[midPoint] Active Directory and custom attributes & auxiliary objectclass
ANTON OPPERMAN
antono at btinternet.com
Mon Jul 6 14:51:49 CEST 2015
Thx Pavol! That is getting me very close ...
Took a while to figure out just how to do it; the documentation can be clearer; e.g. where
the value of ObjectClassesExtensionFile is set and which system it should be stored on. I
saw a ref in the UI that seemed to allow for this, but this didn't work for me.
I have defined my custom schema entries in the AccountObjectClass section and can
retrieve and set values if my auxiliary objectClass is present on the user. Obviously
creating an account with schema extension fails as newly created users will not have
the auxiliary objectClass (yet).
I was hoping it is possible to override the objectClasses in the schema handling, but
can't find an example. The other option, I guess, would be to use the the custom
schema feature of ObjectClassesExtensionFile, but I have a few questions on this:
1) Is the objectClass type always Tenant?
2) Does this add an objectClass in addition of the user class or instead of the user class?
3) How / when are the custom scripts called?
4) Is there examples on how to use the custom schema feature?
Thx!
Regards,
Anton
----Original message----
>From : mederly at evolveum.com
Date : 02/07/2015 - 15:17 (BST)
To : midpoint at lists.evolveum.com
Subject : Re: [midPoint] Active Directory and custom attributes & auxiliary objectclass
Hello Anton,
the AD connector schema can now be extended via configuration.
Please see https://wiki.evolveum.com/display/midPoint/Extending+AD+and+Exchange+Connector+Schema+HOWTO
for a simple HOWTO.
However, contrary to what's written there, I would recommend using
the latest versions of AD/Exchange connector and ConnId:
- Exchange Connector: 1.4.1.20283 (https://wiki.evolveum.com/display/midPoint/Exchange+Connector)
- Connector Server: 1.4.0.84 (https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server)
Also please note that auxiliary object classes are not supported
for AD. What you need to do is to extend the basic
AccountObjectClass (or object class for group/OU) with your custom
attributes.
Best regards,
Pavol
On 2. 7. 2015 16:10, midpoint at mybtinternet.com wrote:
Hi,
We intend managing a number of different directories with
similar data but for populations of users that
must be stored separately. We also have a fairly extensive
number of custom attributes grouped in an
auxiliary objectClass.
For OpenDJ, I was able to setup the resources and am able to
manage all the custom attributes; e.g.
the connector allows definition of which classes to use.
Now trying to replicate with AD and have basic AD provisioning
working; however, I don't see similar
options for defining additional objectClasses to use. Have
looked in Jira; all references suggest modifying
objectClasses.xml and building a custom instance of the
connector. I don't see how the custom
objectClass is referenced. Have I missed something?
As for building a custom instance of the connector; I would
prefer not to do that as:
1) we could run into issues that are related to
our attempt of implementing
2) each time there is a new fix, we would need to go and
retro-fit and rebuild
3) each time we extend the schema, we need to go and ammend
and rebuild
While I may be able to build a custom instance, once this is
handed-over to business-as-usual, they
most certainly will not have the skills to support this.
Is this still the process to follow at this time, or has this
changed? If not changed, is there a plan to
make the AD adapter configurable ito custom schema (like
OpenDJ)? Time-frame?
Thx
Regards,
Anton
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150706/86c9d67d/attachment.htm>
More information about the midPoint
mailing list