[midPoint] report "unassigned" entitlements
Markus Calmius
markus.calmius at proton.ch
Fri Jan 12 14:48:03 CET 2024
Hi,
I cannot figure this out.
As far as I can tell, the associations work fine. At least in the sense that the projection display them.
If I add a group to the user in FreeIPA the association reflects this. If I set tolerant to false the added associations will be deleted (even for groups that are protected)
But, If I do a simulated import/Import preview when tolerant is set to true, I get "No changes"
This is my association in the resource
<association>
<ref>ri:groups</ref>
<tolerant>true</tolerant>
<displayName>IPA Group Membership</displayName>
<kind>entitlement</kind>
<intent>group</intent>
<direction>subjectToObject</direction> <associationAttribute>ri:memberof_group</associationAttribute>
<valueAttribute>icfs:name</valueAttribute> <shortcutAssociationAttribute>ri:member_user</shortcutAssociationAttribute> <shortcutValueAttribute>icfs:name</shortcutValueAttribute>
</association>
All roles that are created based on groups in FreeIPA are assigned an archetype which contains the same inducement as the metarole. Could that cause this issue?
Markus
On Friday, 5 January 2024 at 11:27, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. report "unassigned" entitlements (Markus Calmius)
> 2. OpenLDAP - Cannot modify user UID or role CN (Luca Verardo)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 04 Jan 2024 13:32:01 +0000
> From: Markus Calmius markus.calmius at proton.ch
>
> To: midPoint General Discussion midpoint at lists.evolveum.com
>
> Subject: [midPoint] report "unassigned" entitlements
> Message-ID:
> U6JjNFbNtkpyGHOPL06pfr9OV-zSRebK3nBpdu84w9o2IRDJBYQ1hhLYGBYMbrfuvjfC9-L7ZxPXCNFD__1Nawoazl8Jp_s-5cV0RR6tA3U=@proton.ch
>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> is there a way to "highlight" or report when an account has i.e. a group-membership that is not assigned by midPoint.
> So, what if an admin adds a user to a group directly in LDAP, what is the best way to find these, from midPoints point of view, "unassigned" entitlements?
> I guess to somehow compare the associations with the assigned roles
>
> I know I can set the <tolerant>-tag to false, and any out-of-midPoint/unassigned entitlements a user has would be removed the next import/reconciliation.
>
> Before doing that, I'd like midPoint to do scheduled reports for a specific resource to see if there are any admins doing things they shouldn't.
>
> TiA
> Markus
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20240104/96ad2336/attachment-0001.htm
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 05 Jan 2024 11:27:41 +0100
> From: "Luca Verardo" luca at verardo.ch
>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] OpenLDAP - Cannot modify user UID or role CN
> Message-ID: 75-6597d980-71-7cf12880 at 30139067
>
> Content-Type: text/plain; charset="utf-8"
>
>
> Dear community,
>
> I'm in the process of re-creating my OpenLDAP resource using the new wizard UI. The basic operations are working correctly and also synchronized correctly.
> However, when I try to rename a user, midPoint gives the following error :
> Error modifying LDAP entry uid=test-user-rename,ou=People,dc=CORP,dc=org: [add:uid=test-user-rename,remove:uid=test-user,]: noSuchAttribute: (16)
> Where 'test-user' is the old username, and 'test-user-rename' is the new username. I tried to play with the permissive modfiy setting of the resource. When it is set to never, midPoint will compain that the entry already exists. If set to auto or always, it gives the error mentioned above.
>
> The same problem arises when trying to rename a role (which is bounded to an OpenLDAP groupOfNames).
>
> Maybe it's wrong, but I think that the reason behind this error is that midPoint will try to query the LDAP server with the new UID instead of the old one. However, it may totally be something else, I'm not sure.
>
> Could someone help me to solve this issue ? You can find below my OpenLDAP resource configuration.
> Thanks a lot in advance!
>
> Luca
> <resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="69a38b4a-60b1-496a-a600-21a2669b208f" version="97">
>
> <name>OPENLDAP CORP ORG</name>
>
> <metadata>
>
> <requestTimestamp>2024-01-02T15:39:48.163Z</requestTimestamp>
>
> <requestorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </requestorRef>
>
> <createTimestamp>2024-01-02T15:39:51.434Z</createTimestamp>
>
> <creatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </creatorRef>
>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</createChannel>
>
> <modifyTimestamp>2024-01-05T09:55:45.715Z</modifyTimestamp>
>
> <modifierRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </modifierRef>
>
> <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</modifyChannel>
>
> </metadata>
>
> <lifecycleState>active</lifecycleState>
>
> <operationExecution id="98">
>
> <recordType>simple</recordType>
>
> <timestamp>2024-01-05T08:32:35.267Z</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>modify</t:changeType>
>
> <t:objectType>c:ResourceType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000111491</token>
>
> </executionResult>
>
> <objectName>OPENLDAP CORP ORG</objectName>
>
> </operation>
>
> <status>success</status>
>
> <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </initiatorRef>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
>
> </operationExecution>
>
> <operationExecution id="99">
>
> <recordType>simple</recordType>
>
> <timestamp>2024-01-05T09:31:37.377Z</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>modify</t:changeType>
>
> <t:objectType>c:ResourceType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000115439</token>
>
> </executionResult>
>
> <objectName>OPENLDAP CORP ORG</objectName>
>
> </operation>
>
> <status>success</status>
>
> <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </initiatorRef>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
>
> </operationExecution>
>
> <operationExecution id="100">
>
> <recordType>simple</recordType>
>
> <timestamp>2024-01-05T09:32:25.612Z</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>modify</t:changeType>
>
> <t:objectType>c:ResourceType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000116246</token>
>
> </executionResult>
>
> <objectName>OPENLDAP CORP ORG</objectName>
>
> </operation>
>
> <status>success</status>
>
> <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </initiatorRef>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
>
> </operationExecution>
>
> <operationExecution id="101">
>
> <recordType>simple</recordType>
>
> <timestamp>2024-01-05T09:34:28.402Z</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>modify</t:changeType>
>
> <t:objectType>c:ResourceType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000116404</token>
>
> </executionResult>
>
> <objectName>OPENLDAP CORP ORG</objectName>
>
> </operation>
>
> <status>success</status>
>
> <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </initiatorRef>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
>
> </operationExecution>
>
> <operationExecution id="102">
>
> <recordType>simple</recordType>
>
> <timestamp>2024-01-05T09:55:45.939Z</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>modify</t:changeType>
>
> <t:objectType>c:ResourceType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000121838</token>
>
> </executionResult>
>
> <objectName>OPENLDAP CORP ORG</objectName>
>
> </operation>
>
> <status>success</status>
>
> <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
>
> <!-- administrator -->
>
> </initiatorRef>
>
> <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channel>
>
> </operationExecution>
>
> <indestructible>true</indestructible>
>
> <iteration>0</iteration>
>
> <iterationToken/>
>
> <administrativeOperationalState>
>
> <administrativeAvailabilityStatus>operational</administrativeAvailabilityStatus>
>
> </administrativeOperationalState>
>
> <operationalState>
>
> <lastAvailabilityStatus>up</lastAvailabilityStatus>
>
> <message>Status set to UP because resource schema was successfully fetched</message>
>
> <timestamp>2024-01-02T15:39:56.971Z</timestamp>
>
> <nodeId>DefaultNode</nodeId>
>
> </operationalState>
>
> <operationalStateHistory id="3">
>
> <lastAvailabilityStatus>up</lastAvailabilityStatus>
>
> <message>Status set to UP because resource schema was successfully fetched</message>
>
> <timestamp>2024-01-02T15:39:56.971Z</timestamp>
>
> <nodeId>DefaultNode</nodeId>
>
> </operationalStateHistory>
>
> <connectorRef oid="963d73b1-1b6c-4cbb-802d-92350c829d70" relation="org:default" type="c:ConnectorType">
>
> <!-- ConnId com.evolveum.polygon.connector.ldap.LdapConnector v3.6.1 -->
>
> </connectorRef>
>
> <connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
>
> <icfc:configurationProperties xmlns:gen872="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector">
>
> gen872:host172.16.0.1</gen872:host>
>
> gen872:port389</gen872:port>
>
> gen872:bindDncn=admin,dc=CORP,dc=org</gen872:bindDn>
>
> gen872:baseContextdc=CORP,dc=org</gen872:baseContext>
>
> gen872:passwordAttributepassword</gen872:passwordAttribute>
>
> gen872:passwordHashAlgorithmSSHA</gen872:passwordHashAlgorithm>
>
> gen872:pagingStrategyspr</gen872:pagingStrategy>
>
> gen872:vlvSortAttributeuid,cn,ou,dc</gen872:vlvSortAttribute>
>
> gen872:vlvSortOrderingRule2.5.13.3</gen872:vlvSortOrderingRule>
>
> gen872:readSchematrue</gen872:readSchema>
>
> gen872:usePermissiveModifyalways</gen872:usePermissiveModify>
>
> gen872:lockoutStrategyopenldap</gen872:lockoutStrategy>
>
> gen872:operationalAttributesmemberOf</gen872:operationalAttributes>
>
> gen872:operationalAttributescreateTimestamp</gen872:operationalAttributes>
>
> gen872:operationalAttributesmail</gen872:operationalAttributes>
>
> </icfc:configurationProperties>
>
> </connectorConfiguration>
>
> <schema>
>
> <cachingMetadata>
>
> <retrievalTimestamp>2024-01-05T07:29:13.297Z</retrievalTimestamp>
>
> <serialNumber>fe98b37b00311b15-329855bf6427711f</serialNumber>
>
> </cachingMetadata>
>
> <generationConstraints>
>
> <generateObjectClass>ri:organization</generateObjectClass>
>
> <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
>
> <generateObjectClass>ri:groupOfNames</generateObjectClass>
>
> <generateObjectClass>ri:midPointPerson</generateObjectClass>
>
> </generationConstraints>
>
> <definition>
>
> <xsd:schema xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:ra="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3" xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xml:space="preserve">
>
> <xsd:import namespace="http://prism.evolveum.com/xml/ns/public/annotation-3"/>
>
> <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"/>
>
> <xsd:complexType name="midPointPerson">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:container/>
>
> ra:resourceObject/
>
> ra:identifierri:entryUUID</ra:identifier>
>
> ra:secondaryIdentifierri:dn</ra:secondaryIdentifier>
>
> ra:displayNameAttributeri:dn</ra:displayNameAttribute>
>
> ra:namingAttributeri:dn</ra:namingAttribute>
>
> ra:nativeObjectClassmidPointPerson</ra:nativeObjectClass>
>
> ra:auxiliarytrue</ra:auxiliary>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> xsd:sequence
>
> <xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>createTimestamp</a:displayName>
>
> <a:displayOrder>120</a:displayOrder>
>
> <a:access>read</a:access>
>
> ra:nativeAttributeNamecreateTimestamp</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecreateTimestamp</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>memberOf</a:displayName>
>
> <a:displayOrder>130</a:displayOrder>
>
> <a:matchingRule xmlns:qn172="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn172:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamememberOf</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamememberOf</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>mail</a:displayName>
>
> <a:displayOrder>140</a:displayOrder>
>
> <a:matchingRule xmlns:qn477="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn477:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamemail</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemail</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="midPointAccountStatus" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>midPointAccountStatus</a:displayName>
>
> <a:displayOrder>150</a:displayOrder>
>
> <a:matchingRule xmlns:qn698="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn698:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamemidPointAccountStatus</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemidPointAccountStatus</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element name="dn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>dn</a:displayName>
>
> <a:displayOrder>110</a:displayOrder>
>
> <a:matchingRule xmlns:qn123="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn123:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamedn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameNAME</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>entryUUID</a:displayName>
>
> <a:displayOrder>100</a:displayOrder>
>
> <a:access>read</a:access>
>
> <a:matchingRule xmlns:qn877="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn877:uuid</a:matchingRule>
>
> ra:nativeAttributeNameentryUUID</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameUID</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
>
> </xsd:sequence>
>
> </xsd:complexType>
>
> <xsd:complexType name="groupOfNames">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:container/>
>
> ra:resourceObject/
>
> ra:identifierri:entryUUID</ra:identifier>
>
> ra:secondaryIdentifierri:dn</ra:secondaryIdentifier>
>
> ra:displayNameAttributeri:dn</ra:displayNameAttribute>
>
> ra:namingAttributeri:dn</ra:namingAttribute>
>
> ra:nativeObjectClassgroupOfNames</ra:nativeObjectClass>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> xsd:sequence
>
> <xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>createTimestamp</a:displayName>
>
> <a:displayOrder>120</a:displayOrder>
>
> <a:access>read</a:access>
>
> ra:nativeAttributeNamecreateTimestamp</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecreateTimestamp</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>memberOf</a:displayName>
>
> <a:displayOrder>130</a:displayOrder>
>
> <a:matchingRule xmlns:qn655="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn655:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamememberOf</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamememberOf</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="ou" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>ou</a:displayName>
>
> <a:displayOrder>140</a:displayOrder>
>
> <a:matchingRule xmlns:qn149="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn149:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameou</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameou</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" name="cn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>cn</a:displayName>
>
> <a:displayOrder>150</a:displayOrder>
>
> <a:matchingRule xmlns:qn411="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn411:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamecn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecn</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="o" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>o</a:displayName>
>
> <a:displayOrder>160</a:displayOrder>
>
> <a:matchingRule xmlns:qn105="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn105:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameo</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameo</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" name="member" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>member</a:displayName>
>
> <a:displayOrder>170</a:displayOrder>
>
> <a:matchingRule xmlns:qn136="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn136:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamemember</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemember</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="owner" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>owner</a:displayName>
>
> <a:displayOrder>180</a:displayOrder>
>
> <a:matchingRule xmlns:qn906="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn906:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNameowner</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameowner</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>mail</a:displayName>
>
> <a:displayOrder>190</a:displayOrder>
>
> <a:matchingRule xmlns:qn67="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn67:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamemail</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemail</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>seeAlso</a:displayName>
>
> <a:displayOrder>200</a:displayOrder>
>
> <a:matchingRule xmlns:qn747="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn747:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNameseeAlso</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameseeAlso</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>description</a:displayName>
>
> <a:displayOrder>210</a:displayOrder>
>
> <a:matchingRule xmlns:qn726="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn726:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedescription</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedescription</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>businessCategory</a:displayName>
>
> <a:displayOrder>220</a:displayOrder>
>
> <a:matchingRule xmlns:qn212="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn212:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamebusinessCategory</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamebusinessCategory</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element name="dn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>dn</a:displayName>
>
> <a:displayOrder>110</a:displayOrder>
>
> <a:matchingRule xmlns:qn811="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn811:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamedn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameNAME</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>entryUUID</a:displayName>
>
> <a:displayOrder>100</a:displayOrder>
>
> <a:access>read</a:access>
>
> <a:matchingRule xmlns:qn922="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn922:uuid</a:matchingRule>
>
> ra:nativeAttributeNameentryUUID</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameUID</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
>
> </xsd:sequence>
>
> </xsd:complexType>
>
> <xsd:complexType name="inetOrgPerson">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:container/>
>
> ra:resourceObject/
>
> ra:identifierri:entryUUID</ra:identifier>
>
> ra:secondaryIdentifierri:dn</ra:secondaryIdentifier>
>
> ra:displayNameAttributeri:dn</ra:displayNameAttribute>
>
> ra:namingAttributeri:dn</ra:namingAttribute>
>
> ra:nativeObjectClassinetOrgPerson</ra:nativeObjectClass>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> xsd:sequence
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="initials" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>initials</a:displayName>
>
> <a:displayOrder>120</a:displayOrder>
>
> <a:matchingRule xmlns:qn210="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn210:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameinitials</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameinitials</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>memberOf</a:displayName>
>
> <a:displayOrder>130</a:displayOrder>
>
> <a:matchingRule xmlns:qn955="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn955:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamememberOf</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamememberOf</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="homePhone" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>homePhone</a:displayName>
>
> <a:displayOrder>140</a:displayOrder>
>
> ra:nativeAttributeNamehomePhone</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamehomePhone</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="audio" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>audio</a:displayName>
>
> <a:displayOrder>150</a:displayOrder>
>
> ra:nativeAttributeNameaudio</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameaudio</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>mail</a:displayName>
>
> <a:displayOrder>160</a:displayOrder>
>
> <a:matchingRule xmlns:qn294="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn294:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamemail</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemail</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="carLicense" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>carLicense</a:displayName>
>
> <a:displayOrder>170</a:displayOrder>
>
> <a:matchingRule xmlns:qn978="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn978:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamecarLicense</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecarLicense</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="departmentNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>departmentNumber</a:displayName>
>
> <a:displayOrder>180</a:displayOrder>
>
> <a:matchingRule xmlns:qn551="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn551:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedepartmentNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedepartmentNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="manager" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>manager</a:displayName>
>
> <a:displayOrder>190</a:displayOrder>
>
> <a:matchingRule xmlns:qn53="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn53:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamemanager</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemanager</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>businessCategory</a:displayName>
>
> <a:displayOrder>200</a:displayOrder>
>
> <a:matchingRule xmlns:qn291="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn291:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamebusinessCategory</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamebusinessCategory</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="homePostalAddress" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>homePostalAddress</a:displayName>
>
> <a:displayOrder>210</a:displayOrder>
>
> ra:nativeAttributeNamehomePostalAddress</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamehomePostalAddress</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="secretary" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>secretary</a:displayName>
>
> <a:displayOrder>220</a:displayOrder>
>
> <a:matchingRule xmlns:qn681="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn681:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamesecretary</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamesecretary</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="photo" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>photo</a:displayName>
>
> <a:displayOrder>230</a:displayOrder>
>
> ra:nativeAttributeNamephoto</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamephoto</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="labeledURI" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>labeledURI</a:displayName>
>
> <a:displayOrder>240</a:displayOrder>
>
> ra:nativeAttributeNamelabeledURI</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamelabeledURI</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="displayName" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>displayName</a:displayName>
>
> <a:displayOrder>250</a:displayOrder>
>
> <a:matchingRule xmlns:qn457="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn457:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedisplayName</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedisplayName</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="pager" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>pager</a:displayName>
>
> <a:displayOrder>260</a:displayOrder>
>
> ra:nativeAttributeNamepager</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepager</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="roomNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>roomNumber</a:displayName>
>
> <a:displayOrder>270</a:displayOrder>
>
> <a:matchingRule xmlns:qn138="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn138:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameroomNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameroomNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="physicalDeliveryOfficeName" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>physicalDeliveryOfficeName</a:displayName>
>
> <a:displayOrder>280</a:displayOrder>
>
> <a:matchingRule xmlns:qn403="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn403:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamephysicalDeliveryOfficeName</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamephysicalDeliveryOfficeName</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="uid" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>uid</a:displayName>
>
> <a:displayOrder>290</a:displayOrder>
>
> <a:matchingRule xmlns:qn486="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn486:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameuid</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuid</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>seeAlso</a:displayName>
>
> <a:displayOrder>300</a:displayOrder>
>
> <a:matchingRule xmlns:qn296="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn296:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNameseeAlso</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameseeAlso</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="destinationIndicator" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>destinationIndicator</a:displayName>
>
> <a:displayOrder>310</a:displayOrder>
>
> <a:matchingRule xmlns:qn29="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn29:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedestinationIndicator</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedestinationIndicator</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postalAddress" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postalAddress</a:displayName>
>
> <a:displayOrder>320</a:displayOrder>
>
> ra:nativeAttributeNamepostalAddress</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostalAddress</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="preferredLanguage" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>preferredLanguage</a:displayName>
>
> <a:displayOrder>330</a:displayOrder>
>
> <a:matchingRule xmlns:qn913="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn913:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamepreferredLanguage</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepreferredLanguage</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="preferredDeliveryMethod" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>preferredDeliveryMethod</a:displayName>
>
> <a:displayOrder>340</a:displayOrder>
>
> ra:nativeAttributeNamepreferredDeliveryMethod</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepreferredDeliveryMethod</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="facsimileTelephoneNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>facsimileTelephoneNumber</a:displayName>
>
> <a:displayOrder>350</a:displayOrder>
>
> ra:nativeAttributeNamefacsimileTelephoneNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamefacsimileTelephoneNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="employeeType" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>employeeType</a:displayName>
>
> <a:displayOrder>360</a:displayOrder>
>
> <a:matchingRule xmlns:qn699="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn699:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameemployeeType</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameemployeeType</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="internationaliSDNNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>internationaliSDNNumber</a:displayName>
>
> <a:displayOrder>370</a:displayOrder>
>
> ra:nativeAttributeNameinternationaliSDNNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameinternationaliSDNNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postOfficeBox" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postOfficeBox</a:displayName>
>
> <a:displayOrder>380</a:displayOrder>
>
> <a:matchingRule xmlns:qn519="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn519:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamepostOfficeBox</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostOfficeBox</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="telephoneNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>telephoneNumber</a:displayName>
>
> <a:displayOrder>390</a:displayOrder>
>
> ra:nativeAttributeNametelephoneNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNametelephoneNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="l" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>l</a:displayName>
>
> <a:displayOrder>400</a:displayOrder>
>
> <a:matchingRule xmlns:qn302="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn302:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamel</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamel</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="employeeNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>employeeNumber</a:displayName>
>
> <a:displayOrder>410</a:displayOrder>
>
> <a:matchingRule xmlns:qn691="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn691:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameemployeeNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameemployeeNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="jpegPhoto" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>jpegPhoto</a:displayName>
>
> <a:displayOrder>420</a:displayOrder>
>
> ra:nativeAttributeNamejpegPhoto</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamejpegPhoto</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="o" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>o</a:displayName>
>
> <a:displayOrder>430</a:displayOrder>
>
> <a:matchingRule xmlns:qn699="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn699:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameo</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameo</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="userPKCS12" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>userPKCS12</a:displayName>
>
> <a:displayOrder>440</a:displayOrder>
>
> ra:nativeAttributeNameuserPKCS12</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuserPKCS12</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>description</a:displayName>
>
> <a:displayOrder>450</a:displayOrder>
>
> <a:matchingRule xmlns:qn205="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn205:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedescription</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedescription</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element name="dn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>dn</a:displayName>
>
> <a:displayOrder>110</a:displayOrder>
>
> <a:matchingRule xmlns:qn92="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn92:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamedn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameNAME</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" name="sn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>sn</a:displayName>
>
> <a:displayOrder>460</a:displayOrder>
>
> <a:matchingRule xmlns:qn44="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn44:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamesn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamesn</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="givenName" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>givenName</a:displayName>
>
> <a:displayOrder>470</a:displayOrder>
>
> <a:matchingRule xmlns:qn14="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn14:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamegivenName</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamegivenName</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="telexNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>telexNumber</a:displayName>
>
> <a:displayOrder>480</a:displayOrder>
>
> ra:nativeAttributeNametelexNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNametelexNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postalCode" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postalCode</a:displayName>
>
> <a:displayOrder>490</a:displayOrder>
>
> <a:matchingRule xmlns:qn216="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn216:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamepostalCode</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostalCode</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>createTimestamp</a:displayName>
>
> <a:displayOrder>500</a:displayOrder>
>
> <a:access>read</a:access>
>
> ra:nativeAttributeNamecreateTimestamp</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecreateTimestamp</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="userSMIMECertificate" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>userSMIMECertificate</a:displayName>
>
> <a:displayOrder>510</a:displayOrder>
>
> ra:nativeAttributeNameuserSMIMECertificate</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuserSMIMECertificate</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="userCertificate" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>userCertificate</a:displayName>
>
> <a:displayOrder>520</a:displayOrder>
>
> ra:nativeAttributeNameuserCertificate</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuserCertificate</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="st" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>st</a:displayName>
>
> <a:displayOrder>530</a:displayOrder>
>
> <a:matchingRule xmlns:qn568="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn568:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamest</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamest</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="teletexTerminalIdentifier" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>teletexTerminalIdentifier</a:displayName>
>
> <a:displayOrder>540</a:displayOrder>
>
> ra:nativeAttributeNameteletexTerminalIdentifier</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameteletexTerminalIdentifier</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="ou" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>ou</a:displayName>
>
> <a:displayOrder>550</a:displayOrder>
>
> <a:matchingRule xmlns:qn403="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn403:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameou</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameou</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="street" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>street</a:displayName>
>
> <a:displayOrder>560</a:displayOrder>
>
> <a:matchingRule xmlns:qn842="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn842:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamestreet</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamestreet</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" name="cn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>cn</a:displayName>
>
> <a:displayOrder>570</a:displayOrder>
>
> <a:matchingRule xmlns:qn704="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn704:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamecn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecn</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="userPassword" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>userPassword</a:displayName>
>
> <a:displayOrder>580</a:displayOrder>
>
> ra:nativeAttributeNameuserPassword</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuserPassword</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="registeredAddress" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>registeredAddress</a:displayName>
>
> <a:displayOrder>590</a:displayOrder>
>
> ra:nativeAttributeNameregisteredAddress</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameregisteredAddress</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="x121Address" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>x121Address</a:displayName>
>
> <a:displayOrder>600</a:displayOrder>
>
> ra:nativeAttributeNamex121Address</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamex121Address</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="title" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>title</a:displayName>
>
> <a:displayOrder>610</a:displayOrder>
>
> <a:matchingRule xmlns:qn604="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn604:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNametitle</ra:nativeAttributeName>
>
> ra:frameworkAttributeNametitle</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="x500UniqueIdentifier" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>x500UniqueIdentifier</a:displayName>
>
> <a:displayOrder>620</a:displayOrder>
>
> ra:nativeAttributeNamex500UniqueIdentifier</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamex500UniqueIdentifier</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="mobile" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>mobile</a:displayName>
>
> <a:displayOrder>630</a:displayOrder>
>
> ra:nativeAttributeNamemobile</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemobile</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>entryUUID</a:displayName>
>
> <a:displayOrder>100</a:displayOrder>
>
> <a:access>read</a:access>
>
> <a:matchingRule xmlns:qn139="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn139:uuid</a:matchingRule>
>
> ra:nativeAttributeNameentryUUID</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameUID</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
>
> </xsd:sequence>
>
> </xsd:complexType>
>
> <xsd:complexType name="organization">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:container/>
>
> ra:resourceObject/
>
> ra:identifierri:entryUUID</ra:identifier>
>
> ra:secondaryIdentifierri:dn</ra:secondaryIdentifier>
>
> ra:displayNameAttributeri:dn</ra:displayNameAttribute>
>
> ra:namingAttributeri:dn</ra:namingAttribute>
>
> ra:nativeObjectClassorganization</ra:nativeObjectClass>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> xsd:sequence
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="memberOf" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>memberOf</a:displayName>
>
> <a:displayOrder>120</a:displayOrder>
>
> <a:matchingRule xmlns:qn20="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn20:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamememberOf</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamememberOf</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="facsimileTelephoneNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>facsimileTelephoneNumber</a:displayName>
>
> <a:displayOrder>130</a:displayOrder>
>
> ra:nativeAttributeNamefacsimileTelephoneNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamefacsimileTelephoneNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="internationaliSDNNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>internationaliSDNNumber</a:displayName>
>
> <a:displayOrder>140</a:displayOrder>
>
> ra:nativeAttributeNameinternationaliSDNNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameinternationaliSDNNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postOfficeBox" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postOfficeBox</a:displayName>
>
> <a:displayOrder>150</a:displayOrder>
>
> <a:matchingRule xmlns:qn143="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn143:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamepostOfficeBox</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostOfficeBox</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="telephoneNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>telephoneNumber</a:displayName>
>
> <a:displayOrder>160</a:displayOrder>
>
> ra:nativeAttributeNametelephoneNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNametelephoneNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="l" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>l</a:displayName>
>
> <a:displayOrder>170</a:displayOrder>
>
> <a:matchingRule xmlns:qn939="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn939:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamel</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamel</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" name="o" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>o</a:displayName>
>
> <a:displayOrder>180</a:displayOrder>
>
> <a:matchingRule xmlns:qn912="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn912:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNameo</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameo</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="mail" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>mail</a:displayName>
>
> <a:displayOrder>190</a:displayOrder>
>
> <a:matchingRule xmlns:qn844="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn844:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamemail</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamemail</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="searchGuide" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>searchGuide</a:displayName>
>
> <a:displayOrder>200</a:displayOrder>
>
> ra:nativeAttributeNamesearchGuide</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamesearchGuide</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="description" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>description</a:displayName>
>
> <a:displayOrder>210</a:displayOrder>
>
> <a:matchingRule xmlns:qn227="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn227:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedescription</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedescription</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="businessCategory" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>businessCategory</a:displayName>
>
> <a:displayOrder>220</a:displayOrder>
>
> <a:matchingRule xmlns:qn186="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn186:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamebusinessCategory</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamebusinessCategory</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element name="dn" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>dn</a:displayName>
>
> <a:displayOrder>110</a:displayOrder>
>
> <a:matchingRule xmlns:qn963="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn963:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNamedn</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameNAME</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="telexNumber" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>telexNumber</a:displayName>
>
> <a:displayOrder>230</a:displayOrder>
>
> ra:nativeAttributeNametelexNumber</ra:nativeAttributeName>
>
> ra:frameworkAttributeNametelexNumber</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postalCode" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postalCode</a:displayName>
>
> <a:displayOrder>240</a:displayOrder>
>
> <a:matchingRule xmlns:qn102="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn102:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamepostalCode</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostalCode</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="createTimestamp" type="xsd:dateTime">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>createTimestamp</a:displayName>
>
> <a:displayOrder>250</a:displayOrder>
>
> <a:access>read</a:access>
>
> ra:nativeAttributeNamecreateTimestamp</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamecreateTimestamp</ra:frameworkAttributeName>
>
> ra:returnedByDefaultfalse</ra:returnedByDefault>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="st" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>st</a:displayName>
>
> <a:displayOrder>260</a:displayOrder>
>
> <a:matchingRule xmlns:qn638="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn638:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamest</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamest</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="teletexTerminalIdentifier" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>teletexTerminalIdentifier</a:displayName>
>
> <a:displayOrder>270</a:displayOrder>
>
> ra:nativeAttributeNameteletexTerminalIdentifier</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameteletexTerminalIdentifier</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="physicalDeliveryOfficeName" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>physicalDeliveryOfficeName</a:displayName>
>
> <a:displayOrder>280</a:displayOrder>
>
> <a:matchingRule xmlns:qn76="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn76:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamephysicalDeliveryOfficeName</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamephysicalDeliveryOfficeName</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="street" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>street</a:displayName>
>
> <a:displayOrder>290</a:displayOrder>
>
> <a:matchingRule xmlns:qn810="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn810:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamestreet</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamestreet</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="userPassword" type="xsd:base64Binary">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>userPassword</a:displayName>
>
> <a:displayOrder>300</a:displayOrder>
>
> ra:nativeAttributeNameuserPassword</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameuserPassword</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="seeAlso" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>seeAlso</a:displayName>
>
> <a:displayOrder>310</a:displayOrder>
>
> <a:matchingRule xmlns:qn965="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn965:distinguishedName</a:matchingRule>
>
> ra:nativeAttributeNameseeAlso</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameseeAlso</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="registeredAddress" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>registeredAddress</a:displayName>
>
> <a:displayOrder>320</a:displayOrder>
>
> ra:nativeAttributeNameregisteredAddress</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameregisteredAddress</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="destinationIndicator" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>destinationIndicator</a:displayName>
>
> <a:displayOrder>330</a:displayOrder>
>
> <a:matchingRule xmlns:qn923="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn923:stringIgnoreCase</a:matchingRule>
>
> ra:nativeAttributeNamedestinationIndicator</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamedestinationIndicator</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="postalAddress" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>postalAddress</a:displayName>
>
> <a:displayOrder>340</a:displayOrder>
>
> ra:nativeAttributeNamepostalAddress</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepostalAddress</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="x121Address" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>x121Address</a:displayName>
>
> <a:displayOrder>350</a:displayOrder>
>
> ra:nativeAttributeNamex121Address</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamex121Address</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="preferredDeliveryMethod" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>preferredDeliveryMethod</a:displayName>
>
> <a:displayOrder>360</a:displayOrder>
>
> ra:nativeAttributeNamepreferredDeliveryMethod</ra:nativeAttributeName>
>
> ra:frameworkAttributeNamepreferredDeliveryMethod</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
>
> xsd:annotation
>
> xsd:appinfo
>
> <a:displayName>entryUUID</a:displayName>
>
> <a:displayOrder>100</a:displayOrder>
>
> <a:access>read</a:access>
>
> <a:matchingRule xmlns:qn867="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn867:uuid</a:matchingRule>
>
> ra:nativeAttributeNameentryUUID</ra:nativeAttributeName>
>
> ra:frameworkAttributeNameUID</ra:frameworkAttributeName>
>
> </xsd:appinfo>
>
> </xsd:annotation>
>
> </xsd:element>
>
> <xsd:any maxOccurs="unbounded" minOccurs="0" namespace="##other" processContents="lax"/>
>
> </xsd:sequence>
>
> </xsd:complexType>
>
> </xsd:schema>
>
> </definition>
>
> </schema>
>
> <schemaHandling>
>
> <objectType id="6">
>
> <kind>account</kind>
>
> <intent>default</intent>
>
> <displayName>Default Account</displayName>
>
> <default>true</default>
>
> <objectClass>ri:inetOrgPerson</objectClass>
>
> <delineation>
>
> <objectClass>ri:inetOrgPerson</objectClass>
>
> </delineation>
>
> <focus>
>
> <type>c:UserType</type>
>
> </focus>
>
> <attribute id="13">
>
> <ref>ri:cn</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/fullName</path>
>
> </source>
>
> </outbound>
>
> <inbound id="97">
>
> <target>
>
> <path>$focus/fullName</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="14">
>
> <ref>ri:sn</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/familyName</path>
>
> </source>
>
> </outbound>
>
> <inbound id="22">
>
> <target>
>
> <path>$focus/familyName</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="15">
>
> <ref>ri:givenName</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/givenName</path>
>
> </source>
>
> </outbound>
>
> <inbound id="23">
>
> <target>
>
> <path>$focus/givenName</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="16">
>
> <ref>ri:l</ref>
>
> <inbound id="24">
>
> <target>
>
> <path>$focus/locality</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="17">
>
> <ref>ri:telephoneNumber</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/telephoneNumber</path>
>
> </source>
>
> </outbound>
>
> <inbound id="25">
>
> <target>
>
> <path>$focus/telephoneNumber</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="18">
>
> <ref>ri:employeeNumber</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/employeeNumber</path>
>
> </source>
>
> </outbound>
>
> <inbound id="26">
>
> <target>
>
> <path>$focus/employeeNumber</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="19">
>
> <ref>ri:employeeType</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/subtype</path>
>
> </source>
>
> </outbound>
>
> <inbound id="27">
>
> <target>
>
> <path>$focus/subtype</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="20">
>
> <ref>ri:mail</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/emailAddress</path>
>
> </source>
>
> </outbound>
>
> <inbound id="28">
>
> <target>
>
> <path>$focus/emailAddress</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="30">
>
> <ref>ri:dn</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/name</path>
>
> </source>
>
> <expression>
>
> <script>
>
> <code>'uid=' + name + ',ou=People,dc=CORP,dc=org'</code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> </attribute>
>
> <attribute id="31">
>
> <ref>ri:uid</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/name</path>
>
> </source>
>
> </outbound>
>
> <inbound id="95">
>
> <target>
>
> <path>$focus/name</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <activation>
>
> <administrativeStatus/>
>
> </activation>
>
> <synchronization>
>
> <reaction id="33">
>
> <situation>linked</situation>
>
> <actions>
>
> <link id="36"/>
>
> </actions>
>
> </reaction>
>
> <reaction id="34">
>
> <situation>deleted</situation>
>
> <actions>
>
> <deleteFocus id="37"/>
>
> </actions>
>
> </reaction>
>
> <reaction id="35">
>
> <situation>unlinked</situation>
>
> <actions>
>
> <unlink id="90"/>
>
> </actions>
>
> </reaction>
>
> </synchronization>
>
> </objectType>
>
> <objectType id="49">
>
> <kind>entitlement</kind>
>
> <intent>ldapGroup</intent>
>
> <displayName>Group Membership</displayName>
>
> <default>true</default>
>
> <objectClass>ri:groupOfNames</objectClass>
>
> <delineation>
>
> <objectClass>ri:groupOfNames</objectClass>
>
> </delineation>
>
> <focus>
>
> <type>c:RoleType</type>
>
> </focus>
>
> <attribute id="51">
>
> <ref>ri:cn</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/name</path>
>
> </source>
>
> </outbound>
>
> <inbound id="56">
>
> <target>
>
> <path>$focus/name</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="52">
>
> <ref>ri:description</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/description</path>
>
> </source>
>
> </outbound>
>
> <inbound id="57">
>
> <target>
>
> <path>$focus/description</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="53">
>
> <ref>ri:businessCategory</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/emailAddress</path>
>
> </source>
>
> </outbound>
>
> <inbound id="58">
>
> <target>
>
> <path>$focus/emailAddress</path>
>
> </target>
>
> </inbound>
>
> </attribute>
>
> <attribute id="54">
>
> <ref>ri:dn</ref>
>
> <outbound>
>
> <source>
>
> <path>$focus/name</path>
>
> </source>
>
> <expression>
>
> <script>
>
> <code>import javax.naming.ldap.Rdn
>
> import javax.naming.ldap.LdapName
>
> dn = new LdapName('ou=Groups,dc=CORP,dc=org')
> dn.add(new Rdn('cn', name.toString()))
> return dn.toString()</code>
>
> </script>
>
> </expression>
>
> </outbound>
>
> </attribute>
>
> <attribute id="55">
>
> <ref>ri:member</ref>
>
> <outbound>
>
> <expression>
>
> <value>uid=dummy,dc=dummy,dc=dummy</value>
>
> </expression>
>
> </outbound>
>
> </attribute>
>
> <association id="73">
>
> <ref>Group</ref>
>
> <kind>entitlement</kind>
>
> <intent>ldapGroup</intent>
>
> <direction>objectToSubject</direction>
>
> <associationAttribute>member</associationAttribute>
>
> <valueAttribute>ri:dn</valueAttribute>
>
> </association>
>
> <correlation>
>
> <correlators>
>
> <items id="84">
>
> <item id="85">
>
> <ref>c:name</ref>
>
> </item>
>
> </items>
>
> </correlators>
>
> </correlation>
>
> <synchronization>
>
> <reaction id="60">
>
> <situation>deleted</situation>
>
> <actions>
>
> <deleteFocus id="63"/>
>
> </actions>
>
> </reaction>
>
> <reaction id="61">
>
> <situation>linked</situation>
>
> <actions>
>
> <link id="64"/>
>
> </actions>
>
> </reaction>
>
> <reaction id="62">
>
> <situation>unlinked</situation>
>
> <actions>
>
> <unlink id="65"/>
>
> </actions>
>
> </reaction>
>
> </synchronization>
>
> </objectType>
>
> </schemaHandling>
>
> <capabilities>
>
> <cachingMetadata>
>
> <retrievalTimestamp>2024-01-05T07:29:13.286Z</retrievalTimestamp>
>
> <serialNumber>f6083908b7a800f0-3042be007ad195f7</serialNumber>
>
> </cachingMetadata>
>
> <native xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
>
> cap:schema/
>
> cap:discoverConfiguration/
>
> cap:activation
>
> cap:status/
>
> cap:lockoutStatus/
>
> </cap:activation>
>
> cap:liveSync/
>
> cap:create/
>
> cap:read
>
> cap:returnDefaultAttributesOptiontrue</cap:returnDefaultAttributesOption>
>
> </cap:read>
>
> cap:update
>
> cap:deltatrue</cap:delta>
>
> cap:addRemoveAttributeValuestrue</cap:addRemoveAttributeValues>
>
> </cap:update>
>
> cap:delete/
>
> cap:testConnection/
>
> cap:script
>
> <cap:host id="94">
>
> cap:typeconnector</cap:type>
>
> </cap:host>
>
> </cap:script>
>
> cap:pagedSearch/
>
> cap:auxiliaryObjectClasses/
>
> </native>
>
> </capabilities>
>
> </resource>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20240105/417e25c0/attachment.htm
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 141, Issue 1
> ****************************************
More information about the midPoint
mailing list