[midPoint] midPoint Digest, Vol 87, Issue 8
Keith LeValley
klevalley2 at davenport.edu
Tue Jul 9 21:35:38 CEST 2019
It is all self contained within a VM (including the openldap server) and it
is completely for development purposes with no real data.
<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="
http://prism.evolveum.com/xml/ns/public/types-3"
oid="ebd0bf7b-7e80-4175-ba5e-4fd5de2ecd62" version="211">
<name>LDAP Server (OpenLDAP) over new LDAPConn.</name>
<description>LDAP resource using new LDAP Connector based on Apache
Directory API. It contains configuration
for connecting to an OpenLDAP instance running on the
localhost.</description>
<metadata>
<createTimestamp>2019-06-13T11:04:21.220-04:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<createChannel>
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
</createChannel>
<modifyTimestamp>2019-07-09T14:36:32.360-04:00</modifyTimestamp>
<modifierRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<modifyChannel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user
</modifyChannel>
</metadata>
<operationExecution id="61">
<timestamp>2019-07-09T10:16:31.392-04:00</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<token>1000000000000013517</token>
</executionResult>
<objectName>LDAP Server (OpenLDAP) over new
LDAPConn.</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
</operationExecution>
<operationExecution id="62">
<timestamp>2019-07-09T10:19:38.385-04:00</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<token>1000000000000014483</token>
</executionResult>
<objectName>LDAP Server (OpenLDAP) over new
LDAPConn.</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
</operationExecution>
<operationExecution id="63">
<timestamp>2019-07-09T10:44:16.315-04:00</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<token>1000000000000017283</token>
</executionResult>
<objectName>LDAP Server (OpenLDAP) over new
LDAPConn.</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
</operationExecution>
<operationExecution id="64">
<timestamp>2019-07-09T14:33:38.675-04:00</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<token>1000000000000025502</token>
</executionResult>
<objectName>LDAP Server (OpenLDAP) over new
LDAPConn.</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
</operationExecution>
<operationExecution id="65">
<timestamp>2019-07-09T14:36:32.463-04:00</timestamp>
<operation>
<objectDelta>
<t:changeType>modify</t:changeType>
<t:objectType>c:ResourceType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<token>1000000000000025802</token>
</executionResult>
<objectName>LDAP Server (OpenLDAP) over new
LDAPConn.</objectName>
</operation>
<status>success</status>
<initiatorRef oid="00000000-0000-0000-0000-000000000002"
relation="org:default" type="c:UserType"/>
<channel>
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
</operationExecution>
<operationalState>
<lastAvailabilityStatus>up</lastAvailabilityStatus>
</operationalState>
<connectorRef oid="98adc7e0-4f3c-4162-92e3-65f0b7b68be5"
relation="org:default" type="c:ConnectorType"/>
<connectorConfiguration xmlns:icfc="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3
">
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:filteredResultsHandlerInValidationMode>false</icfc:filteredResultsHandlerInValidationMode>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
<icfc:configurationProperties xmlns:gen772="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.LdapConnector
">
<gen772:host>localhost</gen772:host>
<gen772:port>389</gen772:port>
<gen772:bindDn>cn=ldapadm,dc=dutest,dc=edu</gen772:bindDn>
<gen772:bindPassword>
<t:encryptedData>
<t:encryptionMethod>
<t:algorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc</t:algorithm>
</t:encryptionMethod>
<t:keyInfo>
<t:keyName>2iM5OxZ1GxxcCoz0Mlg9k7pcZbo=</t:keyName>
</t:keyInfo>
<t:cipherData>
<t:cipherValue>P0iv29QX/Pnfd7r6flte5xvErerPnLfX5zC5c4ZsIQg=</t:cipherValue>
</t:cipherData>
</t:encryptedData>
</gen772:bindPassword>
<gen772:baseContext>dc=dutest,dc=edu</gen772:baseContext>
<gen772:passwordHashAlgorithm>SSHA</gen772:passwordHashAlgorithm>
<gen772:pagingStrategy>spr</gen772:pagingStrategy>
<gen772:vlvSortAttribute>uid,cn,ou,dc</gen772:vlvSortAttribute>
<gen772:vlvSortOrderingRule>2.5.13.3</gen772:vlvSortOrderingRule>
<gen772:operationalAttributes>memberOf</gen772:operationalAttributes>
<gen772:operationalAttributes>createTimestamp</gen772:operationalAttributes>
</icfc:configurationProperties>
</connectorConfiguration>
<schema>
<cachingMetadata>
<retrievalTimestamp>2019-07-09T09:55:41.500-04:00</retrievalTimestamp>
<serialNumber>b211f89a77a8abdb-516cd9350e1d3c6f</serialNumber>
</cachingMetadata>
<generationConstraints>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass>
<generateObjectClass>ri:groupOfNames</generateObjectClass>
<generateObjectClass>ri:organizationalUnit</generateObjectClass>
</generationConstraints>
<definition>
<xsd:schema xmlns:a="
http://prism.evolveum.com/xml/ns/public/annotation-3" xmlns:ra="
http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"
xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
targetNamespace="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
<xsd:import namespace="
http://prism.evolveum.com/xml/ns/public/annotation-3"/>
<xsd:import namespace="
http://midpoint.evolveum.com/xml/ns/public/resource/annotation-3"/>
<xsd:complexType name="organizationalUnit">
<xsd:annotation>
<xsd:appinfo>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>organizationalUnit</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element minOccurs="0" name="memberOf"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>120</a:displayOrder>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="facsimileTelephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>130</a:displayOrder>
<ra:nativeAttributeName>facsimileTelephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>facsimileTelephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="internationaliSDNNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>140</a:displayOrder>
<ra:nativeAttributeName>internationaliSDNNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>internationaliSDNNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postOfficeBox" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>150</a:displayOrder>
<a:matchingRule xmlns:qn420="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn420:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postOfficeBox</ra:nativeAttributeName>
<ra:frameworkAttributeName>postOfficeBox</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="telephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>160</a:displayOrder>
<ra:nativeAttributeName>telephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="l" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn532="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn532:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>l</ra:nativeAttributeName>
<ra:frameworkAttributeName>l</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="searchGuide" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>180</a:displayOrder>
<ra:nativeAttributeName>searchGuide</ra:nativeAttributeName>
<ra:frameworkAttributeName>searchGuide</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn784="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn784:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>200</a:displayOrder>
<a:matchingRule xmlns:qn236="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn236:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn407="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn407:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="telexNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>210</a:displayOrder>
<ra:nativeAttributeName>telexNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telexNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postalCode" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>220</a:displayOrder>
<a:matchingRule xmlns:qn147="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn147:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postalCode</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalCode</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="createTimestamp"
type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>230</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="st" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>240</a:displayOrder>
<a:matchingRule xmlns:qn655="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn655:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>st</ra:nativeAttributeName>
<ra:frameworkAttributeName>st</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="teletexTerminalIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>250</a:displayOrder>
<ra:nativeAttributeName>teletexTerminalIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>teletexTerminalIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="ou"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>260</a:displayOrder>
<a:matchingRule xmlns:qn897="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn897:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>ou</ra:nativeAttributeName>
<ra:frameworkAttributeName>ou</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="physicalDeliveryOfficeName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>270</a:displayOrder>
<a:matchingRule xmlns:qn429="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn429:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>physicalDeliveryOfficeName</ra:nativeAttributeName>
<ra:frameworkAttributeName>physicalDeliveryOfficeName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="street" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>280</a:displayOrder>
<a:matchingRule xmlns:qn256="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn256:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>street</ra:nativeAttributeName>
<ra:frameworkAttributeName>street</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>290</a:displayOrder>
<a:matchingRule xmlns:qn260="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn260:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="registeredAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>300</a:displayOrder>
<ra:nativeAttributeName>registeredAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>registeredAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="destinationIndicator" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>310</a:displayOrder>
<a:matchingRule xmlns:qn393="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn393:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>destinationIndicator</ra:nativeAttributeName>
<ra:frameworkAttributeName>destinationIndicator</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>320</a:displayOrder>
<ra:nativeAttributeName>postalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="x121Address" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>330</a:displayOrder>
<ra:nativeAttributeName>x121Address</ra:nativeAttributeName>
<ra:frameworkAttributeName>x121Address</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0"
name="preferredDeliveryMethod" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>340</a:displayOrder>
<ra:nativeAttributeName>preferredDeliveryMethod</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredDeliveryMethod</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn998="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn998:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="groupOfNames">
<xsd:annotation>
<xsd:appinfo>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>groupOfNames</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element minOccurs="0" name="createTimestamp"
type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>120</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="memberOf"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>130</a:displayOrder>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="ou" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>140</a:displayOrder>
<a:matchingRule xmlns:qn837="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn837:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>ou</ra:nativeAttributeName>
<ra:frameworkAttributeName>ou</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="cn"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>150</a:displayOrder>
<a:matchingRule xmlns:qn177="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn177:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>cn</ra:nativeAttributeName>
<ra:frameworkAttributeName>cn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="o" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>160</a:displayOrder>
<a:matchingRule xmlns:qn211="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn211:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>o</ra:nativeAttributeName>
<ra:frameworkAttributeName>o</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="member"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn555="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn555:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>member</ra:nativeAttributeName>
<ra:frameworkAttributeName>member</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="owner" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>180</a:displayOrder>
<a:matchingRule xmlns:qn482="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn482:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>owner</ra:nativeAttributeName>
<ra:frameworkAttributeName>owner</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn789="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn789:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>200</a:displayOrder>
<a:matchingRule xmlns:qn215="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn215:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>210</a:displayOrder>
<a:matchingRule xmlns:qn53="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn53:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn159="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn159:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn438="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn438:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="inetOrgPerson">
<xsd:annotation>
<xsd:appinfo>
<ra:resourceObject/>
<ra:identifier>ri:entryUUID</ra:identifier>
<ra:secondaryIdentifier>ri:dn</ra:secondaryIdentifier>
<ra:displayNameAttribute>ri:dn</ra:displayNameAttribute>
<ra:namingAttribute>ri:dn</ra:namingAttribute>
<ra:nativeObjectClass>inetOrgPerson</ra:nativeObjectClass>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="initials" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>120</a:displayOrder>
<a:matchingRule xmlns:qn546="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn546:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>initials</ra:nativeAttributeName>
<ra:frameworkAttributeName>initials</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="memberOf"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>130</a:displayOrder>
<ra:nativeAttributeName>memberOf</ra:nativeAttributeName>
<ra:frameworkAttributeName>memberOf</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="homePhone" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>140</a:displayOrder>
<ra:nativeAttributeName>homePhone</ra:nativeAttributeName>
<ra:frameworkAttributeName>homePhone</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="audio" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>150</a:displayOrder>
<ra:nativeAttributeName>audio</ra:nativeAttributeName>
<ra:frameworkAttributeName>audio</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="mail" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>160</a:displayOrder>
<a:matchingRule xmlns:qn84="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn84:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>mail</ra:nativeAttributeName>
<ra:frameworkAttributeName>mail</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="carLicense" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>170</a:displayOrder>
<a:matchingRule xmlns:qn909="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn909:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>carLicense</ra:nativeAttributeName>
<ra:frameworkAttributeName>carLicense</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="departmentNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>180</a:displayOrder>
<a:matchingRule xmlns:qn627="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn627:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>departmentNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>departmentNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="manager" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>190</a:displayOrder>
<a:matchingRule xmlns:qn865="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn865:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>manager</ra:nativeAttributeName>
<ra:frameworkAttributeName>manager</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="businessCategory" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>200</a:displayOrder>
<a:matchingRule xmlns:qn347="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn347:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>businessCategory</ra:nativeAttributeName>
<ra:frameworkAttributeName>businessCategory</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="homePostalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>210</a:displayOrder>
<ra:nativeAttributeName>homePostalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>homePostalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="secretary" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>220</a:displayOrder>
<a:matchingRule xmlns:qn777="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn777:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>secretary</ra:nativeAttributeName>
<ra:frameworkAttributeName>secretary</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="photo" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>230</a:displayOrder>
<ra:nativeAttributeName>photo</ra:nativeAttributeName>
<ra:frameworkAttributeName>photo</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="labeledURI" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>240</a:displayOrder>
<ra:nativeAttributeName>labeledURI</ra:nativeAttributeName>
<ra:frameworkAttributeName>labeledURI</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="displayName"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>250</a:displayOrder>
<a:matchingRule xmlns:qn440="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn440:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>displayName</ra:nativeAttributeName>
<ra:frameworkAttributeName>displayName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="pager" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>260</a:displayOrder>
<ra:nativeAttributeName>pager</ra:nativeAttributeName>
<ra:frameworkAttributeName>pager</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="roomNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>270</a:displayOrder>
<a:matchingRule xmlns:qn312="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn312:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>roomNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>roomNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="physicalDeliveryOfficeName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>280</a:displayOrder>
<a:matchingRule xmlns:qn897="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn897:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>physicalDeliveryOfficeName</ra:nativeAttributeName>
<ra:frameworkAttributeName>physicalDeliveryOfficeName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="uid" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>290</a:displayOrder>
<a:matchingRule xmlns:qn254="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn254:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>uid</ra:nativeAttributeName>
<ra:frameworkAttributeName>uid</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="seeAlso" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>300</a:displayOrder>
<a:matchingRule xmlns:qn179="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn179:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>seeAlso</ra:nativeAttributeName>
<ra:frameworkAttributeName>seeAlso</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="destinationIndicator" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>310</a:displayOrder>
<a:matchingRule xmlns:qn197="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn197:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>destinationIndicator</ra:nativeAttributeName>
<ra:frameworkAttributeName>destinationIndicator</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postalAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>320</a:displayOrder>
<ra:nativeAttributeName>postalAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="preferredLanguage"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>330</a:displayOrder>
<a:matchingRule xmlns:qn275="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn275:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>preferredLanguage</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredLanguage</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0"
name="preferredDeliveryMethod" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>340</a:displayOrder>
<ra:nativeAttributeName>preferredDeliveryMethod</ra:nativeAttributeName>
<ra:frameworkAttributeName>preferredDeliveryMethod</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="facsimileTelephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>350</a:displayOrder>
<ra:nativeAttributeName>facsimileTelephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>facsimileTelephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="employeeType" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>360</a:displayOrder>
<a:matchingRule xmlns:qn310="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn310:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>employeeType</ra:nativeAttributeName>
<ra:frameworkAttributeName>employeeType</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="internationaliSDNNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>370</a:displayOrder>
<ra:nativeAttributeName>internationaliSDNNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>internationaliSDNNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postOfficeBox" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>380</a:displayOrder>
<a:matchingRule xmlns:qn235="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn235:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postOfficeBox</ra:nativeAttributeName>
<ra:frameworkAttributeName>postOfficeBox</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="telephoneNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>390</a:displayOrder>
<ra:nativeAttributeName>telephoneNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telephoneNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="l" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>400</a:displayOrder>
<a:matchingRule xmlns:qn989="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn989:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>l</ra:nativeAttributeName>
<ra:frameworkAttributeName>l</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="employeeNumber"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>410</a:displayOrder>
<a:matchingRule xmlns:qn412="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn412:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>employeeNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>employeeNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="jpegPhoto" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>420</a:displayOrder>
<ra:nativeAttributeName>jpegPhoto</ra:nativeAttributeName>
<ra:frameworkAttributeName>jpegPhoto</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="o" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>430</a:displayOrder>
<a:matchingRule xmlns:qn245="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn245:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>o</ra:nativeAttributeName>
<ra:frameworkAttributeName>o</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="userPKCS12" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>440</a:displayOrder>
<ra:nativeAttributeName>userPKCS12</ra:nativeAttributeName>
<ra:frameworkAttributeName>userPKCS12</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="description" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>450</a:displayOrder>
<a:matchingRule xmlns:qn400="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn400:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>description</ra:nativeAttributeName>
<ra:frameworkAttributeName>description</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="dn" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>110</a:displayOrder>
<a:matchingRule xmlns:qn434="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn434:distinguishedName</a:matchingRule>
<ra:nativeAttributeName>dn</ra:nativeAttributeName>
<ra:frameworkAttributeName>__NAME__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="sn"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>460</a:displayOrder>
<a:matchingRule xmlns:qn702="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn702:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>sn</ra:nativeAttributeName>
<ra:frameworkAttributeName>sn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="givenName" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>470</a:displayOrder>
<a:matchingRule xmlns:qn338="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn338:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>givenName</ra:nativeAttributeName>
<ra:frameworkAttributeName>givenName</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="telexNumber" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>480</a:displayOrder>
<ra:nativeAttributeName>telexNumber</ra:nativeAttributeName>
<ra:frameworkAttributeName>telexNumber</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="postalCode" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>490</a:displayOrder>
<a:matchingRule xmlns:qn677="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn677:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>postalCode</ra:nativeAttributeName>
<ra:frameworkAttributeName>postalCode</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="createTimestamp"
type="xsd:dateTime">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>500</a:displayOrder>
<a:access>read</a:access>
<ra:nativeAttributeName>createTimestamp</ra:nativeAttributeName>
<ra:frameworkAttributeName>createTimestamp</ra:frameworkAttributeName>
<ra:returnedByDefault>false</ra:returnedByDefault>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="userSMIMECertificate" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>510</a:displayOrder>
<ra:nativeAttributeName>userSMIMECertificate</ra:nativeAttributeName>
<ra:frameworkAttributeName>userSMIMECertificate</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="userCertificate" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>520</a:displayOrder>
<ra:nativeAttributeName>userCertificate</ra:nativeAttributeName>
<ra:frameworkAttributeName>userCertificate</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="st" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>530</a:displayOrder>
<a:matchingRule xmlns:qn65="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn65:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>st</ra:nativeAttributeName>
<ra:frameworkAttributeName>st</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="teletexTerminalIdentifier" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>540</a:displayOrder>
<ra:nativeAttributeName>teletexTerminalIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>teletexTerminalIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="ou" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>550</a:displayOrder>
<a:matchingRule xmlns:qn530="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn530:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>ou</ra:nativeAttributeName>
<ra:frameworkAttributeName>ou</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="street" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>560</a:displayOrder>
<a:matchingRule xmlns:qn154="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn154:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>street</ra:nativeAttributeName>
<ra:frameworkAttributeName>street</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" name="cn"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>570</a:displayOrder>
<a:matchingRule xmlns:qn274="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn274:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>cn</ra:nativeAttributeName>
<ra:frameworkAttributeName>cn</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="registeredAddress" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>580</a:displayOrder>
<ra:nativeAttributeName>registeredAddress</ra:nativeAttributeName>
<ra:frameworkAttributeName>registeredAddress</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="x121Address" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>590</a:displayOrder>
<ra:nativeAttributeName>x121Address</ra:nativeAttributeName>
<ra:frameworkAttributeName>x121Address</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="title" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>600</a:displayOrder>
<a:matchingRule xmlns:qn164="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn164:stringIgnoreCase</a:matchingRule>
<ra:nativeAttributeName>title</ra:nativeAttributeName>
<ra:frameworkAttributeName>title</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="x500UniqueIdentifier" type="xsd:base64Binary">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>610</a:displayOrder>
<ra:nativeAttributeName>x500UniqueIdentifier</ra:nativeAttributeName>
<ra:frameworkAttributeName>x500UniqueIdentifier</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element maxOccurs="unbounded" minOccurs="0"
name="mobile" type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>620</a:displayOrder>
<ra:nativeAttributeName>mobile</ra:nativeAttributeName>
<ra:frameworkAttributeName>mobile</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element minOccurs="0" name="entryUUID"
type="xsd:string">
<xsd:annotation>
<xsd:appinfo>
<a:displayOrder>100</a:displayOrder>
<a:access>read</a:access>
<a:matchingRule xmlns:qn372="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">qn372:uuid</a:matchingRule>
<ra:nativeAttributeName>entryUUID</ra:nativeAttributeName>
<ra:frameworkAttributeName>__UID__</ra:frameworkAttributeName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
</definition>
</schema>
<schemaHandling>
<objectType id="5">
<kind>generic</kind>
<intent>ou</intent>
<displayName>Organizational Unit</displayName>
<default>false</default>
<objectClass>ri:organizationalUnit</objectClass>
<attribute id="9">
<c:ref>ri:dn</c:ref>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$focus/name</c:path>
</source>
<expression>
<script xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import javax.naming.ldap.Rdn
import javax.naming.ldap.LdapName
import
com.evolveum.midpoint.xml.ns._public.common.common_3.*;
dn = new
LdapName('ou=Orgs,dc=dutest,dc=edu')
parents = new ArrayList()
currentOrg = focus
while (currentOrg != null) {
parents.add(currentOrg)
// see
com.evolveum.midpoint.model.impl.expr.MidpointFunctionsImpl
currentOrg =
midpoint.getParentOrgByOrgType(currentOrg, 'functional')
}
log.info("parents = {}", parents)
for (int i = parents.size() -1 ; i >= 0;
i--) {
dn.add(new Rdn('ou',
parents.get(i).name.toString()))
}
log.info("dn = {}", dn)
return dn.toString();
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="10">
<c:ref>ri:ou</c:ref>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
</attribute>
</objectType>
<objectType id="6">
<kind>entitlement</kind>
<intent>group</intent>
<displayName>Group</displayName>
<default>true</default>
<objectClass>ri:groupOfNames</objectClass>
</objectType>
<objectType id="7">
<kind>entitlement</kind>
<intent>ldapProject</intent>
<displayName>LDAP project groups</displayName>
<default>false</default>
<objectClass>ri:groupOfNames</objectClass>
<attribute id="11">
<c:ref>ri:dn</c:ref>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
<outbound>
<source>
<c:path>$focus/name</c:path>
</source>
<expression>
<script xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import javax.naming.ldap.Rdn
import javax.naming.ldap.LdapName
dn = new
LdapName('ou=Projects,dc=example,dc=com')
dn.add(new Rdn('cn', name.toString()))
return dn.toString()
</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="12">
<c:ref>ri:cn</c:ref>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
<outbound>
<strength>weak</strength>
<source>
<c:path>$focus/name</c:path>
</source>
</outbound>
</attribute>
<attribute id="13">
<c:ref>ri:entryUUID</c:ref>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
</attribute>
<attribute id="14">
<c:ref>ri:description</c:ref>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>description</c:path>
</source>
</outbound>
</attribute>
</objectType>
<objectType id="8">
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<attribute id="15">
<c:ref>ri:dn</c:ref>
<displayName>Distinguished Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
</limitations>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$user/name</c:path>
</source>
<expression>
<script xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ScriptExpressionEvaluatorType">
<code>'uid=' + name +
',ou=People,dc=dutest,dc=edu'</code>
</script>
</expression>
</outbound>
</attribute>
<attribute id="16">
<c:ref>ri:entryUUID</c:ref>
<displayName>Entry UUID</displayName>
<limitations>
<access>
<read>true</read>
</access>
</limitations>
</attribute>
<attribute id="17">
<c:ref>ri:cn</c:ref>
<displayName>Common Name</displayName>
<limitations>
<minOccurs>0</minOccurs>
<maxOccurs>1</maxOccurs>
<access>
<read>true</read>
<add>true</add>
<modify>true</modify>
</access>
</limitations>
<outbound>
<source>
<c:path>$user/fullName</c:path>
</source>
</outbound>
<inbound id="26">
<strength>weak</strength>
<target>
<c:path>$user/fullName</c:path>
</target>
</inbound>
</attribute>
<attribute id="18">
<c:ref>ri:sn</c:ref>
<displayName>Surname</displayName>
<limitations>
<minOccurs>0</minOccurs>
<maxOccurs>1</maxOccurs>
</limitations>
<outbound>
<source>
<c:path>familyName</c:path>
</source>
</outbound>
<inbound id="27">
<strength>weak</strength>
<target>
<c:path>familyName</c:path>
</target>
</inbound>
</attribute>
<attribute id="19">
<c:ref>ri:givenName</c:ref>
<displayName>Given Name</displayName>
<limitations>
<maxOccurs>1</maxOccurs>
</limitations>
<outbound>
<source>
<c:path>$c:user/c:givenName</c:path>
</source>
</outbound>
<inbound id="28">
<strength>weak</strength>
<target>
<c:path>$c:user/c:givenName</c:path>
</target>
</inbound>
</attribute>
<attribute id="20">
<c:ref>ri:uid</c:ref>
<displayName>Login Name</displayName>
<limitations>
<maxOccurs>1</maxOccurs>
<access>
<read>true</read>
<add>true</add>
</access>
</limitations>
<outbound>
<strength>weak</strength>
<source>
<c:path>$user/name</c:path>
</source>
</outbound>
<inbound id="29">
<strength>weak</strength>
<target>
<c:path>$c:user/c:name</c:path>
</target>
</inbound>
</attribute>
<attribute id="21">
<c:ref>ri:description</c:ref>
<limitations>
<maxOccurs>1</maxOccurs>
</limitations>
<outbound>
<strength>weak</strength>
<expression>
<description>Expression that assigns a fixed
description value if there is no other description present.</description>
<value>Managed by midPoint</value>
</expression>
</outbound>
</attribute>
<attribute id="22">
<c:ref>ri:l</c:ref>
<inbound id="30">
<target>
<c:path>$user/locality</c:path>
</target>
</inbound>
</attribute>
<attribute id="23">
<c:ref>ri:telephoneNumber</c:ref>
<outbound>
<source>
<c:path>$user/telephoneNumber</c:path>
</source>
</outbound>
<inbound id="31">
<target>
<c:path>$user/telephoneNumber</c:path>
</target>
</inbound>
</attribute>
<attribute id="24">
<c:ref>ri:employeeNumber</c:ref>
<outbound>
<strength>strong</strength>
<source>
<c:path>$user/employeeNumber</c:path>
</source>
</outbound>
<inbound id="32">
<strength>weak</strength>
<target>
<c:path>$user/employeeNumber</c:path>
</target>
</inbound>
</attribute>
<attribute id="25">
<c:ref>ri:employeeType</c:ref>
<limitations>
<maxOccurs>1</maxOccurs>
</limitations>
<tolerant>false</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>false</authoritative>
<exclusive>false</exclusive>
<strength>strong</strength>
<source>
<c:path>$user/subtype</c:path>
</source>
</outbound>
<inbound id="33">
<strength>weak</strength>
<target>
<c:path>$user/subtype</c:path>
</target>
</inbound>
</attribute>
<association id="34">
<c:ref>ri:ldapGroups</c:ref>
<displayName>Group Membership</displayName>
<matchingRule xmlns:mr="
http://prism.evolveum.com/xml/ns/public/matching-rule-3
">mr:stringIgnoreCase</matchingRule>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<kind>entitlement</kind>
<intent>group</intent>
<intent>ldapProject</intent>
<direction>objectToSubject</direction>
<associationAttribute>ri:member</associationAttribute>
<valueAttribute>ri:dn</valueAttribute>
<explicitReferentialIntegrity>true</explicitReferentialIntegrity>
</association>
<protected>
<filter>
<q:equal>
<q:matching>
http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName
</q:matching>
<q:path>attributes/ri:dn</q:path>
<q:value>cn=idm,ou=Administrators,dc=example,dc=com</q:value>
</q:equal>
</filter>
</protected>
<activation>
<administrativeStatus>
<outbound id="35"/>
<inbound id="36">
<strength>weak</strength>
<expression>
<asIs xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</inbound>
</administrativeStatus>
</activation>
<credentials>
<password xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:ResourcePasswordDefinitionType">
<outbound>
<expression>
<asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
</expression>
</outbound>
<inbound>
<strength>weak</strength>
<expression>
<generate
xsi:type="c:GenerateExpressionEvaluatorType"/>
</expression>
</inbound>
</password>
</credentials>
</objectType>
</schemaHandling>
<capabilities>
<cachingMetadata>
<retrievalTimestamp>2019-07-09T09:55:41.499-04:00</retrievalTimestamp>
<serialNumber>2c2412bc12c77af5-94fc8f82d674a2f2</serialNumber>
</cachingMetadata>
<native xmlns:cap="
http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:CapabilityCollectionType">
<cap:schema/>
<cap:liveSync/>
<cap:testConnection/>
<cap:create/>
<cap:update>
<cap:delta>true</cap:delta>
</cap:update>
<cap:delete/>
<cap:script>
<cap:host>
<cap:type>connector</cap:type>
</cap:host>
</cap:script>
<cap:addRemoveAttributeValues/>
<cap:credentials>
<cap:password>
<cap:returnedByDefault>false</cap:returnedByDefault>
</cap:password>
</cap:credentials>
<cap:auxiliaryObjectClasses/>
<cap:pagedSearch/>
<cap:read>
<cap:returnDefaultAttributesOption>true</cap:returnDefaultAttributesOption>
</cap:read>
</native>
<configured xmlns:cap="
http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="c:CapabilityCollectionType">
<cap:liveSync>
<cap:enabled>true</cap:enabled>
</cap:liveSync>
<cap:testConnection>
<cap:enabled>true</cap:enabled>
</cap:testConnection>
<cap:create>
<cap:enabled>true</cap:enabled>
</cap:create>
<cap:update>
<cap:enabled>true</cap:enabled>
<cap:delta>true</cap:delta>
</cap:update>
<cap:delete>
<cap:enabled>true</cap:enabled>
</cap:delete>
<cap:script>
<cap:enabled>true</cap:enabled>
<cap:host>
<cap:type>connector</cap:type>
</cap:host>
</cap:script>
<cap:addRemoveAttributeValues>
<cap:enabled>true</cap:enabled>
</cap:addRemoveAttributeValues>
<cap:credentials>
<cap:enabled>true</cap:enabled>
<cap:password>
<cap:enabled>true</cap:enabled>
<cap:returnedByDefault>false</cap:returnedByDefault>
</cap:password>
</cap:credentials>
<cap:auxiliaryObjectClasses>
<cap:enabled>true</cap:enabled>
</cap:auxiliaryObjectClasses>
<cap:read>
<cap:enabled>true</cap:enabled>
<cap:returnDefaultAttributesOption>true</cap:returnDefaultAttributesOption>
</cap:read>
<cap:activation>
<cap:enabled>true</cap:enabled>
<cap:status>
<cap:enabled>false</cap:enabled>
<cap:returnedByDefault>false</cap:returnedByDefault>
<cap:ignoreAttribute>true</cap:ignoreAttribute>
</cap:status>
<cap:validFrom>
<cap:enabled>false</cap:enabled>
<cap:returnedByDefault>false</cap:returnedByDefault>
</cap:validFrom>
<cap:validTo>
<cap:enabled>false</cap:enabled>
<cap:returnedByDefault>false</cap:returnedByDefault>
</cap:validTo>
<cap:lockoutStatus>
<cap:enabled>false</cap:enabled>
<cap:returnedByDefault>false</cap:returnedByDefault>
<cap:ignoreAttribute>true</cap:ignoreAttribute>
</cap:lockoutStatus>
</cap:activation>
</configured>
</capabilities>
<synchronization>
<objectSynchronization>
<name>sync account</name>
<objectClass>ri:inetOrgPerson</objectClass>
<kind>account</kind>
<intent>default</intent>
<enabled>true</enabled>
<correlation>
<q:description>Correlation expression is a search
query.
Following search queury will look for users that have
"name"
equal to the "uid" attribute of the account. Simply
speaking,
it will look for match in usernames in the IDM and the
resource.
The correlation rule always looks for users, so it will
not match
any other object type.</q:description>
<q:equal>
<q:path>c:name</q:path>
<expression>
<path>declare namespace ri='
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3';
$account/attributes/ri:uid</path>
</expression>
</q:equal>
</correlation>
<reconcile>false</reconcile>
<opportunistic>true</opportunistic>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<reconcile>false</reconcile>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#deleteFocus
</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#addUser
</handlerUri>
</action>
</reaction>
</objectSynchronization>
<objectSynchronization>
<name>sync group</name>
<objectClass>ri:groupOfNames</objectClass>
<kind>entitlement</kind>
<intent>ldapProject</intent>
<focusType>c:OrgType</focusType>
<enabled>true</enabled>
<correlation>
<q:description>
Correlation expression is a search query.
Following search queury will look for users that have
"name"
equal to the "uid" attribute of the account. Simply
speaking,
it will look for match in usernames in the IDM and the
resource.
The correlation rule always looks for users, so it will
not match
any other object type.
</q:description>
<q:equal>
<q:matching>polyStringNorm</q:matching>
<q:path>c:name</q:path>
<expression>
<path>declare namespace ri='
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3';
$shadow/attributes/ri:cn</path>
</expression>
</q:equal>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
</objectSynchronization>
<objectSynchronization>
<name>sync</name>
<objectClass>ri:organizationalUnit</objectClass>
<kind>generic</kind>
<intent>ou</intent>
<enabled>true</enabled>
<correlation>
<q:equal>
<q:path>c:name</q:path>
<expression>
<path>$account/attributes/ri:ou</path>
</expression>
</q:equal>
</correlation>
<reconcile>false</reconcile>
<reaction>
<situation>linked</situation>
<synchronize>true</synchronize>
</reaction>
<reaction>
<situation>deleted</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink
</handlerUri>
</action>
</reaction>
<reaction>
<situation>unlinked</situation>
<synchronize>true</synchronize>
<action>
<handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
</action>
</reaction>
<reaction>
<situation>unmatched</situation>
</reaction>
</objectSynchronization>
</synchronization>
</resource>
On Tue, Jul 9, 2019 at 3:25 PM <midpoint-request at lists.evolveum.com> wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. Re: Multi-value attribute in LDAP Connector (Pavol Mederly)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 9 Jul 2019 21:25:48 +0200
> From: Pavol Mederly <mederly at evolveum.com>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] Multi-value attribute in LDAP Connector
> Message-ID: <e9930e4b-19fa-51ae-749a-5ff06f6dfb91 at evolveum.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hello Keith,
>
> this must be something wrong with the schema. Could you please export
> your OpenLDAP resource XML object and sent it here? (without any
> sensitive information, of course)
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
>
> On 09.07.2019 20:41, Keith LeValley wrote:
> > I have a basic demo environment setup, a CSV connector pushing users
> > into Midpoint and an LDAP connector live syncing users to an openldap
> > server. It is working well except when I introduce multi-value
> > attributes. In this case it is roles, subtype -> employeeType. After
> > a user is in the system and I add a role from the CSV feed it simply
> > rotates which value to display in LDAP, if I delete the user and
> > re-import starting off with a multi-valued attribute I get the
> > following error:
> >
> > Operation
> >
> operation.com.evolveum.midpoint.model.impl.lens.projector.Projector.projectProjection
> > Message
> > Attempt to replace 2 values to a single-valued item
> > attributes/employeeType; values: [PPV(String:Staff),
> > PPV(String:Alumni)]
> > Parameters
> > projection [resource:ebd0bf7b-7e80-4175-ba5e-4fd5de2ecd62(LDAP
> > Server (OpenLDAP) over new LDAPConn.)(default)]
> >
> > Error
> > Attempt to replace 2 values to a single-valued item
> > attributes/employeeType; values: [PPV(String:Staff),
> > PPV(String:Alumni)]
> > show
> > com.evolveum.midpoint.util.exception.SchemaException: Attempt to
> > replace 2 values to a single-valued item attributes/employeeType;
> > values: [PPV(String:Staff), PPV(String:Alumni)] at
> >
> com.evolveum.midpoint.prism.delta.ItemDelta.validate(ItemDelta.java:1004)
> > at
> >
> com.evolveum.midpoint.prism.delta.ItemDelta.validate(ItemDelta.java:991)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateItem(ConsolidationProcessor.java:489)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateAttribute(ConsolidationProcessor.java:324)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateAttributes(ConsolidationProcessor.java:295)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateValuesToModifyDelta(ConsolidationProcessor.java:201)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateValuesModifyProjection(ConsolidationProcessor.java:599)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ConsolidationProcessor.consolidateValues(ConsolidationProcessor.java:131)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ProjectionValuesProcessor.processProjections(ProjectionValuesProcessor.java:232)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.ProjectionValuesProcessor.process(ProjectionValuesProcessor.java:138)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.Projector.lambda$projectProjection$3(Projector.java:353)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:174)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:154)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.Projector.projectProjection(Projector.java:350)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.Projector.lambda$projectInternal$2(Projector.java:253)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:174)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:154)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.Projector.projectInternal(Projector.java:252)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.projector.Projector.project(Projector.java:101)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:455)
> > at
> >
> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:213)
> > at
> >
> com.evolveum.midpoint.model.impl.sync.SynchronizationServiceImpl.reactToChange(SynchronizationServiceImpl.java:809)
> > at
> >
> com.evolveum.midpoint.model.impl.sync.SynchronizationServiceImpl.notifyChange(SynchronizationServiceImpl.java:203)
> > at
> >
> com.evolveum.midpoint.provisioning.impl.ChangeNotificationDispatcherImpl.notifyChange(ChangeNotificationDispatcherImpl.java:152)
> > at
> >
> com.evolveum.midpoint.model.impl.sync.SynchronizeAccountResultHandler.handleObjectInternal(SynchronizeAccountResultHandler.java:198)
> > at
> >
> com.evolveum.midpoint.model.impl.sync.SynchronizeAccountResultHandler.handleObject(SynchronizeAccountResultHandler.java:121)
> > at
> >
> com.evolveum.midpoint.repo.common.task.AbstractSearchIterativeResultHandler.processRequest(AbstractSearchIterativeResultHandler.java:325)
> > at
> >
> com.evolveum.midpoint.repo.common.task.AbstractSearchIterativeResultHandler.handle(AbstractSearchIterativeResultHandler.java:183)
> > at
> >
> com.evolveum.midpoint.model.impl.importer.ImportAccountsFromResourceTaskHandler.importSingleShadow(ImportAccountsFromResourceTaskHandler.java:313)
> > at
> >
> com.evolveum.midpoint.model.impl.controller.ModelController.importFromResource(ModelController.java:1534)
> > at sun.reflect.GeneratedMethodAccessor1312.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498) at
> >
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:508)
> > at com.sun.proxy.$Proxy202.importFromResource(Unknown Source) at
> >
> com.evolveum.midpoint.web.page.admin.resources.ResourceContentPanel.importResourceObject(ResourceContentPanel.java:977)
> > at
> >
> com.evolveum.midpoint.web.page.admin.resources.ResourceContentPanel$13$1.onSubmit(ResourceContentPanel.java:878)
> > at
> >
> com.evolveum.midpoint.web.component.data.column.InlineMenuButtonColumn.buttonMenuItemClickPerformed(InlineMenuButtonColumn.java:153)
> > at
> >
> com.evolveum.midpoint.web.component.data.column.InlineMenuButtonColumn.access$400(InlineMenuButtonColumn.java:50)
> > at
> >
> com.evolveum.midpoint.web.component.data.column.InlineMenuButtonColumn$1.lambda$createButton$76db38be$1(InlineMenuButtonColumn.java:121)
> > at
> >
> com.evolveum.midpoint.web.component.data.MultiButtonPanel$1.onClick(MultiButtonPanel.java:77)
> > at
> >
> org.apache.wicket.ajax.markup.html.AjaxLink$1.onEvent(AjaxLink.java:85)
> > at
> >
> org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:155)
> > at
> >
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:601)
> > at sun.reflect.GeneratedMethodAccessor454.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498) at
> >
> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
> > at
> >
> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
> > at
> >
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:248)
> > at
> >
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:234)
> > at
> >
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)
> > at
> >
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> > at
> >
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)
> > at
> >
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)
> > at
> >
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)
> > at
> >
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)
> > at
> >
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)
> > at
> >
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:87)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
> > at
> >
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
> > at
> >
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:155)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
> > at
> >
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
> > at
> >
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
> > at
> >
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
> > at
> >
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> > at
> >
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> > at
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> > at
> >
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
> > at
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> > at
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> > at
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> > at
> >
> com.evolveum.midpoint.web.boot.TomcatRootValve.invoke(TomcatRootValve.java:64)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> > at
> >
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
> > at
> >
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> > at
> >
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
> > at
> > org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468)
> > at
> > org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> > at
> >
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > I have confirmed that the value is in fact multi-valued in ldap and I
> > can assign multiple values. The schema is set to maxoccur="unbound"
> > for the attribute. Not sure if anyone else has run into this issue?
> > It seems like a really simple fix, but it has stumped me to this point
> > and any help would be greatly appreciated.
> >
> >
> > --
> > Keith LeValley
> > Identity Services Architect, Davenport University
> > klevalley2 at davenport.edu
> > <mailto:klevalley2 at davenport.edu>
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.evolveum.com/pipermail/midpoint/attachments/20190709/3429ae3e/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 87, Issue 8
> ***************************************
>
--
Keith LeValley
Identity Services Architect, Davenport University
phone: (616) 732-1102
klevalley2 at davenport.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190709/91bc2b2b/attachment.htm>
More information about the midPoint
mailing list