[midPoint] Discovering Custom objectClasses

Keith Hazelton keith.hazelton at wisc.edu
Wed Sep 21 14:53:02 CEST 2016 

Radovan,

#1 worked!  I had initialized the OpenDJ resource and then added eduPerson and eduMember object classes to the LDAP schema later.  I deleted the whole <schema>…</schema> section, reloaded and it went through error free.

I will take the hint and submit a working sample resource definition for OpenDJ including auxiliary object classes.

        MANY thanks and now on to the next hurdle    =)     --Keith

___________________________________
email & jabber: keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>
calendar: http://go.wisc.edu/i6zxx0

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Radovan Semancik <radovan.semancik at evolveum.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Wednesday, September 21, 2016 at 07:37
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Discovering Custom objectClasses

Hi Keith,

That's strange. If you have eduPerson in your LDAP schema then it also should be in the midPoint shcema. Please have a look at your resource definition - the "live" version which is stored in midpoint repository (in miPoint GUI: Configuration > Repository objects > Resource). Look at the <schema> part. You should see complextType definitions for all object classes there. eduPerson should be there. If it is not there then I would guess that one of the following happened:

1. You have added eduPerson to LDAP schema after you have initialized the the resource in midPoint. MidPoint retrieves the resource schema only when it connects to the resource for the first time. After that midPoint is using the stored schema (to save round-trips as the schema can be big). If that is the case then simply delete the whole <schema> section and re-try. The schema will be refreshed.

2. For some strange reason the eduPerson is not visible in the LDAP schema. What LDAP server are you using? Can you make sure that eduPerson is visible in the LDAP schema by making LDAP search in cn=schema or cn=subschema?



--

Radovan Semancik

Software Architect

evolveum.com

On 09/21/2016 12:35 PM, Keith Hazelton wrote:
Per suggestion, I globally replaced the references to my “e:” namespace prefix with the “ri:” namespace prefix, but got the same “Partial Error” message on loading the resource .xml file:

“Schema error while processing schemaHandling section of resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2(Localhost OpenDJ): Auxiliary object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}eduPerson specified in rOCD(ACCOUNT:default={.../resource/instance-3}inetOrgPerson) does not exist”

I then tried a different approach, removing the <complexType> container elements for my auxiliary object class attributes in the schemaHandling section,  making them simple attribute elements of the inetOrgPerson complexType. I imported the edited .xml file and still got a partial error “auxiliary object class not found”:

<operationResult xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
                 xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
                 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<http://prism.evolveum.com/xml/ns/public/types-3>
                 xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<http://midpoint.evolveum.com/xml/ns/public/common/common-3>
                 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<http://prism.evolveum.com/xml/ns/public/query-3>
                 xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
   <operation>com.evolveum.midpoint.provisioning.api.ProvisioningService.searchObjects.object</operation>
   <status>partial_error</status>
   <token>1000000000000000554</token>
   <message>Schema error while processing schemaHandling section of resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2(Localhost OpenDJ): Auxiliary object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}eduPerson specified in rOCD(ACCOUNT:default={.../resource/instance-3}inetOrgPerson) does not exist</message>
   <partialResults>
      <operation>com.evolveum.midpoint.provisioning.impl.ResourceManager.completeResource</operation>
      <status>partial_error</status>
      <token>1000000000000000555</token>
      <message>Schema error while processing schemaHandling section of resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3e1a2(Localhost OpenDJ): Auxiliary object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}eduPerson specified in rOCD(ACCOUNT:default={.../resource/instance-3}inetOrgPerson) does not exist</message>
      <partialResults>
         <operation>com.evolveum.midpoint.repo.api.RepositoryService.getVersion</operation>
         <status>success</status>
         <params>
            <entry key="oid">
               <paramValue>00916739-66f5-41fc-b0c3-fe8577d650e4</paramValue>
            </entry>
            <entry key="type">
               <paramValue>com.evolveum.midpoint.xml.ns._public.common.common_3.ConnectorType</paramValue>
            </entry>
         </params>
         <token>1000000000000000556</token>
      </partialResults>
   </partialResults>
</operationResult>



___________________________________
email & jabber: keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>
calendar: http://go.wisc.edu/i6zxx0

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Radovan Semancik <radovan.semancik at evolveum.com><mailto:radovan.semancik at evolveum.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday, September 20, 2016 at 07:29
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Discovering Custom objectClasses

Hi,

I think I see the problem. It is the namespace of the eduPerson object class. You have to use the "ri" namespace (http://midpoint.evolveum.com/xml/ns/public/resource/instance-3). MidPoint does not know that eduPerson is not core LDAP schema. LDAP server reports eduPerson in exactly the same way as any other core object class. Therefore for midPoint eduPerson and inetOrgPerson are just different object classes from the same namespace.
(Yes, theoretically we could look at object class OIDs and use that, but there is no support for namespaces in ConnId anyway and that would complicate the things by a great deal. So we are not doing that.)

So, if you replace e:eduPerson with ri:eduPerson then your configuration should work.

If you are interested in a deeper explanation you can find it here:
https://wiki.evolveum.com/display/midPoint/Resource+Schema
https://wiki.evolveum.com/display/midPoint/Resource+and+Connector+Schema+Explanation




--

Radovan Semancik

Software Architect

evolveum.com





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160921/4ae9409f/attachment.htm>

More information about the midPoint mailing list