[midPoint] Add a second LDAP account to resource for user (Error: already contains account of type 'default' on resource)
Ivan Noris
ivan.noris at evolveum.com
Mon Mar 20 15:31:36 CET 2017
Hi Peter,
GUI currently cannot use Add projection for other-than-default intents.
But it's very easy to create a role:
Example 1: role to create default account on resource with given oid
<role oid="2dfa0d20-3263-11e6-838d-3c970e44b9e2"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
<name>CSV-1 Default account</name>
<description>
This role assigns CSV-1 (Simulated App 1) resource and creates a
test account.
</description>
<inducement>
<construction>
<!-- The c: prefix in type must be there due to a JAXB bug -->
<resourceRef oid="10000000-9999-9999-0000-a000ff000002"
type="c:ResourceType"/>
<kind>account</kind>
</construction>
</inducement>
</role>
Example 2: role to create account with intent test on resource with
given oid
<role oid="2dfa0d20-3263-11e6-838d-3c970e44b9e2"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
<name>CSV-1 Tester</name>
<description>
This role assigns CSV-1 (Simulated App 1) resource and creates a
test account.
</description>
<inducement>
<construction>
<!-- The c: prefix in type must be there due to a JAXB bug -->
<resourceRef oid="10000000-9999-9999-0000-a000ff000002"
type="c:ResourceType"/>
<kind>account</kind>
<intent>test</intent>
</construction>
</inducement>
</role>
Then just add one or both roles to your user in midpoint and the
corresponding account(s) should be created. Just be sure to use your
resource oid and correct intent.
Regards,
Ivan
On 03/20/2017 02:26 PM, Peter Healy wrote:
> Hi Pavol,
> That works, I modified the resource definition schema handling to add
> a "test" intent in addition to "default"
>
> However, to get the account associated to a Midpoint account and owner
> I had to create the shadow on the OpenLDAP resource itself using LDAP
> tools and then edited the shadow definition via the Repository Objects
> configuration in the UI to make the intent "test".
>
> Is there an easier way to do this via the UI only? Can I set this in
> the Add Projection Menu for a user instead?
>
> Thanks again,
> Peter
>
> On Fri, Mar 17, 2017 at 2:30 PM, <midpoint-request at lists.evolveum.com
> <mailto:midpoint-request at lists.evolveum.com>> wrote:
>
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
> <mailto:midpoint-request at lists.evolveum.com>
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
> <mailto:midpoint-owner at lists.evolveum.com>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. association from single value attribute
> (Oskar Butovič - AMI Praha a.s.)
> 2. Add a second LDAP account to resource for user (Error:
> already contains account of type 'default' on resource)
> (Peter Healy)
> 3. Re: Add a second LDAP account to resource for user (Error:
> already contains account of type 'default' on resource)
> (Pavol Mederly)
> 4. Re: API Call or Bulk Action to Add Projection on resource for
> Many Users (Peter Healy)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 17 Mar 2017 15:11:25 +0100
> From: Oskar Butovič - AMI Praha a.s. <oskar.butovic at ami.cz
> <mailto:oskar.butovic at ami.cz>>
> To: midPoint General Discussion <midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>>
> Subject: [midPoint] association from single value attribute
> Message-ID:
>
> <CAE8MtZAvNM0Ph92UmeMo+q-EMk1YBUdKvm=8ARBKcD9Fwd1vXg at mail.gmail.com
> <mailto:8ARBKcD9Fwd1vXg at mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
>
> Hello everybody,
>
> i would like to ask how should be configured association on
> singlevalue
> attribute.
>
> I have configured association and metarole same as for multivalued
> associations and added scripting hook which removes roles other
> than the
> one added (1 of N from certain set of roles).
>
> But association sends always two values to my connector and thus
> sometimes
> role is replaced correctly but more often role is not replaced in end
> system.
>
> Best Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101 <tel:%5B%2B420%5D%20774%20480%20101>
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239 <tel:%5B%2B420%5D%20274%20783%20239>
> web: www.ami.cz <http://www.ami.cz>
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně
> písemnou formu.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/d5d49083/attachment-0001.html
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/d5d49083/attachment-0001.html>>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 17 Mar 2017 13:25:49 -0400
> From: Peter Healy <phealy3330 at gmail.com <mailto:phealy3330 at gmail.com>>
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Subject: [midPoint] Add a second LDAP account to resource for user
> (Error: already contains account of type 'default' on
> resource)
> Message-ID:
>
> <CADnbc=wrJH=vSEtS9=e9ahXBCaAktdDs3+CgjzeUmfRKrGWxQg at mail.gmail.com
> <mailto:e9ahXBCaAktdDs3%2BCgjzeUmfRKrGWxQg at mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
>
> Hi All,
> I am trying to add a second LDAP account projection to a user but
> I get
> this error:
>
> Attempt to add object:null(null) to a user that already contains
> account of
> type 'default' on resource
>
> I set the dn to be the users current uid with a 1 concatenated to
> the end.
>
> Is there a way to add associate a second LDAP Resource Account to
> a user?
>
> Thanks,
> Peter
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/81dcf051/attachment-0001.html
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/81dcf051/attachment-0001.html>>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 17 Mar 2017 18:31:03 +0100
> From: Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>>
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Add a second LDAP account to resource for user
> (Error: already contains account of type 'default' on
> resource)
> Message-ID: <8de9230b-9c36-1959-9898-314ef93af368 at evolveum.com
> <mailto:8de9230b-9c36-1959-9898-314ef93af368 at evolveum.com>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello,
>
> yes, it is possible. You have to use different intents. See
> https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass
> <https://wiki.evolveum.com/display/midPoint/Kind%2C+Intent+and+ObjectClass>.
>
> Pavol
>
> Pavol Mederly
> Software developer
> evolveum.com <http://evolveum.com>
>
> On 17.03.2017 18:25, Peter Healy wrote:
> > Hi All,
> > I am trying to add a second LDAP account projection to a user but I
> > get this error:
> >
> > Attempt to add object:null(null) to a user that already contains
> > account of type 'default' on resource
> >
> > I set the dn to be the users current uid with a 1 concatenated
> to the
> > end.
> >
> > Is there a way to add associate a second LDAP Resource Account
> to a user?
> >
> > Thanks,
> > Peter
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/287d4b08/attachment-0001.html
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/287d4b08/attachment-0001.html>>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 17 Mar 2017 14:30:09 -0400
> From: Peter Healy <phealy3330 at gmail.com <mailto:phealy3330 at gmail.com>>
> To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] API Call or Bulk Action to Add Projection on
> resource for Many Users
> Message-ID:
>
> <CADnbc=yrBqjWJB6Ad06PO8fRO=YF8OcmU9VRi=w_8+VH+TieDQ at mail.gmail.com
> <mailto:w_8%2BVH%2BTieDQ at mail.gmail.com>>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Pavol,
> That worked, thank you!
> -Peter
>
> On Fri, Mar 17, 2017 at 6:56 AM,
> <midpoint-request at lists.evolveum.com
> <mailto:midpoint-request at lists.evolveum.com>>
> wrote:
>
> > Send midPoint mailing list submissions to
> > midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> > or, via email, send a message with subject or body 'help' to
> > midpoint-request at lists.evolveum.com
> <mailto:midpoint-request at lists.evolveum.com>
> >
> > You can reach the person managing the list at
> > midpoint-owner at lists.evolveum.com
> <mailto:midpoint-owner at lists.evolveum.com>
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of midPoint digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Re: Change the user object schema. (Pavol Mederly)
> > 2. Re: API Call or Bulk Action to Add Projection on resource for
> > Many Users (Pavol Mederly)
> > 3. Import Users from Active Directory ressources (Tommy Montegu)
> >
> >
> >
> ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Fri, 17 Mar 2017 09:29:44 +0100
> > From: Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>>
> > To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> > Subject: Re: [midPoint] Change the user object schema.
> > Message-ID: <ae6f54e7-a7b0-eb42-343e-f731ce123657 at evolveum.com
> <mailto:ae6f54e7-a7b0-eb42-343e-f731ce123657 at evolveum.com>>
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >
> > No, this is currently not supported. (Maybe in the future.)
> >
> > But, actually, there's usually no reason to store all those 85
> > properties in database tables: you actually need to store only those
> > that you want to use in searches. Please see the discussion on
> > indexed/non-indexed items in
> >
> https://wiki.evolveum.com/display/midPoint/Custom+Schema+Extension
> <https://wiki.evolveum.com/display/midPoint/Custom+Schema+Extension>.
> >
> > Pavol Mederly
> > Software developer
> > evolveum.com <http://evolveum.com>
> >
> > On 16.03.2017 22:07, Prabhakara Rao Doddapaneni wrote:
> > > I have about 100 properties with the user to store in. Only
> 15 could
> > > be matched with the standard user schema. The rest of the
> attributes
> > > are added in the extended template. When i see in database,
> all these
> > > values are stored as multiple rows in database.
> > >
> > > Is there a way that i modify the user schema so that my user
> object
> > > type takes all the properties what i need always?
> > >
> > > Thanks,
> > > Prabhakar.
> > >
> > >
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> <http://lists.evolveum.com/pipermail/midpoint/>
> > attachments/20170317/905f80c4/attachment-0001.html>
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Fri, 17 Mar 2017 09:41:31 +0100
> > From: Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>>
> > To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> > Subject: Re: [midPoint] API Call or Bulk Action to Add Projection on
> > resource for Many Users
> > Message-ID: <af3fa1b5-8334-05ae-8a75-7b9b5df0f1b1 at evolveum.com
> <mailto:af3fa1b5-8334-05ae-8a75-7b9b5df0f1b1 at evolveum.com>>
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >
> > Hello Peter,
> >
> > you can use this sample:
> >
> https://github.com/Evolveum/midpoint/blob/b18553402af581474bd98a466a82c6
> <https://github.com/Evolveum/midpoint/blob/b18553402af581474bd98a466a82c6>
> > 4791ab99a6/samples/tasks/bulk-actions/assign-resource-to-
> > selected-users.xml
> >
> > Best regards,
> >
> > Pavol Mederly
> > Software developer
> > evolveum.com <http://evolveum.com>
> >
> > On 16.03.2017 21:40, Peter Healy wrote:
> > > Hi All,
> > > I recently added a new OpenLDAP resource to my midpoint
> installation
> > > and would like to deploy a projection for all my existing users.
> > >
> > > Doing this in the Web UI is really easy, If I click add
> project and
> > > leave everything blank this works successfully for OpenLDAP
> resources
> > > since Midpoint computes a Distinguished Name and uid for the
> user and
> > > maps everything OK.
> > >
> > > But, I'd like a way to script this with an XML snippet for an HTTP
> > > REST call or as a bulk action so I can quickly do this for the
> > > remaining users without having to click through the UI or all
> of them.
> > >
> > > Is there a good way to do this?
> > >
> > > Thanks,
> > > Peter
> > >
> > >
> > > _______________________________________________
> > > midPoint mailing list
> > > midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> > > http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> <http://lists.evolveum.com/pipermail/midpoint/>
> > attachments/20170317/a65fb84e/attachment-0001.html>
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Fri, 17 Mar 2017 14:55:42 +0400 (RET)
> > From: Tommy Montegu <tommy.montegu at exodata.fr
> <mailto:tommy.montegu at exodata.fr>>
> > To: <midpoint at lists.evolveum.com
> <mailto:midpoint at lists.evolveum.com>>
> > Subject: [midPoint] Import Users from Active Directory ressources
> > Message-ID: <005401d29f0d$062fc1b0$128f4510$@exodata.fr
> <http://exodata.fr>>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hello,
> >
> >
> >
> > I have configured a Active Directory Ressource.
> >
> >
> >
> > I want to import users from my DC to midpoint. I try to
> synchronize users
> > creating a task. My task works well, but nothing happen. When I
> took a
> > look on Users page, there’s nothing except administrator.
> >
> >
> >
> > Please, could someone help me to import and synchronize my user
> from my AD
> > server to MidPoint ?
> >
> >
> >
> > I would be grateful if someone can help me, starting with the
> beginning of
> > the configuration.
> >
> >
> >
> > Thanks a lot,
> >
> >
> >
> > Best regards,
> >
> >
> >
> > Tommy Montégu Technicien Support, Exodata
> >
> >
> >
> >
> <https://s3.amazonaws.com/webapp.wisestamp.com/Rc4a7BkzTqaiA9hJykP4_Screen
> <https://s3.amazonaws.com/webapp.wisestamp.com/Rc4a7BkzTqaiA9hJykP4_Screen>
> > %20Shot%202014-05-14%20at%2016.07.12.png>
> >
> > Standard : <callto:02%2062%20977%20955> 02 62 977 955
> >
> > Email : <mailto:tommy.montegu at exodata.fr
> <mailto:tommy.montegu at exodata.fr>> tommy.montegu at exodata.fr
> <mailto:tommy.montegu at exodata.fr>
> >
> > Website :
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.exodata.fr
> <http://2Fwww.exodata.fr>%2F&si=5018836136886272&pi=57234
> > 252-d6e6-4462-cce5-05a8cd271064> www.exodata.fr
> <http://www.exodata.fr>
> >
> > Adresse : 4, rue Émile Hugot - 97490 Sainte-Clotilde
> >
> > <http://facebook.com/exodata>
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> >
> K_MMdBzM2-04?t=http%3A%2F%2Ftwitter.com%2Fexodatagroup&si=5018836136886272
> > &pi=57234252-d6e6-4462-cce5-05a8cd271064>
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.linkedin.com
> <http://2Fwww.linkedin.com>%2Fcompany%2Fexodata&si=501883
> > 6136886272 <tel:6136886272>&pi=57234252-d6e6-4462-cce5-05a8cd271064>
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> > K_MMdBzM2-04?t=http%3A%2F%2Fplus.google.com
> <http://2Fplus.google.com>%2Fb%2F112099146097934583192%2F
> >
> 112099146097934583192%2Fabout&si=5018836136886272&pi=57234252-d6e6-4462-cc
> > e5-05a8cd271064>
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> > K_MMdBzM2-04?t=http%3A%2F%2Fwww.slideshare.net
> <http://2Fwww.slideshare.net>%2Fexodata&si=50188361368862
> > 72&pi=57234252-d6e6-4462-cce5-05a8cd271064>
> >
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d
> <http://t.signauxdeux.com/e1t/c/5/f18dQhb0SmZ58dDMPbW2n0x6l2B9nMJW7sM9dn7d>
> >
> K_MMdBzM2-04?t=http%3A%2F%2Fgoo.gl%2Fmaps%2F0RNBG&si=5018836136886272&pi=5
> > 7234252-d6e6-4462-cce5-05a8cd271064>
> >
> >
> >
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <http://lists.evolveum.com/pipermail/midpoint/
> <http://lists.evolveum.com/pipermail/midpoint/>
> > attachments/20170317/6622545d/attachment.html>
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
> >
> >
> > ------------------------------
> >
> > End of midPoint Digest, Vol 59, Issue 107
> > *****************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/fac82f02/attachment.html
> <http://lists.evolveum.com/pipermail/midpoint/attachments/20170317/fac82f02/attachment.html>>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 59, Issue 111
> *****************************************
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170320/96443b85/attachment.htm>
More information about the midPoint
mailing list