[midPoint] LDAP Resource configuration

Ivan Noris ivan.noris at evolveum.com
Wed Oct 2 17:51:53 CEST 2013 

Hi Deepak,

On 10/02/2013 05:31 PM, Deepak Natarajan wrote:
> Thank you very much - that worked beautifully.
>
> I can now see my resource connector working. I just need a few more pointers to get my head around everything...any help will be much appreciated.
>
> When I now click "Accounts" on my configured LDAP resource, I can see a list of LDAP users (of class inetOrgPerson...). This is great!

The Resource - Accounts is just displaying the real resource accounts on
your (LDAP) resource as you figured out. You can also click the accounts
to display details (attributes).

>
> How do I now flush these out as actual Midpoint users? (From my understanding these are just "accounts" on the LDAP resource). Is this where I need "Resource Schema Handling" to map these account references to actual Midpoint users? I just have a gap in my understanding.

You can import the resource accounts to midPoint using either Import
from resource (accessible from Resource - click on resource name to
display resource details - click Import from resource button); or
Reconciliation; or LiveSync synchronization (in the latter, only changes
from "now" will be synchronized). And again, as you have figured out,
this needs your resource schema handling (namely, inbound expressions)
and synchronization/correlation configuration (to specify what do you
want to do with the accounts).

The best would be if you check/look/modify some of our samples that have
name ending with "-sync", these are prepared for synchronization (either
Import, Reconciliation or LiveSync). The synchronization settings are
common for any synchronization flavour. The Resource (schema handling
and synchronization/correlation settings) specify WHAT to do; the tasks
only specify WHEN to do it (i.e. Import from resource is one-time task;
Reconciliation and LiveSync tasks are scheduled/repeating tasks).

If your resource (LDAP) is an authoritative source, you need only
inbound expressions for attributes in Schema handling and you don't need
outbound expressions.

I recommend to start wih our samples. Then, the simplest way of
importing would be the "Import from resource". Our -sync samples also
contain LiveSync task, you may use it or drop it from the sample before
importing. We have tested LDAP resource (connector) with OpenDJ and
Sun/Oracle Directory Server (as Radovan mentioned earlier today).

Hope this helps.

Regards,
Ivan


>
> Thank you!
>
> On 02/10/2013, at 16.53, Radovan Semancik <radovan.semancik at evolveum.com> wrote:
>
>> Hi,
>>
>> You are trying to add resource object. MidPoint expects a file with a single top-level element <resource>. However you are most likely trying to add a file that contains multiple objects. Such files have top-level element <objects> and the individual objects are inside this element. Many sample resource files are structured like this. Mostly because they do not contain just a simple resource definition but also definition of synchronization tasks, object templates, etc. We have tried to make the samples somehow complete and stand-alone.
>>
>> There is simple way to remedy your situation. Just use Configuration -> Import Object page. This page is more inteligent and can accepts files with multiple objects in them.
>>
>> Hope this helps.
>>
>> -- 
>>
>>                                           Radovan Semancik
>>                                          Software Architect
>>                                             evolveum.com
>>
>>
>>
>> On 10/02/2013 04:39 PM, Deepak Natarajan wrote:
>>> Hi Everyone -
>>>
>>> I am trying something very basic on my local Midpoint 2.2 instance - create a new LDAP resource configuration through the Administration GUI.
>>>
>>> I am running into this error :
>>> 	• Validation error: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected.
>>> 	• Cause: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected. [ HIDE ERROR STACK ]
>>> org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected.
>>> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
>>> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)
>>> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384)
>>> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318)
>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:417)
>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3182)
>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1806)
>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:705)
>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.beginNode(DOMValidatorHelper.java:273)
>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:240)
>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:186)
>>> at com.sun.org.apache.xerces.internal.jaxp.validation.ValidatorImpl.validate(ValidatorImpl.java:104)
>>> at com.evolveum.midpoint.common.validator.Validator.validateSchema(Validator.java:446)
>>> at com.evolveum.midpoint.common.validator.Validator.validateObjectInternal(Validator.java:348)
>>> at com.evolveum.midpoint.common.validator.Validator.validateObject(Validator.java:336)
>>> at com.evolveum.midpoint.web.page.PageBase.validateObject(PageBase.java:490)
>>>
>>> I used the basic example from the samples - just modifying connector properties as needed :
>>>
>>> http://git.evolveum.com/view/midpoint/v2.2/samples/resources/opendj/   (opendj-localhost-basic.xml)
>>>
>>> Has anyone encountered this?
>>>
>>> Thank you.
>>>
>>> Rgds/Deepak
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Consultant
  Evolveum, s.r.o
  ___________________________________________________
  "Semper cautus - semper paratus - semper idem Vix."

More information about the midPoint mailing list