[midPoint] Adding new posixaccount attributes

Shawn McKinney smckinney at symas.com
Tue Mar 1 16:12:19 CET 2016


Hello,

We are using midpoint 3.3 and this ldap connector (latest as of a couple of week ago):

    <name>ICF com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3.0-SNAPSHOT</name>

The current task, is to manage rfc2307bis posixAccount attributes from within the midpoint console.  These attributes correspond with an auxiliary object class in the LDAP entry.  

The resource schema definition excerpt can be found below.  Not the entire definition but enough to show you how we’re handling the aux object class posixAccount.

I’ve also extended the midpoint schema xsd file so the new attributes will show up in the console. 

Everything works fine when operating on ldap objects that already have existing the posixAccount aux objectClass attribute (i.e. prepopulated from the start).  But when I try to add the attributes to an ldap entry that has not already been prepopulated with aux objectClass (and corresponding must have attributes) I get this error:
   
"Schema violation during processing shadow: shadow: uid=foo2,ou=People,dc=example,dc=com (OID:afc71094-be90-40eb-9df9-da939145c65c): Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying entry uid=foo2,ou=People,dc=example,dc=com: attribute 'uidNumber' not allowed)->org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException(attribute 'uidNumber' not allowed)”

The error tells us midpoint is attempting to add these attributes without including the attribute for the aux object class itself:

objectClass: posixAccount

Without this attribute being included in the add operation of course it will fail.  My question, how do I compel the midpoint operation to include the necessary object class attribute when newly populating ldap objects?

Thanks in advance for your help,

Shawn


** Begin schema reference ***

	<schemaHandling>
		<objectType>
			<kind>account</kind>
			<displayName>Normal Account</displayName>
			<default>true</default>
			<objectClass>ri:inetOrgPerson</objectClass>
                        <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>

			<attribute>
				<c:ref>ri:homeDirectory</c:ref>
				<displayName>Home Directory</displayName>
				<limitations>
					<maxOccurs>1</maxOccurs>
				</limitations>
				<outbound>
					<source>
						<path>$user/extension/homeDirectory</path>
					</source>
				</outbound>
				<inbound>
					<target>
						<path>$user/extension/homeDirectory</path>
					</target>
				</inbound>
			</attribute>

			<attribute>
				<c:ref>ri:loginShell</c:ref>
				<displayName>Login Shell</displayName>
				<limitations>
					<maxOccurs>1</maxOccurs>
				</limitations>
				<outbound>
					<source>
						<path>$user/extension/loginShell</path>
					</source>
				</outbound>
				<inbound>
					<target>
						<path>$user/extension/loginShell</path>
					</target>
				</inbound>
			</attribute>

			<attribute>
				<c:ref>ri:gecos</c:ref>
				<displayName>Gecos</displayName>
				<limitations>
					<maxOccurs>1</maxOccurs>
				</limitations>
				<outbound>
					<source>
						<path>$user/extension/gecos</path>
					</source>
				</outbound>
				<inbound>
					<target>
						<path>$user/extension/gecos</path>
					</target>
				</inbound>
			</attribute>

			<attribute>
				<c:ref>ri:uidNumber</c:ref>
				<displayName>UserId Number</displayName>
				<limitations>
					<maxOccurs>1</maxOccurs>
				</limitations>
				<outbound>
					<source>
						<path>$user/extension/uidNumber</path>
					</source>
				</outbound>
				<inbound>
					<target>
						<path>$user/extension/uidNumber</path>
					</target>
				</inbound>
			</attribute>

			<attribute>
				<c:ref>ri:gidNumber</c:ref>
				<displayName>GroupId Number</displayName>
				<limitations>
					<maxOccurs>1</maxOccurs>
				</limitations>
				<outbound>
					<source>
						<path>$user/extension/gidNumber</path>
					</source>
				</outbound>
				<inbound>
					<target>
						<path>$user/extension/gidNumber</path>
					</target>
				</inbound>
			</attribute>

                      ….

** End schema reference ***


More information about the midPoint mailing list