<div dir="ltr">No, the password is only generated on new account creation, the password is then only sync'd when I manually enter a new password. I'll keep messing with it and see what I can come up with.<div><br></div><div>Thanks!</div><div>JASON</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Thu, Jan 21, 2016 at 9:34 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
This is interesting. One thing: isn't the password generated from
midpoint to AD each time? Could this not cause unlocking account
automatically?<br>
<br>
No other thoughts yet..<div><div class="h5"><br>
<br>
<div>On 01/21/2016 04:27 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">The user remains NORMAL. But the user does not have
NORMAL until they get locked in AD which for 15 seconds it turns
to LOCKED and then 15 seconds later, NORMAL again without me
unlocking it. 15 seconds is the live sync task time.
<div><br>
</div>
<div>I just noticed, my "progress" for the live sync task has
gone way up from 33 to 2440, and every 15 seconds it goes up
another 10-12 in progress. I removed the mapping and the
progress has not moved.</div>
<div><br>
</div>
<div>As you stated, it should be under</div>
<div><activation></div>
<div><lockoutStatus></div>
<div>..<br>
</div>
<div><br>
</div>
<div>So I think I will wait unless you figure it out another
time!</div>
<div><br>
</div>
<div>Thanks!</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Jan 21, 2016 at 9:15 AM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
<br>
maybe I somehow fouled with the values in the example...
But don't see it yet.<br>
If the account is automatically and unintentionally
unlocked, is the user in midPoint locked or unlocked?<br>
<br>
Anyway just for importing the data, you can leave outbound
commented out, unless you need it to be synced
bi-directional.<span><font color="#888888"><br>
<br>
IVan</font></span>
<div>
<div><br>
<br>
<div>On 01/21/2016 03:25 PM, Jason Everling wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">I had figured as much BUT your code
is very close!
<div><br>
</div>
<div>Using the code below it detects the lockout
and set's it in midpoint but it immediately
unlocks the account! So in AD the account
becomes locked and then a few seconds later when
live sync occurs it becomes unlocked
automatically.</div>
<div><br>
</div>
<div>I am looking at the code now to see what
could be causing that, this is one of those
"nice to have" features but something that is
urgent so if it get's pushed then I am not to
worried, but we are very close with the code!</div>
<div><br>
</div>
<div>JASON</div>
<div><br>
</div>
<div><span style="font-size:12.8px">
<attribute><br>
<c:ref>icfs:lockOut</c:ref><br>
<outbound><br>
<source><br>
<c:path>$user/activation/lockoutStatus</c:path><br>
</source><br>
</span><span style="font-size:12.8px">
<expression></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<script></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<code></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
import com.evolveum.midpoint.xml.ns._</span><span style="font-size:12.8px">public.common.common_3.</span><span style="font-size:12.8px">LockoutStatusType;</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
if (lockoutStatus == LockoutStatusType.NORMAL)
return false</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
else return true</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</code></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</script></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</expression></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</outbound></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<inbound></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<expression></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<script></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
<code></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
import com.evolveum.midpoint.xml.ns._</span><span style="font-size:12.8px">public.common.common_3.</span><span style="font-size:12.8px">LockoutStatusType;</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
if (input) return LockoutStatusType.LOCKED</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
else return LockoutStatusType.NORMAL</span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</code></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</script></span><br style="font-size:12.8px">
<span style="font-size:12.8px">
</expression></span><span style="font-size:12.8px"><br>
<target><br>
<c:path>$user/activation/lockoutStatus</c:path><br>
</target><br>
</inbound><br>
</attribute></span><br>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Jan 21, 2016 at
6:31 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank"></a><a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Jason,<br>
<br>
after discussion with developers it seems that
there is missing feature<br>
for "normal" using of lockout in schema
handling without workarounds.<br>
I'd assume something similar as
administrativeStatus mapping should be<br>
used without need to manually hack schema for
icfs:lockOut first.<br>
<br>
I've created <a href="https://jira.evolveum.com/browse/MID-2770" rel="noreferrer" target="_blank">https://jira.evolveum.com/browse/MID-2770</a><br>
<br>
The implementation time is roughly set for
3.4, subject to change. As<br>
always this can be prioritized by
subscription.<br>
<br>
Please let us know if the workaround works
anyway. Thank you!<br>
<br>
Best regards,<br>
<span>Ivan<br>
<br>
On 01/20/2016 04:25 PM, Jason Everling
wrote:<br>
><br>
</span><span>> Expected boolean type, but
got class<br>
>
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType<br>
> in outbound mapping for
{.../connector/icf-1/resource-schema-3}lockOut<br>
> in <a>resource:10000000-2000-3000-4000-10000000ad01(Active</a>
Directory:<br>
> Office 365, Google Apps, Moodle)<br>
><br>
<br>
</span>
<div>
<div>--<br>
Ing. Ivan Noris<br>
Senior Identity Management Engineer
& IDM Architect<br>
<a href="http://evolveum.com" rel="noreferrer" target="_blank">evolveum.com</a>
<a href="http://evolveum.com/blog/" rel="noreferrer" target="_blank">evolveum.com/blog/</a><br>
___________________________________________________<br>
"Semper Id(e)M Vix."<br>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
</div>
</div>
<font size="2"><br>
<br>
<span> CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only the
recipient(s) named above and may contain information
that is privileged. You should not retain, copy or
use this e-mail or any attachments for any purpose,
or disclose all or any part of the contents to any
person. Any views or opinions expressed in this
e-mail are those of the author and do not represent
those of the Baptist School of Health Professions.
If you have received this e-mail in error, or are
not the named recipient(s), you are hereby notified
that any review, dissemination, distribution or
copying of this communication is prohibited by the
sender and to do so might constitute a violation of
the Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </span></font><br>
<br>
<fieldset></fieldset>
<br>
<span>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</span></blockquote>
<span> <br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>