[midPoint] filter LDAP entries
Jeria, Esteban
esteban.jeria at cgi.com
Thu May 31 17:51:44 CEST 2018
Hi,
I was wondering if there is a way to restrict the ldap connector so that it will only work with a subset of entries from an OU, like a filter.
We currently have a LAB environment with over 50K entries, so I would like to limit our tests with only a dozen of them, previously identified with an attribute (businessCategory = midpoint_test).
I tried using the <protected> section on the <schemaHandling> with a reversed filter:
<protected>
<filter>
<q:not>
<q:equal>
<q:path>attributes/businessCategory</q:path>
<q:value>midpoint_test</q:value>
</q:equal>
</q:not>
</filter>
</protected>
But it doesn't work properly, it really ignores the entries that don't match the attribute, but I have this error on the targeted entries and I'm unable to modify them.
SystemException: Security violation during processing shadow shadow: uid=testuser,ou=IT,ou=people,dc=example,dc=com (OID:4d030941-e623-46e2-8b17-2c99ae6639d5): Cannot modify protected resource object
Esteban Jeria
esteban.jeria at cgi.com<mailto:esteban.jeria at cgi.com>
Conseiller CGI / CGI Consultant
Sécurité - Gestion des Identités et des Accès / Security - Identity and Access Management
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180531/0d746000/attachment.htm>
More information about the midPoint
mailing list