<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.default-style, li.default-style, div.default-style
{mso-style-name:default-style;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.ox-10a50da590-msonormal, li.ox-10a50da590-msonormal, div.ox-10a50da590-msonormal
{mso-style-name:ox-10a50da590-msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:FR-CA;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR-CA" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Hi Paolo,<o:p></o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">I already tried that, and midPoint gives an error when I add the "Z".<o:p></o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">But according to OpenLDAP doc, this attribute must to have this specific value "000001010000Z" to be interpreted
as permanently locked status, otherwise it is just interpreted as a normal date.<o:p></o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-CA" style="font-size:10.5pt;font-family:"Calibri Light",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA">Esteban Jeria</span></b><span lang="EN-CA" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><a href="mailto:esteban.jeria@cgi.com"><span lang="EN-CA" style="font-family:"Calibri Light",sans-serif;color:blue">esteban.jeria@cgi.com</span></a></span><span lang="EN-CA" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Conseiller
</span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
/ </span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
Consultant</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management<o:p></o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="FR" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="FR" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="FR" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Il 28 maggio 2019 alle 15.36 "Jeria, Esteban" ha scritto:<o:p></o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="default-style" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">We're not using that trick, but the value “000001010000Z” looks too short to me: it is missing the seconds.
See:<o:p></o:p></span></p>
<pre style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px"><span lang="EN-CA" style="font-family:"Calibri",sans-serif;color:black">000001010000Z vs<br>20050103121520Z<o:p></o:p></span></pre>
<p style="margin:0cm;margin-bottom:.0001pt;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Have you tried with 000001010000</span><strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:red">00</span></strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Z?
Even though seconds are optional according to </span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><a href="https://ldapwiki.com/wiki/GeneralizedTime"><span lang="EN-CA">GeneralizedTime</span></a></span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"> schema
definition.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Paolo<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="ox-10a50da590-msonormal" style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Any suggestion?</span><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-CA" style="font-size:10.5pt;font-family:"Calibri Light",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA">Esteban Jeria</span></b><span lang="EN-CA" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><a href="mailto:esteban.jeria@cgi.com"><span lang="EN-CA" style="font-family:"Calibri Light",sans-serif;color:blue">esteban.jeria@cgi.com</span></a></span><span lang="EN-CA" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Conseiller
</span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
/ </span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
Consultant</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="FR" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="FR" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="ox-10a50da590-msonormal" style="margin:0cm;margin-bottom:.0001pt"><strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></strong><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"> Jeria,
Esteban <br>
<strong><span style="font-family:"Calibri",sans-serif">Sent:</span></strong> 25-Apr-19 2:04 PM<br>
<strong><span style="font-family:"Calibri",sans-serif">To:</span></strong> midpoint@lists.evolveum.com<br>
<strong><span style="font-family:"Calibri",sans-serif">Subject:</span></strong> [midPoint] Lock account using pwdAccountLockedTime on OpenLDAP<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Hi,<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">I'm trying to configure a simulated capability to manage the status for an account on OpenLDAP using the attribute <strong><span style="font-family:"Calibri",sans-serif">pwdAccountLockedTime</span></strong>.<br>
Normally, a value "000001010000Z" means that the account is permanently locked and the absence of that attribute means the account is normal.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<pre><span lang="EN-CA" style="color:black"> <cap:activation><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> <cap:status><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> <cap:attribute>ri:pwdAccountLockedTime</cap:attribute><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> <cap:enableValue/><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> <cap:disableValue>000001010000Z</cap:disableValue><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> </cap:status><o:p></o:p></span></pre>
<pre><span lang="EN-CA" style="color:black"> </cap:activation><o:p></o:p></span></pre>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><br>
<br>
<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">However, midPoint seems to reject these values.<br>
When I enable a user, the attribute should be removed, but I get this error:<br>
For input string: "": For input string: "": For input string: "": For input string: ""<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">And when I disable a user, I get that error:<br>
For input string: "000001010000Z": For input string: "000001010000Z": For input string: "000001010000Z": For input string: "000001010000Z"<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt"><span lang="EN-CA" style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">I do not know if it is relevant, but according to the LDAP schema, the value must be of type "GeneralizedTime" but midPoint
handle it as a "long" and seems to interpret the value entered as string because of the character "Z". <br>
Any other numeric value (without "Z") is accepted and is converted to a date on OpenLDAP side.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span lang="FR" style="font-size:10.5pt;font-family:"Calibri Light",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA">Esteban Jeria</span></b><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><a href="mailto:esteban.jeria@cgi.com"><span lang="FR-CA" style="font-family:"Calibri Light",sans-serif;color:blue">esteban.jeria@cgi.com</span></a></span><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Conseiller
</span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
/ </span><b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white;mso-fareast-language:FR-CA">CGI</span></b><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">
Consultant</span><span lang="FR" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:blue;background:white;mso-fareast-language:FR-CA"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="FR" style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white;mso-fareast-language:FR-CA">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-CA"><o:p> </o:p></span></p>
</div>
</body>
</html>