[midPoint] Problem with correlation and external attribute

Andrea Picconi andrea.picconi at innovery.net
Fri Sep 25 09:44:43 CEST 2020

Hi again,

I also tried @Ethan Kromhout<mailto:kromhout at unc.edu>'s example, but it still gives me the two errors I showed you in the previous mail.
I probably did something wrong in the setting, below how I set it all up:

this is my extension_user_field schema namespace:

<xsd:schema elementFormDefault="qualified"

here the indexed attribute:

<xsd:element name="uidLDAP" type="xsd:string" minOccurs="0" maxOccurs="1">
                        <a:displayName>LDAP UID</a:displayName>
                          <a:help>UID from LDAP</a:help>

here instead the correlation that I have tried, starting from what you have seen above:

        <q:path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">extension/uidLDAP</q:path>
            <path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
                declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";

Could you tell me where I'm wrong?

Thank you,

From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Ethan Kromhout via midPoint
Sent: Wednesday, September 23, 2020 3:12 PM
To: midpoint at lists.evolveum.com
Cc: Ethan Kromhout <kromhout at unc.edu>
Subject: Re: [midPoint] Problem with correlation and external attribute

I have used an extension attribute in a similar way, though it wasn't with AD. In my case I explicitly called out the namespace of the custom schema, not sure if that was required, but it works okay. Do note that the custom attribute must be indexed.

In my schema I have the namespace and indexed attribute, note the "targetNamespace":

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xsd:schema elementFormDefault="qualified"

   <xsd:element name="subId" type="xsd:string" minOccurs="0" maxOccurs="1">
                        <a:help>Subject ID</a:help>

Then in the correlation I reference that namespace as uncPerson:

                    <q:path xmlns:uncPerson="http://unc.edu/xml/ns/uncPerson"<http://unc.edu/xml/ns/uncPerson>>extension/uncPerson:subId</q:path>
                        <path xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>>
                            declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>;

On 9/23/20 8:55 AM, Andrea Picconi via midPoint wrote:
Hi all,

I have a problem for which I have searched for a solution everywhere, but I couldn't find anything: I am making a correlation between an extended attribute present in the user in midpoint (uidLDAP) and the sAMAccountName attribute of an AD account that I need to import.
below, you can see one of the tests made (of the many)

[cid:image001.png at 01D6931B.54E7DD50]

but this does not give me any errors, it just tells me that the correlation has reported an unmatched:

[cid:image002.png at 01D6931B.54E7DD50] [cid:image003.jpg at 01D6931B.54E7DD50]

But if I try to force the correlation by choosing the "change owner" option and going to grab the correct user by hand in midpoint, it works

[cid:image004.png at 01D6931B.54E7DD50]

So i think the problem comes from the attribute path on midpoint (the extended one):

[cid:image005.png at 01D6931B.54E7DD50]

Has anyone already tried to use an extended attribute in the first correlation path?
Could you help me?

Thank you and regards,

Andrea Picconi
IAM (Identity Access Management)

Skype: precons
T:  +39 06 51963439 (int. 196)

Strada Quattro Palazzina A6 c/o Centro Direzionale Milanofiori, 20057 Assago (MI).
www.innovery.net<http://www.innovery.net/> |  T: +39 06 519 63 439


midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 15140 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1993 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3937 bytes
Desc: image003.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 9128 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 4210 bytes
Desc: image005.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 8050 bytes
Desc: image006.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200925/97e18f7a/attachment-0004.png>

More information about the midPoint mailing list