[midPoint] Use of LDAP Connector with Oracle Internet Directory

Gustavo J Gallardo ggallard at identicum.com
Wed Mar 18 17:24:46 CET 2026 

Hi Neil,
Sorry I missed your response.
As you mentioned, there is nothing in plain sight.

I would try to scope the schema discovery to check if the offensive syntax
interpretation is elsewhere.
```xml
 <schema>
<generationConstraints>
<generateObjectClass>ri:orclUser</generateObjectClass>
</generationConstraints>
</schema>
```

Regards,

Gustavo


On Tue, Mar 10, 2026 at 4:50 PM Gaede, Neil <NSGaede at sbec.com> wrote:

> Yeah, I'm more of a DSEE guy myself.
>
> The schema LDIF is over 1700 lines, so here are the lines that reference
> OID 1.3.6.1.4.1.1466.115.121.1.38 or the objectIdentifierMatch matching
> rule that it seems to be getting hung up on:
>
> attributetypes: ( 2.5.4.0 NAME 'objectClass' EQUALITY
> objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
> attributetypes: ( 2.5.4.30 NAME 'supportedApplicationContext' EQUALITY
> objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
> attributetypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
> SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
> attributetypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
> SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' USAGE dSAOperation )
> attributetypes: ( 2.5.18.7 NAME 'collectiveExclusions' EQUALITY
>  objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )
> attributetypes: ( 2.5.18.0 NAME 'excludeAllCollectiveAttributes' EQUALITY
>  objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )
> attributetypes: ( 2.16.840.1.113894.1.1.709 NAME 'orclcertExtensionOID'
> EQUALITY objectIdentifierMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.38'
> SINGLE-VALUE )
> attributetypes: ( 2.16.840.1.113894.1.1.711 NAME
> 'orclcertExtensionAttribute' EQUALITY objectIdentifierMatch SYNTAX
> '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )
> matchingrules: ( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX
> '1.3.6.1.4.1.1466.115.121.1.38' )
> ldapsyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
>
> I'm not seeing anything unexpected here, but also I'm not well versed on
> how the ConnID LDAP connector processes the LDAP schema.
>
>
> Thanks,
>
>
> Neil
>
>
>
> ------------------------------
> *From:* Gustavo J Gallardo <ggallard at identicum.com>
> *Sent:* Tuesday, March 10, 2026 7:36 AM
> *To:* MidPoint General Discussion <midpoint at lists.evolveum.com>
> *Cc:* Gaede, Neil <NSGaede at sbec.com>
> *Subject:* Re: [midPoint] Use of LDAP Connector with Oracle Internet
> Directory
>
> Hi Neal,
> not really an expert in Oracle OID here, but can you export the schema
> (cn=subschemasubentry) to an LDIF file to compare attributes?
>
>
> Regards,
>
> Gustavo
>
>
> On Mon, Mar 9, 2026 at 7:23 PM Gaede, Neil via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
> Has anyone had any luck using the current version of the LDAP connector
> with Oracle Internet Directory? I'm getting an
> InvalidAttributeValueException at the discovery step when trying to add our
> OID server as a resource.
>
> 2026-03-09 21:56:02,327 [] [http-nio-8080-exec-135] WARN
> (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): Got ConnId
> exception (might be handled by upper layers later)
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
> in OID Test: ConnectorSpec.Main(resource:null(SBEC OID Test)): Error
> parsing resource schema: ERR_13787_OID_EXPECTED An oid is expected (line (
> 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX
> '1.3.6.1.4.1.1466.115.121.1.38' ), col 47), reason: Error parsing resource
> schema: ERR_13787_OID_EXPECTED An oid is expected (line ( 2.5.13.0 NAME
> 'objectIdentifierMatch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' ), col 47)
> (class
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException)
>
> I find the "OID Expected" at column 47 message to be interesting because
> it sure looks to be an OID, though maybe the fact that it's single-quoted
> is throwing it off?
>
> We're running a pretty bog-standard implementation of Internet Directory
> 12.2.1.4.0.
>
> Apologies for any potential OID (Object Identifier) / OID (Oracle Internet
> Directory) confusion.
>
>
> Thanks,
>
>
> Neil
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260318/93f635ab/attachment.htm>

More information about the midPoint mailing list