[midPoint] attributeOrValueExists ERROR LDAP

Wed Dec 21 15:10:19 CET 2016

Hi

yes it is

<xsd:element 
maxOccurs=" unbounded "
minOccurs="0"
name="description"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>590</a:displayOrder>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>

intresting but sad.

Workaround WORKS. Thanks 

>Среда, 21 декабря 2016, 16:23 +03:00 от "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>:
>
>Hi,
>
>there is some interesting behavior:  Attribute ri:description seems to be multivalued (see the schema section in AD resource definition), but attribute is single-valued.
>
>Workaround - use limitations on "ri:description" attribute in schema handling section:
>
>         <attribute>
>           <c:ref>ri:description</c:ref>
>           <displayName>Description</displayName>
>           <limitations>
>       	        	<maxOccurs>1</maxOccurs>
>            </limitations>
>           <outbound>
>            .......
>
>
>Regards
>
>
>Roman Pudil
>solution architect
>
>gsm: [+420] 775 663 666
>e-mail:   roman.pudil at ami.cz        
>AMI Praha a.s.
>Pláničkova 11
>162 00 Praha 6
>tel./fax: [+420] 274 783 239
>web:   www.ami.cz        
>
>
>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
>
>
>
>------ Původní zpráva ------
>Od: "Wojciech Staszewski" < wojciech.staszewski at diagnostyka.pl >
>Komu:  midpoint at lists.evolveum.com
>Odesláno: 21.12.2016 13:03:36
>Předmět: Re: [midPoint] attributeOrValueExists ERROR LDAP
>
>>I have the same issue with LDAP with attributes from some objectclasses (e.g. SambaSamAccount).
>>And when I'm using my own custom auxiliary objectclass (OC), Midpoint tries to add this objectclass to LDAP accounts which already have this OC and I got errors.
>>I temoprary removed these OC from schema and don't use attributes from them.
>> 
>> 
>>W dniu 21.12.2016 o 07:17, oleg okunev pisze:
>>> Hello.
>>> 
>>> Strange problem i get when trying to modify decription in user which have link to AD account
>>> config of schema handling
>>> 
>>> <attribute>
>>>     <ref>ri:description</ref>
>>>        <outbound>
>>>          <source>
>>>              <path>description</path>
>>>          </source>
>>>        </outbound>
>>>        <inbound>
>>>          <target>
>>>              <path>description</path>
>>>          </target>
>>>        </inbound>
>>> </attribute>
>>> 
>>> 
>>> *Preview changes*
>>> 
>>> 
>>>       Modify User Archangel Gabriel (Gabriel)
>>> 
>>>  
>>> Item	Old value	New value
>>> Description	New Desc	New Desc NEW
>>> 
>>> 
>>> 
>>>       Secondary changes: 2 objects
>>> 
>>>  
>>> 
>>> 
>>>       Modify User Archangel Gabriel (Gabriel)
>>> 
>>>  
>>> Item	Old value	New value
>>> Description	New Desc	New Desc NEW
>>> 
>>> 
>>>       Modify Shadow CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru
>>> 
>>>  
>>> Item	Value
>>> resourceRef	 Active Directory Medusa (LDAPS) v2
>>> kind	ACCOUNT
>>> intent	default
>>> 
>>> 
>>>       Modify attributes
>>> 
>>>  
>>> Item	Old value	New value
>>> description	 	New Desc NEW
>>> 
>>> 
>>> 
>>> GOT this ERROR
>>> 
>>> Schema violation during processing shadow:
>>> shadow: CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru (OID:92d4a278-8d4f-46a3-af88-56bdf8529a95):
>>> Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru: [add:description: New Desc Second,]: attributeOrValueExists: 00002081: AtrErr: DSID-030F154F, #1:??0: 00002081: DSID-030F154F, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att d (description)?? (20)):
>>> 
>>> it looks like midpoint trying to add NEW attribute - i cant understand why not modify existing attribute value
>>> 
>>> I know it must be simple but i trying to search and failed(((
>>> i got 3 object classes : user group and OU
>>> 
>>> and one more thing
>>> after error decription is different - in user new - in AD old
>>> if i make reconcile -  in AD it became emty
>>> and after that any first decription  writes well in AD.
>>> 
>>> 
>>> 
>>> --
>>> oleg okunev
>>> 
>>> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>> 
>>> 
>>> _______________________________________________
>>> midPoint mailing list
>>>  midPoint at lists.evolveum.com
>>>  http://lists.evolveum.com/mailman/listinfo/midpoint
>>> 
>>Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
>>NIP: 675-12-65-009; REGON: 356366975
>>Kapitał zakładowy: 33 756 500 zł.
>> 
>>Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>>_______________________________________________
>>midPoint mailing list
>>midPoint at lists.evolveum.com
>>http://lists.evolveum.com/mailman/listinfo/midpoint
>_______________________________________________
>midPoint mailing list
>midPoint at lists.evolveum.com
>http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161221/ee87928f/attachment.htm>