Hi,<br><br> Jason, thank you for the samples. It confirmed that I had indeed performed all the steps required.<br> This allowed me to read and write custom attributes once the auxiliary class was added to the<br> user entry.<br><br> Something else I learned from the examples was the use on the namespace ... this was somewhat<br> more murky for me before. Is there a good description of their use in the docs?<br><br> One thing I did not find however, was how the auxiliary was added to the user entry; e.g. the crux<br> of my problem. As Pavol suggested, most may have amended the base objectClass, or create a<br> new person objectClass, and subsequently would not have the issue.<br><br> As I am not willing to add new attributes to existing OOTB objectClasses, I had to find a different<br> solution. Don't like this much either, but later discovered OpenAM already did this in our environment,<br> but you can set a relationship from the user objectClass to the auxiliary objectClass in the AD<br> schema. This then allows you to manage the custom attributes without the need to explicitly add the<br> objectClass to the user entry. For reference, this article describes how to do this:<br> https://msdn.microsoft.com/en-us/library/bb727064.aspx<br><br> Ideally I would like to see proper auxiliary support for AD as with OpenDJ, but I can live with the<br> solution I have for now.<br><br>Regards,<br> Anton<br><br><blockquote style="margin-right: 0px; margin-left:15px;">----Original message----<br>From : mederly@evolveum.com<br>Date : 09/07/2015 - 06:59 (BST)<br>To : midpoint@lists.evolveum.com<br>Subject : Re: [midPoint] Active Directory and custom attributes & auxiliary objectclass<br><br>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<div class="moz-cite-prefix">Jason, Anton,<br>
<br>
thank you for samples & suggestions for the wiki article. I
hope I'll be able to update it soon.<br>
<br>
Anton, have you succeeded in solving your problem? If not, how
urgent is it for you?<br>
<br>
Pavol<br>
<br>
</div>
<blockquote cite="mid:CAFkZXY6Nsz+ksMkw0s4SqrXhHY__ViwdnXyqcP7Z8rYkAbs8Ww@mail.gmail.com" type="cite">
<div dir="ltr">Sorry, that bshpSchema was a little outdatedm wrong
display order/names</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jul 7, 2015 at 12:11 PM, Jason
Everling <span dir="ltr"><<a moz-do-not-send="true" href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Yes, it is defined against account. I did not
modify anything in midPoint. All I did was reference those
attributes in an objectTemplate during user creation and
modification.
<div><br>
</div>
<div>I added our files along with our AD resource header
below</div>
<div><br>
</div>
<div>schema.xml is in the root on the connector server so
c:\program files (x86)\Identity Connectors\Connector
Server\ and bshpSchema.xsd is in midpoint.home location
/schema folder.</div>
<div><br>
</div>
<div>Sampled from top, the blue is what you would need to
add then reference that in templates and resource</div>
<div><br>
</div>
<div>
<div><objects xmlns="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:xsi="<a moz-do-not-send="true" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"</div>
<div> xmlns:q="<a moz-do-not-send="true" href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"</div>
<div> xmlns:c="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:mr="<a moz-do-not-send="true" href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" target="_blank">http://prism.evolveum.com/xml/ns/public/matching-rule-3</a>"</div>
<div> xmlns:xsd="<a moz-do-not-send="true" href="http://www.w3.org/2001/XMLSchema" target="_blank">http://www.w3.org/2001/XMLSchema</a>"</div>
<div> xmlns:ri="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"</div>
<div> xmlns:icfc="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3</a>"</div>
<div> xmlns:icfs="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</div>
<div> <font color="#0000ff">xmlns:bshp="<a moz-do-not-send="true" href="http://idm.test.local/xml/ns/public/testdomain" target="_blank">http://idm.test.local/xml/ns/public/testdomain</a>"</font></div>
<div> xsi:schemaLocation="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>
../../infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd"></div>
</div>
<div><br>
</div>
<div>
<div> <icfc:configurationProperties</div>
<div> xmlns:icfcad="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</a>"</div>
<div> xmlns:ex="<a moz-do-not-send="true" href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</a>"></div>
<div>
<icfcad:DirectoryAdminName>USER</icfcad:DirectoryAdminName></div>
<div>
<icfcad:DirectoryAdminPassword></div>
<div>
<clearValue>PASSWORD</clearValue></div>
<div>
</icfcad:DirectoryAdminPassword></div>
<div>
<icfcad:ObjectClass>User</icfcad:ObjectClass></div>
<div>
<icfcad:Container>dc=TEST,dc=LOCAL</icfcad:Container></div>
<div>
<icfcad:CreateHomeDirectory>false</icfcad:CreateHomeDirectory></div>
<div>
<icfcad:LDAPHostName>DC1.TEST.LOCAL</icfcad:LDAPHostName></div>
<div>
<icfcad:SearchChildDomains>false</icfcad:SearchChildDomains></div>
<div>
<icfcad:DomainName>TEST.LOCAL</icfcad:DomainName></div>
<div>
<icfcad:SyncGlobalCatalogServer>DC1.TEST.LOCAL</icfcad:SyncGlobalCatalogServer></div>
<div>
<icfcad:SyncDomainController>DC1.TEST.LOCAL</icfcad:SyncDomainController></div>
<div><font color="#0000ff"> <!--
Extend Schema (reference to file on Domain
Controller) --></font></div>
<div><font color="#0000ff">
<ex:ObjectClassesExtensionFile>schema.xml</ex:ObjectClassesExtensionFile></font></div>
<div> </icfc:configurationProperties></div>
</div>
<div><br>
</div>
<div>Then in objectTemplate mappings or resource mappings
define each attribute</div>
<div><br>
</div>
<div>
<div> <attribute></div>
<div>
<ref>ri:eduPersonAffiliation</ref></div>
<div> <outbound></div>
<div> <source></div>
<div> <path></div>
<div> declare namespace <span style="color:rgb(0,0,255)">bshp</span><span style="color:rgb(0,0,255)">="<a moz-do-not-send="true" href="http://idm.test.local/xml/ns/public/testdomain" target="_blank">http://idm.test.local/xml/ns/public/testdomain</a></span>";</div>
<div>
$c:user/c:extension/<span style="color:rgb(0,0,255)">bshp</span>:eduPersonAffiliation</div>
<span class="">
<div> </path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <target></div>
<div> <path></div>
</span>
<div> declare namespace <span style="color:rgb(0,0,255)">bshp</span><span style="color:rgb(0,0,255)">="<a moz-do-not-send="true" href="http://idm.test.local/xml/ns/public/testdomain" target="_blank">http://idm.test.local/xml/ns/public/testdomain</a></span>";</div>
<div>
$c:user/c:extension/<span style="color:rgb(0,0,255)">bshp</span>:eduPersonAffiliation</div>
<div> </path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
</div>
<span class="HOEnZb"><font color="#888888">
<div><br>
</div>
<div>JASON</div>
</font></span></div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jul 7, 2015 at 9:13
AM, <span dir="ltr"><<a moz-do-not-send="true" href="mailto:midpoint@mybtinternet.com" target="_blank">midpoint@mybtinternet.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I second this ... and did the same.<br>
<br>
Regards,<br>
Anton<br>
<br>
<blockquote style="margin-right:0px;margin-left:15px">----Original
message----<br>
From : <a moz-do-not-send="true" href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a><br>
Date : 06/07/2015 - 17:26 (BST)
<div>
<div><br>
To : <a moz-do-not-send="true" href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
Subject : Re: [midPoint] Active Directory
and custom attributes & auxiliary
objectclass<br>
<br>
<div dir="ltr"><font face="arial, helvetica, sans-serif" color="#000000">There
is also some parts that should be added
to that wiki page,</font>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000">After creating
the schema.xml and adding to your
server with the Connector Server
running you have to create an
extension file for midpoint to match
that one and place in midpoint.home
schema like these (<a moz-do-not-send="true" href="https://github.com/Evolveum/midpoint/tree/master/samples/schema" target="_blank">https://github.com/Evolveum/midpoint/tree/master/samples/schema</a>)
so that midPoint can read/write to
those new objectClass attributes</font><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif">.</span></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000">After those are
added you have to add a new
declaration to your resource xml like
so</font></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap">xmlns:my=</span><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span>"</span><a moz-do-not-send="true" href="http://myself.me/schemas/whatever" target="_blank">http://myself.me/schemas/whatever</a><span>"</span></span></font></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></span></span></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><span style="line-height:16.7999992370605px;white-space:pre-wrap">Then
after you have to use that in each
custom attribute mapping like so</span>
</font></div>
<div><font face="arial,
helvetica, sans-serif" color="#000000"><span style="line-height:16.7999992370605px;white-space:pre-wrap">
<attribute>
<ref>ri:customAttribute</ref>
<outbound> <source>
<path> declare namespace </span><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap">my=</span><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span>"</span><a moz-do-not-send="true" href="http://myself.me/schemas/whatever" target="_blank">http://myself.me/schemas/whatever</a><span>"</span></span><span style="line-height:16.7999992370605px;white-space:pre-wrap">;
$c:user/c:extension/my:</span><span style="line-height:16.7999992370605px;white-space:pre-wrap">customAttribute</span><span style="line-height:16.7999992370605px;white-space:pre-wrap">
</path> </source>
</outbound> <inbound>
<target> <path> declare
namespace </span><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap">my=</span><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span>"</span><a moz-do-not-send="true" href="http://myself.me/schemas/whatever" target="_blank">http://myself.me/schemas/whatever</a><span>"</span></span><span style="line-height:16.7999992370605px;white-space:pre-wrap">;
$c:user/c:extension/my:</span><span style="line-height:16.7999992370605px;white-space:pre-wrap">customAttribute</span><span style="line-height:16.7999992370605px;white-space:pre-wrap">
</path> </target>
</inbound> </attribute></span><br>
</font></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></span></span></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000">After you
add those you can read/write to
any attribute and also create new
users with those new attributes.</font></span></span></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></span></span></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000">When I
first setup our AD resource it
took me a little while after
looking at the samples, something
like this I think should also be
added/mentioned to that wiki page</font></span></span></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000"><br>
</font></span></span></div>
<div><span style="font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><font face="arial,
helvetica, sans-serif" color="#000000">JASON</font></span></span></div>
<div><span style="color:rgb(24,54,145);font-family:Consolas,'Liberation
Mono',Menlo,Courier,monospace;font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap"><span><br>
</span></span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jul 6,
2015 at 11:03 AM, Jason Everling <span dir="ltr"><<a moz-do-not-send="true" href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">I am using the AD
Connector with additional custom
auxiliary object classes ( I have 4
additional classes ) and it works
fine when I create new users in the
GUI or from any other resource and
is correctly created in AD.
<div><br>
</div>
<div>My Object Classes managed in
midPoint using the extension
functionality<br>
</div>
<div><br>
</div>
<div>bshpGroup</div>
<div>bshpOrg</div>
<div>bshpPerson</div>
<div>eduPerson</div>
<div><br>
</div>
<div>All of the above in AD Schema
are Class Type: Auxiliary with
Parent "top"</div>
<div><br>
</div>
<div>Is this not the same?</div>
<div><br>
</div>
<div>JASON</div>
</div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote">On Mon,
Jul 6, 2015 at 9:05 AM, Pavol
Mederly <span dir="ltr"><<a moz-do-not-send="true" href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello Anton,<br>
<br>
now I perhaps understand
your situation a little
bit better. Because what
I was used to see was
that people extended the
"basic" AD user object
with custom attributes,
without introducing
separate objectClasses.
Neither did I; and
although I've seen that
you had mentioned using
auxiliary object
classes, I have no
experiences with them in
Active Directory.<span><br>
<br>
<blockquote type="cite">I was
hoping it is
possible to override
the objectClasses in
the schema handling,
but<br>
can't find an
example. </blockquote>
</span> If you mean
adding auxiliary object
classes, then a sample
is e.g. in <a moz-do-not-send="true" href="https://github.com/Evolveum/midpoint/blob/master/testing/story/src/test/resources/unix/resource-opendj.xml" target="_blank">testing\story\src\test\resources\unix\resource-opendj.xml</a>
file. However,
unfortunately, this is a
feature of new LDAP
connector. The
ActiveDirectory
connector does not
support auxiliary object
classes yet.<span><br>
<br>
<blockquote type="cite">The
other option, I
guess, would be to
use the the custom<br>
schema feature of
ObjectClassesExtensionFile,
but I have a few
questions on this:<br>
1) Is the
objectClass type
always Tenant?<br>
</blockquote>
</span> No. The new
object class can be
anything. "Tenant" was
an object class that was
used in a particular
customer's setting. <br>
<span> <br>
<blockquote type="cite"> 2) Does
this add an
objectClass in
addition of the user
class or instead of
the user class?<br>
</blockquote>
</span> In addition to
the user class. The
existing
AccountObjectClass will
be left intact. New
object class will be
seen in midPoint as
Custom<b>someName</b>ObjectClass,
if the object class will
be defined as "someName"
in the connector.<br>
<br>
Unfortunately, the
connector will not
recognize such a class
to be an extension of
the AccountObjectClass
and will not apply the
standard functionality
(written in C#) to
manage objects of this
class. <br>
<br>
So, if you would like to
use it to manage your
users, you would need
either<br>
1) to implement
everything in
PowerShell, which is
quite a lot of work
(given that you would
have to implement e.g.
exception handling, and
so on),<br>
2) or to do some hacking
with custom scripts,
like calling original AD
connector to do its part
of the work and then
manage specific
attributes using
PowerShell.<br>
<br>
Neither of this seems to
me a "clean solution".<br>
<br>
Overall, we plan to
enhance Active Directory
connector with some of
the new features Radovan
has recently implemented
for LDAP one. Auxiliary
object class support is
among them. But I cannot
say when that would be
done. Maybe you could
contact Igor Farinic for
options there.<span><br>
<br>
<blockquote type="cite"> 3) How
/ when are the
custom scripts
called?<br>
</blockquote>
</span> Custom scripts
feature is currently
only available in
Exchange connector,
which is a superset of
AD connector useful
mainly if you want to
manage also Exchange
objects. (But I think
nothing precludes the
use of it in AD-only
settings; I hope it no
longer depends on the
existence of specific
Exchange run time
libraries.) These
scripts are called
before, after and/or
instead of "main" C#
code. They can be
configured with regards
to object class and
operation. E.g. you can
define a "Before" script
for each "Create"
operation for
"AddressBookList" object
class. Or, if you have a
custom object class, you
have to define all the
operations as PowerShell
custom scripts.<br>
<br>
This is an example of
definition of a custom
script:<br>
<tt><br>
</tt><tt><?xml
version="1.0"?></tt><tt><br>
</tt><tt><ScriptingInfo></tt><tt><br>
</tt><tt><br>
</tt><tt>
<OperationInfo></tt><tt><br>
</tt><tt>
<Type>Create</Type></tt><tt><br>
</tt><tt>
<AfterMain></tt><tt><br>
</tt><tt>
<ObjectType>OfflineAddressBook</ObjectType></tt><tt><br>
</tt><tt>
<File>after-create-OAB.ps1</File></tt><tt><br>
</tt><tt>
</AfterMain></tt><tt><br>
</tt><tt>
</OperationInfo></tt><tt><br>
</tt><tt><br>
</tt><tt></ScriptingInfo></tt><br>
<br>
It says that after
executing main C#
routine for Create
operation for
OfflineAddressBook
object, the
after-create-OAB.ps1
file (stored in the
ConnectorServer
directory) will be
executed.<br>
Such a script can expect
one parameter, called
"ctx" (context),
pointing to the
following data
structure:<br>
<br>
<tt>public class Context
{</tt><tt><br>
</tt><tt> public
Connector Connector {
get; set; }</tt><tt><br>
</tt><tt> public
ActiveDirectoryConfiguration
ConnectorConfiguration
{ get; set; }</tt><tt><br>
</tt><tt> public
string OperationName {
get; set; }</tt><tt><br>
</tt><tt> public
Scripting.Position
Position { get; set; }</tt><tt><br>
</tt><tt> public
ObjectClass
ObjectClass { get;
set; }</tt><tt><br>
</tt><tt>}</tt><br>
<br>
(There are specific
contexts for individual
operations, see <a moz-do-not-send="true" href="https://github.com/Evolveum/openicf/blob/master/connectors/dotnet/ActiveDirectoryConnector/Scripting.cs" target="_blank">https://github.com/Evolveum/openicf/blob/master/connectors/dotnet/ActiveDirectoryConnector/Scripting.cs</a><span><br>
<blockquote type="cite"> 4) Is
there examples on
how to use the
custom schema
feature?</blockquote>
</span> Well, the
documentation of these
new features is still in
its beginnings. I'm
afraid the wiki article
I mentioned is the only
piece available :(<br>
Maybe someone on this
list could provide some
examples...<br>
<br>
Overall, the most clean
way (as I currently see
it) is to add support
for auxiliary object
classes to the standard
AD/Exchange connector.<br>
<br>
Best regards,<br>
Pavol
<div>
<div><br>
<br>
<br>
On 6. 7. 2015 14:51,
ANTON OPPERMAN
wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">Thx
Pavol! That is
getting me very
close ... <br>
<br>
Took a while to
figure out just how
to do it; the
documentation can be
clearer; e.g. where<br>
the value of
ObjectClassesExtensionFile
is set and which
system it should be
stored on. I<br>
saw a ref in the UI
that seemed to allow
for this, but this
didn't work for me.<br>
<br>
I have defined my
custom schema
entries in the
AccountObjectClass
section and can<br>
retrieve and set
values if my
auxiliary
objectClass is
present on the user.
Obviously<br>
creating an account
with schema
extension fails as
newly created users
will not have<br>
the auxiliary
objectClass (yet).<br>
<br>
I was hoping it is
possible to override
the objectClasses in
the schema handling,
but<br>
can't find an
example. The other
option, I guess,
would be to use the
the custom<br>
schema feature of
ObjectClassesExtensionFile,
but I have a few
questions on this:<br>
1) Is the
objectClass type
always Tenant?<br>
2) Does this add an
objectClass in
addition of the user
class or instead of
the user class?<br>
3) How / when are
the custom scripts
called?<br>
4) Is there examples
on how to use the
custom schema
feature?<br>
<br>
Thx!<br>
<br>
Regards,<br>
Anton<br>
<br>
<br>
<blockquote style="margin-right:0px;margin-left:15px">----Original
message----<br>
From : <a moz-do-not-send="true" href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a><br>
Date : 02/07/2015
- 15:17 (BST)<br>
To : <a moz-do-not-send="true" href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>
Subject : Re:
[midPoint] Active
Directory and
custom attributes
& auxiliary
objectclass<br>
<br>
<div>Hello Anton,<br>
<br>
the AD connector
schema can now
be extended via
configuration.
Please see <a moz-do-not-send="true" href="https://wiki.evolveum.com/display/midPoint/Extending+AD+and+Exchange+Connector+Schema+HOWTO" target="_blank">https://wiki.evolveum.com/display/midPoint/Extending+AD+and+Exchange+Connector+Schema+HOWTO</a>
for a simple
HOWTO.<br>
<br>
However,
contrary to
what's written
there, I would
recommend using
the latest
versions of
AD/Exchange
connector and
ConnId:<br>
- Exchange
Connector:
1.4.1.20283 (<a moz-do-not-send="true" href="https://wiki.evolveum.com/display/midPoint/Exchange+Connector" target="_blank">https://wiki.evolveum.com/display/midPoint/Exchange+Connector</a>)<br>
- Connector
Server: 1.4.0.84
(<a moz-do-not-send="true" href="https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server" target="_blank">https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server</a>)<br>
<br>
Also please note
that auxiliary
object classes
are not
supported for
AD. What you
need to do is to
extend the basic
AccountObjectClass
(or object class
for group/OU)
with your custom
attributes.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
On 2. 7. 2015
16:10, <a moz-do-not-send="true" href="mailto:midpoint@mybtinternet.com" target="_blank">midpoint@mybtinternet.com</a>
wrote:<br>
</div>
<blockquote type="cite">Hi,<br>
<br>
We intend
managing a
number of
different
directories with
similar data but
for populations
of users that<br>
must be stored
separately. We
also have a
fairly extensive
number of custom
attributes
grouped in an<br>
auxiliary
objectClass.<br>
<br>
For OpenDJ, I
was able to
setup the
resources and am
able to manage
all the custom
attributes; e.g.<br>
the connector
allows
definition of
which classes to
use.<br>
<br>
Now trying to
replicate with
AD and have
basic AD
provisioning
working;
however, I don't
see similar<br>
options for
defining
additional
objectClasses to
use. Have looked
in Jira; all
references
suggest
modifying<br>
objectClasses.xml
and building a
custom instance
of the
connector. I
don't see how
the custom<br>
objectClass is
referenced. Have
I missed
something?<br>
<br>
As for
building a
custom instance
of the
connector; I
would prefer not
to do that as:<br>
<span> </span>1)
we could run
into issues that
are related to
our attempt of
implementing<br>
2) each time
there is a new
fix, we would
need to go and
retro-fit and
rebuild<br>
3) each time
we extend the
schema, we need
to go and ammend
and rebuild<br>
<br>
While I may be
able to build a
custom instance,
once this is
handed-over to
business-as-usual,
they<br>
most certainly
will not have
the skills to
support this.<br>
<br>
Is this still
the process to
follow at this
time, or has
this changed? If
not changed, is
there a plan to<br>
make the AD
adapter
configurable ito
custom schema
(like OpenDJ)?
Time-frame?<br>
<br>
Thx<br>
<br>
Regards,<br>
Anton<br>
<br>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">-- <br>
<div>
<div dir="ltr">JASON</div>
</div>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
<br>
</div>
</div>
<font size="2"><br>
<br>
<span>CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is
proprietary and confidential; intended for
only the recipient(s) named above and may
contain information that is privileged. You
should not retain, copy or use this e-mail
or any attachments for any purpose, or
disclose all or any part of the contents to
any person. Any views or opinions expressed
in this e-mail are those of the author and
do not represent those of the Baptist School
of Health Professions. If you have received
this e-mail in error, or are not the named
recipient(s), you are hereby notified that
any review, dissemination, distribution or
copying of this communication is prohibited
by the sender and to do so might constitute
a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521.
Please immediately notify the sender and
delete this e-mail and any attachments from
your computer. </span></font><br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">JASON</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above and
may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are those
of the author and do not represent those of the Baptist School
of Health Professions. If you have received this e-mail in
error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or copying
of this communication is prohibited by the sender and to do so
might constitute a violation of the Electronic Communications
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
notify the sender and delete this e-mail and any attachments
from your computer. </font><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br></blockquote><br><p></p>