > From: Peter Healy <phealy3330 at gmail.com>
>> >> > To: midpoint at lists.evolveum.com
>> >> > Subject: [midPoint]  Push out existing password to newly added
>> >> >         resource
>> >> > Message-ID:
>> >> >         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.
>> >> > gmail.com>
>> >> > Content-Type: text/plain; charset="utf-8"
>> >> >
>> >> > Hi All,
>> >> > I currently have midpoint set up to manage one resource with the
>> >> resource
>> >> > shadows linked to a midpoint account for a number of users.
>> >> >
>> >> > I am wondering how I can trigger an outbound password sync down to a
>> >> second
>> >> > resource I just added.
>> >> > The new resource accounts have been linking automatically to the
>> >> midpoint
>> >> > accounts.
>> >> >
>> >> > I am pretty sure that if I set a new password or re-set the same
>> >> password
>> >> > it will get pushed down into the linked accounts in the new resource
>> >> but, I
>> >> > need to do this for ~50 accounts and would like a better way to do
>> this
>> >> in
>> >> > bulk and without having to do a lot of custom scripting.
>> >> >
>> >> > What is the best mechanism to force a user's current  password down
>> to a
>> >> > new resource?
>> >> >
>> >> > Thanks,
>> >> > Peter
>> >> > -------------- next part --------------
>> >> > An HTML attachment was scrubbed...
>> >> > URL: <http://lists.evolveum.com/pipermail/midpoint/
>> >> > attachments/20170301/66d2828a/attachment-0001.html>
>> >> >
>> >> > ------------------------------
>> >> >
>> >> > Message: 2
>> >> > Date: Wed, 1 Mar 2017 23:43:30 +0100
>> >> > From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> > To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> > Subject: Re: [midPoint] Push out existing password to newly added
>> >> >         resource
>> >> > Message-ID:
>> >> >         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.
>> >> > gmail.com>
>> >> > Content-Type: text/plain; charset="utf-8"
>> >> >
>> >> > Hi Peter,
>> >> >
>> >> > you can do this over bulk task, next sample send password for all
>> users
>> >> who
>> >> > has an account in resource with mentioned resourceOid
>> >> >
>> >> > <?xml version="1.0" encoding="UTF-8"?>
>> >> >
>> >> > <objects xmlns="http://midpoint.evolveu
>> m.com/xml/ns/public/common/com
>> >> mon-3
>> >> > "
>> >> > xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> >> > xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
>> >> > http://prism.evolveum.com/xml/ns/public/types-3"
>> >> > xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resourc
>> >> e/instance-3"
>> >> > xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
>> >> > connector/icf-1/resource-schema-3"
>> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
>> >> >
>> >> >
>> >> > <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
>> >> > <name>Replace passwords on Resource - all users</name>
>> >> > <extension>
>> >> > <scext:executeScript xmlns:scext="http://midpoint.
>> >> > evolveum.com/xml/ns/public/model/scripting/extension-3">
>> >> > <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
>> >> > model/scripting-3">
>> >> > <s:type>c:UserType</s:type>
>> >> > <s:action>
>> >> > <s:type>execute-script</s:type>
>> >> >  <s:parameter>
>> >> >             <s:name>script</s:name>
>> >> >             <c:value xsi:type="c:ScriptExpressionEvaluatorType"
>> >> xmlns:c="
>> >> > http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>> >> >                 <c:code>
>> >> >                  import com.evolveum.midpoint.prism.delta.builder.*
>> >> >                  import com.evolveum.midpoint.xml.ns._
>> >> > public.common.common_3.*
>> >> >                  import com.evolveum.prism.xml.ns._public.types_3.*
>> >> >
>> >> >                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0a
>> >> ad5273b'
>> >> > // resource OID where you need to send pwd
>> >> >                  def prismContext = midpoint.getPrismContext()
>> >> >
>> >> >                  log.info('Processing user: {}', input)
>> >> >                  input.linkRef
>> >> >                      .findAll { midpoint.resolveReference(it)?
>> >> > .resourceRef.oid
>> >> > == resourceOid }
>> >> >                      .each {
>> >> >        log.info(' - Processing shadow: {}', it)
>> >> >        def delta = DeltaBuilder.deltaFor(ShadowType.class,
>> >> prismContext)
>> >> >         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
>> >> > PasswordType.F_VALUE)
>> >> >         .replace(input.credentials.password.value)
>> >> >         .asObjectDelta(it.oid)
>> >> >        log.info(' - delta: {}', delta.debugDump())
>> >> >        midpoint.modifyObject(delta, null)
>> >> >                      }
>> >> >                 </c:code>
>> >> >             </c:value>
>> >> >         </s:parameter>
>> >> > </s:action>
>> >> > </s:search>
>> >> > </scext:executeScript>
>> >> > </extension>
>> >> > <ownerRef oid="00000000-0000-0000-0000-000000000002" />
>> >> > <executionStatus>suspended</executionStatus>
>> >> >
>> >> > <category>BulkActions</category>
>> >> > <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
>> >> > model/scripting/handler-3</handlerUri>
>> >> > <recurrence>single</recurrence>
>> >> > </task>
>> >> >
>> >> > </objects>
>> >> >
>> >> > Gustav
>> >> >
>> >> >
>> >> >
>> >> > > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >> > >
>> >> > >> Hi All,
>> >> > >> I currently have midpoint set up to manage one resource with the
>> >> > resource
>> >> > >> shadows linked to a midpoint account for a number of users.
>> >> > >>
>> >> > >> I am wondering how I can trigger an outbound password sync down
>> to a
>> >> > >> second resource I just added.
>> >> > >> The new resource accounts have been linking automatically to the
>> >> > midpoint
>> >> > >> accounts.
>> >> > >>
>> >> > >> I am pretty sure that if I set a new password or re-set the same
>> >> > password
>> >> > >> it will get pushed down into the linked accounts in the new
>> resource
>> >> > but, I
>> >> > >> need to do this for ~50 accounts and would like a better way to do
>> >> this
>> >> > in
>> >> > >> bulk and without having to do a lot of custom scripting.
>> >> > >>
>> >> > >> What is the best mechanism to force a user's current  password
>> down
>> >> to a
>> >> > >> new resource?
>> >> > >>
>> >> > >> Thanks,
>> >> > >> Peter
>> >> > >>
>> >> > >> _______________________________________________
>> >> > >> midPoint mailing list
>> >> > >> midPoint at lists.evolveum.com
>> >> > >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> > >>
>> >> > >>
>> >> > >
>> >> > >
>> >> > -------------- next part --------------
>> >> > An HTML attachment was scrubbed...
>> >> > URL: <http://lists.evolveum.com/pipermail/midpoint/
>> >> > attachments/20170301/2ac87926/attachment-0001.html>
>> >> >
>> >> > ------------------------------
>> >> >
>> >> > Subject: Digest Footer
>> >> >
>> >> > _______________________________________________
>> >> > midPoint mailing list
>> >> > midPoint at lists.evolveum.com
>> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >
>> >> >
>> >> > ------------------------------
>> >> >
>> >> > End of midPoint Digest, Vol 59, Issue 10
>> >> > ****************************************
>> >> >
>> >> -------------- next part --------------
>> >> An HTML attachment was scrubbed...
>> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20
>> >> 170302/de826b0b/attachment-0001.html>
>> >>
>> >> ------------------------------
>> >>
>> >> Message: 2
>> >> Date: Thu, 2 Mar 2017 16:38:01 +0100
>> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> Subject: Re: [midPoint] Push out existing password to newly added
>> >>         resource
>> >> Message-ID:
>> >>         <CAPXQVkfTLUX9bmAv0xHzVWtyzSkDdNfwxc_1QEHA=udhem+=bQ at mail.gm
>> >> ail.com>
>> >> Content-Type: text/plain; charset="utf-8"
>> >>
>> >> Hi Peter,
>> >>
>> >> what is your's MP version where you try to import?
>> >> I tried it in 3.5 and it is working for me as I sent to you.
>> >> execute-script feature is supported from MP v. 3.4.1:
>> >> https://wiki.evolveum.com/display/midPoint/Bulk+actions
>> >>
>> >> Do you try also over MP GUI Configuration-->Import objects?
>> >>
>> >> Best regards,
>> >>
>> >> Gustav
>> >>
>> >>
>> >> 2017-03-02 16:12 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >>
>> >> > Hi Gustav,
>> >> > Thanks so much for your reply!
>> >> > I have another question though, I am very new to midpoint and am
>> having
>> >> > trouble running your example. When I paste it into bulk actions I
>> get:
>> >> > Provided text is not a bulk action object. An instance of
>> >> {scripting-3}ScriptingExpressionType
>> >> > is expected; you have provided class com.evolveum.prism.xml.ns._pub
>> >> lic.types_3.RawType
>> >> > instead.
>> >> >
>> >> > It then occurred to me that since you've given me a whole xml object
>> >> this
>> >> > is probably intended me to use an API call, so I tried this after
>> >> changing
>> >> > to OID to my resource:
>> >> >
>> >> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
>> application/xml"
>> >> > -X POST  http://$MIDPOINT_URL:8080/midpoint/model/rest/tasks -d
>> >> > @example.xml
>> >> >
>> >> > But I get:
>> >> > * Server auth using Basic with user 'administrator'
>> >> > > POST /midpoint/model/rest/tasks HTTP/1.1
>> >> > > User-Agent: curl/7.47.0
>> >> > > Accept: */*
>> >> > > Content-Type: application/xml
>> >> > > Content-Length: 2494
>> >> > > Expect: 100-continue
>> >> > >
>> >> > < HTTP/1.1 100 Continue
>> >> > * We are completely uploaded and fine
>> >> > < HTTP/1.1 500
>> >> > < Date: Thu, 02 Mar 2017 14:32:43 GMT
>> >> > < Server: Apache/2.4.25 (Debian)
>> >> > [..omitted..]
>> >> >
>> >> > <div>Unexpected error occurred, if necessary please contact system
>> >> > administrator.</div>
>> >> > </p>
>> >> >
>> >> > [..omitted..]
>> >> >
>> >> > Based on https://wiki.evolveum.com/display/midPoint/REST+API I also
>> >> tried
>> >> > /ws/as the path instead
>> >> >
>> >> > curl -v administrator:$ADMIN_PASSWORD -H "Content-Type:
>> application/xml"
>> >> > -X POST  http://$MIDPOINT_URL:8080/midpoint/ws/rest/tasks -d
>> >> @example.xml
>> >> >
>> >> > But got the same 500 error
>> >> >
>> >> > How should I use this, "tasks" is the correct endpoint for this type
>> of
>> >> > object correct?
>> >> >
>> >> >
>> >> >
>> >> > On Thu, Mar 2, 2017 at 6:00 AM, <midpoint-request at lists.evolveum.com
>> >
>> >> > wrote:
>> >> >
>> >> >> Send midPoint mailing list submissions to
>> >> >>         midpoint at lists.evolveum.com
>> >> >>
>> >> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> or, via email, send a message with subject or body 'help' to
>> >> >>         midpoint-request at lists.evolveum.com
>> >> >>
>> >> >> You can reach the person managing the list at
>> >> >>         midpoint-owner at lists.evolveum.com
>> >> >>
>> >> >> When replying, please edit your Subject line so it is more specific
>> >> >> than "Re: Contents of midPoint digest..."
>> >> >>
>> >> >>
>> >> >> Today's Topics:
>> >> >>
>> >> >>    1.  Push out existing password to newly added resource (Peter
>> Healy)
>> >> >>    2. Re: Push out existing password to newly added resource
>> >> >>       (Pálos Gustáv)
>> >> >>
>> >> >>
>> >> >> ------------------------------------------------------------
>> ----------
>> >> >>
>> >> >> Message: 1
>> >> >> Date: Wed, 1 Mar 2017 16:43:27 -0500
>> >> >> From: Peter Healy <phealy3330 at gmail.com>
>> >> >> To: midpoint at lists.evolveum.com
>> >> >> Subject: [midPoint]  Push out existing password to newly added
>> >> >>         resource
>> >> >> Message-ID:
>> >> >>         <CADnbc=y3gm4Kc195s536fJ3vq4ASD7d0HPvd-KDhOC574QfG4w at mail.
>> gm
>> >> >> ail.com>
>> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >>
>> >> >> Hi All,
>> >> >> I currently have midpoint set up to manage one resource with the
>> >> resource
>> >> >> shadows linked to a midpoint account for a number of users.
>> >> >>
>> >> >> I am wondering how I can trigger an outbound password sync down to a
>> >> >> second
>> >> >> resource I just added.
>> >> >> The new resource accounts have been linking automatically to the
>> >> midpoint
>> >> >> accounts.
>> >> >>
>> >> >> I am pretty sure that if I set a new password or re-set the same
>> >> password
>> >> >> it will get pushed down into the linked accounts in the new resource
>> >> but,
>> >> >> I
>> >> >> need to do this for ~50 accounts and would like a better way to do
>> >> this in
>> >> >> bulk and without having to do a lot of custom scripting.
>> >> >>
>> >> >> What is the best mechanism to force a user's current  password down
>> to
>> >> a
>> >> >> new resource?
>> >> >>
>> >> >> Thanks,
>> >> >> Peter
>> >> >> -------------- next part --------------
>> >> >> An HTML attachment was scrubbed...
>> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> >> >> 20170301/66d2828a/attachment-0001.html>
>> >> >>
>> >> >> ------------------------------
>> >> >>
>> >> >> Message: 2
>> >> >> Date: Wed, 1 Mar 2017 23:43:30 +0100
>> >> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> >> Subject: Re: [midPoint] Push out existing password to newly added
>> >> >>         resource
>> >> >> Message-ID:
>> >> >>         <CAPXQVkf2S_eg1JKAQpAQi2QjB5DM_RxXR6q4YqdM42Ni2vk=8g at mail.
>> gm
>> >> >> ail.com>
>> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >>
>> >> >>
>> >> >> Hi Peter,
>> >> >>
>> >> >> you can do this over bulk task, next sample send password for all
>> users
>> >> >> who
>> >> >> has an account in resource with mentioned resourceOid
>> >> >>
>> >> >> <?xml version="1.0" encoding="UTF-8"?>
>> >> >>
>> >> >> <objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/
>> >> >> common-3"
>> >> >> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3
>> "
>> >> >> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:t="
>> >> >> http://prism.evolveum.com/xml/ns/public/types-3"
>> >> >> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resourc
>> >> e/instance-3"
>> >> >> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/
>> >> >> connector/icf-1/resource-schema-3"
>> >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >
>> >> >>
>> >> >>
>> >> >> <task oid="6218c55d-0fee-4767-a1eb-db7d023441b5">
>> >> >> <name>Replace passwords on Resource - all users</name>
>> >> >> <extension>
>> >> >> <scext:executeScript xmlns:scext="http://midpoint.
>> >> >> evolveum.com/xml/ns/public/model/scripting/extension-3">
>> >> >> <s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/
>> >> >> model/scripting-3">
>> >> >> <s:type>c:UserType</s:type>
>> >> >> <s:action>
>> >> >> <s:type>execute-script</s:type>
>> >> >>  <s:parameter>
>> >> >>             <s:name>script</s:name>
>> >> >>             <c:value xsi:type="c:ScriptExpressionEvaluatorType"
>> >> xmlns:c="
>> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3">
>> >> >>                 <c:code>
>> >> >>                  import com.evolveum.midpoint.prism.delta.builder.*
>> >> >>                  import com.evolveum.midpoint.xml.ns._
>> >> >> public.common.common_3.*
>> >> >>                  import com.evolveum.prism.xml.ns._public.types_3.*
>> >> >>
>> >> >>                  def resourceOid = '3d566aa3-e9f2-4e8d-8218-72c0a
>> >> ad5273b'
>> >> >> // resource OID where you need to send pwd
>> >> >>                  def prismContext = midpoint.getPrismContext()
>> >> >>
>> >> >>                  log.info('Processing user: {}', input)
>> >> >>                  input.linkRef
>> >> >>                      .findAll { midpoint.resolveReference(it)?
>> >> >> .resourceRef.oid
>> >> >> == resourceOid }
>> >> >>                      .each {
>> >> >>        log.info(' - Processing shadow: {}', it)
>> >> >>        def delta = DeltaBuilder.deltaFor(ShadowType.class,
>> >> prismContext)
>> >> >>         .item(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD,
>> >> >> PasswordType.F_VALUE)
>> >> >>         .replace(input.credentials.password.value)
>> >> >>         .asObjectDelta(it.oid)
>> >> >>        log.info(' - delta: {}', delta.debugDump())
>> >> >>        midpoint.modifyObject(delta, null)
>> >> >>                      }
>> >> >>                 </c:code>
>> >> >>             </c:value>
>> >> >>         </s:parameter>
>> >> >> </s:action>
>> >> >> </s:search>
>> >> >> </scext:executeScript>
>> >> >> </extension>
>> >> >> <ownerRef oid="00000000-0000-0000-0000-000000000002" />
>> >> >> <executionStatus>suspended</executionStatus>
>> >> >>
>> >> >> <category>BulkActions</category>
>> >> >> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/
>> >> >> model/scripting/handler-3</handlerUri>
>> >> >> <recurrence>single</recurrence>
>> >> >> </task>
>> >> >>
>> >> >> </objects>
>> >> >>
>> >> >> Gustav
>> >> >>
>> >> >>
>> >> >>
>> >> >> > 2017-03-01 22:43 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >> >> >
>> >> >> >> Hi All,
>> >> >> >> I currently have midpoint set up to manage one resource with the
>> >> >> resource
>> >> >> >> shadows linked to a midpoint account for a number of users.
>> >> >> >>
>> >> >> >> I am wondering how I can trigger an outbound password sync down
>> to a
>> >> >> >> second resource I just added.
>> >> >> >> The new resource accounts have been linking automatically to the
>> >> >> midpoint
>> >> >> >> accounts.
>> >> >> >>
>> >> >> >> I am pretty sure that if I set a new password or re-set the same
>> >> >> password
>> >> >> >> it will get pushed down into the linked accounts in the new
>> resource
>> >> >> but, I
>> >> >> >> need to do this for ~50 accounts and would like a better way to
>> do
>> >> >> this in
>> >> >> >> bulk and without having to do a lot of custom scripting.
>> >> >> >>
>> >> >> >> What is the best mechanism to force a user's current  password
>> down
>> >> to
>> >> >> a
>> >> >> >> new resource?
>> >> >> >>
>> >> >> >> Thanks,
>> >> >> >> Peter
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> midPoint mailing list
>> >> >> >> midPoint at lists.evolveum.com
>> >> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> -------------- next part --------------
>> >> >> An HTML attachment was scrubbed...
>> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> >> >> 20170301/2ac87926/attachment-0001.html>
>> >> >>
>> >> >> ------------------------------
>> >> >>
>> >> >> Subject: Digest Footer
>> >> >>
>> >> >> _______________________________________________
>> >> >> midPoint mailing list
>> >> >> midPoint at lists.evolveum.com
>> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >>
>> >> >>
>> >> >> ------------------------------
>> >> >>
>> >> >> End of midPoint Digest, Vol 59, Issue 10
>> >> >> ****************************************
>> >> >>
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > midPoint mailing list
>> >> > midPoint at lists.evolveum.com
>> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> Gustáv Pálos
>> >> Identity Engineer
>> >> evolveum.com
>> >> -------------- next part --------------
>> >> An HTML attachment was scrubbed...
>> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20
>> >> 170302/e42d7d52/attachment.html>
>> >>
>> >> ------------------------------
>> >>
>> >> Subject: Digest Footer
>> >>
>> >> _______________________________________________
>> >> midPoint mailing list
>> >> midPoint at lists.evolveum.com
>> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >>
>> >>
>> >> ------------------------------
>> >>
>> >> End of midPoint Digest, Vol 59, Issue 12
>> >> ****************************************
>> >>
>> >
>> >
>> > _______________________________________________
>> > midPoint mailing list
>> > midPoint at lists.evolveum.com
>> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >
>> >
>>
>>
>> --
>> s pozdravom
>>
>> Gustáv Pálos
>>
>>
>>
>> --
>> Gustáv Pálos
>> Identity Engineer
>> evolveum.com
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> 20170302/00bc1d84/attachment.html>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> ------------------------------
>>
>> End of midPoint Digest, Vol 59, Issue 15
>> ****************************************
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
s pozdravom

Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170302/8a69b137/attachment.htm>


More information about the midPoint mailing list