[midPoint] LDAP Resource configuration

Deepak Natarajan dnataraj at trilobytesystems.com
Wed Oct 9 08:19:51 CEST 2013 


This reply has been so helpful to me. I have been able to get our test/evaluation IDM instance to work with OpenDJ - now I have to port this to ApacheDS somehow.

I will share our configuration for ApacheDS if/when we figure it out.

Thank you!

On 02/10/2013, at 18.51, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi Deepak,
> 
> On 10/02/2013 05:31 PM, Deepak Natarajan wrote:
>> Thank you very much - that worked beautifully.
>> 
>> I can now see my resource connector working. I just need a few more pointers to get my head around everything...any help will be much appreciated.
>> 
>> When I now click "Accounts" on my configured LDAP resource, I can see a list of LDAP users (of class inetOrgPerson...). This is great!
> 
> The Resource - Accounts is just displaying the real resource accounts on
> your (LDAP) resource as you figured out. You can also click the accounts
> to display details (attributes).
> 
>> 
>> How do I now flush these out as actual Midpoint users? (From my understanding these are just "accounts" on the LDAP resource). Is this where I need "Resource Schema Handling" to map these account references to actual Midpoint users? I just have a gap in my understanding.
> 
> You can import the resource accounts to midPoint using either Import
> from resource (accessible from Resource - click on resource name to
> display resource details - click Import from resource button); or
> Reconciliation; or LiveSync synchronization (in the latter, only changes
> from "now" will be synchronized). And again, as you have figured out,
> this needs your resource schema handling (namely, inbound expressions)
> and synchronization/correlation configuration (to specify what do you
> want to do with the accounts).
> 
> The best would be if you check/look/modify some of our samples that have
> name ending with "-sync", these are prepared for synchronization (either
> Import, Reconciliation or LiveSync). The synchronization settings are
> common for any synchronization flavour. The Resource (schema handling
> and synchronization/correlation settings) specify WHAT to do; the tasks
> only specify WHEN to do it (i.e. Import from resource is one-time task;
> Reconciliation and LiveSync tasks are scheduled/repeating tasks).
> 
> If your resource (LDAP) is an authoritative source, you need only
> inbound expressions for attributes in Schema handling and you don't need
> outbound expressions.
> 
> I recommend to start wih our samples. Then, the simplest way of
> importing would be the "Import from resource". Our -sync samples also
> contain LiveSync task, you may use it or drop it from the sample before
> importing. We have tested LDAP resource (connector) with OpenDJ and
> Sun/Oracle Directory Server (as Radovan mentioned earlier today).
> 
> Hope this helps.
> 
> Regards,
> Ivan
> 
> 
>> 
>> Thank you!
>> 
>> On 02/10/2013, at 16.53, Radovan Semancik <radovan.semancik at evolveum.com> wrote:
>> 
>>> Hi,
>>> 
>>> You are trying to add resource object. MidPoint expects a file with a single top-level element <resource>. However you are most likely trying to add a file that contains multiple objects. Such files have top-level element <objects> and the individual objects are inside this element. Many sample resource files are structured like this. Mostly because they do not contain just a simple resource definition but also definition of synchronization tasks, object templates, etc. We have tried to make the samples somehow complete and stand-alone.
>>> 
>>> There is simple way to remedy your situation. Just use Configuration -> Import Object page. This page is more inteligent and can accepts files with multiple objects in them.
>>> 
>>> Hope this helps.
>>> 
>>> -- 
>>> 
>>>                                          Radovan Semancik
>>>                                         Software Architect
>>>                                            evolveum.com
>>> 
>>> 
>>> 
>>> On 10/02/2013 04:39 PM, Deepak Natarajan wrote:
>>>> Hi Everyone -
>>>> 
>>>> I am trying something very basic on my local Midpoint 2.2 instance - create a new LDAP resource configuration through the Administration GUI.
>>>> 
>>>> I am running into this error :
>>>> 	• Validation error: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected.
>>>> 	• Cause: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected. [ HIDE ERROR STACK ]
>>>> org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'resource'. One of '{"http://midpoint.evolveum.com/xml/ns/public/common/common-2a":object}' is expected.
>>>> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
>>>> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)
>>>> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384)
>>>> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318)
>>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:417)
>>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3182)
>>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1806)
>>>> at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:705)
>>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.beginNode(DOMValidatorHelper.java:273)
>>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:240)
>>>> at com.sun.org.apache.xerces.internal.jaxp.validation.DOMValidatorHelper.validate(DOMValidatorHelper.java:186)
>>>> at com.sun.org.apache.xerces.internal.jaxp.validation.ValidatorImpl.validate(ValidatorImpl.java:104)
>>>> at com.evolveum.midpoint.common.validator.Validator.validateSchema(Validator.java:446)
>>>> at com.evolveum.midpoint.common.validator.Validator.validateObjectInternal(Validator.java:348)
>>>> at com.evolveum.midpoint.common.validator.Validator.validateObject(Validator.java:336)
>>>> at com.evolveum.midpoint.web.page.PageBase.validateObject(PageBase.java:490)
>>>> 
>>>> I used the basic example from the samples - just modifying connector properties as needed :
>>>> 
>>>> http://git.evolveum.com/view/midpoint/v2.2/samples/resources/opendj/   (opendj-localhost-basic.xml)
>>>> 
>>>> Has anyone encountered this?
>>>> 
>>>> Thank you.
>>>> 
>>>> Rgds/Deepak
>>>> 
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> -- 
>  Ing. Ivan Noris
>  Consultant
>  Evolveum, s.r.o
>  ___________________________________________________
>  "Semper cautus - semper paratus - semper idem Vix."
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list