[midPoint] Security Violation with Custom Attribute
Brad Firestone
bhotrock at gmail.com
Wed Mar 29 23:42:52 CEST 2017
Hi, I'm just getting started with my midPoint configuration. I have
setup an OpenLDAP resource that has custom attributes in a custom object
class. This resource should not ever be modified, so I have removed all
inbound settings, since I only want information to go out to this resource.
When I try to project a midPoint user to this resource, I get the
following error:
Security violation during processing shadow shadow: null (OID:null):
Attempt to add shadow with non-createable attribute
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}gnUniqueId
The attribute gnUniqueID exists in a custom schema XSD file and it does
display under the Extension section of the User in the GUI. Here's the
related section from the XSD file:
<xsd:element name="gnUniqueID" type="xsd:string" minOccurs="0"
maxOccurs="1">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>GN-UniqueID</a:displayName>
<a:displayOrder>120</a:displayOrder>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
Here is the attribute section of the Resource XML file:
<attribute>
<ref>ri:gnUniqueId</ref>
<displayName>GN Unique ID</displayName>
<limitations>
<access>
<read>true</read>
<add>false</add>
<modify>true</modify>
</access>
</limitations>
<outbound>
<source>
<path>$user/extension/gnUniqueID</path>
</source>
</outbound>
<matchingRule>mr:stringIgnoreCase</matchingRule>
</attribute>
I'll be happy to send additional config information, or the complete
error file, if that would be helpful. Thank you for any suggestions on
how to resolve this error!
Brad
More information about the midPoint
mailing list