[midPoint] Problem when I try to remove LDAP attribute on Midpoint

Douglas Alves douglas.alves at ebz.tec.br
Mon Jul 18 17:09:03 CEST 2022 

Hello everyone,
I found a problem thats I can't resolve, I'm removing a attribute called "NOM-APE" from Midpoint but that change didn't applied to LDAP, that attribute works like a multivalued attribute, but inside the configuration thats a monovalued one.

That's my extended schema configuration:

```
<xsd:element name="nomApe" type="xsd:string" minOccurs="0" maxOccurs="1">
    <xsd:annotation>
         <xsd:appinfo>
            <a:indexed>true</a:indexed>
            <a:displayName>NOM-APE</a:displayName>
            <a:displayOrder>135</a:displayOrder>
            <a:help>APELIDO</a:help>
        </xsd:appinfo>
    </xsd:annotation>
 </xsd:element>
```

On the Role xml I turn on the traces to try to found a problem:

```
<attribute id="49">
    <ref>ri:MB-NOM-APE</ref>
    <outbound>
        <trace>true</trace>
        <strength>strong</strength>
        <source>
            <path>$focus/extension/nomApe</path>
        </source>
        <expression>
            <trace>true</trace>
            <asIs/>
        </expression>
    </outbound>
</attribute>
```

On the LDAP resource xml the value of atttribute was mapped like that:

```
<xsd:element maxOccurs="1" minOccurs="0" name="MB-NOM-APE" type="xsd:string">
    <xsd:annotation>
        <xsd:appinfo>
            <a:displayOrder>180</a:displayOrder>
            <a:matchingRule xmlns:qn390="http://prism.evolveum.com/xml/ns/public/matching-rule-3">qn390:stringIgnoreCase</a:matchingRule>
            <ra:nativeAttributeName>MB-NOM-APE</ra:nativeAttributeName>
            <ra:frameworkAttributeName>MB-NOM-APE</ra:frameworkAttributeName>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>
```

Trying to replace this value in user on trace log , in LDAP the value is added like multivalored attribute i.e:

```
2022-07-18 11:33:17,051 [MODEL] [pool-3-thread-13] INFO (com.evolveum.midpoint.model.common.mapping.AbstractMappingImpl): Mapping trace:
---[ MAPPING  in outbound mapping for attribute {.../resource/instance-3}MB-NOM-APE in role:f003a8b0-8693-4184-9dfa-36dba1d9f40b(Perfil Básico Parceiro)]---------------------------
Strength: STRONG
Source nomApe:
  old: null
  delta: PropertyDeltaImpl(extension / {http://zurich.com/xml/ns/userSchema}nomApe, REPLACE)
  new: PP({http://zurich.com/xml/ns/userSchema}nomApe):[PPV(String:DTS)]
Target: rRAD:{.../resource/instance-3}MB-NOM-APE {xsd:}string[0,1],RAM native=MB-NOM-APE framework=MB-NOM-APE,Disp:MODEL
Expression: asIs
Condition: true -> true
Result: added: DTS
```

But the value is appended to LDAP user entry.

```
ldapsearch -LLL -x -H ldap://localhost:389 -D 'cn=admin,c=br' -w ? -b 'uid=E222222,ou=Usuarios,o=SFMB,c=br' -s sub "(objectClass=*)" MB-NOM-APE
dn: uid=E222222,ou=Usuarios,o=SFMB,c=br
MB-NOM-APE: 661736
MB-NOM-APE: 423534
MB-NOM-APE: 669999
MB-NOM-APE: 139999
MB-NOM-APE: 609999
MB-NOM-APE: 579999
MB-NOM-APE: 6999999
MB-NOM-APE: 6999998
MB-NOM-APE: 660457
MB-NOM-APE: 699999
MB-NOM-APE: 679999
MB-NOM-APE: DTS
```

And when I try to remove this value on Midpoint, the Midpoint tracing looks like ok to me:

```
2022-07-18 11:40:49,720 [MODEL] [pool-3-thread-14] INFO (com.evolveum.midpoint.model.common.mapping.AbstractMappingImpl): Mapping trace:
---[ MAPPING  in outbound mapping for attribute {.../resource/instance-3}MB-NOM-APE in role:f003a8b0-8693-4184-9dfa-36dba1d9f40b(Perfil Básico Parceiro)]---------------------------
Strength: STRONG
Source nomApe:
  old: PP({http://zurich.com/xml/ns/userSchema}nomApe):[PPV(String:DTS)]
  delta: PropertyDeltaImpl(extension / {http://zurich.com/xml/ns/userSchema}nomApe, DELETE)
  new: PP({http://zurich.com/xml/ns/userSchema}nomApe):[]
Target: rRAD:{.../resource/instance-3}MB-NOM-APE {xsd:}string[0,1],RAM native=MB-NOM-APE framework=MB-NOM-APE,Disp:MODEL
Expression: asIs
Condition: true -> true
Result: removed: DTS
```

But the attribute wasn't removed:

```
ldapsearch -LLL -x -H ldap://localhost:389 -D 'cn=admin,c=br' -w ? -b 'uid=E222222,ou=Usuarios,o=SFMB,c=br' -s sub "(objectClass=*)" MB-NOM-APE
dn: uid=E222222,ou=Usuarios,o=SFMB,c=br
MB-NOM-APE: 661736
MB-NOM-APE: 423534
MB-NOM-APE: 669999
MB-NOM-APE: 139999
MB-NOM-APE: 609999
MB-NOM-APE: 579999
MB-NOM-APE: 6999999
MB-NOM-APE: 6999998
MB-NOM-APE: 660457
MB-NOM-APE: 699999
MB-NOM-APE: 679999
MB-NOM-APE: DTS
```

I've tried to change role configurations and resource configuration xml, but no one works. I hope someone can help me with this trouble.

Best Regards,

Douglas Alves.

More information about the midPoint mailing list