<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hello guys,</div><div>I have faced with a problem with outbound mapping behavior.</div><div>I need to unlock user after password reset in Active Directory. To do this I should set AD attribute lockoutTime=0</div><div><div>In the case of <b>NORMAL</b> strength mapping,  lockoutTime attribute value remains unchanged but <br></div><div>in case of <b>STRONG</b> strength mapping, lockoutTime attribute value set to 0 as expected.</div><div>Is it <span class="gmail-gr_ gmail-gr_526 gmail-gr-alert gmail-gr_gramm gmail-gr_inline_cards gmail-gr_run_anim gmail-Grammar gmail-only-ins gmail-replaceWithoutSep" id="gmail-526">a bug</span> or expected behavior of mapping?</div></div><div><br></div><div>Into resource configuration, I have added an outbound mapping:</div><div>         <attribute id="70"><br>            <c:ref>ri:lockoutTime</c:ref><br>            <displayName>lockoutTime</displayName><br>            <outbound><br>               <strength>normal</strength><br>               <tolerant>false</tolerant><br>               <source><br>                  <name>lockoutTime</name><br>                  <c:path>$shadow/attributes/lockoutTime</c:path><br>               </source><br>               <source><br>                  <c:path>credentials/password/value</c:path><br>               </source><br>               <expression><br>                  <value>0</value><br>               </expression><br>               <condition><br>                  <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>"<br>                          xsi:type="c:ScriptExpressionEvaluatorType"><br>                     <code><br>                     lockoutTime!=null || lockoutTime&gt;0<br>                      </code><br>                  </script><br>               </condition><br>            </outbound><br>         </attribute><br></div><br><div>Schema attribute modification for operational attribute.</div><div><br></div></div><div dir="ltr">                  <xsd:element minOccurs="0" name="lockoutTime" type="xsd:long"><br>                     <xsd:annotation><br>                        <xsd:appinfo><br>                           <a:displayOrder>2270</a:displayOrder><br>                           <ra:nativeAttributeName>lockoutTime</ra:nativeAttributeName><br>                           <ra:frameworkAttributeName>lockoutTime</ra:frameworkAttributeName><br>                           <b><ra:returnedByDefault>true</ra:returnedByDefault></b><br>                        </xsd:appinfo><br>                     </xsd:annotation><br>                  </xsd:element></div><div><br></div><div>Stack trace.<br></div><div dir="ltr"><div>2018-12-14 11:09:44,659 [] [pool-6-thread-553] TRACE (com.evolveum.midpoint.model.common.mapping.Mapping): <b>Mapping trace</b>:<br>---[ MAPPING  in outbound mapping for {.../resource/instance-3}lockoutTime in resource:bc9d21ce-62dd-46bc-0044-65c4296cbbb7(Active Directory)]---------------------------<br>Stregth: <b>NORMAL</b><br>Source: lockoutTime: old=RA({.../resource/instance-3}lockoutTime):[PPV(Long:131892516017608914)], delta=null, new=RA({.../resource/instance-3}lockoutTime):[PPV(Long:131892516017608914)]<br>Source: value: old=PP({.../common/common-3}value):[PPV(ProtectedStringType:ProtectedStringType([encrypted data]))], delta=PropertyDelta(credentials/password / {.../common/common-3}value, REPLACE), new=PP({.../common/common-3}value):[PPV(ProtectedStringType:ProtectedStringType([encrypted data]))]<br>Target: rRAD:{.../resource/instance-3}lockoutTime {xsd:}long[0,1],RAM native=lockoutTime framework=lockoutTime,Disp,OUT,IN:MODEL<br>Expression: literal: PVDeltaSetTriple(zero: [PPV(Long:0)]; plus: []; minus: []; )<br>Condition: true -> true<br>Result: unchanged: 0<br></div><div><br></div><div>2018-12-14 11:22:50,407 [] [pool-6-thread-557] TRACE (com.evolveum.midpoint.model.common.mapping.Mapping): <b>Mapping trace:</b><br>---[ MAPPING  in outbound mapping for {.../resource/instance-3}lockoutTime in resource:bc9d21ce-62dd-46bc-0044-65c4296cbbb7(Active Directory)]---------------------------<br>Stregth: <b>STRONG</b><br>Source: lockoutTime: old=RA({.../resource/instance-3}lockoutTime):[PPV(Long:131892516017608914)], delta=null, new=RA({.../resource/instance-3}lockoutTime):[PPV(Long:131892516017608914)]<br>Source: value: old=PP({.../common/common-3}value):[PPV(ProtectedStringType:ProtectedStringType([encrypted data]))], delta=null, new=PP({.../common/common-3}value):[PPV(ProtectedStringType:ProtectedStringType([encrypted data]))]<br>Target: rRAD:{.../resource/instance-3}lockoutTime {xsd:}long[0,1],RAM native=lockoutTime framework=lockoutTime,Disp,OUT,IN:MODEL<br>Expression: literal: PVDeltaSetTriple(zero: [PPV(Long:0)]; plus: []; minus: []; )<br>Condition: true -> true<br>Result: unchanged: 0</div><div><br></div><div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(76,76,76)">Best regards, <br><br><img src="cid:o.nekriach@dynatech.lv1520941785292-7770"> <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, <a href="https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122">Jeruzalemes iela 1, Rīga, LV-1010, Latvia</a><br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685">+37125314685</a></div>,<div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv">o.nekriach@dynatech.lv</a></div>|<div style="display:inline-block"><a href="http://www.dynatech.lv">www.dynatech.lv</a></div> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0px 0px"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"><img src="cid:o.nekriach@dynatech.lv1520941785292-7771"></a></div><div style="display:inline-block;margin:5px 0px 0px"><a href="https://www.linkedin.com/company-beta/17893047/"><img src="cid:o.nekriach@dynatech.lv1520941785292-7772"></a></div><br><br><span style="font-size:11px;color:rgb(161,161,161)">Confidentiality Notice: This message contains confidential information and is intended only for the named recipient(s). If you are not the addressee you may not copy, distribute or perform any other activities with this information. If you have received this transmission in error, please notify us by e-mail immediately. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.</span></span></div></div></div></div></div></div></div></div></div></div></div></div></div>