This topic has 4 replies, 3 voices, and was last updated 6 years, 2 months ago by gael.

  • Author
    Posts
  • #11912
     ekarlso
    Participant

    Any of you got a clue on how to set this attribute ?

    I’ve tried:
    sync.json managed/user > ad/user

    
                   {
                        "target" : "userAccountControl",
                        "transform" : {
                            "type" : "text/javascript",
                            "globals" : { },
                            "source" : "source.active == 'active' ? 512 : 514;"
                        },
                        "source" : ""
                    }
    
    

    provisioner ad

    
                    "userAccountControl" : {
                        "type" : "integer",
                        "nativeName" : "userAccountControl",
                        "nativeType" : "JAVA_TYPE_INT"
                    }
    

    But the attribute 512 is not set on the user in AD?

    #11914
     ssripathy
    Participant

    In the AD Provisioner, you need to have this field defined:
    “enabled” : {
    “type” : “boolean”,
    “nativeName” : “enabled”,
    “nativeType” : “JAVA_TYPE_PRIMITIVE_BOOLEAN”
    },

    And setting something like this in your sync.json will control the userAccountControl attr in AD.
    {
    “target” : “enabled”,
    “source” : “”,
    “transform” : {
    “type” : “text/javascript”,
    “source” : “var res = ‘false’ ; if ((source.accountStatus && source.accountStatus.toUpperCase() === ‘ACTIVE’)) {res=’true’;} res;”
    }
    },

    So, Effectively:
    true = 512
    false = 514
    HTH

    #11915
     ekarlso
    Participant

    Any idea on why it is not possible using a int mask ?

    #12022
     ekarlso
    Participant

    Noone that knows this? Surely someone running AD needs to have a clue ;)

    #12138
     gael
    Participant

    try the following in the provisioner file:

    “userAccountControl” : {
    “type” : “string”,
    “nativeName” : “userAccountControl”,
    “nativeType” : “string”
    }

    And then send a request on the REST API with payload such as (for a create):

    {
    “dn”: “cn=user1,cn=users,dc=example,dc=com”,
    “sAMAccountName”: “user1”,
    “__PASSWORD__”: “Passw0rd”,
    “userAccountControl”: “512”
    }

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?