[midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson
Fabian Noll-Dukiewicz
fabian.noll-dukiewicz at veryfy.gmbh
Wed Nov 23 10:48:46 CET 2022
Hi Sven,
the quick and dirty way is to add the attribute to the schema section manually. The problem is, that it will be always overwritten, if you reload the schema. Another aproach is to add the "password" attribute as "operationalAttribute" in the resource configuration. Here are two useful links:
* https://lists.evolveum.com/pipermail/midpoint/2021-March/006769.html
* https://docs.evolveum.com/connectors/resources/ldap/openldap/#OpenLDAP-ConnectorConfigurationExample
Kind regards,
Fabian
Fabian Noll-Dukiewicz
Spezialist Identity & Access Management | Geschäftsführer
Tel.: +49 152 244 63 211
Email: fabian.noll-dukiewicz at veryfy.gmbh<mailto:fabian.noll-dukiewicz at veryfy.gmbh>
Web: https://veryfy.gmbh
________________________________
Von: Sven Feyerabend <Sven.Feyerabend at stuvus.uni-stuttgart.de>
Gesendet: Mittwoch, 23. November 2022 10:38
An: Fabian Noll-Dukiewicz <fabian.noll-dukiewicz at veryfy.gmbh>
Cc: MidPoint Mailing List <midpoint at lists.evolveum.com>
Betreff: Re: [midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson
Hi Fabian,
thank you very much for your suggestion. The attribute is not defined in the schema section generated by midPoint.
I have double checked the schema definition in OpenLDAP and the attribute is defined there as optional.
I also checked that read access to the attribute is possible on all user objects with the account midPoint uses to bind the LDAP server.
Additionally I tried setting allowUnknownAttributes in the connector settings, but that didn't work either.
Is there a way to manually add the attribute to the generated schema?
Kind regards,
Sven
Am 22.11.22 um 11:17 schrieb Fabian Noll-Dukiewicz:
Hi Sven,
you have to check if the attribute "userPassword" is defined in the <schema> section of your resource configuration. If not check if another attribute could contain the password value, e.g. "password" (default openldap attribute).
Kind regards,
Fabian
Fabian Noll-Dukiewicz
Spezialist Identity & Access Management | Geschäftsführer
Tel.: +49 152 244 63 211
Email: fabian.noll-dukiewicz at veryfy.gmbh
Web: https://veryfy.gmbh
________________________________
Von: Sven Feyerabend <Sven.Feyerabend at stuvus.uni-stuttgart.de><mailto:Sven.Feyerabend at stuvus.uni-stuttgart.de>
Gesendet: Sonntag, 20. November 2022 10:44
An: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Betreff: [midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson
Hello everyone,
I'm currently in the process of connecting midPoint (version 4.4.3) to
my old identity management solution.
The user data is stored in an OpenLDAP instance, users are represented
using the inetOrgPerson objectClass as defined in RFC2798.
I configured the server as a resource using the
com.evolveum.polygon.connector.ldap.LdapConnector and importing orgs
from organizational units did work as expected.
When I defined the userPassword attribute for objectClass inetOrgPerson
in the schemaHandling section of my resource, I got the following error:
Definition of attribute userPassword not found in object class
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}inetOrgPerson
as defined in definition of resource
How can I get midPoint to work with this attribute?
Is there some special configuration required?
Thanks in advance and kind regards
Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221123/5a1ad492/attachment-0001.htm>
More information about the midPoint
mailing list