[midPoint] Midpoint 3.4.1 389ds LDAP import error because users have many objectCalsses [SOLVED]

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Fri Nov 25 15:16:41 CET 2016 

OK, I got it, I had to remove two auxiliary objectClasses (inetUser and
posixAccount) and then the import was finished wihout any error.

Regards,
WS

W dniu 22.11.2016 o 18:07, Wojciech Staszewski pisze:
> Thanks, I added auxiliary objectClasses,
> and removed unnecessary objectclasses from my users by the way
> but now I have this error:
> 
> Import object (GUI) 
> Message 
> Schema violation during processing shadow: shadow: 
> uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ (OID:0004cd61-56bb-4ee1-b5ea-a350998920d5): 
> Schema violation: Invalid attribute: 
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error 
> modifying LDAP entry uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ: [add:objectClass: 
> organizationalPerson?objectClass: top,]: attributeOrValueExists: (20)) 
> 
> Any ideas?
> 
> Dnia wtorek, 22 listopada 2016 11:37:07 CET Ivan Noris pisze:
>> Hi,
>>
>> I think you may need to specify object classes that are auxiliary in
>> schema handling...
>>
>> e.g.:
>>
>>         <objectType>
>>                 <kind>account</kind>
>>             <intent>default</intent>
>>             <displayName>Account</displayName>
>>             <objectClass>ri:inetOrgPerson</objectClass>
>>           *  <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>**
>> **            <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>*
>>
>> ...
>>
>> Not sure if you can "ignore" the attributes during synchronization , but
>> maybe someone else knows.
>>
>> Regards,
>>
>> Ivan
>>
>> On 11/22/2016 11:06 AM, Wojciech Staszewski wrote:
>>> Hello,
>>>
>>> I have some problems with initial users import from my 389ds LDAP.
>>>
>>> Most of users have objectClasses:
>>>       <generationConstraints>
>>>       
>>>          <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
>>>          <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
>>>          <generateObjectClass>ri:groupOfNames</generateObjectClass>
>>>          <generateObjectClass>ri:organizationalUnit</generateObjectClass>
>>>          <generateObjectClass>ri:inetUser</generateObjectClass>
>>>          <generateObjectClass>ri:shadowAccount</generateObjectClass>
>>>          <generateObjectClass>ri:sambaSamAccount</generateObjectClass>
>>>          <generateObjectClass>ri:posixAccount</generateObjectClass>
>>>          <generateObjectClass>ri:posixGroup</generateObjectClass>
>>>          <generateObjectClass>ri:top</generateObjectClass>
>>>          <generateObjectClass>ri:person</generateObjectClass>
>>>          <generateObjectClass>ri:organizationalPerson</generateObjectClass
>>>          >
>>>          <generateObjectClass>ri:mozillaAbPersonAlpha</generateObjectClass
>>>          >
>>>       
>>>       </generationConstraints>
>>>
>>> Accounts having only "inetOrgPerson"  objectClass (for example special
>>> accounts for some services) was imported and linked correctly.
>>> At this moment I have 41 correctly linked accounts from about 6000.
>>> Import of the rest ending with error quoted below and accounts remains
>>> "UNLINKED":
>>>
>>> Schema violation during processing shadow: shadow:
>>> uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ
>>> (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
>>> attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
>>> ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
>>> [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
>>> 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
>>> 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
>>> ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
>>> posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
>>> -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
>>> 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
>>> "memberOf" not allowed? (65)): Schema violation during processing
>>> shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
>>> (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
>>> attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
>>> ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
>>> [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
>>> 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
>>> 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
>>> ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
>>> posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
>>> -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
>>> 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
>>> "memberOf" not allowed? (65)): Schema violation during processing
>>> shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
>>> (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
>>> attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
>>> ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
>>> [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
>>> 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
>>> 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
>>> ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
>>> posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
>>> -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
>>> 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
>>> "memberOf" not allowed? (65)): Schema violation during processing
>>> shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
>>> (OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
>>> attribute:
>>> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueEx
>>> ception(Error modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
>>> [remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
>>> 0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
>>> 2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
>>> ],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
>>> posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
>>> -4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
>>> 2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
>>> "memberOf" not allowed? (65))
>>>
>>> How to tell Midpoint to ignore these objectClasses and attributes?
>>> Thanks.
> 
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA
Spółka z ograniczoną odpowiedzialnością
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00

Pomyśl o środowisku zanim wydrukujesz ten e-mail.
fax: +48 12 295 01 02
tel. kom: 663 680 236
skype: ws.diag
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M.
Życzkowskiego
16, 31-864 Kraków;
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział
Gospodarczy
Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał
zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.

More information about the midPoint mailing list