<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<br>
to set AD account status you need standard outbound mapping for AD:<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
Do you have this mapping, and it still does not work?<br>
<br>
BTW to configure CSV resource to actually understand
"enabled"/"disabled" status you can use simulated capabilities:<br>
<br>
<capabilities
xmlns:cap=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">"http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"</a>><br>
<configured><br>
<cap:activation><br>
<cap:status><br>
<cap:attribute><b>ri:hrStatus</b></cap:attribute><br>
<cap:enableValue/><br>
<cap:disableValue>REJ</cap:disableValue><br>
</cap:status><br>
</cap:activation><br>
</configured><br>
</capabilities><br>
<br>
This means that resource account attribute <b>hrStatus</b> is used
for enable/disable decision. Value "REJ" means "disabled"; empty
value means "enabled". Modify as needed.<br>
<br>
Then use standard inbound in CSV resource schema handling:<br>
<activation><br>
<administrativeStatus><br>
<inbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
We use similar code in our CSV, DBTable and LDAP resources in
samples/resources. I have similar situation in multiple projects
where we create user in midPoint based on authoritative source and
provision the accounts automatically to other resources.<br>
<br>
Hope this helps.<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 05/22/2015 02:12 PM, Алексей
Ващенков wrote:<br>
</div>
<blockquote
cite="mid:23F96C83E30B7E4DA253EBD07C550836014C88D1@EX-MB2.solar.local"
type="cite">
<pre wrap="">Hi.
I have a troouble to configure first time user creation while importin from HR resource. We have in pur resource attribute which indicates if employee is hired or fired. And here the mapping of this attribute.
<mapping>
<authoritative>false</authoritative>
<exclusive>true</exclusive>
<source>
<name>hrStatus</name>
<c:path xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>$user/extension/hrStatus</c:path>
</source>
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
return hrStatus.toString().equals('REJ')?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED;
</code>
</script>
</expression>
<target>
<c:path xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>>$user/activation/administrativeStatus</c:path>
</target>
</mapping>
It works fine. AdministrativeStatus in midpoint sets as needed.
While creating user from HR resource we need to create account in AD. Accounts created but Administrative stutus of it is disabled. If I disable and then enable account in Midpoint the account in AD is anabled.
What should I do to set right AdministrativeStatus in AD when account is creating?
_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>