[midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson

Fabian Noll-Dukiewicz fabian.noll-dukiewicz at veryfy.gmbh
Wed Nov 23 10:48:46 CET 2022


Hi Sven,

the quick and dirty way is to add the attribute to the schema section manually. The problem is, that it will be always overwritten, if you reload the schema. Another aproach is to add the "password" attribute as "operationalAttribute" in the resource configuration. Here are two useful links:

  *   https://lists.evolveum.com/pipermail/midpoint/2021-March/006769.html
  *   https://docs.evolveum.com/connectors/resources/ldap/openldap/#OpenLDAP-ConnectorConfigurationExample

Kind regards,
Fabian


Fabian Noll-Dukiewicz

Spezialist Identity & Access Management | Geschäftsführer

Tel.: +49 152 244 63 211

Email: fabian.noll-dukiewicz at veryfy.gmbh<mailto:fabian.noll-dukiewicz at veryfy.gmbh>

Web: https://veryfy.gmbh

________________________________
Von: Sven Feyerabend <Sven.Feyerabend at stuvus.uni-stuttgart.de>
Gesendet: Mittwoch, 23. November 2022 10:38
An: Fabian Noll-Dukiewicz <fabian.noll-dukiewicz at veryfy.gmbh>
Cc: MidPoint Mailing List <midpoint at lists.evolveum.com>
Betreff: Re: [midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson


Hi Fabian,

thank you very much for your suggestion. The attribute is not defined in the schema section generated by midPoint.
I have double checked the schema definition in OpenLDAP and the attribute is defined there as optional.

I also checked that read access to the attribute is possible on all user objects with the account midPoint uses to bind the LDAP server.

Additionally I tried setting allowUnknownAttributes in the connector settings, but that didn't work either.


Is there a way to manually add the attribute to the generated schema?


Kind regards,

Sven


Am 22.11.22 um 11:17 schrieb Fabian Noll-Dukiewicz:
Hi Sven,

you have to check if the attribute "userPassword" is defined in the <schema> section of your resource configuration. If not check if another attribute could contain the password value, e.g. "password" (default openldap attribute).

Kind regards,
Fabian


Fabian Noll-Dukiewicz

Spezialist Identity & Access Management | Geschäftsführer

Tel.: +49 152 244 63 211

Email: fabian.noll-dukiewicz at veryfy.gmbh

Web: https://veryfy.gmbh

________________________________
Von: Sven Feyerabend <Sven.Feyerabend at stuvus.uni-stuttgart.de><mailto:Sven.Feyerabend at stuvus.uni-stuttgart.de>
Gesendet: Sonntag, 20. November 2022 10:44
An: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Betreff: [midPoint] midPoint does not recognize userPassword attribute in inetOrgPerson

Hello everyone,

I'm currently in the process of connecting midPoint (version 4.4.3) to
my old identity management solution.
The user data is stored in an OpenLDAP instance, users are represented
using the inetOrgPerson objectClass as defined in RFC2798.

I configured the server as a resource using the
com.evolveum.polygon.connector.ldap.LdapConnector and importing orgs
from organizational units did work as expected.

When I defined the userPassword attribute for objectClass inetOrgPerson
in the schemaHandling section of my resource, I got the following error:

Definition of attribute userPassword not found in object class
{http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}inetOrgPerson
as defined in definition of resource


How can I get midPoint to work with this attribute?
Is there some special configuration required?

Thanks in advance and kind regards

Sven


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221123/5a1ad492/attachment-0001.htm>


More information about the midPoint mailing list