<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
maybe you could please try this:<br>
<br>
<attribute><br>
<c:ref>icfs:lockOut</c:ref><br>
<outbound><br>
<source><br>
<c:path>$user/activation/lockoutStatus</c:path><br>
</source><br>
<expression><br>
<script><br>
<code><br>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;<br>
if (lockoutStatus == LockoutStatusType.NORMAL)
return false<br>
else return true<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
<inbound><br>
<expression><br>
<script><br>
<code><br>
import
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;<br>
if (input) return LockoutStatusType.LOCKED<br>
else return LockoutStatusType.NORMAL<br>
</code><br>
</script><br>
</expression><br>
<target><br>
<c:path>$user/activation/lockoutStatus</c:path><br>
</target><br>
</inbound><br>
</attribute><br>
<br>
I was unable to try this yet, because my testing AD is probably not
configured to lock accounts and accounts can be only unlocked, not
locked (you are probably aware of this)...<br>
<br>
I think all this could be done in a more reasonable way e.g. using<br>
<activation><br>
<lockoutStatus><br>
<outbound/><br>
....<br>
<br>
but this seems not to be implemented yet.<br>
<br>
I'm not sure why icfs:lockOut is not present in <schema> by
default. Will try to discuss this.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 01/20/2016 04:25 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY56bqL6Y-oH7D242x4X_V0rUUJE_=ZpQA=2d+-5s4Yk2Q@mail.gmail.com"
type="cite">
<div dir="ltr">Getting close! So far I had to add it to the
resource like so in the schema handling section because it was
complaining of it not being found. I got the below from icf
resource schema 3. I tried both combinations. I searched and
lockoutStatusType returns NORMAL or LOCKED.
<div><br>
</div>
<div>I am thinking maybe this only works for simulated lockout
on systems that do not fully support account lockouts and not
AD?<br>
<div><br>
</div>
<div><xsd:element minOccurs="0" ref="icfs:lockOut"
type="xsd:boolean"/></div>
<div><br>
</div>
<div>or</div>
<div><br>
</div>
<div><xsd:element minOccurs="0" name="lockOut"
type="xsd:boolean"/><br>
</div>
<div><br>
</div>
<div>and then in the resource definition both icfs:lockOut and
ri:lockOut</div>
<div><br>
</div>
<div>
<div> <attribute></div>
<div> <c:ref>icfs:lockOut</c:ref></div>
<div> <outbound></div>
<div> <source></div>
<div>
<c:path>$user/activation/lockoutStatus</c:path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <target></div>
<div>
<c:path>$user/activation/lockoutStatus</c:path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div><br>
</div>
<div><br>
</div>
<div>and now I get the below which is farther that before.</div>
<div><br>
</div>
<div><span class="" id="id51f9"
style="padding:0px;font-weight:bold;color:rgb(185,74,72);font-family:'Helvetica
Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)"><span
id="id522a">operation.com.evolveum.midpoint.web.page.admin.users.PageUsers.unlockUser</span></span><span
style="color:rgb(185,74,72);font-family:'Helvetica
Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)"></span>
<div class="" id="id51f9_content"
style="padding-left:30px;color:rgb(185,74,72);font-family:'Helvetica
Neue',Helvetica,Arial,sans-serif;font-size:12px;line-height:17.1429px;background-color:rgb(242,222,222)">
<ul style="margin:0px;list-style:none outside
none;padding:0px">
<li style="padding:1px 0px;list-style:none outside
none;margin:0px;text-overflow:ellipsis;overflow:auto"><span
class="">Couldn't unlock user user: astudent2
(OID:341c3cba-a231-481b-bb3e-487876f4c229).</span></li>
<li style="padding:1px 0px;list-style:none outside
none;margin:0px;text-overflow:ellipsis;overflow:auto"><span
class=""><u>Cause:</u> <span>
<p style="margin:0px;display:inline">Expected
boolean type, but got class
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType
in outbound mapping for
{.../connector/icf-1/resource-schema-3}lockOut
in
<a class="moz-txt-link-freetext" href="resource:10000000-2000-3000-4000-10000000ad01(Active">resource:10000000-2000-3000-4000-10000000ad01(Active</a>
Directory: Office 365, Google Apps, Moodle)</p>
</span> <span class="" id="id51fa"
style="color:rgb(153,153,153);font-weight:bold;margin-left:5px"><span
class="">[ SHOW ERROR STACK ]</span></span></span></li>
<li style="padding:1px 0px;list-style:none outside
none;margin:0px;text-overflow:ellipsis;overflow:auto"><span
class=""><span class=""
style="color:rgb(153,153,153);font-weight:bold;margin-left:5px"><span
class=""><span
style="color:rgb(199,37,78);font-family:Monaco,Menlo,Consolas,'Courier
New',monospace;font-size:10.8px;font-weight:normal;line-height:15.4286px;white-space:nowrap;background-color:rgb(249,242,244)">java.lang.IllegalArgumentException:
Expected boolean type, but got class
com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType
in outbound mapping for
{.../resource/instance-3}lockOut</span><br>
</span></span></span></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Jan 20, 2016 at 1:35 AM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
<br>
haven't tried yet, but I suppose you need to specify the
source/target attribute in the mappings. Please try
$user/activation/lockoutStatus.<br>
<br>
Regards,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 01/19/2016 09:18 PM, Jason Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Late response, I could not get it to
work :(
<div><br>
</div>
<div>I tried the below,</div>
<div><br>
</div>
<div>
<div> <attribute></div>
<div>
<ref>icfs:lockOut</ref></div>
<div> <outbound></div>
<div>
<expression></div>
<div>
<asIs/></div>
<div>
</expression></div>
<div> </outbound></div>
<div> <inbound></div>
<div>
<expression></div>
<div>
<asIs/></div>
<div>
</expression></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Tue, Jan 12, 2016 at
8:31 AM, Jason Everling <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jeverling@bshp.edu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jeverling@bshp.edu">jeverling@bshp.edu</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Nice! I will create a mapping
for that, I was searching in github and wiki
for the connector for lock out, lockout,
locked, etc.. no wonder why I didn't see it.
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><span><font
color="#888888"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</font></span>
<div>
<div> <br>
<div class="gmail_quote">On Tue, Jan 12,
2016 at 4:36 AM, Pavol Mederly <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mederly@evolveum.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mederly@evolveum.com">mederly@evolveum.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000">
<div>Hello Jason,<br>
<br>
according to .Net AD Connector
sources, there is an attribute
called "__LOCK_OUT__"
(icfs:lockOut in midPoint) that
is filled-in by the connector.<br>
<br>
Do you use it? Have you an
inbound mapping for it?<br>
<br>
Best regards,<br>
Pavol<br>
<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">It is the
.NET Connector, and it
very well could be not
implemented yet. I
couldn't find anything on
it. I haven't had much
time with the new semester
start to test out the new
LDAP AD Connector,
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br
clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On
Mon, Jan 11, 2016 at
9:45 AM, Ivan Noris <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
which connector are
you using? .NET/AD
or the new
LDAP/AD...?<br>
<br>
Do you have inbound
mapping for that
attribute?<br>
<br>
I have never yet
tried this, but it
might be
unimplemented yet
(Radovan will know
for LDAP/AD at
least).<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<div>On
01/11/2016
03:52 PM,
Jason Everling
wrote:<br>
</div>
</div>
</div>
<blockquote
type="cite">
<div>
<div>
<div dir="ltr">I
noticed that
when a user
account get's
locked in AD
it does not
update the
lockoutStatus
in midpoint.
You have to
expand the AD
account and
then scroll to
Lockout-Status
and change it.
<div><br>
</div>
<div>Is there
a setting I am
missing
somewhere in
the resource
config or is
that not
supported by
the AD
connector?</div>
<div><br>
</div>
<div>Thanks!<br
clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</div>
</div>
<br>
</div>
</div>
<font size="2"><br>
<br>
CONFIDENTIALITY
NOTICE:<br>
This e-mail
together with
any attachments
is proprietary
and
confidential;
intended for
only the
recipient(s)
named above and
may contain
information that
is privileged.
You should not
retain, copy or
use this e-mail
or any
attachments for
any purpose, or
disclose all or
any part of the
contents to any
person. Any
views or
opinions
expressed in
this e-mail are
those of the
author and do
not represent
those of the
Baptist School
of Health
Professions. If
you have
received this
e-mail in error,
or are not the
named
recipient(s),
you are hereby
notified that
any review,
dissemination,
distribution or
copying of this
communication is
prohibited by
the sender and
to do so might
constitute a
violation of the
Electronic
Communications
Privacy Act, 18
U.S.C. section
2510-2521.
Please
immediately
notify the
sender and
delete this
e-mail and any
attachments from
your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
<span><font
color="#888888">
</font></span></blockquote>
<span><font
color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a
moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></a><br>
<a
moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with
any attachments is
proprietary and
confidential; intended for
only the recipient(s)
named above and may
contain information that
is privileged. You should
not retain, copy or use
this e-mail or any
attachments for any
purpose, or disclose all
or any part of the
contents to any person.
Any views or opinions
expressed in this e-mail
are those of the author
and do not represent those
of the Baptist School of
Health Professions. If you
have received this e-mail
in error, or are not the
named recipient(s), you
are hereby notified that
any review, dissemination,
distribution or copying of
this communication is
prohibited by the sender
and to do so might
constitute a violation of
the Electronic
Communications Privacy
Act, 18 U.S.C. section
2510-2521. Please
immediately notify the
sender and delete this
e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>