[midPoint] LDAP objectClass attribute

Fabian Bosch fabian.bosch at daasi.de
Mon Nov 6 09:30:50 CET 2017 

Same here.
I tried to make the schemaHandling more permissive with

<limitations>
                     <minOccurs>0</minOccurs>
                     <access>
                         <read>true</read>
                         <add>true</add>
                         <modify>false</modify>
                     </access>
</limitations>

per attribute - or


<outbound>
                     <strength>weak</strength>

...

</outbound>


Do I really need to specify every single objectClass in the connector to 
make Midpoint ignoring unused attributes/objectClasses?

Where is the switch make Midpoint permissive against unknown 
LDAP-classes or attributes?

Regards,


Fabian Bosch


Am 05.11.2017 um 09:31 schrieb Petr Gašparík - AMI Praha a.s.:
> Hi guys,
> we have some serious troubles working with objectClass attributes.
>
> Situation:
> - in LDAP, there is a lot of users with different objectClasses (7 to 
> 20).
> - in midPoint, we need to manage only few of them 
> (objectclass=person, objectclass=organizationalperson, objectclass=inetorgperson, objectclass=inetUser, objectclass=top, objectclass=inetMailUser, objectclass=cpostUser, 
> with inetOrgPerson being structural)
>
> *Now, intented behaviour is:*
> - set objectClass if there is less than minimal set (6, mentioned above)
> - don't care about the rest (if ther is more than that)
>
> So far
> - we were able to set LDAP connector to add missing objectClass, BUT 
> that removes excessive objectClass (unwanted behaviour, a loss of 
> services)
> - we can also specify all possible objectClasses, BUT that also adds 
> unnecessary objectClasses (unwanted, add services)
>
> Thanks to you all that tries to help us!
>
> --
>
> s pozdravem
>
> Petr Gašparík
> solution architect
>
> gsm: [+420] 603 523 860
> mail: petr.gasparik at ami.cz <mailto:petr.gasparik at ami.cz>
>
> 			
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 			
>
> AMI Praha a.s.
>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171106/9a3ea70f/attachment.htm>

More information about the midPoint mailing list