<div dir="ltr">Getting close! So far I had to add it to the resource like so in the schema handling section because it was complaining of it not being found. I got the below from icf resource schema 3. I tried both combinations. I searched and lockoutStatusType returns NORMAL or LOCKED.<div><br></div><div>I am thinking maybe this only works for simulated lockout on systems that do not fully support account lockouts and not AD?<br><div><br></div><div><xsd:element minOccurs="0" ref="icfs:lockOut" type="xsd:boolean"/></div><div><br></div><div>or</div><div><br></div><div><xsd:element minOccurs="0" name="lockOut" type="xsd:boolean"/><br></div><div><br></div><div>and then in the resource definition both icfs:lockOut and ri:lockOut</div><div><br></div><div><div> <attribute></div><div> <c:ref>icfs:lockOut</c:ref></div><div> <outbound></div><div> <source></div><div> <c:path>$user/activation/lockoutStatus</c:path></div><div> </source></div><div> </outbound></div><div> <inbound></div><div> <target></div><div> <c:path>$user/activation/lockoutStatus</c:path></div><div> </target></div><div> </inbound></div><div> </attribute></div><div><br></div><div><br></div><div>and now I get the below which is farther that before.</div><div><br></div><div><span class="" id="id51f9" style="padding:0px;font-weight:bold;color:rgb(185,74,72);font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)"><span id="id522a">operation.com.evolveum.midpoint.web.page.admin.users.PageUsers.unlockUser</span></span><span style="color:rgb(185,74,72);font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)"></span><div class="" id="id51f9_content" style="padding-left:30px;color:rgb(185,74,72);font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)"><ul style="margin:0px;list-style:none outside none;padding:0px"><li style="padding:1px 0px;list-style:none outside none;margin:0px;text-overflow:ellipsis;overflow:auto"><span class="">Couldn't unlock user user: astudent2 (OID:341c3cba-a231-481b-bb3e-487876f4c229).</span></li><li style="padding:1px 0px;list-style:none outside none;margin:0px;text-overflow:ellipsis;overflow:auto"><span class=""><u>Cause:</u> <span><p style="margin:0px;display:inline">Expected boolean type, but got class com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in outbound mapping for {.../connector/icf-1/resource-schema-3}lockOut in resource:10000000-2000-3000-4000-10000000ad01(Active Directory: Office 365, Google Apps, Moodle)</p></span> <span class="" id="id51fa" style="color:rgb(153,153,153);font-weight:bold;margin-left:5px"><span class="">[ SHOW ERROR STACK ]</span></span></span></li><li style="padding:1px 0px;list-style:none outside none;margin:0px;text-overflow:ellipsis;overflow:auto"><span class=""><span class="" style="color:rgb(153,153,153);font-weight:bold;margin-left:5px"><span class=""><span style="color:rgb(199,37,78);font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:10.8px;font-weight:normal;line-height:15.4286px;white-space:nowrap;background-color:rgb(249,242,244)">java.lang.IllegalArgumentException: Expected boolean type, but got class com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType in outbound mapping for {.../resource/instance-3}lockOut</span><br></span></span></span></li></ul></div></div></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Wed, Jan 20, 2016 at 1:35 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
haven't tried yet, but I suppose you need to specify the
source/target attribute in the mappings. Please try
$user/activation/lockoutStatus.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 01/19/2016 09:18 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Late response, I could not get it to work :(
<div><br>
</div>
<div>I tried the below,</div>
<div><br>
</div>
<div>
<div> <attribute></div>
<div> <ref>icfs:lockOut</ref></div>
<div> <outbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Tue, Jan 12, 2016 at 8:31 AM, Jason
Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Nice! I will create a mapping for that, I was
searching in github and wiki for the connector for lock
out, lockout, locked, etc.. no wonder why I didn't see it.
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><span><font color="#888888"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</font></span>
<div>
<div>
<br>
<div class="gmail_quote">On Tue, Jan 12, 2016 at 4:36
AM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank"></a><a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Jason,<br>
<br>
according to .Net AD Connector sources, there
is an attribute called "__LOCK_OUT__"
(icfs:lockOut in midPoint) that is filled-in
by the connector.<br>
<br>
Do you use it? Have you an inbound mapping for
it?<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">It is the .NET Connector,
and it very well could be not
implemented yet. I couldn't find
anything on it. I haven't had much time
with the new semester start to test out
the new LDAP AD Connector,
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Mon, Jan 11,
2016 at 9:45 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank"></a><a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
<br>
which connector are you using?
.NET/AD or the new LDAP/AD...?<br>
<br>
Do you have inbound mapping for
that attribute?<br>
<br>
I have never yet tried this, but
it might be unimplemented yet
(Radovan will know for LDAP/AD at
least).<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On 01/11/2016 03:52 PM,
Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">I noticed
that when a user account
get's locked in AD it does
not update the
lockoutStatus in midpoint.
You have to expand the AD
account and then scroll to
Lockout-Status and change
it.
<div><br>
</div>
<div>Is there a setting I
am missing somewhere in
the resource config or
is that not supported by
the AD connector?</div>
<div><br>
</div>
<div>Thanks!<br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for
only the recipient(s) named
above and may contain
information that is
privileged. You should not
retain, copy or use this
e-mail or any attachments for
any purpose, or disclose all
or any part of the contents to
any person. Any views or
opinions expressed in this
e-mail are those of the author
and do not represent those of
the Baptist School of Health
Professions. If you have
received this e-mail in error,
or are not the named
recipient(s), you are hereby
notified that any review,
dissemination, distribution or
copying of this communication
is prohibited by the sender
and to do so might constitute
a violation of the Electronic
Communications Privacy Act, 18
U.S.C. section 2510-2521.
Please immediately notify the
sender and delete this e-mail
and any attachments from your
computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only the
recipient(s) named above and may contain
information that is privileged. You
should not retain, copy or use this
e-mail or any attachments for any
purpose, or disclose all or any part of
the contents to any person. Any views or
opinions expressed in this e-mail are
those of the author and do not represent
those of the Baptist School of Health
Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified
that any review, dissemination,
distribution or copying of this
communication is prohibited by the
sender and to do so might constitute a
violation of the Electronic
Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately
notify the sender and delete this e-mail
and any attachments from your computer.
</font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>