[midPoint] Midpoint 3.4.1 389ds LDAP import error because users have many objectCalsses

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Tue Nov 22 11:06:43 CET 2016 

Hello,

I have some problems with initial users import from my 389ds LDAP.
Most of users have objectClasses:

      <generationConstraints>
         <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
         <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
         <generateObjectClass>ri:groupOfNames</generateObjectClass>
         <generateObjectClass>ri:organizationalUnit</generateObjectClass>
         <generateObjectClass>ri:inetUser</generateObjectClass>
         <generateObjectClass>ri:shadowAccount</generateObjectClass>
         <generateObjectClass>ri:sambaSamAccount</generateObjectClass>
         <generateObjectClass>ri:posixAccount</generateObjectClass>
         <generateObjectClass>ri:posixGroup</generateObjectClass>
         <generateObjectClass>ri:top</generateObjectClass>
         <generateObjectClass>ri:person</generateObjectClass>
         <generateObjectClass>ri:organizationalPerson</generateObjectClass>
         <generateObjectClass>ri:mozillaAbPersonAlpha</generateObjectClass>
      </generationConstraints>

Accounts having only "inetOrgPerson"  objectClass (for example special
accounts for some services) was imported and linked correctly.
At this moment I have 41 correctly linked accounts from about 6000.
Import of the rest ending with error quoted below and accounts remains
"UNLINKED":

Schema violation during processing shadow: shadow:
uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ 
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65))

How to tell Midpoint to ignore these objectClasses and attributes?
Thanks.

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA
Spółka z ograniczoną odpowiedzialnością
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00
fax: +48 12 295 01 02
tel. kom: 663 680 236
skype: ws.diag
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M. Życzkowskiego 
16, 31-864 Kraków;
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy 
Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał 
zakładowy: 33 756 500 zł.

More information about the midPoint mailing list