<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Strange indeed. I can find this in my older setups... but maybe
there was something fixed meanwhile. Anyway I'm using<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
in multiple resources and it seems to work as it should.<br>
<br>
Best regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 03/23/2016 03:00 PM, Jason Everling
wrote:<br>
</div>
<blockquote
cite="mid:CAFkZXY7unuxLOP2XDqdu6i8ea+vZwV3q8R3P2mwAnDvVLyZVXw@mail.gmail.com"
type="cite">
<div dir="ltr">Oh Ok thanks for the explanation, but I think a
year or so ago when I first started setting up midpoint with AD
I could not get it working properly using just what you posted
so that is why I have our's that way, maybe it was a bug in the
earlier versions of midpoint. And yeah, a little over a year ago
and it was 3.0/3.1 and now you are at 3.3 with 3.4 on the
horizon.
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Mar 23, 2016 at 8:56 AM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
<br>
<expression><asIs/></expression> is the
"copy value" expression.<br>
Empty <outbound> or <inbound> is the same.<br>
<br>
Regards,<br>
Ivan
<div>
<div class="h5"><br>
<br>
<div>On 03/23/2016 02:53 PM, Jason Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I am interested in what you are
experiencing also. Ours seems to be working as
expected, I checked multiple accounts in AD that
were disabled in midpoint and they are correct
with 0x202 (Disabled, Normal Account). Although I
have been using the below but not sure how
different that is from Ivan's,
<div><br>
</div>
<div>
<div> <activation></div>
<div> <administrativeStatus></div>
<div> <outbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </inbound></div>
<div> </administrativeStatus></div>
<div> </activation></div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Mar 23, 2016 at
8:50 AM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi
Patrick,<br>
<br>
are you using the mapping like this?<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
This is everything you need to map
midPoint's administrativeStatus attribute
from User to AD account flag "disabled".<span><font
color="#888888"><br>
<br>
Ivan</font></span>
<div>
<div><br>
<br>
<div>On 03/23/2016 02:43 PM, Schlehuber,
Patrick wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
am wanting to manage the
ACCOUNTDISABLE flag , 0x0002.
This does not work as I expect
when I utilize the
activation/administrativeStatus</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Pat</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Jason Everling [<a
moz-do-not-send="true"
href="mailto:jeverling@bshp.edu"
target="_blank"><a class="moz-txt-link-freetext" href="mailto:jeverling@bshp.edu">mailto:jeverling@bshp.edu</a></a>]
<br>
<b>Sent:</b> Tuesday, March 22,
2016 4:13 PM<br>
<b>To:</b> midPoint General
Discussion <a
moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com"
target="_blank"><a class="moz-txt-link-rfc2396E" href="mailto:midpoint@lists.evolveum.com"><midpoint@lists.evolveum.com></a></a><br>
<b>Subject:</b> Re: [midPoint]
Active Directory
userAccountControl modification
problem</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">I</p>
</div>
<div>
<p class="MsoNormal"><br
clear="all">
</p>
<div>
<div>
<div>
<p class="MsoNormal">JASON</p>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Tue, Mar
22, 2016 at 4:08 PM, Ivan
Noris <<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a></a>>
wrote:</p>
<blockquote
style="border:none;border-left:solid
#cccccc 1.0pt;padding:0in 0in
0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hi
Patrick,<br>
<br>
what are you trying to
achieve?<br>
Active Directory connector
allows you to interact
with userAccountControl by
using the following
"virtual" attributes:<br>
- passwordExpired
(icfs:passwordExpired)<br>
- PasswordNeverExpires
(ri:PasswordNeverExpires)<br>
<br>
and of course the
activation/administrativeStatus<br>
<br>
If you need to update the
other bits of
userAccountControl, I'm
not sure AD connector is
capable of doing this.<br>
<br>
I have never tried/needed
to directly modify
userAccountControl yet.<br>
<br>
Regards,<br>
Ivan</p>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On
03/22/2016 08:11 PM,
Schlehuber, Patrick
wrote:</p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I
am wanting to
modify the
userAccountControl
attribute on an
account that is
visible by my AD
resource. I have
extended the AD
schema and added
the attribute, I
do see this
attribute
populated
correctly when I
view an AD
account. When I
try to change this
attribute I
receive the
following error:</p>
<p class="MsoNormal">I
have tried
changing the
Resource
definition to make
this attribute,
string, int, long,
base64Binary all
with the same
result. What am I
missing to make
this attribute
modifiable within
midPoint?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">ConnectorServer.exe
Error: 0 :
Exception :</p>
<p class="MsoNormal">Type:
System.InvalidCastException</p>
<p class="MsoNormal">Message:
Specified cast is
not valid.</p>
<p class="MsoNormal">Source:
FrameworkInternal</p>
<p class="MsoNormal">Stacktrace:
</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
oclass, UpdateType
type,
DirectoryEntry
directoryEntry,
ConnectorAttribute
attribute) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
667</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
oclass,
DirectoryEntry
directoryEntry,
ICollection`1
attributes,
UpdateType type,
ActiveDirectoryConfiguration
config) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
258</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
type, ObjectClass
oclass,
ICollection`1
attributes,
OperationOptions
options) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
1091</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
objectClass, Uid
uid, ICollection`1
valuesToAdd,
OperationOptions
options) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
1712</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
proxy, MethodInfo
method, Object[]
args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
247</p>
<p class="MsoNormal">
at
___proxy1.AddAttributeValues(ObjectClass
, Uid ,
ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
proxy, MethodInfo
method, Object[]
args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
1344</p>
<p class="MsoNormal">
at
___proxy1.AddAttributeValues(ObjectClass
, Uid ,
ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
request) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
626</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thank
you,</p>
<p class="MsoNormal">Pat</p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
</div>
</div>
<pre>_______________________________________________</pre>
<pre>midPoint mailing list</pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a></pre>
<pre><a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span style="color:#888888"></span></span></pre>
</blockquote>
<p class="MsoNormal"><span
style="color:#888888"><br>
<br>
<span></span></span></p>
<pre><span style="color:#888888">-- </span></pre>
<pre><span style="color:#888888"> Ing. Ivan Noris</span></pre>
<pre><span style="color:#888888"> Senior Identity Management Engineer & IDM Architect</span></pre>
<pre><span style="color:#888888"> <a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=" target="_blank">evolveum.com/blog/</a></span></pre>
<pre><span style="color:#888888"> ___________________________________________________</span></pre>
<pre><span style="color:#888888"> "Semper ID(e)M Vix."</span></pre>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e="
target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"><br>
<span style="font-size:10.0pt"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any
attachments is proprietary and
confidential; intended for only
the recipient(s) named above and
may contain information that is
privileged. You should not
retain, copy or use this e-mail
or any attachments for any
purpose, or disclose all or any
part of the contents to any
person. Any views or opinions
expressed in this e-mail are
those of the author and do not
represent those of the Baptist
School of Health Professions. If
you have received this e-mail in
error, or are not the named
recipient(s), you are hereby
notified that any review,
dissemination, distribution or
copying of this communication is
prohibited by the sender and to
do so might constitute a
violation of the Electronic
Communications Privacy Act, 18
U.S.C. section 2510-2521. Please
immediately notify the sender
and delete this e-mail and any
attachments from your computer.
</span></p>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for only
the recipient(s) named above and may contain
information that is privileged. You should not
retain, copy or use this e-mail or any attachments
for any purpose, or disclose all or any part of
the contents to any person. Any views or opinions
expressed in this e-mail are those of the author
and do not represent those of the Baptist School
of Health Professions. If you have received this
e-mail in error, or are not the named
recipient(s), you are hereby notified that any
review, dissemination, distribution or copying of
this communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18 U.S.C.
section 2510-2521. Please immediately notify the
sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</body>
</html>