<HTML><BODY>Hi<br><br>yes it is<br><br><p><xsd:element <br>maxOccurs="<strong>unbounded</strong>"<br> minOccurs="0"<br> name="description"<br> type="xsd:string"><br> <xsd:annotation><br> <xsd:appinfo><br> <a:displayOrder>590</a:displayOrder><br> <ra:nativeAttributeName>description</ra:nativeAttributeName><br> <ra:frameworkAttributeName>description</ra:frameworkAttributeName><br> </xsd:appinfo><br> </xsd:annotation><br> </xsd:element><br><br>intresting but sad.<br><br><strong>Workaround WORKS. Thanks </strong><br></p><br><br><br><blockquote style="border-left:1px solid #0857A6; margin:10px; padding:0 0 0 10px;">
Среда, 21 декабря 2016, 16:23 +03:00 от "Roman Pudil - AMI Praha a.s." <roman.pudil@ami.cz>:<br>
<br>
<div id="">
<div class="js-helper js-readmsg-msg">
<style type="text/css"></style>
<div>
<base target="_self" href="https://e.mail.ru/">
<div id="style_14823268170000000090_BODY">
<div>Hi,</div><div><br></div><div>there is some interesting behavior: <span style="font-size: 12pt;">Attribute ri:description seems to be multivalued (see the schema section in AD resource definition), but attribute is single-valued.</span></div><div><br></div><div><b>Workaround - use limitations on "ri:description" attribute in schema handling section:</b></div><div><br></div><div> <attribute><br> <c:ref>ri:description</c:ref><br> <displayName>Description</displayName><br><b> <limitations><br> <maxOccurs>1</maxOccurs><br> </limitations><br></b> <outbound><br></div><div> .......</div><div><br></div><div><br></div><div>Regards</div><div><br></div><div><br></div><div><div style="font-size: 12pt;font-family: Tahoma">
<table style="white-space: normal;word-spacing: 0px;border-collapse: collapse;text-transform: none;color: rgb(0,0,0);font: medium 'Times New Roman';widows: 1;letter-spacing: normal;text-indent: 0px;-webkit-text-stroke-width: 0px" class="mceItemTable">
<tbody>
<tr>
<td style="font-size: 11px;font-family: Arial, sans-serif;vertical-align: bottom;color: rgb(0,0,0)" colspan="2">
<p><span style="font-size: 14px;font-weight: bold">Roman Pudil</span><br>solution architect<br><br>gsm: [+420] 775 663 666<br>e-mail:<span> </span><a href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a></p></td>
<td style="border-right: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="font-size: 11px;font-family: Arial, sans-serif;vertical-align: bottom;color: rgb(0,0,0)">
<p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel./fax: [+420] 274 783 239<br>web:<span> </span><a href="http://www.ami.cz" target="_blank">www.ami.cz</a></p></td>
<td style="border-right: rgb(204,204,204) 1px solid"> </td>
<td> </td>
<td style="font-size: 11px;font-family: Arial, sans-serif;color: rgb(0,0,0)">
<p><img title="AMI Praha a.s." border="0" alt="" src="http://www.ami.cz/images/podpis/ami_logo.gif"></p></td></tr>
<tr>
<td colspan="8"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img border="0" alt="" src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png"></a></td></tr>
<tr>
<td style="font-size: 11px;font-family: Arial, sans-serif;color: rgb(128,128,128)" colspan="8"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div></div><div><br></div><div><br></div><div><br></div>
<div>------ Původní zpráva ------</div>
<div>Od: "Wojciech Staszewski" <<a href="mailto:wojciech.staszewski@diagnostyka.pl">wojciech.staszewski@diagnostyka.pl</a>></div>
<div>Komu: <a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></div>
<div>Odesláno: 21.12.2016 13:03:36</div>
<div>Předmět: Re: [midPoint] attributeOrValueExists ERROR LDAP</div><div><br></div>
<div><blockquote cite="baff7d13-cf76-504f-3d1f-c58fb1874e80@diagnostyka.pl" type="cite">
<tt style="word-wrap:break-word"><div>I have the same issue with LDAP with attributes from some objectclasses (e.g. SambaSamAccount).</div>
<div>And when I'm using my own custom auxiliary objectclass (OC), Midpoint tries to add this objectclass to LDAP accounts which already have this OC and I got errors.</div>
<div>I temoprary removed these OC from schema and don't use attributes from them.</div>
<div> </div>
<div> </div>
<div>W dniu 21.12.2016 o 07:17, oleg okunev pisze:</div>
<blockquote type="cite">
<div> Hello.</div>
<div> </div>
<div> Strange problem i get when trying to modify decription in user which have link to AD account</div>
<div> config of schema handling</div>
<div> </div>
<div> <attribute></div>
<div> <ref>ri:description</ref></div>
<div> <outbound></div>
<div> <source></div>
<div> <path>description</path></div>
<div> </source></div>
<div> </outbound></div>
<div> <inbound></div>
<div> <target></div>
<div> <path>description</path></div>
<div> </target></div>
<div> </inbound></div>
<div> </attribute></div>
<div> </div>
<div> </div>
<div> *Preview changes*</div>
<div> </div>
<div> </div>
<div> Modify User Archangel Gabriel (Gabriel)</div>
<div> </div>
<div> </div>
<div> Item Old value New value</div>
<div> Description New Desc New Desc NEW</div>
<div> </div>
<div> </div>
<div> </div>
<div> Secondary changes: 2 objects</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> Modify User Archangel Gabriel (Gabriel)</div>
<div> </div>
<div> </div>
<div> Item Old value New value</div>
<div> Description New Desc New Desc NEW</div>
<div> </div>
<div> </div>
<div> Modify Shadow CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru</div>
<div> </div>
<div> </div>
<div> Item Value</div>
<div> resourceRef Active Directory Medusa (LDAPS) v2</div>
<div> kind ACCOUNT</div>
<div> intent default</div>
<div> </div>
<div> </div>
<div> Modify attributes</div>
<div> </div>
<div> </div>
<div> Item Old value New value</div>
<div> description New Desc NEW</div>
<div> </div>
<div> </div>
<div> </div>
<div> GOT this ERROR</div>
<div> </div>
<div> Schema violation during processing shadow:</div>
<div> shadow: CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru (OID:92d4a278-8d4f-46a3-af88-56bdf8529a95):</div>
<div> Schema violation: Invalid attribute: org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException(Error modifying LDAP entry CN=Archangel Gabriel,OU=Sky,OU=Earth,DC=abb-test,DC=akbars,DC=ru: [add:description: New Desc Second,]: attributeOrValueExists: 00002081: AtrErr: DSID-030F154F, #1:??0: 00002081: DSID-030F154F, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att d (description)?? (20)):</div>
<div> </div>
<div> it looks like midpoint trying to add NEW attribute - i cant understand why not modify existing attribute value</div>
<div> </div>
<div> I know it must be simple but i trying to search and failed(((</div>
<div> i got 3 object classes : user group and OU</div>
<div> </div>
<div> and one more thing</div>
<div> after error decription is different - in user new - in AD old</div>
<div> if i make reconcile - in AD it became emty</div>
<div> and after that any first decription writes well in AD.</div>
<div> </div>
<div> </div>
<div> </div>
<div> --</div>
<div> oleg okunev</div>
<div> </div>
<div> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
<div> </div>
<div> </div>
<div> _______________________________________________</div>
<div> midPoint mailing list</div>
<div> <a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></div>
<div> <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></div>
<div> </div>
</blockquote>
<div>Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)</div>
<div>NIP: 675-12-65-009; REGON: 356366975</div>
<div>Kapitał zakładowy: 33 756 500 zł.</div>
<div> </div>
<div>Pomyśl o środowisku zanim wydrukujesz ten e-mail.</div>
<div>_______________________________________________</div>
<div>midPoint mailing list</div>
<div><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></div>
<div><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a></div>
</tt></blockquote></div>
</div>
<div>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
<base target="_self" href="https://e.mail.ru/">
</div>
</div>
</div>
</blockquote>
<br></BODY></HTML>