policy prohibits the request from completing on creating group

May 20, 2011 at 11:28 AM

Hello,

I am using FIM Client to create groups.

        RmGroup group = new RmGroup();
        RmReference domainConfigurationReference = null;
        
        foreach (RmResource domainConfiguration in client.Enumerate("/DomainConfiguration"))
        {
            if (domainConfiguration.DisplayName.ToLowerInvariant().Equals(Credential.GetDomain().ToLowerInvariant()))
            {
                domainConfigurationReference = domainConfiguration.ObjectID;
            }
        }

        group.Description = groupDescription.Text;
        group.DisplayedOwner = new RmReference(groupPropAffiche.SelectedValue);
        group.Owner = new RmReference(groupProp.SelectedValue);
        group.DisplayName = groupDN.Text;
        group.Domain = groupDomain.Text;
        group.Email = groupMail.Text;
        group.MailNickname = groupMNN.Text;
        group.MembershipLocked = groupMembershiplocked.Checked;
        switch (groupScope.SelectedValue)
        {
            case "Domain": group.Scope = RmGroupScope.Domain; break;
            case "Global": group.Scope = RmGroupScope.Global; break;
            case "Universal": group.Scope = RmGroupScope.Universal; break;
        }
        switch (groupType.SelectedValue)
        {
            case "GS": group.Type = RmGroupType.SecurityGroup; break;
            case "GD": group.Type = RmGroupType.Distribution; break;
        }
        foreach (Obout.ListBox.ListBoxItem item in groupMembres.Items)
        {
            if (item.Selected)
            {
                group.ExplicitMember.Add(new RmReference(item.Value));
                group.ComputedMember.Add(new RmReference(item.Value));
            }
        }

        group[RmGroup.AttributeNames.MembershipAddWorkflow] = new RmAttributeValue("None");//("Owner Approval");
        group[RmGroup.AttributeNames.DomainConfiguration] = new RmAttributeValue(domainConfigurationReference);
        group[RmGroup.AttributeNames.AccountName] = new RmAttributeValue(groupAccountName.Text);

        try
        {
            client.Create(group);
            Response.Write("<script type=\"text/javascript\">window.close();</script>");
        }
        catch (Exception e1)
        {
            Response.Write("<script type=\"text/javascript\">alert(\""+ e1.Message +"\")</script>");
        }

and the error that I have, is as follows: policy prohibits the request from completing.

I think that there are properties witch I have not inquired.

could you help me, where does this error?

thnks

--

Xammoy

Coordinator
May 23, 2011 at 12:36 PM

Hi Xammoy,

How do you create the client? In particular, which credentials are you using? We must make sure that the user whose credentials you are using is authorized to create groups.

Then, it would be useful to have also a brief description of the group-related MPRs you have defined.

Cheers,
Paolo

May 23, 2011 at 1:19 PM

Hi Paolo,

I am using the domain administrator account, with wich I have already created groups in FIM Portal.

what are the mandatory attributes?

attributes is that I filled in the previous code sufficient?

thks

--

Xammoy

Coordinator
May 23, 2011 at 1:32 PM

Hi Xammoy,

Provided that I cannot really say, as I cannot test it, your code looks ok.

Have you checked what are the attributes defined for a group when you create it through the portal? Do groups created by the portal have some attribute that is not set by your code?

Also, do you succeed in creating other objects with your code, e.g. a user, so we are sure it's not a credentials issue?

Cheers,
Paolo

May 24, 2011 at 8:27 AM
Edited May 27, 2011 at 3:11 PM

Hi paolo,

Yes, I am using this credentials to create users accounts. groups created by the portal have same attribute that in my code. but may be FIM Portal set some attributs without asking us!!!

can you show me an eg. of code that works, with constant values!

thnks!

xammoy

Developer
May 24, 2011 at 9:10 AM

Xammoy,

When you create the object in the portal look at the summary screen and see all of the attributes that are being set. Then set those same attributes in your code.

-Jeremy

From: xammoy [email removed]
Sent: Tuesday, May 24, 2011 12:27 AM
To: jeremy@palenchar.net
Subject: Re: policy prohibits the request from completing on creating group [fim2010client:258368]

From: xammoy

Hi paolo,

Yes, I am using this credentials to create users accounts. groups created by the portal have some attribute that in my code. but may be FIM Portal set some attributs without asking us!!!

can you show me an eg. of code that works, with constant values!

thnks!

xammoy

May 24, 2011 at 10:23 AM
Edited May 24, 2011 at 10:37 AM

hi Jeremy, hi Paolo,

I had a problem retrieving this attribute (SCOP) so I change the code RmGroup, and I did that:

 

        public RmGroupScope Scope
        {
            get
            {
                Object o = null;
                RmAttributeValue rma = null;
                base.TryGetValue(AttributeNames.Scope, out rma);
                if (rma != null)
                    o = rma.Value;
                switch(o.ToString()){
                    case "Universal": return RmGroupScope.Universal;
                    case "Global": return RmGroupScope.Global;
                    default : return RmGroupScope.Domain;
                }
            }
            set
            {
                base[AttributeNames.Scope].Value = value;
            }
        }


this modification can be source of problem ?
May 24, 2011 at 11:09 AM
Edited May 24, 2011 at 11:10 AM

for clarity, I serialize the request sends the method client.create:

the result is:

 

<?xml version="1.0" encoding="utf-8" ?> 
- <CreateRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://http://scheams.xmlsoap.org/ws/2004/09/transfer">
- <AddRequest Dialect="http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType-20080602" xmlns="http://schemas.microsoft.com/2006/11/IdentityManagement/DirectoryAccess">
- <AttributeTypeAndValue>
  <AttributeType>Description</AttributeType> 
- <AttributeValue>
  <Description xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">description</Description> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayName</AttributeType> 
- <AttributeValue>
  <DisplayName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Consultant</DisplayName> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ObjectType</AttributeType> 
- <AttributeValue>
  <ObjectType xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Group</ObjectType> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>AccountName</AttributeType> 
- <AttributeValue>
  <AccountName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</AccountName> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayedOwner</AttributeType> 
- <AttributeValue>
  <DisplayedOwner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</DisplayedOwner> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Domain</AttributeType> 
- <AttributeValue>
  <Domain xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">DOMLAB</Domain> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DomainConfiguration</AttributeType> 
- <AttributeValue>
  <DomainConfiguration xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">1aff46f4-5511-452d-bcbd-7f7b34b0fe14</DomainConfiguration> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Email</AttributeType> 
- <AttributeValue>
  <Email xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant@domlab.com</Email> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">831a0536-3544-44a5-bbd9-80bcb93c674f</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">65241f0f-f88c-4e52-9ea4-c1c8ce71e327</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MailNickname</AttributeType> 
- <AttributeValue>
  <MailNickname xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</MailNickname> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipAddWorkflow</AttributeType> 
- <AttributeValue>
  <MembershipAddWorkflow xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Owner Approval</MembershipAddWorkflow> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipLocked</AttributeType> 
- <AttributeValue>
  <MembershipLocked xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">True</MembershipLocked> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Owner</AttributeType> 
- <AttributeValue>
  <Owner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</Owner> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Scope</AttributeType> 
- <AttributeValue>
  <Scope xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Global</Scope> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Type</AttributeType> 
- <AttributeValue>
  <Type xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">SecurityGroup</Type> 
  </AttributeValue>
  </AttributeTypeAndValue>
  </AddRequest>
  </CreateRequest>

<?xml version="1.0" encoding="utf-8" ?>
- <CreateRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://http://scheams.xmlsoap.org/ws/2004/09/transfer">
- <AddRequest Dialect="http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType-20080602" xmlns="http://schemas.microsoft.com/2006/11/IdentityManagement/DirectoryAccess">
- <AttributeTypeAndValue>
  <AttributeType>Description</AttributeType>
- <AttributeValue>
  <Description xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">description</Description>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayName</AttributeType>
- <AttributeValue>
  <DisplayName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Consultant</DisplayName>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ObjectType</AttributeType>
- <AttributeValue>
  <ObjectType xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Group</ObjectType>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>AccountName</AttributeType>
- <AttributeValue>
  <AccountName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</AccountName>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayedOwner</AttributeType>
- <AttributeValue>
  <DisplayedOwner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</DisplayedOwner>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Domain</AttributeType>
- <AttributeValue>
  <Domain xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">DOMLAB</Domain>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DomainConfiguration</AttributeType>
- <AttributeValue>
  <DomainConfiguration xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">1aff46f4-5511-452d-bcbd-7f7b34b0fe14</DomainConfiguration>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Email</AttributeType>
- <AttributeValue>
  <Email xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant@domlab.com</Email>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType>
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</ExplicitMember>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType>
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">831a0536-3544-44a5-bbd9-80bcb93c674f</ExplicitMember>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType>
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">65241f0f-f88c-4e52-9ea4-c1c8ce71e327</ExplicitMember>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MailNickname</AttributeType>
- <AttributeValue>
  <MailNickname xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</MailNickname>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipAddWorkflow</AttributeType>
- <AttributeValue>
  <MembershipAddWorkflow xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Owner Approval</MembershipAddWorkflow>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipLocked</AttributeType>
- <AttributeValue>
  <MembershipLocked xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">True</MembershipLocked>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Owner</AttributeType>
- <AttributeValue>
  <Owner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</Owner>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Scope</AttributeType>
- <AttributeValue>
  <Scope xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Global</Scope>
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Type</AttributeType>
- <AttributeValue>
  <Type xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">SecurityGroup</Type>
  </AttributeValue>
  </AttributeTypeAndValue>
  </AddRequest>
  </CreateRequest>
<?xml version="1.0" encoding="utf-8" ?> 
- <CreateRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://http://scheams.xmlsoap.org/ws/2004/09/transfer">
- <AddRequest Dialect="http://schemas.microsoft.com/2006/11/ResourceManagement/Dialect/IdentityAttributeType-20080602" xmlns="http://schemas.microsoft.com/2006/11/IdentityManagement/DirectoryAccess">
- <AttributeTypeAndValue>
  <AttributeType>Description</AttributeType> 
- <AttributeValue>
  <Description xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">description</Description> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayName</AttributeType> 
- <AttributeValue>
  <DisplayName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Consultant</DisplayName> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ObjectType</AttributeType> 
- <AttributeValue>
  <ObjectType xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Group</ObjectType> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>AccountName</AttributeType> 
- <AttributeValue>
  <AccountName xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</AccountName> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DisplayedOwner</AttributeType> 
- <AttributeValue>
  <DisplayedOwner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</DisplayedOwner> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Domain</AttributeType> 
- <AttributeValue>
  <Domain xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">DOMLAB</Domain> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>DomainConfiguration</AttributeType> 
- <AttributeValue>
  <DomainConfiguration xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">1aff46f4-5511-452d-bcbd-7f7b34b0fe14</DomainConfiguration> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Email</AttributeType> 
- <AttributeValue>
  <Email xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant@domlab.com</Email> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">831a0536-3544-44a5-bbd9-80bcb93c674f</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>ExplicitMember</AttributeType> 
- <AttributeValue>
  <ExplicitMember xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">65241f0f-f88c-4e52-9ea4-c1c8ce71e327</ExplicitMember> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MailNickname</AttributeType> 
- <AttributeValue>
  <MailNickname xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">consultant</MailNickname> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipAddWorkflow</AttributeType> 
- <AttributeValue>
  <MembershipAddWorkflow xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Owner Approval</MembershipAddWorkflow> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>MembershipLocked</AttributeType> 
- <AttributeValue>
  <MembershipLocked xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">True</MembershipLocked> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Owner</AttributeType> 
- <AttributeValue>
  <Owner xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">7fb2b853-24f0-4498-9534-4e10589723c4</Owner> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Scope</AttributeType> 
- <AttributeValue>
  <Scope xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">Global</Scope> 
  </AttributeValue>
  </AttributeTypeAndValue>
- <AttributeTypeAndValue>
  <AttributeType>Type</AttributeType> 
- <AttributeValue>
  <Type xmlns="http://schemas.microsoft.com/2006/11/ResourceManagement">SecurityGroup</Type> 
  </AttributeValue>
  </AttributeTypeAndValue>
  </AddRequest>
  </CreateRequest>
Coordinator
May 24, 2011 at 11:57 AM

Well, the problem could be in the modification you made... what happens if you leave it as a string? It works?

Paolo

May 24, 2011 at 12:54 PM

if I leave it as string there will Cast Exception. but in the XML file we can see that Scop=Global; so it's not the problem!!. :(

xammoy

Coordinator
May 24, 2011 at 3:40 PM

Dear Xammoy,

1) Make sure that you are using the correct credentials. The error "policy prohibits the request from completing" makes me think you are not.

2) When you create the object in the portal look at the summary screen and see all of the attributes that are being set. Then set those same attributes in your code.

If you are 100% sure that those 2 points are ok (if you can, step in the code with a debugger and check that the correct values are being set) and it still does not work, then I would suggest you to create a working console application that creates a group, and debug that one.

I'm afraid I cannot suggest you much more than this...

Paolo

May 26, 2011 at 2:51 PM

Hi Paolo,

The credentials are correct because, I create, delete and modify persons, I delete and modify the groups created with FIM Portal.

for the sets attributs, I made a debug step by step, it is done well before client.creat(group);

When I check the attributes there is no problem, that's why I think he lacks the attributes not shown.

I want to know, what can contain the attribute "LOCAL"?

--

Xammoy

Developer
May 26, 2011 at 3:02 PM

LOCAL probably refers to group type.

From: xammoy [email removed]
Sent: Thursday, May 26, 2011 6:52 AM
To: jeremy@palenchar.net
Subject: Re: policy prohibits the request from completing on creating group [fim2010client:258368]

From: xammoy

Hi Paolo,

The credentials are correct because, I create, delete and modify persons, I delete and modify the groups created with FIM Portal.

for the sets attributs, I made a debug step by step, it is done well before client.creat(group);

When I check the attributes there is no problem, that's why I think he lacks the attributes not shown.

I want to know, what can contain the attribute "LOCAL"?

--

Xammoy

May 27, 2011 at 8:47 AM
Edited May 27, 2011 at 9:11 AM

Hi,

In my last post I said that I can change the groups.
But with these cridentials infact. I can edit all the attributes of groups created under FIM PROTAL except:

  • group.Scope
  • group.Type
  • group.MembershipLocked

even when I do:

    group.Scope=group.Scope;
    group.Type=group.Type;
    group.MembershipLocked=group.MembershipLocked;

I have "policy prohibits the request from completing" Exception

 

Do you think that I want to add a new rules in FIM Portal ?

--

Xammoy

May 27, 2011 at 11:23 AM
Edited May 27, 2011 at 2:58 PM

hi all,

The solution to this problem is to rewrite the code RmGroup.cs:

public RmGroupScope Scope
        {
            get
            {
                Object o = null;
                RmAttributeValue rma = null;
                base.TryGetValue(AttributeNames.Scope, out rma);
                if (rma != null)
                    o = rma.Value;
                switch(o.ToString()){
                    case "Universal": return RmGroupScope.Universal;
                    case "Global": return RmGroupScope.Global;
                    default : return RmGroupScope.Domain;
                }
            }
            set
            {
                base[AttributeNames.Scope].Value = value;
            }
        }

...

        public RmGroupType Type
        {
            get
            {
                Object o = null;
                RmAttributeValue rma = null;
                base.TryGetValue(AttributeNames.Type, out rma);
                if (rma != null)
                    o = rma.Value;
                if ((o == null) || (o.ToString() == "Distribution"))
                    return RmGroupType.Distribution;
                else
                    if (o.ToString() == "MailEnabledSecurity")
                        return RmGroupType.MailEnabledSecurity;
                    else
                        return RmGroupType.Security;
            }
            set
            {
                base[AttributeNames.Type].Value = value;
            }
        }

...

    public enum RmGroupType
    {
        Distribution = 1,
        Security = 2,
        MailEnabledSecurity =3
    }

thnks

--

Xammoy