[midPoint] OpenLDAP Midpoint Schema

Luca Verardo luca at verardo.ch
Mon Feb 21 13:21:15 CET 2022 

Hello Ivan,

Yes, I have read this chapter and tried to implement it in the same way :

<kind>account</kind>
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>midPointPerson</auxiliaryObjectClass>

However, MidPoint seems to not like it very much, and throws the following error :

Auxiliary object class midPointPerson specified in rOCD+(ACCOUNT:default={.../resource/instance-3}inetOrgPerson) does not exist

I think I might need to inform midPoint about the schema, but I’m not sure how to do it, and if it is the correct mitigation step about this issue.


Best regards,
Luca Verardo

> Le 21 févr. 2022 à 13:00, Ivan Noris via midPoint <midpoint at lists.evolveum.com> a écrit :
> 
> Hi Luca,
> 
> you are right, it's auxiliary object class. I was trying to find existing example, but I found nothing.
> 
> Unless anyone else from the community has a working ready-to-share example, some bits and pieces:
> 
> 1. please see https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/ <https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/> for auxiliary object class configuration. If all your accounts should have the auxiliary object class, the first chapter Static Use of Auxiliary Object Classes should be what you need
> 
> 2. Unix Story Test at https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/ <https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/> could be also useful for configuration example (even it's a different scenario and different auxiliary object class)
> 
> 3. if you can see the midpointActivationStatus attribute in your resource, you will probably need something like this in your LDAP resource XML (based on the documentation I see that midpointActivationStatus should be string):
> 
>     <capabilities xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3" <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>         <configured>
>             <cap:activation>
>                 <cap:status>
>                     <cap:attribute>ri:midpointActivationStatus</cap:attribute>
>                     <cap:enableValue>enabled</cap:enableValue>
>                     <cap:disableValue>disabled</cap:disableValue>
>                 </cap:status>
>             </cap:activation>
>         </configured>
>     </capabilities>
> 
> and an ordinary outbound activation/administrativeStatus mapping in the resource.
> 
> Unfortunately I do not have the environment prepared to really test this.
> 
> Best regards & happy testing,
> 
> Ivan
> 
> On 21. 2. 2022 11:59, Luca Verardo wrote:
>> Hello Ivan,
>> 
>> Thank you.
>> 
>> I added successfully the midPointPerson schema. However, I cannot get the Auxiliary Object classes to work. If I understood correctly, to be able to use midPointActivationStatus, an LDAP user needs to have inetOrgPerson + midPointPerson.
>> 
>> Can you share an example on how to instruct MidPoint to add this object class to newly created users ?
>> 
>> 
>> Thanks a lot in advance.
>> 
>> 
>> Best regards,
>> Luca Verardo
>> 
>>> Le 17 févr. 2022 à 09:32, Ivan Noris via midPoint <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>> a écrit :
>>> 
>>> Hi Luca,
>>> 
>>> please have a look here: https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/ <https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/>
>>> It is referencing https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap <https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap> where you have also LDIF files for OpenLDAP.
>>> 
>>> Hope it helps.
>>> 
>>> Best regards,
>>> 
>>> Ivan
>>> 
>>> On 17. 2. 2022 8:53, Luca Verardo via midPoint wrote:
>>>> Dear community,
>>>> 
>>>> Is there any up to date documentation explaining how to add and use the OpenLDAP midPoint schema ? The one that allows the midPointAccountStatus (disabled or enabled) for example.
>>>> 
>>>> 
>>>> Thanks a lot in advance.
>>>> 
>>>> 
>>>> Best regards,
>>>> Luca
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>> https://lists.evolveum.com/mailman/listinfo/midpoint <https://lists.evolveum.com/mailman/listinfo/midpoint>
>>> -- 
>>> Ivan Noris
>>> Senior Identity Engineer
>>> evolveum.com <http://evolveum.com/>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>> https://lists.evolveum.com/mailman/listinfo/midpoint <https://lists.evolveum.com/mailman/listinfo/midpoint>
>> 
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220221/1aa82c76/attachment.htm>

More information about the midPoint mailing list