[midPoint] Evolveum LDAP Connector schema reading (389-DS) - hint
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Wed Jun 28 13:02:30 CEST 2017
Hello!
I don't know if v1.4.4 is affected, because of other issue I cannot use it,
but the v1.4.3 with 389-DS Midpoint reads schema not quite good (but almost good). :)
When resource schema is created or reloaded, in inetOrgPerson class attributes: sn, givenName and cn (and maybe others) have "maxOccurs" set to "unbounded" (multi-valued).
In 389-DS these attributes are single-valued (maxOccurs=1).
When givenName or familyName is changed in Midpoint, sometimes reconciliation gives an error during LDAP account update:
ERROR (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException in connector:
OID(ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3): resource:OID(LDAP) while adding attribute values to object identified by ICF UID 'xxxx':
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
Error modifying LDAP entry uid=xxx,ou=People,dc=xxx,dc=xx: [add:sn: Xxxxxxx ,add:cn: Yyyyyyy Xxxxxxx,]: attributeOrValueExists: (20)
As you can see MidPoint tries to ADD a new value instead UPDATE existing.
In such case you should set maxOccurs to 1 manually in resource schema definition and then reconciliation goes ok.
Regards,
Wojciech Staszewski
More information about the midPoint
mailing list