<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>Hi,</p>
    <p>I think you may need to specify object classes that are auxiliary
      in schema handling...</p>
    <p>e.g.:</p>
    <p>        <objectType><br>
                      <kind>account</kind><br>
                  <intent>default</intent><br>
                  <displayName>Account</displayName><br>
                 
      <objectClass>ri:inetOrgPerson</objectClass><br>
                <b> 
        <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass></b><b><br>
      </b><b>           
<auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass></b></p>
    <p>...</p>
    <p>Not sure if you can "ignore" the attributes during
      synchronization , but maybe someone else knows.</p>
    <p>Regards,</p>
    <p>Ivan<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 11/22/2016 11:06 AM, Wojciech
      Staszewski wrote:<br>
    </div>
    <blockquote
      cite="mid:a6f4146e-9fe3-01d8-d665-3fdd871eb902@diagnostyka.pl"
      type="cite">
      <pre wrap="">Hello,

I have some problems with initial users import from my 389ds LDAP.
Most of users have objectClasses:

      <generationConstraints>
         <generateObjectClass>ri:inetOrgPerson</generateObjectClass>
         <generateObjectClass>ri:groupOfUniqueNames</generateObjectClass>
         <generateObjectClass>ri:groupOfNames</generateObjectClass>
         <generateObjectClass>ri:organizationalUnit</generateObjectClass>
         <generateObjectClass>ri:inetUser</generateObjectClass>
         <generateObjectClass>ri:shadowAccount</generateObjectClass>
         <generateObjectClass>ri:sambaSamAccount</generateObjectClass>
         <generateObjectClass>ri:posixAccount</generateObjectClass>
         <generateObjectClass>ri:posixGroup</generateObjectClass>
         <generateObjectClass>ri:top</generateObjectClass>
         <generateObjectClass>ri:person</generateObjectClass>
         <generateObjectClass>ri:organizationalPerson</generateObjectClass>
         <generateObjectClass>ri:mozillaAbPersonAlpha</generateObjectClass>
      </generationConstraints>

Accounts having only "inetOrgPerson"  objectClass (for example special
accounts for some services) was imported and linked correctly.
At this moment I have 41 correctly linked accounts from about 6000.
Import of the rest ending with error quoted below and accounts remains
"UNLINKED":

Schema violation during processing shadow: shadow:
uid=XXXXX,ou=People,dc=YYYYY,dc=ZZ 
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65)): Schema violation during processing
shadow: shadow: uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ
(OID:000354a4-fe05-41de-81f1-4a5fdeb9928b): Schema violation: Invalid
attribute:
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error
modifying LDAP entry uid=XXXXXX,ou=People,dc=YYYYY,dc=ZZ:
[remove:sambaPwdLastSet: 0,remove:sambaPwdCanChange:
0,remove:sambaLogonTime: 2147483647,remove:sambaKickoffTime:
2147483647,remove:homeDirectory: /home/XXXXXX,remove:sambaAcctFlags: [U
],remove:uidNumber: 1587,remove:objectClass: inetUser?objectClass:
posixAccount?objectClass: sambaSamAccount,remove:sambaSID:
-4174,remove:sambaLogoffTime: 2147483647,remove:sambaPwdMustChange:
2147483647,remove:gidNumber: 1463,]: objectClassViolation: attribute
"memberOf" not allowed? (65))

How to tell Midpoint to ignore these objectClasses and attributes?
Thanks.

</pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
  </body>
</html>