<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    This is interesting. One thing: isn't the password generated from
    midpoint to AD each time? Could this not cause unlocking account
    automatically?<br>
    <br>
    No other thoughts yet..<br>
    <br>
    <div class="moz-cite-prefix">On 01/21/2016 04:27 PM, Jason Everling
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAFkZXY6ryRXkx4tgj60vedTE7+a5sf9X7L=OHkyrw_Z-e+RFSA@mail.gmail.com"
      type="cite">
      <div dir="ltr">The user remains NORMAL. But the user does not have
        NORMAL until they get locked in AD which for 15 seconds it turns
        to LOCKED and then 15 seconds later, NORMAL again without me
        unlocking it. 15 seconds is the live sync task time.
        <div><br>
        </div>
        <div>I just noticed, my "progress" for the live sync task has
          gone way up from 33 to 2440, and every 15 seconds it goes up
          another 10-12 in progress. I removed the mapping and the
          progress has not moved.</div>
        <div><br>
        </div>
        <div>As you stated, it should be under</div>
        <div><activation></div>
        <div><lockoutStatus></div>
        <div>..<br>
        </div>
        <div><br>
        </div>
        <div>So I think I will wait unless you figure it out another
          time!</div>
        <div><br>
        </div>
        <div>Thanks!</div>
        <div>JASON</div>
      </div>
      <div class="gmail_extra"><br clear="all">
        <div>
          <div class="gmail_signature">
            <div dir="ltr">JASON</div>
          </div>
        </div>
        <br>
        <div class="gmail_quote">On Thu, Jan 21, 2016 at 9:15 AM, Ivan
          Noris <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
              <br>
              maybe I somehow fouled with the values in the example...
              But don't see it yet.<br>
              If the account is automatically and unintentionally
              unlocked, is the user in midPoint locked or unlocked?<br>
              <br>
              Anyway just for importing the data, you can leave outbound
              commented out, unless you need it to be synced
              bi-directional.<span class="HOEnZb"><font color="#888888"><br>
                  <br>
                  IVan</font></span>
              <div>
                <div class="h5"><br>
                  <br>
                  <div>On 01/21/2016 03:25 PM, Jason Everling wrote:<br>
                  </div>
                </div>
              </div>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">I had figured as much BUT your code
                      is very close!
                      <div><br>
                      </div>
                      <div>Using the code below it detects the lockout
                        and set's it in midpoint but it immediately
                        unlocks the account! So in AD the account
                        becomes locked and then a few seconds later when
                        live sync occurs it becomes unlocked
                        automatically.</div>
                      <div><br>
                      </div>
                      <div>I am looking at the code now to see what
                        could be causing that, this is one of those
                        "nice to have" features but something that is
                        urgent so if it get's pushed then I am not to
                        worried, but we are very close with the code!</div>
                      <div><br>
                      </div>
                      <div>JASON</div>
                      <div><br>
                      </div>
                      <div><span style="font-size:12.8px">       
                           <attribute><br>
                                     
                          <c:ref>icfs:lockOut</c:ref><br>
                                      <outbound><br>
                                         <source><br>
                                           
                          <c:path>$user/activation/lockoutStatus</c:path><br>
                                         </source><br>
                        </span><span style="font-size:12.8px">              

                          <expression></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                 
                          <script></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    

                          <code></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          import  com.evolveum.midpoint.xml.ns._</span><span
                          style="font-size:12.8px">public.common.common_3.</span><span
                          style="font-size:12.8px">LockoutStatusType;</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          if (lockoutStatus == LockoutStatusType.NORMAL)
                          return false</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          else return true</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    

                          </code></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                 
                          </script></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">              
                          </expression></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">           
                          </outbound></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">           
                          <inbound></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">              
                          <expression></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                 
                          <script></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    

                          <code></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          import  com.evolveum.midpoint.xml.ns._</span><span
                          style="font-size:12.8px">public.common.common_3.</span><span
                          style="font-size:12.8px">LockoutStatusType;</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          if (input) return LockoutStatusType.LOCKED</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    
                          else return LockoutStatusType.NORMAL</span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                    

                          </code></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">                 
                          </script></span><br
                          style="font-size:12.8px">
                        <span style="font-size:12.8px">              
                          </expression></span><span
                          style="font-size:12.8px"><br>
                                         <target><br>
                                           
                          <c:path>$user/activation/lockoutStatus</c:path><br>
                                         </target><br>
                                      </inbound><br>
                                   </attribute></span><br>
                      </div>
                    </div>
                    <div class="gmail_extra"><br clear="all">
                      <div>
                        <div>
                          <div dir="ltr">JASON</div>
                        </div>
                      </div>
                      <br>
                      <div class="gmail_quote">On Thu, Jan 21, 2016 at
                        6:31 AM, Ivan Noris <span dir="ltr"><<a
                            moz-do-not-send="true"
                            href="mailto:ivan.noris@evolveum.com"
                            target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">Hi Jason,<br>
                          <br>
                          after discussion with developers it seems that
                          there is missing feature<br>
                          for "normal" using of lockout in schema
                          handling without workarounds.<br>
                          I'd assume something similar as
                          administrativeStatus mapping should be<br>
                          used without need to manually hack schema for
                          icfs:lockOut first.<br>
                          <br>
                          I've created <a moz-do-not-send="true"
                            href="https://jira.evolveum.com/browse/MID-2770"
                            rel="noreferrer" target="_blank">https://jira.evolveum.com/browse/MID-2770</a><br>
                          <br>
                          The implementation time is roughly set for
                          3.4, subject to change. As<br>
                          always this can be prioritized by
                          subscription.<br>
                          <br>
                          Please let us know if the workaround works
                          anyway. Thank you!<br>
                          <br>
                          Best regards,<br>
                          <span>Ivan<br>
                            <br>
                            On 01/20/2016 04:25 PM, Jason Everling
                            wrote:<br>
                            ><br>
                          </span><span>> Expected boolean type, but
                            got class<br>
                            >
                            com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType<br>
                            > in outbound mapping for
                            {.../connector/icf-1/resource-schema-3}lockOut<br>
                            > in <a moz-do-not-send="true">resource:10000000-2000-3000-4000-10000000ad01(Active</a>
                            Directory:<br>
                            > Office 365, Google Apps, Moodle)<br>
                            ><br>
                            <br>
                          </span>
                          <div>
                            <div>--<br>
                                Ing. Ivan Noris<br>
                                Senior Identity Management Engineer
                              & IDM Architect<br>
                                <a moz-do-not-send="true"
                                href="http://evolveum.com"
                                rel="noreferrer" target="_blank">evolveum.com</a> 
                                                 <a
                                moz-do-not-send="true"
                                href="http://evolveum.com/blog/"
                                rel="noreferrer" target="_blank">evolveum.com/blog/</a><br>
                               
                              ___________________________________________________<br>
                                "Semper Id(e)M Vix."<br>
                              <br>
                              <br>
_______________________________________________<br>
                              midPoint mailing list<br>
                              <a moz-do-not-send="true"
                                href="mailto:midPoint@lists.evolveum.com"
                                target="_blank">midPoint@lists.evolveum.com</a><br>
                              <a moz-do-not-send="true"
                                href="http://lists.evolveum.com/mailman/listinfo/midpoint"
                                rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                            </div>
                          </div>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                  </div>
                </div>
                <font size="2"><br>
                  <br>
                  <span class=""> CONFIDENTIALITY NOTICE:<br>
                    This e-mail together with any attachments is
                    proprietary and confidential; intended for only the
                    recipient(s) named above and may contain information
                    that is privileged. You should not retain, copy or
                    use this e-mail or any attachments for any purpose,
                    or disclose all or any part of the contents to any
                    person. Any views or opinions expressed in this
                    e-mail are those of the author and do not represent
                    those of the Baptist School of Health Professions.
                    If you have received this e-mail in error, or are
                    not the named recipient(s), you are hereby notified
                    that any review, dissemination, distribution or
                    copying of this communication is prohibited by the
                    sender and to do so might constitute a violation of
                    the Electronic Communications Privacy Act, 18 U.S.C.
                    section 2510-2521. Please immediately notify the
                    sender and delete this e-mail and any attachments
                    from your computer. </span></font><br>
                <br>
                <fieldset></fieldset>
                <br>
                <span class="">
                  <pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                </span></blockquote>
              <span class=""> <br>
                <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
              </span></div>
            <br>
            _______________________________________________<br>
            midPoint mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
            <a moz-do-not-send="true"
              href="http://lists.evolveum.com/mailman/listinfo/midpoint"
              rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
  </body>
</html>