[midPoint] ignoring attributes when LDAP connector reads schema

Radovan Semancik radovan.semancik at evolveum.com
Thu Oct 27 10:22:47 CEST 2016


Hi,

No, connector does not have an option to ignore specific attributes. 
However the errors may not be critical. If you are using AD, 389ds or a 
similar LDAP server that does not completely complies with RFCs then you 
will see the schema errors in the log. If these are the errors produced 
by the Apache Directory API then they are mostly safe to ignore 
(org.apache.directory package). The errors produced by the connector 
code are important (com.evolveum.polygon.ldap package).

There are two reasons for that. Firstly there are broken LDAP servers 
that just won't comply with the standards. This is the real reason for 
the errors, but realistically there is nothing we can do about this. The 
secondly, the error handling and reporting in the Apache Directory API 
is not ideal. I have made some improvements in the current version of 
the Apache Directory API (as did other contributors). Now there is a 
possibility for the connector to process the errors, but the API logs 
the errors anyway. The Apache Directory API needs a larger 
re-engineering of the error handling code. But that would break API 
compatibility. So we (Apache Directory API comitters) have agreed to 
postpone these fixes after API 1.0 release. Currently the 1.0-RC2 
release is in progress, therefore we will hopefully get to fixing this 
issue soon ...

If you see any errors from the connector itself I would really wonder 
what these are. I have tested the connector with OpenLDAP (several 
versions), OpenDJ and 389ds. Almost the same code also applies to AD and 
eDirectory operations. Even though there are some schema errors all the 
attributes that I have tried worked fine.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 10/27/2016 08:38 AM, Brad Fardig wrote:
>
> Hi,
>
> Is it possible to have the LDAP connector ignore particular attributes 
> when it is dynamically building the schema?
>
> I have midPoint 3.4 with the LDAP connector version 1.4.2.19
>
> I am getting errors when the schema is being retrieved.  If I turn 
> quirks mode on the errors are as shown in connector-error1.log and 
> connector-error2.log (taken from idm.log.
>
> With quirks mode off the error is shown in err.txt.  The attribute in 
> question here has a complex syntax that is defined in the schema but 
> doesn’t appear to be returned by the directory as my LDAP admin tool 
> doesn’t show the syntax either.  The attribute is not used within any 
> entries in the directory but is defined as a “may” attribute within 
> several aux object classes.
>
> Kind Regards,
>
> Brad
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161027/51703c27/attachment.htm>


More information about the midPoint mailing list