[midPoint] AD system auxiliary object classes

GCHQDeveloper29 GCHQDeveloper29 at protonmail.com
Thu Nov 13 14:55:54 CET 2025 

Hi there,

I'm doing a quick evaluation of midpoint, but I am having issues with an AD resource that is acting as a source for distribution lists.
The distribution lists only have the 'groupObject' class but have the 'textEncodedOrAddress' attribute that I need to retrieve, which is part of the 'mailRecipient' object class; a system auxiliary object class.
If I do not include 'mailRecipient' in my auxiliary object classes in midpoint, it cannot locate the 'textEncodedOrAddress' attribute.
If I do include 'mailRecipient' in my auxiliary object classes (i.e. uncommented the commented lines), then midpoint attempts to add the 'mailRecipient' object class to the resource object; which a) I do not want it to do, and b) the bind account does not have permission to do.

Any advice is greatly appreciated.

I have the resource configured as below (removing verbosity as required):
<object xsi:type="ResourceType" ...>
<name>DLs</name>
<indestructible>true</indestructible>

<connectorRef type="ConnectorType>
<filter>
<q:and>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>com.evolveum.polygon.connector.ldap.ad.AdLdapConnector</q:value>
</q:equal>
</q:and>
</filter>
</connectorRef>

<connectorConfiguration ...>
<icfc:configurationProperties>
<icfcldap:host>...</icfcldap:host>
<icfcldap:port>636</icfcldap:port>
<icfcldap:connectionSecurity>ssl</icfcldap:connectionSecurity>
<icfcldap:bindDn>...</icfcldap:bindDn>
<icfcldap:bindPassword>
<t:externalData>
<t:provider>env-var</t:provider>
<t:key>MP_DL_BIND_PASSWORD</t:key>
</t:externalData>
</icfcldap:bindPassword>
<icfcldap:baseContext>...</icfcldap:baseContext>
<icfcldap:pagingStrategy>none</icfcldap:pagingStrategy>
<icfcldap:includeObjectClassFilter>true</icfcldap:includeObjectClassFilter>
<icfcldap:defaultSearchScope>one</icfcldap:defaultSearchScope>
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>

<schema>
<generationConstraints>
<generateObjectClass>ri:group</generateObjectClass>
<!-- <generateObjectClass>ri:mailRecipient</generateObjectClass> -->
</generationConstraints>
</schema>

<schemaHandling>
<objectType>
<kind>generic</kind>
<intent>default</intent>
<displayName>Distribution List</displayName>
<default>true</default>
<delineation>
<objectClass>ri:group</objectClass>
<!-- <auxiliaryObjectClass>ri:mailRecipient</auxiliaryObjectClass> -->
<delineation>
<auxiliaryObjectClassMappings>
<tolerant>true</tolerant>
</auxiliaryObjectClassMappings>
<focus>
<type>c:ServiceType</type>
<archetypeRef oid="..." type="c:ArchetypeType">
<!-- Distribution List -->
</archetypeRef>
</focus>

<attribute>
<ref>ri:cn</ref>
<correlator />
<inbound>
<name>Set Name</name>
<target>
<path>name</path>
</target>
</inbound>
</attribute>

<attribute>
<ref>ri:displayName</ref>
<correlator />
<inbound>
<name>Set Display Name</name>
<target>
<path>displayName</path>
</target>
</inbound> </attribute>

<attribute>
<ref>ri:mail</ref>
<correlator />
<inbound>
<name>Set Mail</name>
<target>
<path>emailAddress</path>
</target>
</inbound> </attribute>
<attribute>
<ref>ri:textEncodedORAddress</ref>
<correlator />
<inbound>
<name>Set Text Encoded OR Address</name>
<target>
<path>extension/TextEncodedORAddress</path>
</target>
</inbound> </attribute>

<synchronization>
<reaction>
<situation>unlinked</situation>
<actions>
<link />
</actions>
</reaction>
<reaction>
<situation>unmatched</situation>
<actions>
<addFocus />
</actions> </reaction>

<reaction>
<situation>linked</situation>
<actions>
<synchronize />
</actions> </reaction>

</synchronization>
</objectType>
</schemaHandling>
</object>

Kind Regards,
GCHQDeveloper29
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20251113/95f35743/attachment-0001.htm>

More information about the midPoint mailing list