[midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson

Sven Feyerabend Sven.Feyerabend at stuvus.uni-stuttgart.de
Mon Nov 21 13:52:58 CET 2022 

Hello Ivan,

thank you very much for the swift reply. I will keep that in mind when I 
start on provisioning users from midPoint to LDAP.

Unfortunately that is not a solution, that will work for me in my 
current use case. Since the users are provisioned using a different 
System at the moment, I need direct access to the attribute.

The old system stores the activation information of the user in the 
userPassword attribute, as well as the password hash.

To correctly import all the users, I would need to "calculate" the 
activation status from the raw value (base64 encoded string) stored in 
userPassword.

Is there a way to directly access this value in an inbound mapping?

Thanks and kind regards

Sven

Am 21.11.22 um 12:42 schrieb Ivan Noris via midPoint:
> Hi Sven,
>
> from what I remember, I only used outbound password mapping and that's 
> all.
>
>             <credentials>
>                 <password>
>                     <outbound>
>                         <expression>
>                             <asIs/>
>                         </expression>
>                     </outbound>
>                 </password>
>             </credentials>
>
> Please see 
> https://github.com/Evolveum/midpoint-samples/blob/master/samples/resources/openldap/openldap-localhost-medium.xml#L315
>
> This is a sample using inetOrgPerson.
>
> As far as I remember, we use this (after small additions) also in the 
> trainings (based on 4.4.x) and it works for setting/changing LDAP 
> passwords.
>
> Connector knows that LDAP supports password and will drive the change 
> to userPassword attribute in LDAP.
>
> Best regards,
>
> Ivan
>
> On 20. 11. 2022 10:44, Sven Feyerabend via midPoint wrote:
>> Hello everyone,
>>
>> I'm currently in the process of connecting midPoint (version 4.4.3) 
>> to my old identity management solution.
>> The user data is stored in an OpenLDAP instance, users are 
>> represented using the inetOrgPerson objectClass as defined in RFC2798.
>>
>> I configured the server as a resource using the 
>> com.evolveum.polygon.connector.ldap.LdapConnector and importing orgs 
>> from organizational units did work as expected.
>>
>> When I defined the userPassword attribute for objectClass 
>> inetOrgPerson in the schemaHandling section of my resource, I got the 
>> following error:
>>
>> Definition of attribute userPassword not found in object class 
>> {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}inetOrgPerson 
>> as defined in definition of resource
>>
>>
>> How can I get midPoint to work with this attribute?
>> Is there some special configuration required?
>>
>> Thanks in advance and kind regards
>>
>> Sven
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-- 
stv. Referent für IT-Betreuung
stuvus – Studierendenvertretung Universität Stuttgart
Pfaffenwaldring 5c
70569 Stuttgart

More information about the midPoint mailing list