[midPoint] OpenLDAP Midpoint Schema

Mon Feb 21 13:00:15 CET 2022

Hi Luca,

you are right, it's auxiliary object class. I was trying to find 
existing example, but I found nothing.

Unless anyone else from the community has a working ready-to-share 
example, some bits and pieces:

1. please see 
https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/ 
for auxiliary object class configuration. If all your accounts should 
have the auxiliary object class, the first chapter Static Use of 
Auxiliary Object Classes should be what you need

2. Unix Story Test at 
https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/ 
could be also useful for configuration example (even it's a different 
scenario and different auxiliary object class)

3. if you can see the midpointActivationStatus attribute in your 
resource, you will probably need something like this in your LDAP 
resource XML (based on the documentation I see that 
midpointActivationStatus should be string):

     <capabilities 
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
         <configured>
             <cap:activation>
                 <cap:status>
<cap:attribute>ri:midpointActivationStatus</cap:attribute>
<cap:enableValue>enabled</cap:enableValue>
<cap:disableValue>disabled</cap:disableValue>
                 </cap:status>
             </cap:activation>
         </configured>
     </capabilities>

and an ordinary outbound activation/administrativeStatus mapping in the 
resource.

Unfortunately I do not have the environment prepared to really test this.

Best regards & happy testing,

Ivan

On 21. 2. 2022 11:59, Luca Verardo wrote:
> Hello Ivan,
>
> Thank you.
>
> I added successfully the midPointPerson schema. However, I cannot get 
> the Auxiliary Object classes to work. If I understood correctly, to be 
> able to use midPointActivationStatus, an LDAP user needs to have 
> inetOrgPerson + midPointPerson.
>
> Can you share an example on how to instruct MidPoint to add this 
> object class to newly created users ?
>
>
> Thanks a lot in advance.
>
>
> Best regards,
> Luca Verardo
>
>> Le 17 févr. 2022 à 09:32, Ivan Noris via midPoint 
>> <midpoint at lists.evolveum.com> a écrit :
>>
>> Hi Luca,
>>
>> please have a look here: 
>> https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/
>>
>> It is referencing 
>> https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap 
>> where you have also LDIF files for OpenLDAP.
>>
>> Hope it helps.
>>
>> Best regards,
>>
>> Ivan
>>
>> On 17. 2. 2022 8:53, Luca Verardo via midPoint wrote:
>>> Dear community,
>>>
>>> Is there any up to date documentation explaining how to add and use 
>>> the OpenLDAP midPoint schema ? The one that allows the 
>>> midPointAccountStatus (disabled or enabled) for example.
>>>
>>>
>>> Thanks a lot in advance.
>>>
>>>
>>> Best regards,
>>> Luca
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>> -- 
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com  <http://evolveum.com>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220221/e387fd02/attachment-0001.htm>