[midPoint] ignoring attributes when LDAP connector reads schema
Radovan Semancik
radovan.semancik at evolveum.com
Thu Oct 27 10:22:47 CEST 2016
Hi,
No, connector does not have an option to ignore specific attributes.
However the errors may not be critical. If you are using AD, 389ds or a
similar LDAP server that does not completely complies with RFCs then you
will see the schema errors in the log. If these are the errors produced
by the Apache Directory API then they are mostly safe to ignore
(org.apache.directory package). The errors produced by the connector
code are important (com.evolveum.polygon.ldap package).
There are two reasons for that. Firstly there are broken LDAP servers
that just won't comply with the standards. This is the real reason for
the errors, but realistically there is nothing we can do about this. The
secondly, the error handling and reporting in the Apache Directory API
is not ideal. I have made some improvements in the current version of
the Apache Directory API (as did other contributors). Now there is a
possibility for the connector to process the errors, but the API logs
the errors anyway. The Apache Directory API needs a larger
re-engineering of the error handling code. But that would break API
compatibility. So we (Apache Directory API comitters) have agreed to
postpone these fixes after API 1.0 release. Currently the 1.0-RC2
release is in progress, therefore we will hopefully get to fixing this
issue soon ...
If you see any errors from the connector itself I would really wonder
what these are. I have tested the connector with OpenLDAP (several
versions), OpenDJ and 389ds. Almost the same code also applies to AD and
eDirectory operations. Even though there are some schema errors all the
attributes that I have tried worked fine.
--
Radovan Semancik
Software Architect
evolveum.com
On 10/27/2016 08:38 AM, Brad Fardig wrote:
>
> Hi,
>
> Is it possible to have the LDAP connector ignore particular attributes
> when it is dynamically building the schema?
>
> I have midPoint 3.4 with the LDAP connector version 1.4.2.19
>
> I am getting errors when the schema is being retrieved. If I turn
> quirks mode on the errors are as shown in connector-error1.log and
> connector-error2.log (taken from idm.log.
>
> With quirks mode off the error is shown in err.txt. The attribute in
> question here has a complex syntax that is defined in the schema but
> doesn’t appear to be returned by the directory as my LDAP admin tool
> doesn’t show the syntax either. The attribute is not used within any
> entries in the directory but is defined as a “may” attribute within
> several aux object classes.
>
> Kind Regards,
>
> Brad
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161027/51703c27/attachment.htm>
More information about the midPoint
mailing list