<div dir="ltr">Oh Ok thanks for the explanation, but I think a year or so ago when I first started setting up midpoint with AD I could not get it working properly using just what you posted so that is why I have our's that way, maybe it was a bug in the earlier versions of midpoint. And yeah, a little over a year ago and it was 3.0/3.1 and now you are at 3.3 with 3.4 on the horizon.<div><br></div><div>JASON</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Wed, Mar 23, 2016 at 8:56 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Jason,<br>
<br>
<expression><asIs/></expression> is the "copy
value" expression.<br>
Empty <outbound> or <inbound> is the same.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 03/23/2016 02:53 PM, Jason Everling
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I am interested in what you are experiencing also.
Ours seems to be working as expected, I checked multiple
accounts in AD that were disabled in midpoint and they are
correct with 0x202 (Disabled, Normal Account). Although I have
been using the below but not sure how different that is from
Ivan's,
<div><br>
</div>
<div>
<div> <activation></div>
<div> <administrativeStatus></div>
<div> <outbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <expression></div>
<div> <asIs/></div>
<div> </expression></div>
<div> </inbound></div>
<div> </administrativeStatus></div>
<div> </activation></div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Mar 23, 2016 at 8:50 AM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Patrick,<br>
<br>
are you using the mapping like this?<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
This is everything you need to map midPoint's
administrativeStatus attribute from User to AD account
flag "disabled".<span><font color="#888888"><br>
<br>
Ivan</font></span>
<div>
<div><br>
<br>
<div>On 03/23/2016 02:43 PM, Schlehuber, Patrick
wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
am wanting to manage the ACCOUNTDISABLE flag ,
0x0002. This does not work as I expect when I
utilize the activation/administrativeStatus</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Pat</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Jason Everling [<a href="mailto:jeverling@bshp.edu" target="_blank">mailto:jeverling@bshp.edu</a>]
<br>
<b>Sent:</b> Tuesday, March 22, 2016 4:13 PM<br>
<b>To:</b> midPoint General Discussion <a href="mailto:midpoint@lists.evolveum.com" target="_blank"></a><a href="mailto:midpoint@lists.evolveum.com" target="_blank"><midpoint@lists.evolveum.com></a><br>
<b>Subject:</b> Re: [midPoint] Active
Directory userAccountControl modification
problem</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">I</p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
</p>
<div>
<div>
<div>
<p class="MsoNormal">JASON</p>
</div>
</div>
</div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Tue, Mar 22, 2016 at
4:08 PM, Ivan Noris <<a href="mailto:ivan.noris@evolveum.com" target="_blank"></a><a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>>
wrote:</p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hi Patrick,<br>
<br>
what are you trying to achieve?<br>
Active Directory connector allows you to
interact with userAccountControl by
using the following "virtual"
attributes:<br>
- passwordExpired (icfs:passwordExpired)<br>
- PasswordNeverExpires
(ri:PasswordNeverExpires)<br>
<br>
and of course the
activation/administrativeStatus<br>
<br>
If you need to update the other bits of
userAccountControl, I'm not sure AD
connector is capable of doing this.<br>
<br>
I have never tried/needed to directly
modify userAccountControl yet.<br>
<br>
Regards,<br>
Ivan</p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On 03/22/2016
08:11 PM, Schlehuber, Patrick
wrote:</p>
</div>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I am wanting
to modify the userAccountControl
attribute on an account that
is visible by my AD resource. I
have extended the AD schema and
added the attribute, I do see
this attribute populated
correctly when I view an AD
account. When I try to change
this attribute I receive the
following error:</p>
<p class="MsoNormal">I have tried
changing the Resource definition
to make this attribute, string,
int, long, base64Binary all with
the same result. What am I
missing to make this attribute
modifiable within midPoint?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">ConnectorServer.exe
Error: 0 : Exception :</p>
<p class="MsoNormal">Type:
System.InvalidCastException</p>
<p class="MsoNormal">Message:
Specified cast is not valid.</p>
<p class="MsoNormal">Source:
FrameworkInternal</p>
<p class="MsoNormal">Stacktrace:
</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
oclass, UpdateType type,
DirectoryEntry directoryEntry,
ConnectorAttribute attribute) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
667</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
oclass, DirectoryEntry
directoryEntry, ICollection`1
attributes, UpdateType type,
ActiveDirectoryConfiguration
config) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
258</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
type, ObjectClass oclass,
ICollection`1 attributes,
OperationOptions options) </p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
1091</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
objectClass, Uid uid,
ICollection`1 valuesToAdd,
OperationOptions options) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
1712</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
proxy, MethodInfo method,
Object[] args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
247</p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass
, Uid , ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
proxy, MethodInfo method,
Object[] args) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
1344</p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass
, Uid , ICollection`1 ,
OperationOptions )</p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
request) </p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
626</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thank you,</p>
<p class="MsoNormal">Pat</p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
</div>
</div>
<pre>_______________________________________________</pre>
<pre>midPoint mailing list</pre>
<pre><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span style="color:#888888"></span></span></pre>
</blockquote>
<p class="MsoNormal"><span style="color:#888888"><br>
<br>
<span></span></span></p>
<pre><span style="color:#888888">-- </span></pre>
<pre><span style="color:#888888"> Ing. Ivan Noris</span></pre>
<pre><span style="color:#888888"> Senior Identity Management Engineer & IDM Architect</span></pre>
<pre><span style="color:#888888"> <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=" target="_blank">evolveum.com</a> <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=" target="_blank">evolveum.com/blog/</a></span></pre>
<pre><span style="color:#888888"> ___________________________________________________</span></pre>
<pre><span style="color:#888888"> "Semper ID(e)M Vix."</span></pre>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></p>
</blockquote>
</div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"><br>
<span style="font-size:10.0pt"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for
only the recipient(s) named above and may
contain information that is privileged. You
should not retain, copy or use this e-mail or
any attachments for any purpose, or disclose
all or any part of the contents to any person.
Any views or opinions expressed in this e-mail
are those of the author and do not represent
those of the Baptist School of Health
Professions. If you have received this e-mail
in error, or are not the named recipient(s),
you are hereby notified that any review,
dissemination, distribution or copying of this
communication is prohibited by the sender and
to do so might constitute a violation of the
Electronic Communications Privacy Act, 18
U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and
any attachments from your computer. </span></p>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>