[midPoint] OpenLDAP - Cannot modify user UID or role CN
Luca Verardo
luca at verardo.ch
Fri Jan 5 11:27:41 CET 2024
Dear community,
I'm in the process of re-creating my OpenLDAP resource using the new wizard UI. The basic operations are working correctly and also synchronized correctly.
However, when I try to rename a user, midPoint gives the following error :
Error modifying LDAP entry uid=test-user-rename,ou=People,dc=CORP,dc=org: [add:uid=test-user-rename,remove:uid=test-user,]: noSuchAttribute: (16)
Where 'test-user' is the old username, and 'test-user-rename' is the new username. I tried to play with the permissive modfiy setting of the resource. When it is set to never, midPoint will compain that the entry already exists. If set to auto or always, it gives the error mentioned above.
The same problem arises when trying to rename a role (which is bounded to an OpenLDAP groupOfNames).
Maybe it's wrong, but I think that the reason behind this error is that midPoint will try to query the LDAP server with the new UID instead of the old one. However, it may totally be something else, I'm not sure.
Could someone help me to solve this issue ? You can find below my OpenLDAP resource configuration.
Thanks a lot in advance!
Luca
<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="69a38b4a-60b1-496a-a600-21a2669b208f" version="97">
<name>OPENLDAP CORP ORG</name>
<metadata>
<requestTimestamp>2024-01-02T15:39:48.163Z</requestTimestamp>
<requestorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</requestorRef>
<createTimestamp>2024-01-02T15:39:51.434Z</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
<modifyTimestamp>2024-01-05T09:55:45.715Z</modifyTimestamp>
<modifierRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</modifierRef>
<modifyChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</modifyChannel>
</metadata>
<lifecycleState>active</lifecycleState>
<operationExecution id="98">
<recordType>simple</recordType>
<timestamp>2024-01-05T08:32:35.267Z</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000111491</token>
</executionResult>
<objectName>OPENLDAP CORP ORG</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</initiatorRef>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
</operationExecution>
<operationExecution id="99">
<recordType>simple</recordType>
<timestamp>2024-01-05T09:31:37.377Z</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000115439</token>
</executionResult>
<objectName>OPENLDAP CORP ORG</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</initiatorRef>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
</operationExecution>
<operationExecution id="100">
<recordType>simple</recordType>
<timestamp>2024-01-05T09:32:25.612Z</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000116246</token>
</executionResult>
<objectName>OPENLDAP CORP ORG</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</initiatorRef>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
</operationExecution>
<operationExecution id="101">
<recordType>simple</recordType>
<timestamp>2024-01-05T09:34:28.402Z</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000116404</token>
</executionResult>
<objectName>OPENLDAP CORP ORG</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</initiatorRef>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
</operationExecution>
<operationExecution id="102">
<recordType>simple</recordType>
<timestamp>2024-01-05T09:55:45.939Z</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000121838</token>
</executionResult>
<objectName>OPENLDAP CORP ORG</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</initiatorRef>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
</operationExecution>
<indestructible>true</indestructible>
<iteration>0</iteration>
<iterationToken/>
<administrativeOperationalState>
<administrativeAvailabilityStatus>operational</administrativeAvailabilityStatus>
</administrativeOperationalState>
<operationalState>
<lastAvailabilityStatus>up</lastAvailabilityStatus>
<message>Status set to UP because resource schema was successfully fetched</message>
<timestamp>2024-01-02T15:39:56.971Z</timestamp>
<nodeId>DefaultNode</nodeId>
</operationalState>
<operationalStateHistory id="3">
<lastAvailabilityStatus>up</lastAvailabilityStatus>
<message>Status set to UP because resource schema was successfully fetched</message>
<timestamp>2024-01-02T15:39:56.971Z</timestamp>
<nodeId>DefaultNode</nodeId>
</operationalStateHistory>
<connectorRef oid="963d73b1-1b6c-4cbb-802d-92350c829d70" relation="org:default" type="c:ConnectorType">
<!-- ConnId com.evolveum.polygon.connector.ldap.LdapConnector v3.6.1 -->
</connectorRef>
<connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
<icfc:configurationProperties xmlns:gen872="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
<gen872:host>172.16.0.1</gen872:host>
<gen872:port>389</gen872:port>
<gen872:bindDn>cn=admin,dc=CORP,dc=org</gen872:bindDn>
<gen872:baseContext>dc=CORP,dc=org</gen872:baseContext>
<gen872:passwordAttribute>password</gen872:passwordAttribute>
<gen872:passwordHashAlgorithm>SSHA</gen872:passwordHashAlgorithm>
<gen872:pagingStrategy>spr</gen872:pagingStrategy>
<gen872:vlvSortAttribute>uid,cn,ou,dc</gen872:vlvSortAttribute>
<gen872:vlvSortOrderingRule>2.5.13.3</gen872:vlvSortOrderingRule>
<gen872:readSchema>true</gen872:readSchema>
<gen872:usePermissiveModify>always</gen872:usePermissiveModify>
<gen872:lockoutStrategy>openldap</gen872:lockoutStrategy>
<gen872:operationalAttributes>memberOf</gen872:operationalAttributes>
<gen872:operationalAttributes>createTimestamp</gen872:operationalAttributes>
<gen872:operationalAttributes>mail</gen872:operationalAttributes>
</icfc:configurationProperties>
</connectorConfiguration>
<schema>
<cachingMetadata>
<retrievalTimestamp>2024-01-05T07:29:13.297Z</retrievalTimestamp>
<serialNumber>fe98b37b00311b15-329855bf6427711f</serialNumber>
</cachingMetadata>
<generationConstraints>
<generateObjectClass>ri:organization</generateObjectClass>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:midPointPerson</generateObjectClass>
</generationConstraints>
<definition>
<xsd:schema xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:ra="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xml:space="preserve">
<xsd:import namespace="http://prism.evolveum.com/xml/ns/public/annotation-3"/>
<xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"/>
<xsd:complexType name="midPointPerson">
<xsd:annotation>
<xsd:appinfo>
<a:container/>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>midPointPerson</ra:nativeObjectClass>
<ra:auxiliary>true</ra:auxiliary>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>createTimestamp</a:displayName>
<a:displayOrder>120</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>memberOf</a:displayName>
<a:displayOrder>130</a:displayOrder>
<a:matchingRule xmlns:qn172="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn172:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>mail</a:displayName>
<a:displayOrder>140</a:displayOrder>
<a:matchingRule xmlns:qn477="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn477:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>mail</ra:nativeAttributeName>
<ra:frameworkAttributeName>mail</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="midPointAccountStatus" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>midPointAccountStatus</a:displayName>
<a:displayOrder>150</a:displayOrder>
<a:matchingRule xmlns:qn698="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn698:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>midPointAccountStatus</ra:nativeAttributeName>
<ra:frameworkAttributeName>midPointAccountStatus</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>dn</a:displayName>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn123="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn123:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>entryUUID</a:displayName>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn877="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn877:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="groupOfNames">
<xsd:annotation>
<xsd:appinfo>
<a:container/>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>groupOfNames</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>createTimestamp</a:displayName>
<a:displayOrder>120</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>memberOf</a:displayName>
<a:displayOrder>130</a:displayOrder>
<a:matchingRule xmlns:qn655="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn655:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="ou" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>ou</a:displayName>
<a:displayOrder>140</a:displayOrder>
<a:matchingRule xmlns:qn149="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn149:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>ou</ra:nativeAttributeName>
<ra:frameworkAttributeName>ou</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="cn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>cn</a:displayName>
<a:displayOrder>150</a:displayOrder>
<a:matchingRule xmlns:qn411="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn411:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>cn</ra:nativeAttributeName>
<ra:frameworkAttributeName>cn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="o" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>o</a:displayName>
<a:displayOrder>160</a:displayOrder>
<a:matchingRule xmlns:qn105="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn105:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>o</ra:nativeAttributeName>
<ra:frameworkAttributeName>o</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="member" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>member</a:displayName>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn136="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn136:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>member</ra:nativeAttributeName>
<ra:frameworkAttributeName>member</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="owner" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>owner</a:displayName>
<a:displayOrder>180</a:displayOrder>
<a:matchingRule xmlns:qn906="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn906:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>owner</ra:nativeAttributeName>
<ra:frameworkAttributeName>owner</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>mail</a:displayName>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn67="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn67:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>mail</ra:nativeAttributeName>
<ra:frameworkAttributeName>mail</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>seeAlso</a:displayName>
<a:displayOrder>200</a:displayOrder>
<a:matchingRule xmlns:qn747="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn747:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>description</a:displayName>
<a:displayOrder>210</a:displayOrder>
<a:matchingRule xmlns:qn726="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn726:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>businessCategory</a:displayName>
<a:displayOrder>220</a:displayOrder>
<a:matchingRule xmlns:qn212="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn212:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>dn</a:displayName>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn811="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn811:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>entryUUID</a:displayName>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn922="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn922:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="inetOrgPerson">
<xsd:annotation>
<xsd:appinfo>
<a:container/>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>inetOrgPerson</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="initials" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>initials</a:displayName>
<a:displayOrder>120</a:displayOrder>
<a:matchingRule xmlns:qn210="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn210:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>initials</ra:nativeAttributeName>
<ra:frameworkAttributeName>initials</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>memberOf</a:displayName>
<a:displayOrder>130</a:displayOrder>
<a:matchingRule xmlns:qn955="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn955:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="homePhone" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>homePhone</a:displayName>
<a:displayOrder>140</a:displayOrder>
<ra:nativeAttributeName>homePhone</ra:nativeAttributeName>
<ra:frameworkAttributeName>homePhone</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="audio" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>audio</a:displayName>
<a:displayOrder>150</a:displayOrder>
<ra:nativeAttributeName>audio</ra:nativeAttributeName>
<ra:frameworkAttributeName>audio</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>mail</a:displayName>
<a:displayOrder>160</a:displayOrder>
<a:matchingRule xmlns:qn294="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn294:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>mail</ra:nativeAttributeName>
<ra:frameworkAttributeName>mail</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="carLicense" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>carLicense</a:displayName>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn978="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn978:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>carLicense</ra:nativeAttributeName>
<ra:frameworkAttributeName>carLicense</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="departmentNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>departmentNumber</a:displayName>
<a:displayOrder>180</a:displayOrder>
<a:matchingRule xmlns:qn551="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn551:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>departmentNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>departmentNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="manager" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>manager</a:displayName>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn53="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn53:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>manager</ra:nativeAttributeName>
<ra:frameworkAttributeName>manager</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>businessCategory</a:displayName>
<a:displayOrder>200</a:displayOrder>
<a:matchingRule xmlns:qn291="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn291:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="homePostalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>homePostalAddress</a:displayName>
<a:displayOrder>210</a:displayOrder>
<ra:nativeAttributeName>homePostalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>homePostalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="secretary" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>secretary</a:displayName>
<a:displayOrder>220</a:displayOrder>
<a:matchingRule xmlns:qn681="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn681:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>secretary</ra:nativeAttributeName>
<ra:frameworkAttributeName>secretary</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="photo" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>photo</a:displayName>
<a:displayOrder>230</a:displayOrder>
<ra:nativeAttributeName>photo</ra:nativeAttributeName>
<ra:frameworkAttributeName>photo</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="labeledURI" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>labeledURI</a:displayName>
<a:displayOrder>240</a:displayOrder>
<ra:nativeAttributeName>labeledURI</ra:nativeAttributeName>
<ra:frameworkAttributeName>labeledURI</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="displayName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>displayName</a:displayName>
<a:displayOrder>250</a:displayOrder>
<a:matchingRule xmlns:qn457="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn457:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>displayName</ra:nativeAttributeName>
<ra:frameworkAttributeName>displayName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="pager" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>pager</a:displayName>
<a:displayOrder>260</a:displayOrder>
<ra:nativeAttributeName>pager</ra:nativeAttributeName>
<ra:frameworkAttributeName>pager</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="roomNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>roomNumber</a:displayName>
<a:displayOrder>270</a:displayOrder>
<a:matchingRule xmlns:qn138="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn138:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>roomNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>roomNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="physicalDeliveryOfficeName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>physicalDeliveryOfficeName</a:displayName>
<a:displayOrder>280</a:displayOrder>
<a:matchingRule xmlns:qn403="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn403:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>physicalDeliveryOfficeName</ra:nativeAttributeName>
<ra:frameworkAttributeName>physicalDeliveryOfficeName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="uid" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>uid</a:displayName>
<a:displayOrder>290</a:displayOrder>
<a:matchingRule xmlns:qn486="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn486:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>uid</ra:nativeAttributeName>
<ra:frameworkAttributeName>uid</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>seeAlso</a:displayName>
<a:displayOrder>300</a:displayOrder>
<a:matchingRule xmlns:qn296="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn296:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="destinationIndicator" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>destinationIndicator</a:displayName>
<a:displayOrder>310</a:displayOrder>
<a:matchingRule xmlns:qn29="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn29:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>destinationIndicator</ra:nativeAttributeName>
<ra:frameworkAttributeName>destinationIndicator</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postalAddress</a:displayName>
<a:displayOrder>320</a:displayOrder>
<ra:nativeAttributeName>postalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="preferredLanguage" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>preferredLanguage</a:displayName>
<a:displayOrder>330</a:displayOrder>
<a:matchingRule xmlns:qn913="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn913:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>preferredLanguage</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredLanguage</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="preferredDeliveryMethod" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>preferredDeliveryMethod</a:displayName>
<a:displayOrder>340</a:displayOrder>
<ra:nativeAttributeName>preferredDeliveryMethod</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredDeliveryMethod</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="facsimileTelephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>facsimileTelephoneNumber</a:displayName>
<a:displayOrder>350</a:displayOrder>
<ra:nativeAttributeName>facsimileTelephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>facsimileTelephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="employeeType" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>employeeType</a:displayName>
<a:displayOrder>360</a:displayOrder>
<a:matchingRule xmlns:qn699="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn699:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>employeeType</ra:nativeAttributeName>
<ra:frameworkAttributeName>employeeType</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="internationaliSDNNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>internationaliSDNNumber</a:displayName>
<a:displayOrder>370</a:displayOrder>
<ra:nativeAttributeName>internationaliSDNNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>internationaliSDNNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postOfficeBox" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postOfficeBox</a:displayName>
<a:displayOrder>380</a:displayOrder>
<a:matchingRule xmlns:qn519="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn519:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postOfficeBox</ra:nativeAttributeName>
<ra:frameworkAttributeName>postOfficeBox</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="telephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>telephoneNumber</a:displayName>
<a:displayOrder>390</a:displayOrder>
<ra:nativeAttributeName>telephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="l" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>l</a:displayName>
<a:displayOrder>400</a:displayOrder>
<a:matchingRule xmlns:qn302="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn302:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>l</ra:nativeAttributeName>
<ra:frameworkAttributeName>l</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="employeeNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>employeeNumber</a:displayName>
<a:displayOrder>410</a:displayOrder>
<a:matchingRule xmlns:qn691="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn691:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>employeeNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>employeeNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="jpegPhoto" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>jpegPhoto</a:displayName>
<a:displayOrder>420</a:displayOrder>
<ra:nativeAttributeName>jpegPhoto</ra:nativeAttributeName>
<ra:frameworkAttributeName>jpegPhoto</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="o" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>o</a:displayName>
<a:displayOrder>430</a:displayOrder>
<a:matchingRule xmlns:qn699="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn699:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>o</ra:nativeAttributeName>
<ra:frameworkAttributeName>o</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="userPKCS12" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>userPKCS12</a:displayName>
<a:displayOrder>440</a:displayOrder>
<ra:nativeAttributeName>userPKCS12</ra:nativeAttributeName>
<ra:frameworkAttributeName>userPKCS12</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>description</a:displayName>
<a:displayOrder>450</a:displayOrder>
<a:matchingRule xmlns:qn205="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn205:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>dn</a:displayName>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn92="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn92:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="sn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>sn</a:displayName>
<a:displayOrder>460</a:displayOrder>
<a:matchingRule xmlns:qn44="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn44:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>sn</ra:nativeAttributeName>
<ra:frameworkAttributeName>sn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="givenName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>givenName</a:displayName>
<a:displayOrder>470</a:displayOrder>
<a:matchingRule xmlns:qn14="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn14:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>givenName</ra:nativeAttributeName>
<ra:frameworkAttributeName>givenName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="telexNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>telexNumber</a:displayName>
<a:displayOrder>480</a:displayOrder>
<ra:nativeAttributeName>telexNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telexNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postalCode" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postalCode</a:displayName>
<a:displayOrder>490</a:displayOrder>
<a:matchingRule xmlns:qn216="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn216:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postalCode</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalCode</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>createTimestamp</a:displayName>
<a:displayOrder>500</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="userSMIMECertificate" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>userSMIMECertificate</a:displayName>
<a:displayOrder>510</a:displayOrder>
<ra:nativeAttributeName>userSMIMECertificate</ra:nativeAttributeName>
<ra:frameworkAttributeName>userSMIMECertificate</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="userCertificate" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>userCertificate</a:displayName>
<a:displayOrder>520</a:displayOrder>
<ra:nativeAttributeName>userCertificate</ra:nativeAttributeName>
<ra:frameworkAttributeName>userCertificate</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="st" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>st</a:displayName>
<a:displayOrder>530</a:displayOrder>
<a:matchingRule xmlns:qn568="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn568:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>st</ra:nativeAttributeName>
<ra:frameworkAttributeName>st</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="teletexTerminalIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>teletexTerminalIdentifier</a:displayName>
<a:displayOrder>540</a:displayOrder>
<ra:nativeAttributeName>teletexTerminalIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>teletexTerminalIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="ou" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>ou</a:displayName>
<a:displayOrder>550</a:displayOrder>
<a:matchingRule xmlns:qn403="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn403:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>ou</ra:nativeAttributeName>
<ra:frameworkAttributeName>ou</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="street" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>street</a:displayName>
<a:displayOrder>560</a:displayOrder>
<a:matchingRule xmlns:qn842="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn842:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>street</ra:nativeAttributeName>
<ra:frameworkAttributeName>street</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="cn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>cn</a:displayName>
<a:displayOrder>570</a:displayOrder>
<a:matchingRule xmlns:qn704="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn704:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>cn</ra:nativeAttributeName>
<ra:frameworkAttributeName>cn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="userPassword" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>userPassword</a:displayName>
<a:displayOrder>580</a:displayOrder>
<ra:nativeAttributeName>userPassword</ra:nativeAttributeName>
<ra:frameworkAttributeName>userPassword</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="registeredAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>registeredAddress</a:displayName>
<a:displayOrder>590</a:displayOrder>
<ra:nativeAttributeName>registeredAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>registeredAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="x121Address" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>x121Address</a:displayName>
<a:displayOrder>600</a:displayOrder>
<ra:nativeAttributeName>x121Address</ra:nativeAttributeName>
<ra:frameworkAttributeName>x121Address</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="title" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>title</a:displayName>
<a:displayOrder>610</a:displayOrder>
<a:matchingRule xmlns:qn604="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn604:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>title</ra:nativeAttributeName>
<ra:frameworkAttributeName>title</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="x500UniqueIdentifier" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>x500UniqueIdentifier</a:displayName>
<a:displayOrder>620</a:displayOrder>
<ra:nativeAttributeName>x500UniqueIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>x500UniqueIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="mobile" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>mobile</a:displayName>
<a:displayOrder>630</a:displayOrder>
<ra:nativeAttributeName>mobile</ra:nativeAttributeName>
<ra:frameworkAttributeName>mobile</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>entryUUID</a:displayName>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn139="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn139:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="organization">
<xsd:annotation>
<xsd:appinfo>
<a:container/>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>organization</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>memberOf</a:displayName>
<a:displayOrder>120</a:displayOrder>
<a:matchingRule xmlns:qn20="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn20:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="facsimileTelephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>facsimileTelephoneNumber</a:displayName>
<a:displayOrder>130</a:displayOrder>
<ra:nativeAttributeName>facsimileTelephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>facsimileTelephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="internationaliSDNNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>internationaliSDNNumber</a:displayName>
<a:displayOrder>140</a:displayOrder>
<ra:nativeAttributeName>internationaliSDNNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>internationaliSDNNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postOfficeBox" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postOfficeBox</a:displayName>
<a:displayOrder>150</a:displayOrder>
<a:matchingRule xmlns:qn143="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn143:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postOfficeBox</ra:nativeAttributeName>
<ra:frameworkAttributeName>postOfficeBox</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="telephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>telephoneNumber</a:displayName>
<a:displayOrder>160</a:displayOrder>
<ra:nativeAttributeName>telephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="l" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>l</a:displayName>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn939="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn939:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>l</ra:nativeAttributeName>
<ra:frameworkAttributeName>l</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="o" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>o</a:displayName>
<a:displayOrder>180</a:displayOrder>
<a:matchingRule xmlns:qn912="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn912:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>o</ra:nativeAttributeName>
<ra:frameworkAttributeName>o</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>mail</a:displayName>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn844="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn844:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>mail</ra:nativeAttributeName>
<ra:frameworkAttributeName>mail</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="searchGuide" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>searchGuide</a:displayName>
<a:displayOrder>200</a:displayOrder>
<ra:nativeAttributeName>searchGuide</ra:nativeAttributeName>
<ra:frameworkAttributeName>searchGuide</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>description</a:displayName>
<a:displayOrder>210</a:displayOrder>
<a:matchingRule xmlns:qn227="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn227:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>businessCategory</a:displayName>
<a:displayOrder>220</a:displayOrder>
<a:matchingRule xmlns:qn186="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn186:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>dn</a:displayName>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn963="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn963:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="telexNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>telexNumber</a:displayName>
<a:displayOrder>230</a:displayOrder>
<ra:nativeAttributeName>telexNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telexNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postalCode" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postalCode</a:displayName>
<a:displayOrder>240</a:displayOrder>
<a:matchingRule xmlns:qn102="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn102:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postalCode</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalCode</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>createTimestamp</a:displayName>
<a:displayOrder>250</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="st" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>st</a:displayName>
<a:displayOrder>260</a:displayOrder>
<a:matchingRule xmlns:qn638="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn638:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>st</ra:nativeAttributeName>
<ra:frameworkAttributeName>st</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="teletexTerminalIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>teletexTerminalIdentifier</a:displayName>
<a:displayOrder>270</a:displayOrder>
<ra:nativeAttributeName>teletexTerminalIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>teletexTerminalIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="physicalDeliveryOfficeName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>physicalDeliveryOfficeName</a:displayName>
<a:displayOrder>280</a:displayOrder>
<a:matchingRule xmlns:qn76="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn76:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>physicalDeliveryOfficeName</ra:nativeAttributeName>
<ra:frameworkAttributeName>physicalDeliveryOfficeName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="street" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>street</a:displayName>
<a:displayOrder>290</a:displayOrder>
<a:matchingRule xmlns:qn810="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn810:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>street</ra:nativeAttributeName>
<ra:frameworkAttributeName>street</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="userPassword" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>userPassword</a:displayName>
<a:displayOrder>300</a:displayOrder>
<ra:nativeAttributeName>userPassword</ra:nativeAttributeName>
<ra:frameworkAttributeName>userPassword</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>seeAlso</a:displayName>
<a:displayOrder>310</a:displayOrder>
<a:matchingRule xmlns:qn965="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn965:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="registeredAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>registeredAddress</a:displayName>
<a:displayOrder>320</a:displayOrder>
<ra:nativeAttributeName>registeredAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>registeredAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="destinationIndicator" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>destinationIndicator</a:displayName>
<a:displayOrder>330</a:displayOrder>
<a:matchingRule xmlns:qn923="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn923:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>destinationIndicator</ra:nativeAttributeName>
<ra:frameworkAttributeName>destinationIndicator</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="postalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>postalAddress</a:displayName>
<a:displayOrder>340</a:displayOrder>
<ra:nativeAttributeName>postalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0" name="x121Address" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>x121Address</a:displayName>
<a:displayOrder>350</a:displayOrder>
<ra:nativeAttributeName>x121Address</ra:nativeAttributeName>
<ra:frameworkAttributeName>x121Address</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="preferredDeliveryMethod" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>preferredDeliveryMethod</a:displayName>
<a:displayOrder>360</a:displayOrder>
<ra:nativeAttributeName>preferredDeliveryMethod</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredDeliveryMethod</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayName>entryUUID</a:displayName>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn867="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn867:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
</definition>
</schema>
<schemaHandling>
<objectType id="6">
<kind>account</kind>
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<delineation>
<objectClass>ri:inetOrgPerson</objectClass>
</delineation>
<focus>
<type>c:UserType</type>
</focus>
<attribute id="13">
<ref>ri:cn</ref>
<outbound>
<source>
<path>$focus/fullName</path>
</source>
</outbound>
<inbound id="97">
<target>
<path>$focus/fullName</path>
</target>
</inbound>
</attribute>
<attribute id="14">
<ref>ri:sn</ref>
<outbound>
<source>
<path>$focus/familyName</path>
</source>
</outbound>
<inbound id="22">
<target>
<path>$focus/familyName</path>
</target>
</inbound>
</attribute>
<attribute id="15">
<ref>ri:givenName</ref>
<outbound>
<source>
<path>$focus/givenName</path>
</source>
</outbound>
<inbound id="23">
<target>
<path>$focus/givenName</path>
</target>
</inbound>
</attribute>
<attribute id="16">
<ref>ri:l</ref>
<inbound id="24">
<target>
<path>$focus/locality</path>
</target>
</inbound>
</attribute>
<attribute id="17">
<ref>ri:telephoneNumber</ref>
<outbound>
<source>
<path>$focus/telephoneNumber</path>
</source>
</outbound>
<inbound id="25">
<target>
<path>$focus/telephoneNumber</path>
</target>
</inbound>
</attribute>
<attribute id="18">
<ref>ri:employeeNumber</ref>
<outbound>
<source>
<path>$focus/employeeNumber</path>
</source>
</outbound>
<inbound id="26">
<target>
<path>$focus/employeeNumber</path>
</target>
</inbound>
</attribute>
<attribute id="19">
<ref>ri:employeeType</ref>
<outbound>
<source>
<path>$focus/subtype</path>
</source>
</outbound>
<inbound id="27">
<target>
<path>$focus/subtype</path>
</target>
</inbound>
</attribute>
<attribute id="20">
<ref>ri:mail</ref>
<outbound>
<source>
<path>$focus/emailAddress</path>
</source>
</outbound>
<inbound id="28">
<target>
<path>$focus/emailAddress</path>
</target>
</inbound>
</attribute>
<attribute id="30">
<ref>ri:dn</ref>
<outbound>
<source>
<path>$focus/name</path>
</source>
<expression>
<script>
<code>'uid=' + name + ',ou=People,dc=CORP,dc=org'</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="31">
<ref>ri:uid</ref>
<outbound>
<source>
<path>$focus/name</path>
</source>
</outbound>
<inbound id="95">
<target>
<path>$focus/name</path>
</target>
</inbound>
</attribute>
<activation>
<administrativeStatus/>
</activation>
<synchronization>
<reaction id="33">
<situation>linked</situation>
<actions>
<link id="36"/>
</actions>
</reaction>
<reaction id="34">
<situation>deleted</situation>
<actions>
<deleteFocus id="37"/>
</actions>
</reaction>
<reaction id="35">
<situation>unlinked</situation>
<actions>
<unlink id="90"/>
</actions>
</reaction>
</synchronization>
</objectType>
<objectType id="49">
<kind>entitlement</kind>
<intent>ldapGroup</intent>
<displayName>Group Membership</displayName>
<default>true</default>
<objectClass>ri:groupOfNames</objectClass>
<delineation>
<objectClass>ri:groupOfNames</objectClass>
</delineation>
<focus>
<type>c:RoleType</type>
</focus>
<attribute id="51">
<ref>ri:cn</ref>
<outbound>
<source>
<path>$focus/name</path>
</source>
</outbound>
<inbound id="56">
<target>
<path>$focus/name</path>
</target>
</inbound>
</attribute>
<attribute id="52">
<ref>ri:description</ref>
<outbound>
<source>
<path>$focus/description</path>
</source>
</outbound>
<inbound id="57">
<target>
<path>$focus/description</path>
</target>
</inbound>
</attribute>
<attribute id="53">
<ref>ri:businessCategory</ref>
<outbound>
<source>
<path>$focus/emailAddress</path>
</source>
</outbound>
<inbound id="58">
<target>
<path>$focus/emailAddress</path>
</target>
</inbound>
</attribute>
<attribute id="54">
<ref>ri:dn</ref>
<outbound>
<source>
<path>$focus/name</path>
</source>
<expression>
<script>
<code>import javax.naming.ldap.Rdn
import javax.naming.ldap.LdapName
dn = new LdapName('ou=Groups,dc=CORP,dc=org')
dn.add(new Rdn('cn', name.toString()))
return dn.toString()</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="55">
<ref>ri:member</ref>
<outbound>
<expression>
<value>uid=dummy,dc=dummy,dc=dummy</value>
</expression>
</outbound>
</attribute>
<association id="73">
<ref>Group</ref>
<kind>entitlement</kind>
<intent>ldapGroup</intent>
<direction>objectToSubject</direction>
<associationAttribute>member</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
</association>
<correlation>
<correlators>
<items id="84">
<item id="85">
<ref>c:name</ref>
</item>
</items>
</correlators>
</correlation>
<synchronization>
<reaction id="60">
<situation>deleted</situation>
<actions>
<deleteFocus id="63"/>
</actions>
</reaction>
<reaction id="61">
<situation>linked</situation>
<actions>
<link id="64"/>
</actions>
</reaction>
<reaction id="62">
<situation>unlinked</situation>
<actions>
<unlink id="65"/>
</actions>
</reaction>
</synchronization>
</objectType>
</schemaHandling>
<capabilities>
<cachingMetadata>
<retrievalTimestamp>2024-01-05T07:29:13.286Z</retrievalTimestamp>
<serialNumber>f6083908b7a800f0-3042be007ad195f7</serialNumber>
</cachingMetadata>
<native xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
<cap:schema/>
<cap:discoverConfiguration/>
<cap:activation>
<cap:status/>
<cap:lockoutStatus/>
</cap:activation>
<cap:liveSync/>
<cap:create/>
<cap:read>
<cap:returnDefaultAttributesOption>true</cap:returnDefaultAttributesOption>
</cap:read>
<cap:update>
<cap:delta>true</cap:delta>
<cap:addRemoveAttributeValues>true</cap:addRemoveAttributeValues>
</cap:update>
<cap:delete/>
<cap:testConnection/>
<cap:script>
<cap:host id="94">
<cap:type>connector</cap:type>
</cap:host>
</cap:script>
<cap:pagedSearch/>
<cap:auxiliaryObjectClasses/>
</native>
</capabilities>
</resource>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240105/417e25c0/attachment-0001.htm>
More information about the midPoint
mailing list