<div dir="ltr">it is recommendation from this article:<div><a href="https://ldapwiki.com/wiki/PwdAccountLockedTime">https://ldapwiki.com/wiki/PwdAccountLockedTime</a> </div><div><br></div><div>A <b>000001010000Z </b>value means that the account has been locked permanently, and that only a password administrator can unlock the account. <br><br>--<br><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p><span style="font-family:Arial,sans-serif;font-size:10pt">s pozdravem</span></p><div style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:13px"><p><strong>Petr Gašparík</strong><br><span style="font-size:11px;color:rgb(128,128,128)">solution architect</span></p></div><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">gsm: [+420] 603 523 860<br>e‑mail: <a href="mailto:petr.gasparik@ami.cz" target="_blank">petr.gasparik@ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px"><strong>AMI Praha a.s.</strong><br>Pláničkova 11, 162 00 Praha 6</p><p style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px">tel.: [+420] 274 783 239 | web: <a href="https://www.ami.cz" target="_blank">www.ami.cz</a></p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;margin-top:20px"><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p><p style="font-family:Arial,sans-serif;font-size:11px;color:rgb(170,170,170)">Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><span style="font-size:6px"> </span><br>Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní<br>informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování<br>nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím<br>odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním<br>s neoprávněně získanými informacemi se vystavujete riziku právního postihu.</p></div></div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">út 28. 5. 2019 v 17:15 odesílatel Paolo Cravero <<a href="mailto:paolo.cravero@csi.it">paolo.cravero@csi.it</a>> napsal:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>

    
<div><p class="gmail-m_-6184532078890207125default-style">Il 28 maggio 2019 alle 15.36 "Jeria, Esteban" <<a href="mailto:esteban.jeria@cgi.com" target="_blank">esteban.jeria@cgi.com</a>> ha scritto:</p><blockquote type="cite"><div class="gmail-m_-6184532078890207125ox-10a50da590-WordSection1"><p class="gmail-m_-6184532078890207125ox-10a50da590-MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Any suggestion</span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">? </span></p></div></blockquote><p class="gmail-m_-6184532078890207125default-style">We're not using that trick, but the value <span style="font-size:10pt;font-family:Arial,sans-serif;color:black">“000001010000Z”</span> looks too short to me: it is missing the seconds. See:</p><pre><span style="font-family:"courier new",courier">000001010000Z   vs</span><br><span style="font-family:"courier new",courier">20050103121520Z</span></pre><p><br></p><p>Have you tried with 000001010000<span style="color:rgb(255,0,0)"><strong>00</strong></span>Z? Even though seconds are optional according to <a href="https://ldapwiki.com/wiki/GeneralizedTime" target="_blank">GeneralizedTime</a> schema definition.</p><p>Paolo</p><blockquote type="cite"><div class="gmail-m_-6184532078890207125ox-10a50da590-WordSection1"><p class="gmail-m_-6184532078890207125ox-10a50da590-MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">   </span></p><p><strong><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:blue;background:white">Esteban Jeria</span></strong></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:blue;background:white"><a href="mailto:esteban.jeria@cgi.com" target="_blank"><span style="font-family:Arial,sans-serif">esteban.jeria@cgi.com</span></a><br> </span><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white">Conseiller </span><strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white">CGI</span></strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white"> / </span><strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white">CGI</span></strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white"> Consultant</span></p><p><span style="font-size:9.5pt;font-family:Arial,sans-serif;color:black;background:white">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management</span></p><p class="gmail-m_-6184532078890207125ox-10a50da590-MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">   </span></p><div><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0cm 0cm"><p class="gmail-m_-6184532078890207125ox-10a50da590-MsoNormal"><strong><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></strong><span style="font-size:11pt;font-family:Calibri,sans-serif"> Jeria, Esteban <<a href="mailto:esteban.jeria@cgi.com" target="_blank">esteban.jeria@cgi.com</a>> <br> <strong>Sent:</strong> 25-Apr-19 2:04 PM<br> <strong>To:</strong> <a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br> <strong>Subject:</strong> [midPoint] Lock account using pwdAccountLockedTime on OpenLDAP </span></p></div></div><p class="gmail-m_-6184532078890207125ox-10a50da590-MsoNormal"> </p><div><div><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">Hi,</span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">I'm trying to configure a simulated capability to manage the status for an account on OpenLDAP using the attribute <strong><span style="font-family:Arial,sans-serif">pwdAccountLockedTime</span></strong>.<br> Normally, a value "000001010000Z" means that the account is permanently locked and the absence of that attribute means the account is normal.</span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">  <cap:activation><br>     <cap:status><br>       <cap:attribute>ri:pwdAccountLockedTime</cap:attribute><br>       <cap:enableValue/><br>       <cap:disableValue>000001010000Z</cap:disableValue><br>     </cap:status><br>   </cap:activation></span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">However, midPoint seems to reject these values.<br> When I enable a user, the attribute should be removed, but I get this error:<br>  For input string: "": For input string: "": For input string: "": For input string: ""</span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">And when I disable a user, I get that error:<br>  For input string: "000001010000Z": For input string: "000001010000Z": For input string: "000001010000Z": For input string: "000001010000Z"</span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">I do not know if it is relevant, but according to the LDAP schema, the value must be of type "GeneralizedTime" but midPoint handle it as a "long" and seems to interpret the value entered as string because of the character "Z". <br> Any other numeric value (without "Z") is accepted and is converted to a date on OpenLDAP side.</span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:black">  </span></p><div><div><div><p><strong><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:blue;background:white">Esteban Jeria</span></strong></p><p><span style="font-size:10pt;font-family:Tahoma,sans-serif;color:blue;background:white"><a href="mailto:esteban.jeria@cgi.com" target="_blank"><span style="font-family:Arial,sans-serif">esteban.jeria@cgi.com</span></a><br> </span><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white">Conseiller </span><strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white">CGI</span></strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white"> / </span><strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:red;background:white">CGI</span></strong><span style="font-size:9.5pt;font-family:"Calibri Light",sans-serif;color:black;background:white"> Consultant</span></p><p><span style="font-size:9.5pt;font-family:Arial,sans-serif;color:black;background:white">Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management</span></p></div></div></div></div></div></div></blockquote><p class="gmail-m_-6184532078890207125default-style"><br> </p><blockquote type="cite">_______________________________________________ <br>midPoint mailing list <br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a> <br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></blockquote><p class="gmail-m_-6184532078890207125default-style"><br> </p></div>
 
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>