[midPoint] aux object class in ad-ldap connector
Jason Everling
jeverling at bshp.edu
Wed Sep 27 15:38:00 CEST 2017
Ok so that is exactly what it is, the users have to have the objectClass
directly assigned in AD within the 'objectClass' attribute and not just be
an auxiliary of the 'user' class. The only way I think I can continue and
use the AD-Ldap connector is to either directly assign all the aux
objectClass's to every user in AD or add each attribute to the 'user'
objectClass.
Does anybody else know of another way? The .NET connector saw the
attributes in either case, maybe I am missing something?
Thanks,
Jason
On Tue, Sep 26, 2017 at 6:29 PM, Jason Everling <jeverling at bshp.edu> wrote:
> I am thinking that it is maybe because we don't actually assign the
> auxiliary objectClasses to user's in AD? These aux classes are assigned
> 'top' as the parent class and the attributes are available to the user
> class through that route. Does anyone no if the reason is because my user's
> are not directly assigned the auxiliary objectClasses's?
>
> Other than that I don't see any differences between this and our openldap
> resource.
>
> Jason
>
>
> On Tue, Sep 26, 2017 at 2:34 PM, Jason Everling <jeverling at bshp.edu>
> wrote:
>
>> I have added my aux object classes to the resource, refreshed schema,
>> confirmed attributes are present in resource schema but when I go to
>> Resources -> View Resources -> Accounts and then browse the accounts on the
>> resource to check for attributes they are not present. The standard 'user'
>> object class attributes are visible but not my aux classes. Any other step
>> I might be missing for the ad-ldap connector?
>>
>> We also have a openldap directory resource and I defined them the same as
>> I did below for ad-ldap and they are working and visible, just not in this
>> ad-ldap resource
>>
>> For example, I defined them under schema generation
>>
>> <schema>
>> <generationConstraints>
>> <generateObjectClass>ri:user</generateObjectClass>
>> <generateObjectClass>ri:group</generateObjectClass>
>> <generateObjectClass>ri:bshpPerson</generateObjectClass>
>> <generateObjectClass>ri:bshpCourse</generateObjectClass>
>> <generateObjectClass>ri:bshpGroup</generateObjectClass>
>> </generationConstraints>
>> </schema>
>>
>> And then again under objectType as aux
>>
>> <objectType>
>> <kind>account</kind>
>> <displayName>Default Account</displayName>
>> <default>true</default>
>> <objectClass>ri:user</objectClass>
>> <auxiliaryObjectClass>ri:bshpPerson</auxiliaryObjectClass>
>> <auxiliaryObjectClass>ri:bshpCourse</auxiliaryObjectClass>
>> <auxiliaryObjectClass>ri:bshpGroup</auxiliaryObjectClass>
>>
>> Thanks!
>> Jason
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170927/202100f7/attachment.htm>
More information about the midPoint
mailing list