[midPoint] Add a second LDAP account to resource for user (Error: already contains account of type 'default' on resource)

Peter Healy phealy3330 at gmail.com
Mon Mar 20 14:26:08 CET 2017


Hi Pavol,
That works, I modified the resource definition schema handling to add a
"test" intent in addition to "default"

However, to get the account associated to a Midpoint account and owner I
had to create the shadow on the OpenLDAP resource itself using LDAP tools
and then edited the shadow definition via the Repository Objects
configuration in the UI to make the intent "test".

Is there an easier way to do this via the UI only? Can I set this in the
Add Projection Menu for a user instead?

Thanks again,
Peter

On Fri, Mar 17, 2017 at 2:30 PM, <midpoint-request at lists.evolveum.com>
wrote:

> Send midPoint mailing list submissions to
>         midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
>         midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
>         midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
>    1. association from single value attribute
>       (Oskar Butovič - AMI Praha a.s.)
>    2. Add a second LDAP account to resource for user (Error:
>       already contains account of type 'default' on resource) (Peter Healy)
>    3. Re: Add a second LDAP account to resource for user (Error:
>       already contains account of type 'default' on resource)
>       (Pavol Mederly)
>    4. Re: API Call or Bulk Action to Add Projection on  resource for
>       Many Users (Peter Healy)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 17 Mar 2017 15:11:25 +0100
> From: Oskar Butovič - AMI Praha a.s.  <oskar.butovic at ami.cz>
> To: midPoint General Discussion <midPoint at lists.evolveum.com>
> Subject: [midPoint] association from single value attribute
> Message-ID:
>         <CAE8MtZAvNM0Ph92UmeMo+q-EMk1YBUdKvm=8ARBKcD9Fwd1vXg@
> mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello everybody,
>
> i would like to ask how should be configured association on singlevalue
> attribute.
>
> I have configured association and metarole same as for multivalued
> associations and added scripting hook which removes roles other than the
> one added (1 of N from certain set of roles).
>
> But association sends always two values to my connector and thus sometimes
> role is replaced correctly but more often role is not replaced in end
> system.
>
> Best Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170317/d5d49083/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 17 Mar 2017 13:25:49 -0400
> From: Peter Healy <phealy3330 at gmail.com>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] Add a second LDAP account to resource for user
>         (Error: already contains account of type 'default' on resource)
> Message-ID:
>         <CADnbc=wrJH=vSEtS9=e9ahXBCaAktdDs3+CgjzeUmfRKrGWxQg at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi All,
> I am trying to add a second LDAP account projection to a user but I get
> this error:
>
> Attempt to add object:null(null) to a user that already contains account of
> type 'default' on resource
>
> I set the dn to be the users current uid with a 1 concatenated to the end.
>
> Is there a way to add associate a second LDAP Resource Account to a user?
>
> Thanks,
> Peter
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170317/81dcf051/attachment-0001.html>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 17 Mar 2017 18:31:03 +0100
> From: Pavol Mederly <mederly at evolveum.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Add a second LDAP account to resource for user
>         (Error: already contains account of type 'default' on resource)
> Message-ID: <8de9230b-9c36-1959-9898-314ef93af368 at evolveum.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello,
>
> yes, it is possible. You have to use different intents. See
> https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass.
>
> Pavol
>
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 17.03.2017 18:25, Peter Healy wrote:
> > Hi All,
> > I am trying to add a second LDAP account projection to a user but I
> > get this error:
> >
> > Attempt to add object:null(null) to a user that already contains
> > account of type 'default' on resource
> >
> > I set the dn to be the users current uid with a 1 concatenated to the
> > end.
> >
> > Is there a way to add associate a second LDAP Resource Account to a user?
> >
> > Thanks,
> > Peter
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170317/287d4b08/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 17 Mar 2017 14:30:09 -0400
> From: Peter Healy <phealy3330 at gmail.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] API Call or Bulk Action to Add Projection on
>         resource for Many Users
> Message-ID:
>         <CADnbc=yrBqjWJB6Ad06PO8fRO=YF8OcmU9VRi=w_8+VH+TieDQ at mail.
> gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Pavol,
> That worked, thank you!
> -Peter
>
> On Fri, Mar 17, 2017 at 6:56 AM, <midpoint-request at lists.evolveum.com>
> wrote:
>
> > Send midPoint mailing list submissions to
> >         midpoint at lists.evolveum.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://lists.evolveum.com/mailman/listinfo/midpoint
> > or, via email, send a message with subject or body 'help' to
> >         midpoint-request at lists.evolveum.com
> >
> > You can reach the person managing the list at
> >         midpoint-owner at lists.evolveum.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of midPoint digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re: Change the user object schema. (Pavol Mederly)
> >    2. Re: API Call or Bulk Action to Add Projection on resource for
> >       Many Users (Pavol Mederly)
> >    3. Import Users from Active Directory ressources (Tommy Montegu)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Fri, 17 Mar 2017 09:29:44 +0100
> > From: Pavol Mederly <mederly at evolveum.com>
> > To: midpoint at lists.evolveum.com
> > Subject: Re: [midPoint] Change the user object schema.
> > Message-ID: <ae6f54e7-a7b0-eb42-343e-f731ce123657 at evolveum.com>
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >
> > No, this is currently not supported. (Maybe in the future.)
> >
> > But, actually, there's usually no reason to store all those 85
> > properties in database tables: you actually need to store only those
> > that you want to use in searches. Please see the discussion on
> > indexed/non-indexed items in
> > https://wiki.evolveum.com/display/midPoint/Custom+Schema+Extension.
> >
> > Pavol Mederly
> > Software developer
> > evolveum.com
> >
> > On 16.03.2017 22:07, Prabhakara Rao Doddapaneni wrote:
> > > I have about 100 properties with the user to store in.  Only 15 could
> > > be matched with the standard user schema.  The rest of the attributes
> > > are added in the extended template.  When i see in database, all these
> > > values are stored as multiple rows in database.
> > >
> > > Is there a way that i modify the user schema so that my user object
> > > type takes all the properties what i need always?
> > >
> > > Thanks,
> > > Prabhakar.
> > >
> > >
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> > attachments/20170317/905f80c4/attachment-0001.html>
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Fri, 17 Mar 2017 09:41:31 +0100
> > From: Pavol Mederly <mederly at evolveum.com>
> > To: midpoint at lists.evolveum.com
> > Subject: Re: [midPoint] API Call or Bulk Action to Add Projection on
> >         resource for Many Users
> > Message-ID: <af3fa1b5-8334-05ae-8a75-7b9b5df0f1b1 at evolveum.com>
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >
> > Hello Peter,
> >
> > you can use this sample:
> > https://github.com/Evolveum/midpoint/blob/b18553402af581474bd98a466a82c6
> > 4791ab99a6/samples/tasks/bulk-actions/assign-resource-to-
> > selected-users.xml
> >
> > Best regards,
> >
> > Pavol Mederly
> > Software developer
> > evolveum.com
> >
> > On 16.03.2017 21:40, Peter Healy wrote:
> > > Hi All,
> > > I recently added a new OpenLDAP resource to my midpoint installation
> > > and would like to deploy a projection for all my existing users.
> > >
> > > Doing this in the Web UI is really easy, If I click add project and
> > > leave everything blank this works successfully for OpenLDAP resources
> > > since Midpoint computes a Distinguished Name and uid for the user and
> > > maps everything OK.
> > >
> > > But, I'd like a way to script this with an XML snippet for an HTTP
> > > REST call or as a bulk action so I can quickly do this for the
> > > remaining users without having to click through the UI or all of them.
> > >
> > > Is there a good way to do this?
> > >
> > > Thanks,
> > > Peter
> > >
> > >
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> > attachments/20170317/a65fb84e/attachment-0001.html>
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Fri, 17 Mar 2017 14:55:42 +0400 (RET)
> > From: Tommy Montegu <tommy.montegu at exodata.fr>
> > To: <midpoint at lists.evolveum.com>
> > Subject: [midPoint] Import Users from Active Directory ressources
> > Message-ID: <005401d29f0d$062fc1b0$128f4510$@exodata.fr>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hello,
> >
> >
> >
> > I have configured a Active Directory Ressource.
> >
> >
> >
> > I want to import users from my DC to midpoint. I try to synchronize users
> > creating a task. My task works well, but nothing happen. When I took a
> > look on Users page, there’s nothing except administrator.
> >
> >
> >
> > Please, could someone help me to import and synchronize my user from my
> AD
> > server to MidPoint ?
> >
> >
> >
> > I would be grateful if someone can help me, starting with the beginning
> of
> > the configuration.
> >
> >
> >
> > Thanks a lot,
> >
> >
> >
> > Best regards,
> >
> >
> >
> > Tommy Montégu   Technicien Support, Exodata
> >
> >
> >
> > <https://s3.amazonaws.com/webapp.wisestamp.com/
> Rc4a7BkzTqaiA9hJykP4_Screen
> > %20Shot%202014-05-14%20at%2016.07.12.png>
> >
> > Standard :  <callto:02%2062%20977%20955> 02 62 977 955
> >
> > Email :  <mailto:tommy.montegu at exodata.fr> tommy.montegu at exodata.fr
> >
> > Website :
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.exodata.fr%2F&si=
> 5018836136886272&pi=57234
> > 252-d6e6-4462-cce5-05a8cd271064>  www.exodata.fr
> >
> > Adresse : 4, rue Émile Hugot - 97490 Sainte-Clotilde
> >
> >  <http://facebook.com/exodata>
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Ftwitter.com%2Fexodatagroup&
> si=5018836136886272
> > &pi=57234252-d6e6-4462-cce5-05a8cd271064>
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.linkedin.com%2Fcompany%
> 2Fexodata&si=501883
> > 6136886272&pi=57234252-d6e6-4462-cce5-05a8cd271064>
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Fplus.google.com%2Fb%
> 2F112099146097934583192%2F
> > 112099146097934583192%2Fabout&si=5018836136886272&pi=
> 57234252-d6e6-4462-cc
> > e5-05a8cd271064>
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.slideshare.net%2Fexodata&si=
> 50188361368862
> > 72&pi=57234252-d6e6-4462-cce5-05a8cd271064>
> > <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nM
> JW7sM9dn7d
> > K_MMdBzM2-04?t=http%3A%2F%2Fgoo.gl%2Fmaps%2F0RNBG&si=
> 5018836136886272&pi=5
> > 7234252-d6e6-4462-cce5-05a8cd271064>
> >
> >
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> > attachments/20170317/6622545d/attachment.html>
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
> >
> > ------------------------------
> >
> > End of midPoint Digest, Vol 59, Issue 107
> > *****************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.evolveum.com/pipermail/midpoint/
> attachments/20170317/fac82f02/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 59, Issue 111
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170320/4e14eb50/attachment.htm>


More information about the midPoint mailing list