Hi,<br><br> I was doing a delete of the resource from configuration each time before importing the resource; was not<br> expecting the schema to have survived ... although I did not do that for the last test before post, else I may<br> have caught one issue; thx for reminding me.<br><br> A number of directories, including OpenDJ, IBM, etc, support schema definition using a unique string instead<br> of OID (dotted notation). This makes the process easier, less prone to error, and you don't have to track<br> OID numbers actively. When defining my auxiliary objectClas in this way, midpoint seems to ignore it, e.g.:<br><br><span> </span>attributeTypes: ( <span style="color: rgb(0, 0, 255);"><b>myCallSign-OID</b></span> NAME 'myCallSign' DESC 'Call Sign' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )<br><span> </span>objectClasses: ( <span style="color: rgb(0, 0, 255);"><b>myPerson-OID</b></span> NAME 'myPerson' DESC 'My Person' SUP top AUXILIARY MAY ( myCallSign ) )<br><br> If however I use dotted notation OID, the objectClass is recognised, e.g.:<br><br> attributeTypes: ( <span style="color: rgb(0, 0, 255);"><b>2.1.1.1.1</b></span> NAME 'myCallSign' DESC 'Call Sign' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )<br> objectClasses: ( <span style="color: rgb(0, 0, 255);"><b>2.1.1.1.0</b></span> NAME 'myPerson' DESC 'My Person' SUP top AUXILIARY MAY ( myCallSign ) )<br><br> In 3.1.1 with the old connector the first definition worked and I have used this syntax for several years;<br> hope we do not have to regress ...<br><br>Regards,<br> Anton<br><br><blockquote style="margin-right: 0px; margin-left:15px;">----Original message----<br>From : ivan.noris@evolveum.com<br>Date : 22/10/2015 - 13:41 (BST)<br>To : midpoint@lists.evolveum.com<br>Subject : Re: [midPoint] New ldap connector and auxiliary objectClasses<br><br>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
Hi,<br>
<br>
do you have your new attributes (coming from ri:myPerson) in the
resource <schema>? (Not in schema handling).<br>
<br>
To be sure, edit please your resource using Configuration -
Repository objects and delete <schema> .. .</schema>
element and then save and try to test connection. After this, check
the <schema> element if it contains your ri:myPerson object
class and its attributes...<br>
<br>
My coleagues are using this new LDAP connector (but in master) and
there were some fixes, but I can't tell now if it was related to
auxiliary classes.<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 10/22/2015 02:30 PM,
<a class="moz-txt-link-abbreviated" href="mailto:midpoint@mybtinternet.com">midpoint@mybtinternet.com</a> wrote:<br>
</div>
<blockquote cite="mid:15205466.39985.1445517053518.JavaMail.defaultUser@defaultHost" type="cite">Hi,<br>
<br>
I was trying:<br>
<br>
<!-- snip --><br>
<schemaHandling><br>
<objectType><br>
<displayName>Default Account</displayName><br>
<default>true</default><br>
<objectClass>ri:inetOrgPerson</objectClass><br>
<b><auxiliaryObjectClass>ri:myPerson</auxiliaryObjectClass></b><br>
<attribute><br>
<ref>ri:dn</ref><br>
<displayName>Distinguished
Name</displayName><br>
<limitations><br>
<minOccurs>0</minOccurs><br>
<access><br>
<read>true</read><br>
<add>true</add><br>
<modify>false</modify><br>
</access><br>
</limitations><br>
<matchingRule>mr:stringIgnoreCase</matchingRule><br>
<outbound><br>
<strength>weak</strength><br>
<source><br>
<path>$user/name</path><br>
</source><br>
<expression><br>
<script><br>
<!-- No explicit script language
was specified. It means that this is Groovy --><br>
<code><br>
'uid=' + name + iterationToken +
',ou=staff,dc=internal,dc=example,dc=com'<br>
</code><br>
</script><br>
</expression><br>
</outbound><br>
</attribute><br>
<!-- snip --><br>
<!-- snip --><br>
<b> <attribute><br>
<c:ref>ri:myCallSign</c:ref><br>
<exclusiveStrong>false</exclusiveStrong><br>
<tolerant>true</tolerant><br>
<fetchStrategy>implicit</fetchStrategy><br>
<outbound><br>
<authoritative>false</authoritative><br>
<exclusive>false</exclusive><br>
<strength>normal</strength><br>
<source><br>
<c:path>extension/myCallSign</c:path><br>
</source><br>
</outbound><br>
<inbound><br>
<authoritative>false</authoritative><br>
<exclusive>false</exclusive><br>
<strength>normal</strength><br>
<target><br>
<c:path>extension/myCallSign</c:path><br>
</target><br>
</inbound><br>
</attribute></b><br>
<!-- snip --><br>
<br>
When having attributes defined in the schema handling, midPoint
complains about them;<br>
When only the auxiliary objectClass defined, midPoint says it
can't be found. myCallSign<br>
is an attribute of myPerson objectClass.<br>
<br>
Regards,<br>
Anton<br>
<br>
<br>
<br>
<blockquote style="margin-right: 0px; margin-left:15px;">----Original
message----<br>
From : <a class="moz-txt-link-abbreviated" href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a><br>
Date : 22/10/2015 - 13:15 (BST)<br>
To : <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
Subject : Re: [midPoint] New ldap connector and auxiliary
objectClasses<br>
<br>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
Hi,<br>
could you please paste your <objectType> definition from
schema handling?<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 10/22/2015 01:36 PM, <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midpoint@mybtinternet.com"></a><a class="moz-txt-link-abbreviated" href="mailto:midpoint@mybtinternet.com">midpoint@mybtinternet.com</a>
wrote:<br>
</div>
<blockquote cite="mid:10419466.34073.1445513804668.JavaMail.defaultUser@defaultHost" type="cite">Hi Guys,<br>
<br>
Trying to use the new LDAP connector in 3.2; but having
issues with my auxiliary objectClass.<br>
<br>
I have tried using:
<auxiliaryObjectClass>ri:myPerson</auxiliaryObjectClass><br>
in the account section of schema definition. This seems to
be the method implied by the UNIX user<br>
sample scenario ... although not used on the account section
per se.<br>
<br>
After resource load, which is apparently successful,
browsing to "List resources" throws an error<br>
that the objectclass myPerson was not found. When looking at
the objectClasses listed in the<br>
connector, it does not seem to be listed. Also enable read
schema, seems to make not diff. Tried<br>
test connection; again no diff.<br>
<br>
This used to work with 3.1.1 and the previous connector.<br>
<br>
If I do a ldapsearch for schema on OpenDJ, my custom
objectclass is returned; Apache Directory<br>
Studio also recognises the auxiliary objectclass. Thus, is
this:<br>
<span><span> </span>- an issue with how I'm referencing
the auxiliary objectClass?<br>
</span>- a bug in the new LDAP connector?<br>
<span> </span>- Something else?<br>
<br>
Thx,<br>
Anton<br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
<br></blockquote><br><p></p>