[midPoint] Midpoint 3.4.1 389ds LDAP import error because users have many objectCalsses

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Tue Nov 22 18:07:42 CET 2016 

Thanks, I added auxiliary objectClasses,
and removed unnecessary objectclasses from my users by the way
but now I have this error:

Import object (GUI) 
Message 
Schema violation during processing shadow: shadow: 
uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ (OID:0004cd61-56bb-4ee1-b5ea-a350998920d5): 
Schema violation: Invalid attribute: 
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error 
modifying LDAP entry uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ: [add:objectClass: 
organizationalPerson?objectClass: top,]: attributeOrValueExists: (20)) 

Any ideas?

Dnia wtorek, 22 listopada 2016 11:37:07 CET Ivan Noris pisze:
> Hi,
> 
> I think you may need to specify object classes that are auxiliary in
> schema handling...
> 
> e.g.:
> 
>         <objectType>
>                 <kind>account</kind>
>             <intent>default</intent>
>             <displayName>Account</displayName>
>             <objectClass>ri:inetOrgPerson</objectClass>
>           *  <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>**
> **            <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>*
> 
> ...
> 
> Not sure if you can "ignore" the attributes during synchronization , but
> maybe someone else knows.
> 
> Regards,
> 
> Ivan
> 
> On 11/22/2016 11:06 AM, Wojciech Staszewski wrote:
> > Hello,
> > 
> > I have some problems with initial users import from my 389ds LDAP.
> > 
> > Most of users have objectClasses:
> >       <generationConstraints>
> >       
> >          <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
> >          <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
> >          <generateObjectClass>ri:groupOfNames</generateObjectClass>
> >          <generateObjectClass>ri:organizationalUnit</generateObjectClass>
> >          <generateObjectClass>ri:inetUser</generateObjectClass>
> >          <generateObjectClass>ri:shadowAccount</generateObjectClass>
> >          <generateObjectClass>ri:sambaSamAccount</generateObjectClass>
> >          <generateObjectClass>ri:posixAccount</generateObjectClass>
> >          <generateObjectClass>ri:posixGroup</generateObjectClass>
> >          <generateObjectClass>ri:top</generateObjectClass>
> >          <generateObjectClass>ri:person</generateObjectClass>
> >          <generateObjectClass>ri:organizationalPerson</generateObjectClass
> >          >
> >          <generateObjectClass>ri:mozillaAbPersonAlpha</generateObjectClass
> >          >
> >       
> >       </generationConstraints>
> > 
> > Accounts having only "inetOrgPerson"  objectClass (for example special
> > accounts for some services) was imported and linked correctly.
> > At this moment I have 41 correctly linked accounts from about 6000.
> > Import of the rest ending with error quoted below and accounts remains
> > "UNLINKED":
> > 
> > Schema violation during processing shadow: shadow:
> > uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ
> > (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
> > attribute:
> > org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
> > ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
> > [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
> > 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
> > 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
> > ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
> > posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
> > -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
> > 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
> > "memberOf" not allowed? (65)): Schema violation during processing
> > shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
> > (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
> > attribute:
> > org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
> > ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
> > [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
> > 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
> > 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
> > ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
> > posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
> > -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
> > 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
> > "memberOf" not allowed? (65)): Schema violation during processing
> > shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
> > (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
> > attribute:
> > org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
> > ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
> > [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
> > 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
> > 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
> > ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
> > posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
> > -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
> > 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
> > "memberOf" not allowed? (65)): Schema violation during processing
> > shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
> > (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
> > attribute:
> > org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
> > ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
> > [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
> > 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
> > 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
> > ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
> > posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
> > -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
> > 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
> > "memberOf" not allowed? (65))
> > 
> > How to tell Midpoint to ignore these objectClasses and attributes?
> > Thanks.


-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA 
Spółka z ograniczoną odpowiedzialnością 
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00
fax: +48 12 295 01 02 
tel. kom: 663 680 236
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M. Życzkowskiego 
16, 31-864 Kraków; 
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy 
Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał 
zakładowy: 33 252 500 zł.

More information about the midPoint mailing list