[midPoint] Provisioning Scripts in activation

Sylvaire kevin TIPA sylvaire-kevin.tipa at mythalesgroup.io
Wed Oct 31 13:47:16 CET 2018 

If than can help someone. Not sure that is the best method but it work :p

In resource provisioning script, check that the activation filed have change (inspiring with the original MP code of activation feature)

2 scripts, on for check Disabled and one for Enabled .

<script>
      <host>resource</host>
      <language>powershell</language>
      <argument>
        <name>identity</name>
        <c:path xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="t:ItemPathType">$user/name</c:path>
      </argument>
      <code>powershell "D:\midpoint\....ps1 $identity "</code>
      <operation>modify</operation>
      <kind>account</kind>
      <order>after</order>
      <condition>
        <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="c:ScriptExpressionEvaluatorType">
          <code>
                  import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
                  import com.evolveum.midpoint.schema.constants.SchemaConstants;

                  currentChange = midpoint.getFocusContext().getDelta().findPropertyDelta(SchemaConstants.PATH_ACTIVATION_ADMINISTRATIVE_STATUS)
                  oldChange = midpoint.getFocusContext().getObjectOld()?.asObjectable()?.getActivation()?.getAdministrativeStatus()

                  return ((currentChange != null && oldChange != null) && (currentChange != oldChange) && currentChange.getItemNewMatchingPath(null).getRealValue() ==  ActivationStatusType.ENABLED)
          </code>
        </script>
      </condition>
    </script>

Cordialement,


[cid:8e2f30c3-f5eb-4f4e-aefb-9d083f8a3b45]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
......................................................................................................
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
......................................................................................................
www.thalesgroup.com<http://www.thalesgroup.com/>




De : Sylvaire kevin TIPA
Envoyé : lundi 29 octobre 2018 10:21
À : midPoint General Discussion <midpoint at lists.evolveum.com>
Objet : Provisioning Scripts in activation

Hey all,

I want to execute provisioning scripts when an AD Account is activated or disabled. In my AD resource, It's possible to use Provisioning Scripts in activation field or I need to put it as script and make conditional check ?

On last case, how I can catch delta for execute my change only when Administrative status change ? ModelContext variable is available in resource scripts ?

More general, In MP, How I can know what variable are available?


  <activation>
            <administrativeStatus>
               <outbound id="28"/>
                          <-- Provisionning script here ?
            </administrativeStatus>
         </activation>


Or in scripts, but how I can check delta ?
<script>
         <host>resource</host>
         <language>powershell</language>
         <argument>
            <name>identity</name>
            <c:path xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:type="t:ItemPathType">$user/name</c:path>
         </argument>
         <argument>
            <name>createCertificate</name>
            <value>0</value>
         </argument>
         <code>powershell "D:\midpoint\create-certificate\create-certificate.ps1 $identity $createCertificate"</code>
         <operation>modify</operation>
         <kind>account</kind>
         <order>after</order>
         <condition>
            <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:type="c:ScriptExpressionEvaluatorType">
               <code>
                                                                   <--Need to check diff between old and new effective status
                                            import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
                                            return (focus.getActivation()?.getEffectiveStatus() == ActivationStatusType.DISABLED)
                </code>
            </script>
         </condition>

Thanks, Br,

Cordialement,


[cid:8e2f30c3-f5eb-4f4e-aefb-9d083f8a3b45]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
......................................................................................................
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
......................................................................................................
www.thalesgroup.com<http://www.thalesgroup.com/>





This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181031/e2c5e0a1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6112 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181031/e2c5e0a1/attachment.png>

More information about the midPoint mailing list