<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Luca,</p>
<p>if you used the capabilities I sent, then the attribute
midpointAccountStatus is considered to be the account's activation
and is not visible in account attributes by default.</p>
<p>Standard outbound mapping will do the trick:</p>
<p><activation></p>
<p><administrativeStatus></p>
<p><outbound/></p>
<p><!-- source is implicit: activation/effectiveStatus;</p>
<p>expression is implicit: as is;</p>
<p>target is implicit: what connector knows. As in this case it does
not know, we use the capabilities to tell midPoint to simulate the
capability using the midpointAccountStatus attribute</p>
<p>The mapping can be also strong if you want.<br>
</p>
<p>--><br>
</p>
<p></administrativeStatus></p>
<p></activation></p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 13:56, Luca Verardo
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:80804199-E1E1-42CA-8820-0903467F79BE@verardo.ch">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Perfect, it worked. The addition of
<generateObjectClass> and a refresh schema / test
connection worked.</div>
<div class=""><br class="">
</div>
<div class="">Next in line is the synchronisation issues. I cannot
point the outbound mapping to be
$projection/midPointAccountStatus, midpoint will say it does not
exists.<br class="">
<div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; text-decoration:
none;"><br class="Apple-interchange-newline">
<img apple-inline="yes"
id="EC9C2A9F-9B9A-4524-9607-88825DC8D080"
src="cid:part1.crHk3PoX.60O9Us0G@evolveum.com" class=""></div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; text-decoration:
none;"><br class="">
</div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; text-decoration:
none;">Is this mapping correct ?</div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; text-decoration:
none;"><br class="">
</div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px; text-decoration:
none;">Best regards,<br class="">
Luca Verardo</div>
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">Le 21 févr. 2022 à 13:27, Ivan Noris via
midPoint <<a href="mailto:midpoint@lists.evolveum.com"
class="moz-txt-link-freetext" moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
<div class="">
<p class="">Hi Luca,</p>
<p class="">I think you are on a good track. It really
seems that midpoint does not see the object class.<br
class="">
</p>
<p class="">To avoid the simple mistakes:</p>
<p class="">I assume that openldap is configured
correctly. (And that you can create account there
without midPoint using inetOrgPerson +
midPointPerson.)<br class="">
</p>
<p class="">I assume that you did upload + test the
resource (test resource will fetch schema from
OpenLDAP).</p>
<p class="">(I was tempted to ask you to add ri: prefix
to your midPointPerson auxiliary object class.)</p>
<p class="">Are you perhaps using something like this?</p>
<p class=""> <schema><br class="">
<generationConstraints><br class="">
<generateObjectClass>ri:inetOrgPerson</generateObjectClass><br
class="">
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br
class="">
<generateObjectClass>ri:groupOfNames</generateObjectClass><br
class="">
<generateObjectClass>ri:organizationalUnit</generateObjectClass><br
class="">
<generateObjectClass>ri:domain</generateObjectClass><br
class="">
<b class="">
<generateObjectClass>ri:midPointPerson</generateObjectClass></b><b
class=""><br class="">
</b> </generationConstraints><br class="">
</schema></p>
<p class="">(Please make sure that if you use
generationConstraints, you are mentioning the
auxiliary object classes there too).</p>
<p class="">I'm out of other ideas for now :)</p>
<p class="">Best regards,</p>
<p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 13:21, Luca
Verardo wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:B729C9BD-7664-4C67-BA01-9C17BA3D4FB4@verardo.ch"
class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Yes, I have read this chapter and tried
to implement it in the same way :</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="ui-monospace,
SFMono-Regular, SF Mono, Menlo, Consolas,
Liberation Mono, monospace" color="#313b45"><span style="caret-color: rgb(49, 59, 69); white-space: pre;" class=""><kind>account</kind>
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>midPointPerson</auxiliaryObjectClass></span></font><br
class="">
<div class=""><br class="webkit-block-placeholder">
</div>
<div class="">However, MidPoint seems to not like it
very much, and throws the following error :</div>
<span class=""><br class="">
Auxiliary object class midPointPerson specified in
rOCD+(ACCOUNT:default={.../resource/instance-3}inetOrgPerson) does not
exist</span></div>
<div class=""><span class=""><br class="">
</span></div>
<div class=""><span class="">I think I might need to
inform midPoint about the schema, but I’m not sure
how to do it, and if it is the correct mitigation
step about this issue.<br class="">
</span><span class="">
<div class=""><br class="">
<br class="">
Best regards,<br class="">
Luca Verardo<br class="">
</div>
</span>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Le 21 févr. 2022 à 13:00, Ivan
Noris via midPoint <<a
href="mailto:midpoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
<div class="">
<p class="">Hi Luca,</p>
<p class="">you are right, it's auxiliary
object class. I was trying to find
existing example, but I found nothing.</p>
<p class="">Unless anyone else from the
community has a working ready-to-share
example, some bits and pieces:</p>
<p class="">1. please see <a
class="moz-txt-link-freetext"
href="https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/"
moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/</a>
for auxiliary object class configuration.
If all your accounts should have the
auxiliary object class, the first chapter
Static Use of Auxiliary Object Classes
should be what you need</p>
<p class="">2. Unix Story Test at <a
class="moz-txt-link-freetext"
href="https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/"
moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/</a>
could be also useful for configuration
example (even it's a different scenario
and different auxiliary object class)</p>
<p class="">3. if you can see the
midpointActivationStatus attribute in your
resource, you will probably need something
like this in your LDAP resource XML (based
on the documentation I see that
midpointActivationStatus should be
string):</p>
<p class=""> <capabilities xmlns:cap=<a
class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
moz-do-not-send="true">"http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"</a>><br
class="">
<configured><br class="">
<cap:activation><br
class="">
<cap:status><br
class="">
<cap:attribute>ri:midpointActivationStatus</cap:attribute><br
class="">
<cap:enableValue>enabled</cap:enableValue><br
class="">
<cap:disableValue>disabled</cap:disableValue><br
class="">
</cap:status><br
class="">
</cap:activation><br
class="">
</configured><br class="">
</capabilities></p>
<p class="">and an ordinary outbound
activation/administrativeStatus mapping in
the resource.</p>
<p class="">Unfortunately I do not have the
environment prepared to really test this.</p>
<p class="">Best regards & happy
testing,</p>
<p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 21. 2. 2022
11:59, Luca Verardo wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:51E4DFA0-433C-4334-B421-AF478F80A743@verardo.ch"
class="">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8"
class="">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Thank you.</div>
<div class=""><br class="">
</div>
<div class="">I added successfully the
midPointPerson schema. However, I cannot
get the Auxiliary Object classes to
work. If I understood correctly, to be
able to use midPointActivationStatus, an
LDAP user needs to have inetOrgPerson +
midPointPerson.</div>
<div class=""><br class="">
</div>
<div class="">Can you share an example on
how to instruct MidPoint to add this
object class to newly created users ?</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in advance.<br
class="">
<div class="">
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;
text-decoration: none;" class=""><br
class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;
text-decoration: none;" class="">Best
regards,<br class="">
Luca Verardo</div>
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Le 17 févr. 2022 à
09:32, Ivan Noris via midPoint
<<a
href="mailto:midpoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br
class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html;
charset=UTF-8" class="">
<div class="">
<p class="">Hi Luca,</p>
<p class="">please have a look
here: <a
class="moz-txt-link-freetext"
href="https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/"
moz-do-not-send="true">https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/</a></p>
<p class="">It is referencing <a
class="moz-txt-link-freetext"
href="https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap</a>
where you have also LDIF files
for OpenLDAP.</p>
<p class="">Hope it helps.</p>
<p class="">Best regards,</p>
<p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On
17. 2. 2022 8:53, Luca Verardo
via midPoint wrote:<br
class="">
</div>
<blockquote type="cite"
cite="mid:408F7134-133F-43D8-96FF-0D600D22E1C3@verardo.ch"
class="">
<meta
http-equiv="Content-Type"
content="text/html;
charset=UTF-8" class="">
Dear community,
<div class=""><br class="">
</div>
<div class="">Is there any up
to date documentation
explaining how to add and
use the OpenLDAP midPoint
schema ? The one that allows
the midPointAccountStatus
(disabled or enabled) for
example.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in
advance.<br class="">
<div class="">
<div class="">
<div style="caret-color:
rgb(0, 0, 0);
font-family:
Helvetica; font-size:
12px; font-style:
normal;
font-variant-caps:
normal; font-weight:
normal;
letter-spacing:
normal; text-align:
start; text-indent:
0px; text-transform:
none; white-space:
normal; word-spacing:
0px;
-webkit-text-stroke-width:
0px; text-decoration:
none;" class=""><br
class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color:
rgb(0, 0, 0);
font-family:
Helvetica; font-size:
12px; font-style:
normal;
font-variant-caps:
normal; font-weight:
normal;
letter-spacing:
normal; text-align:
start; text-indent:
0px; text-transform:
none; white-space:
normal; word-spacing:
0px;
-webkit-text-stroke-width:
0px; text-decoration:
none;" class="">Best
regards,<br class="">
Luca</div>
</div>
<br class="">
</div>
</div>
<br class="">
<fieldset
class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com/" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">
midPoint mailing list<br class="">
<a
href="mailto:midPoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br
class="">
<a class="moz-txt-link-freetext"
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com/" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br
class="">
<a class="moz-txt-link-freetext"
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br
class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com"
class="moz-txt-link-freetext" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>