[midPoint] distinguishedName required to outbound - WHY?
Ivan Noris
ivan.noris at evolveum.com
Mon Oct 3 16:16:47 CEST 2016
Well this is strange. I've revived my master midpoint instance with the
same resource and provisioning by adding projection works. No
"ri:distinguishedName required" problem.
The mandatory attr for the connector is ri:dn (this is equivalent to
icfs:name in old connector). ri:distinguishedName is not used in schema
handling. (Although such attribute seems to be valid for AD - I can see
it as readonly in returned object.)
What version of AD LDAP connector are you using? Also please check if
you are doing anything with ri:distinguishedName attribute in your
schemaHandling...
Ivan
On 10/03/2016 03:50 PM, oleg okunev wrote:
> from your answer
> https://jira.evolveum.com/browse/MID-3092?focusedCommentId=17980&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17980
>
> i use it (with ssl)
> https://github.com/Evolveum/midpoint/blob/fb5f9c431708dbda75f2096dd8a4e6e7295f144c/testing/conntest/src/test/resources/ad-ldap/resource-medusa.xml
>
> and one more thing when i open accounts on resourse it shows only
> users , and no one group
>
> Понедельник, 3 октября 2016, 15:55 +03:00 от Ivan Noris
> <ivan.noris at evolveum.com>:
>
> Hi,
>
> which sample resource have you used please?
>
> Regards,
>
> Ivan
>
>
> On 09/29/2016 02:15 PM, oleg okunev wrote:
>> Hi
>>
>> interesting thing
>> when i add projection of ad ldap to user in midpoint
>> it says 'distinguishedName' is required.
>>
>> 1.my config
>> Active Directory Medusa (MS AD LDAPS)
>>
>> ---
>> <attribute>
>> <ref>ri:dn</ref>
>> <displayName>distinguishedName</displayName>
>> <matchingRule>mr:distinguishedName</matchingRule>
>> <outbound>
>> <source>
>> <path>$user/fullName</path>
>> </source>
>> <expression>
>> <script>
>> <code>
>> 'CN=' + fullName + iterationToken + ',CN=Users,DC=abb-test,DC=com'
>> </code>
>> </script>
>> </expression>
>> </outbound>
>> </attribute>
>> ---
>>
>> 2.field with asterisk
>> distinguishedName *
>>
>> and i find this in GUI
>> look image/
>>
>> i think something wrong with matching rule
>>
>> also if i manualy write this field it works and after show me in
>> projection TWO same fields
>>
>>
>>
>> Name
>>
>> Display name
>>
>> Native attribute name
>>
>> Min/max occurs
>>
>> Order
>>
>> Returned by default
>> Displaying 31 to 40 of 334 matching result.
>> departmentNumber
>>
>> departmentNumber
>>
>> 0/-1
>>
>> 1860
>>
>> description
>>
>> description
>>
>> 0/-1
>>
>> 590
>>
>> esktopProfile
>>
>> desktopProfile
>>
>> 0/1
>>
>> 3120
>>
>> destinationIndicator
>>
>> destinationIndicator
>>
>> 0/-1
>>
>> 2160
>>
>> directReports
>>
>> directReports
>>
>> 0/-1
>>
>> 1420
>>
>> displayName
>>
>> displayName
>>
>> 0/1
>>
>> 1080
>>
>> displayNamePrintable
>>
>> displayNamePrintable
>>
>> 0/1
>>
>> 2480
>>
>> distinguishedName
>>
>> distinguishedName
>>
>> 0/1
>>
>> 3360
>>
>> division
>>
>> division
>>
>> 0/1
>>
>> 1410
>>
>> dn
>>
>> distinguishedName
>>
>> dn
>>
>> 1/1
>>
>> 110
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161003/2a46eb21/attachment.htm>
More information about the midPoint
mailing list