[midPoint] How to import/create a resource definition with a custom ldap object
Ivan Noris
ivan.noris at evolveum.com
Tue Mar 22 22:01:36 CET 2016
Hi Andreas,
please which version of midpoint and which connector type+version are
you using?
You don't generally need to manually hack <schema> if the connector can
see the object class.
Please try to temporarily remove the schema generation constraints,
remove <schema> in the resource and test the connection. Then look again
in the resource <schema> if the requires object class (customPerson) has
been detected properly.
Regards,
Ivan
On 03/22/2016 04:01 PM, Andreas Küstner wrote:
> Hello List,
>
> i try to import a openldap-server resource. Connection is established
> but my custom ldap object class (customPerson) won`t work.
>
> I tried it with a xml-resource-definiton file from midpoint samples. I
> modified the <schema>-Section to fit the object class. Here is a snippet:
>
>
> ---code---:
> <definition>
> <xsd:complexType name="customPerson">
> <xsd:annotation>
> <xsd:appinfo>
> <ra:resourceObject />
> <ra:identifier>ri:entryUUID</ra:identifier>
> <ra:secondaryIdentifier>ri:sn</ra:secondaryIdentifier>
> <ra:displayNameAttribute>ri:sn</ra:displayNameAttribute>
> <ra:namingAttribute>ri:sn</ra:namingAttribute>
> <ra:nativeObjectClass>customPerson</ra:nativeObjectClass>
> <ra:auxiliary>true</ra:auxiliary>
> </xsd:appinfo>
> </xsd:annotation>
> <xsd:sequence>
> <xsd:element name="uuid" type="xsd:string">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayOrder>120</a:displayOrder>
> <ra:nativeAttributeName>uuid</ra:nativeAttributeName>
> <ra:frameworkAttributeName>uuid</ra:frameworkAttributeName>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
> <xsd:element name="sn" type="xsd:string">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayOrder>110</a:displayOrder>
> <ra:nativeAttributeName>sn</ra:nativeAttributeName>
> <ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
> <xsd:element maxOccurs="unbounded" minOccurs="0" name="cn"
> type="xsd:string">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayOrder>130</a:displayOrder>
> <ra:nativeAttributeName>cn</ra:nativeAttributeName>
> <ra:frameworkAttributeName>cn</ra:frameworkAttributeName>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
> <xsd:element minOccurs="0" name="entryUUID" type="xsd:string">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayOrder>100</a:displayOrder>
> <a:access>read</a:access>
> <ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
> <ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
> </xsd:appinfo>
> </xsd:annotation>
> </xsd:element>
> </xsd:sequence>
> </xsd:complexType>
> </definition>
>
> <!-- workaround to MID-2723 -->
> <generationConstraints>
> <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
> <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
> <generateObjectClass>ri:groupOfNames</generateObjectClass>
> <generateObjectClass>ri:organizationalUnit</generateObjectClass>
> <generateObjectClass>ri:customPerson</generateObjectClass>
> </generationConstraints>
>
> </schema>
>
> ----end code---
>
>
> If i did it with the GUI wizard my customPerson class is recognized,
> but some attributes are missing (sn for example).
>
>
> What am i missing?
>
> Here is my CustomPerson ldap class:
>
> olcObjectClasses: {1}( Custom.ldap.oc:2 NAME 'CustomPerson' SUP top
> AUXILIARY DESC '
> Custom Person' X-ORIGIN 'Custom Ltd.' MUST ( uuid ) MAY ( cn ) )
> structuralObjectClass: olcSchemaConfig
> entryUUID: 1b1704ba-f0c6-1034-934d-13ecb1063800
> creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> createTimestamp: 20150916135351Z
> olcAttributeTypes: {0}( Custom.ldap.attr:2 NAME 'CustomIsDisabled' DESC
> 'determines
> whether the person is active or inactive (e.g. retired), defaults to
> false if
> not set' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' EQUALITY booleanMatch X-ORIGI
> N 'Custom Ltd.' SINGLE-VALUE )
> olcAttributeTypes: {1}( Custom.ldap.attr:3 NAME 'CustomUserNames' DESC
> 'user names o
> f the person; use Kerberos principal name preferably' SYNTAX
> 1.3.6.1.4.1.1466
> .115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
> X-ORI
> GIN 'Custom Ltd.' )
> olcAttributeTypes: {2}( Custom.ldap.attr:4 NAME 'CustomMail' DESC
> 'auxiliary mail ad
> resses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} EQUALITY
> caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch X-ORIGIN 'Custom Ltd.' )
> olcAttributeTypes: {3}( Custom.ldap.attr:5 NAME 'CustomSource' DESC
> 'primary source
> of this entity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 EQUALITY
> caseIgnoreIA5Ma
> tch SUBSTR caseIgnoreIA5SubstringsMatch X-ORIGIN 'Custom Ltd.' SINGLE-V
> ALUE )
> olcAttributeTypes: {4}( Custom.ldap.attr:6 NAME
> 'CustomIdentityCardNumber' DESC 'ide
> ntity card number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 EQUALITY
> caseIgnoreIA
> 5Match SUBSTR caseIgnoreIA5SubstringsMatch X-ORIGIN 'Custom Ltd.' SINGL
> E-VALUE )
> olcAttributeTypes: {5}( Custom.ldap.attr:1 NAME 'uuid' DESC 'universally
> unique i
> dentifier' SYNTAX 1.3.6.1.1.16.1 EQUALITY uuidMatch ORDERING
> uuidOrderingMatc
> h X-ORIGIN 'Custom Ltd.' SINGLE-VALUE )
> entryCSN: 20160205161704.898523Z#000000#000#000000
> modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> modifyTimestamp: 20160205161704Z
>
> Thank you for help!
>
> Best Regards
> Andy
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
More information about the midPoint
mailing list