Skip to content

Commit

Permalink
unix resource configuration example
Browse files Browse the repository at this point in the history
  • Loading branch information
@katkav
katkav committed Mar 14, 2016
1 parent 0839797 commit e5b0720
Show file tree
Hide file tree
Showing 2 changed files with 274 additions and 0 deletions.
3 changes: 3 additions & 0 deletions samples/resources/unix/midpoint-user-example.txt
View file
@@ -0,0 +1,3 @@
Host_Alias HOST = ALL

midpoint HOST=(ALL) NOPASSWD: /usr/sbin/useradd,/usr/sbin/usermod,/usr/sbin/userdel,/usr/sbin/groupadd,/usr/sbin/groupmod,/usr/sbin/groupdel,/bin/mv,/usr/bin/passwd,/usr/bin/getent,/bin/echo,/usr/bin/tee,/bin/chown,/bin/chmod,/bin/mkdir,/usr/bin/groups,/usr/bin/id,/usr/bin/replace,/bin/rm,/bin/cat
271 changes: 271 additions & 0 deletions samples/resources/unix/resource-unix-advanced.xml
View file
@@ -0,0 +1,271 @@
<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
xmlns:icfconf="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/org.connid.bundles.unix/org.connid.bundles.unix.UnixConnector"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
oid="017a3bc5-e102-4baa-bf93-369a90ec29dd">
<name>Unix Resource</name> <!-- Rename -->
<connectorRef type="c:ConnectorType">
<filter>
<q:equal>
<q:path>connectorType</q:path>
<q:value>org.connid.bundles.unix.UnixConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<connectorConfiguration>
<icfc:resultsHandlerConfiguration>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
</icfc:resultsHandlerConfiguration>
<icfc:configurationProperties >
<icfconf:admin>midpoint</icfconf:admin>
<icfconf:password>
<t:clearValue>secret</t:clearValue> <!-- change to current password -->
</icfconf:password>
<icfconf:hostname>localhost</icfconf:hostname> <!-- set correct ip address -->
<icfconf:port>22</icfconf:port>
<icfconf:createHomeDirectory>true</icfconf:createHomeDirectory>
<icfconf:deleteHomeDirectory>true</icfconf:deleteHomeDirectory>
<icfconf:shell>$</icfconf:shell>
<icfconf:root>false</icfconf:root>
<icfconf:usePty>true</icfconf:usePty>
<icfconf:sshConnectionTimeout>0</icfconf:sshConnectionTimeout>
<icfconf:sudoPassword>
<t:clearValue>secret</t:clearValue> <!-- change to current password -->
</icfconf:sudoPassword>
<icfconf:readTimeout>10000</icfconf:readTimeout>
</icfc:configurationProperties>
</connectorConfiguration>
<schemaHandling>
<!-- Group management-->
<objectType>
<kind>entitlement</kind>
<intent>unixGroup</intent>
<displayName>UNIX Group</displayName>
<objectClass>ri:GroupObjectClass</objectClass>
<attribute>
<c:ref>icfs:name</c:ref>
<matchingRule>mr:stringIgnoreCase</matchingRule>
<outbound>
<source>
<c:path>name</c:path>
</source>
</outbound>
</attribute>
</objectType>
<!-- user management -->
<objectType>
<kind>account</kind>
<displayName>Normal Account</displayName>
<default>true</default>
<objectClass>ri:AccountObjectClass</objectClass>
<attribute>
<c:ref>icfs:name</c:ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<outbound>
<source>
<c:path>$user/name</c:path>
</source>
</outbound>
</attribute>
<attribute>
<c:ref>icfs:uid</c:ref>
<displayName>Entry UUID</displayName>
<limitations>
<access>
<read>true</read>
<add>false</add>
<modify>true</modify>
</access>
</limitations>
</attribute>
<attribute>
<c:ref>ri:comment</c:ref>
<displayName>Comment</displayName>
<outbound>
<source>
<c:path>fullName</c:path>
</source>
</outbound>
</attribute>
<attribute>
<c:ref>ri:homeDir</c:ref>
<displayName>Home directory</displayName>
<outbound>
<source>
<c:path>name</c:path>
</source>
<expression>
<script>
<code>
'/home/' + name.toString()
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute>
<c:ref>ri:uid</c:ref>
<displayName>Unix UID</displayName>
<outbound>
<source>
<c:path>employeeNumber</c:path>
</source>
</outbound>
</attribute>
<attribute>
<c:ref>ri:shell</c:ref>
<displayName>Shell</displayName>
<outbound>
<expression>
<value>/bin/bash</value>
</expression>
</outbound>
</attribute>
<association>
<c:ref>ri:unixGroup</c:ref>
<displayName>LDAP Group Membership</displayName>
<kind>entitlement</kind>
<intent>unixGroup</intent>
<direction>subjectToObject</direction>
<associationAttribute>ri:groups</associationAttribute>
<valueAttribute>icfs:name</valueAttribute>
</association>
<protected>
<icfs:name>midpoint</icfs:name>
</protected>
<protected>
<icfs:name>root</icfs:name>
</protected>
<activation>
<administrativeStatus>
<outbound>
<expression>
<asIs/>
</expression>
</outbound>
</administrativeStatus>
</activation>
<credentials>
<password>
<outbound>
<expression>
<asIs/>
</expression>
</outbound>
</password>
</credentials>
</objectType>
</schemaHandling>
<capabilities>
<cachingMetadata>
<retrievalTimestamp>2016-01-08T10:55:09.834+01:00</retrievalTimestamp>
<serialNumber>9daad27c2782934a-6fb5c4a527e3b230</serialNumber>
</cachingMetadata>
<native>
<cap:addRemoveAttributeValues/>
<cap:activation>
<cap:status/>
<cap:validTo/>
<cap:lockoutStatus/>
</cap:activation>
<cap:credentials>
<cap:password>
<cap:returnedByDefault>false</cap:returnedByDefault>
</cap:password>
</cap:credentials>
<cap:testConnection/>
<cap:create/>
<cap:read/>
<cap:update/>
<cap:delete/>
<cap:script>
<cap:host>
<cap:type>connector</cap:type>
</cap:host>
</cap:script>
</native>
</capabilities>
<synchronization>
<objectSynchronization>
<objectClass>ri:AccountObjectClass</objectClass>
<kind>account</kind>
<focusType>UserType</focusType>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<c:path xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">$shadow/attributes/icfs:name</c:path>
</expression>
</q:equal>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>false</synchronize>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
</action>
</reaction>
</objectSynchronization>
<objectSynchronization>
<objectClass>ri:GroupObjectClass</objectClass>
<kind>entitlement</kind>
<intent>unixGroup</intent>
<focusType>OrgType</focusType>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>name</q:path>
<expression>
<c:path>$shadow/attributes/icfs:name</c:path>
</expression>
</q:equal>
</correlation>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>false</synchronize>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
</objectSynchronization>
</synchronization>
</resource>

0 comments on commit e5b0720

Please sign in to comment.