<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Florin,<br>
<br>
From the nature of item deltas you need to specify the value that
you are deleting for such delta to work. Which is not very desirable
when working with passwords. But you can use "replace" delta instead
of "delete" and replace the password with no value. Like this:<br>
<br>
<objectModification xmlns='<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">http://midpoint.evolveum.com/xml/ns/public/common/api-types-3</a></a>'<br>
xmlns:c='<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'<br>
xmlns:t="<a moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a>"><br>
<t:itemDelta><br>
<t:modificationType>replace</t:modificationType><br>
<t:path>credentials/password/value</t:path><br>
</t:itemDelta><br>
</objectModification>
<div><br>
This should remove all existing password values and repalce them
with no value at all. Exactly what you want. Even though I'm not
sure if we have ever tested that with password over REST we use
that approach at several places in midPoint and it seems to work
well in general case. Please give it a try.<br>
</div>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
<div class="moz-cite-prefix">On 04/29/2016 12:44 AM, Florin.
Stingaciu wrote:<br>
</div>
<blockquote
cite="mid:CAMQHPY2XN7XpF3UrO0S5XA-ARqgDMR8E-DrssOqqbUCeVpd8uQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Hello, </div>
</div>
<div><br>
</div>
<div>I have a particular use case that requires me to unset a
user password for its Midpoint account. I understand I could
disable the account or change its End User role to prevent a
user from logging in, but due to the nature of my use case, I
can only achieve this by unsetting the user password. </div>
<div><br>
</div>
<div>Another requirement is that I also need to do this using
the RESTfull API. I tried to use the following: </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
<?xml version="1.0"?> <br>
<objectModification xmlns='<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3">http://midpoint.evolveum.com/xml/ns/public/common/api-types-3</a></a>'<br>
xmlns:c='<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a></a>'<br>
xmlns:t="<a
moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/types-3"><a class="moz-txt-link-freetext" href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a></a>"><br>
<t:itemDelta><br>
<t:modificationType>delete</t:modificationType><br>
<t:path>credentials/password/value</t:path><br>
</t:itemDelta><br>
</objectModification></blockquote>
<div><br>
</div>
<div>with a POST request to </div>
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span
class="">"<a moz-do-not-send="true"
href="http://localhost:8080/midpoint/ws/rest/users/%7BUSER_OID%7D">http://localhost:8080/midpoint/ws/rest/users/{USER_OID}</a>"</span></blockquote>
<div><br>
</div>
<div>And I get a 204 Response, however it appears the user's
credentials are still there. </div>
<div><br>
</div>
<div>Another requirement of this is that this password update
action must only be applicable to the Midpoint account and
any other accounts that user has must retain whatever
password was initially set. </div>
</div>
<div><br>
</div>
<div>Any help would be greatly appreciated.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>-F </div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>