[midPoint] attributeOrValueExists ERROR LDAP

Roman Pudil - AMI Praha a.s. roman.pudil at ami.cz
Wed Dec 21 14:23:38 CET 2016 

Hi,

there is some interesting behavior: Attribute ri:description seems to be 
multivalued (see the schema section in AD resource definition), but 
attribute is single-valued.

Workaround - use limitations on "ri:description" attribute in schema 
handling section:

          <attribute>
            <c:ref>ri:description</c:ref>
            <displayName>Description</displayName>
            <limitations>
        	        	<maxOccurs>1</maxOccurs>
			            </limitations>
            <outbound>
             .......


Regards


Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz




<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.



------ Původní zpráva ------
Od: "Wojciech Staszewski" <wojciech.staszewski at diagnostyka.pl>
Komu: midpoint at lists.evolveum.com
Odesláno: 21.12.2016 13:03:36
Předmět: Re: [midPoint] attributeOrValueExists ERROR LDAP

>I have the same issue with LDAP with attributes from some objectclasses 
>(e.g. SambaSamAccount).
>And when I'm using my own custom auxiliary objectclass (OC), Midpoint 
>tries to add this objectclass to LDAP accounts which already have this 
>OC and I got errors.
>I temoprary removed these OC from schema and don't use attributes from 
>them.
>
>
>W dniu 21.12.2016 o 07:17, oleg okunev pisze:
>>  Hello.
>>
>>  Strange problem i get when trying to modify decription in user which 
>>have link to AD account
>>  config of schema handling
>>
>>  <attribute>
>>      <ref>ri:description</ref>
>>         <outbound>
>>           <source>
>>               <path>description</path>
>>           </source>
>>         </outbound>
>>         <inbound>
>>           <target>
>>               <path>description</path>
>>           </target>
>>         </inbound>
>>  </attribute>
>>
>>
>>  *Preview changes*
>>
>>
>>        Modify User Archangel Gabriel (Gabriel)
>>
>>
>>  Item	Old value	New value
>>  Description	New Desc	New Desc NEW
>>
>>
>>
>>        Secondary changes: 2 objects
>>
>>
>>
>>
>>        Modify User Archangel Gabriel (Gabriel)
>>
>>
>>  Item	Old value	New value
>>  Description	New Desc	New Desc NEW
>>
>>
>>        Modify Shadow CN=Archangel 
>>Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru
>>
>>
>>  Item	Value
>>  resourceRef	 Active Directory Medusa (LDAPS) v2
>>  kind	ACCOUNT
>>  intent	default
>>
>>
>>        Modify attributes
>>
>>
>>  Item	Old value	New value
>>  description	 	New Desc NEW
>>
>>
>>
>>  GOT this ERROR
>>
>>  Schema violation during processing shadow:
>>  shadow: CN=Archangel 
>>Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru 
>>(OID:92d4a278-8d4f-46a3-af88-56bdf8529a95):
>>  Schema violation: Invalid attribute: 
>>org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error 
>>modifying LDAP entry CN=Archangel 
>>Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru: [add:description: 
>>New Desc Second,]: attributeOrValueExists: 00002081: AtrErr: 
>>DSID-030F154F, #1:??0: 00002081: DSID-030F154F, problem 1006 
>>(ATT_OR_VALUE_EXISTS), data 0, Att d (description)?? (20)):
>>
>>  it looks like midpoint trying to add NEW attribute - i cant 
>>understand why not modify existing attribute value
>>
>>  I know it must be simple but i trying to search and failed(((
>>  i got 3 object classes : user group and OU
>>
>>  and one more thing
>>  after error decription is different - in user new - in AD old
>>  if i make reconcile - in AD it became emty
>>  and after that any first decription writes well in AD.
>>
>>
>>
>>  --
>>  oleg okunev
>>
>>  
>>--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>>  _______________________________________________
>>  midPoint mailing list
>>  midPoint at lists.evolveum.com
>>  http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, 
>XI Wydział Gospodarczy KRS)
>NIP: 675-12-65-009; REGON: 356366975
>Kapitał zakładowy: 33 756 500 zł.
>
>Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>_______________________________________________
>midPoint mailing list
>midPoint at lists.evolveum.com
>http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161221/3e646143/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4339 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161221/3e646143/attachment.bin>

More information about the midPoint mailing list