<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
<expression><asIs/></expression> is the "copy
value" expression.<br>
Empty <outbound> or <inbound> is the same.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 03/23/2016 02:53 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY7BPgb5EnvP0bV3m8SiTaZuF_T25M+rnm-LN0TKMq=L+w@mail.gmail.com"
type="cite">
<div dir="ltr">I am interested in what you are experiencing also.
Ours seems to be working as expected, I checked multiple
accounts in AD that were disabled in midpoint and they are
correct with 0x202 (Disabled, Normal Account). Although I have
been using the below but not sure how different that is from
Ivan's,
<div><br>
</div>
<div>
<div> <activation></div>
<div> <administrativeStatus></div>
<div> <outbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </inbound></div>
<div> </administrativeStatus></div>
<div> </activation></div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Mar 23, 2016 at 8:50 AM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Patrick,<br>
<br>
are you using the mapping like this?<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
This is everything you need to map midPoint's
administrativeStatus attribute from User to AD account
flag "disabled".<span class="HOEnZb"><font color="#888888"><br>
<br>
Ivan</font></span>
<div>
<div class="h5"><br>
<br>
<div>On 03/23/2016 02:43 PM, Schlehuber, Patrick
wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
am wanting to manage the ACCOUNTDISABLE flag ,
0x0002. This does not work as I expect when I
utilize the activation/administrativeStatus</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Pat</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Jason Everling [<a moz-do-not-send="true"
href="mailto:jeverling@bshp.edu"
target="_blank">mailto:jeverling@bshp.edu</a>]
<br>
<b>Sent:</b> Tuesday, March 22, 2016 4:13 PM<br>
<b>To:</b> midPoint General Discussion <a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"
target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a></a><br>
<b>Subject:</b> Re: [midPoint] Active
Directory userAccountControl modification
problem</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">I</p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
</p>
<div>
<div>
<div>
<p class="MsoNormal">JASON</p>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Tue, Mar 22, 2016 at
4:08 PM, Ivan Noris <<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>>
wrote:</p>
<blockquote
style="border:none;border-left:solid #cccccc
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hi Patrick,<br>
<br>
what are you trying to achieve?<br>
Active Directory connector allows you to
interact with userAccountControl by
using the following "virtual"
attributes:<br>
- passwordExpired (icfs:passwordExpired)<br>
- PasswordNeverExpires
(ri:PasswordNeverExpires)<br>
<br>
and of course the
activation/administrativeStatus<br>
<br>
If you need to update the other bits of
userAccountControl, I'm not sure AD
connector is capable of doing this.<br>
<br>
I have never tried/needed to directly
modify userAccountControl yet.<br>
<br>
Regards,<br>
Ivan</p>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On 03/22/2016
08:11 PM, Schlehuber, Patrick
wrote:</p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I am wanting
to modify the userAccountControl
attribute on an account that
is visible by my AD resource. I
have extended the AD schema and
added the attribute, I do see
this attribute populated
correctly when I view an AD
account. When I try to change
this attribute I receive the
following error:</p>
<p class="MsoNormal">I have tried
changing the Resource definition
to make this attribute, string,
int, long, base64Binary all with
the same result. What am I
missing to make this attribute
modifiable within midPoint?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">ConnectorServer.exe
Error: 0 : Exception :</p>
<p class="MsoNormal">Type:
System.InvalidCastException</p>
<p class="MsoNormal">Message:
Specified cast is not valid.</p>
<p class="MsoNormal">Source:
FrameworkInternal</p>
<p class="MsoNormal">Stacktrace:
</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
oclass, UpdateType type,
DirectoryEntry directoryEntry,
ConnectorAttribute attribute) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
667</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
oclass, DirectoryEntry
directoryEntry, ICollection`1
attributes, UpdateType type,
ActiveDirectoryConfiguration
config) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
258</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
type, ObjectClass oclass,
ICollection`1 attributes,
OperationOptions options) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
1091</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
objectClass, Uid uid,
ICollection`1 valuesToAdd,
OperationOptions options) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
1712</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
proxy, MethodInfo method,
Object[] args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
247</p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass
, Uid , ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
proxy, MethodInfo method,
Object[] args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
1344</p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass
, Uid , ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
request) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
626</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thank you,</p>
<p class="MsoNormal">Pat</p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
</div>
</div>
<pre>_______________________________________________</pre>
<pre>midPoint mailing list</pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a></pre>
<pre><a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span style="color:#888888"></span></span></pre>
</blockquote>
<p class="MsoNormal"><span
style="color:#888888"><br>
<br>
<span></span></span></p>
<pre><span style="color:#888888">-- </span></pre>
<pre><span style="color:#888888"> Ing. Ivan Noris</span></pre>
<pre><span style="color:#888888"> Senior Identity Management Engineer & IDM Architect</span></pre>
<pre><span style="color:#888888"> <a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=" target="_blank">evolveum.com/blog/</a></span></pre>
<pre><span style="color:#888888"> ___________________________________________________</span></pre>
<pre><span style="color:#888888"> "Semper ID(e)M Vix."</span></pre>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e="
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"><br>
<span style="font-size:10.0pt"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for
only the recipient(s) named above and may
contain information that is privileged. You
should not retain, copy or use this e-mail or
any attachments for any purpose, or disclose
all or any part of the contents to any person.
Any views or opinions expressed in this e-mail
are those of the author and do not represent
those of the Baptist School of Health
Professions. If you have received this e-mail
in error, or are not the named recipient(s),
you are hereby notified that any review,
dissemination, distribution or copying of this
communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18
U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and
any attachments from your computer. </span></p>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>