<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello Ivan,<div class=""><br class=""></div><div class="">Perfect, it worked. The addition of <generateObjectClass> and a refresh schema / test connection worked.</div><div class=""><br class=""></div><div class="">Next in line is the synchronisation issues. I cannot point the outbound mapping to be $projection/midPointAccountStatus, midpoint will say it does not exists.<br class=""><div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class="Apple-interchange-newline"><img apple-inline="yes" id="EC9C2A9F-9B9A-4524-9607-88825DC8D080" src="cid:F34504D0-74C4-441C-BCC0-A1C9CCF824AF" class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Is this mapping correct ?</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Best regards,<br class="">Luca Verardo</div>
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">Le 21 févr. 2022 à 13:27, Ivan Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com" class="">midpoint@lists.evolveum.com</a>> a écrit :</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><p class="">Hi Luca,</p><p class="">I think you are on a good track. It really seems that midpoint
does not see the object class.<br class="">
</p><p class="">To avoid the simple mistakes:</p><p class="">I assume that openldap is configured correctly. (And that you can
create account there without midPoint using inetOrgPerson +
midPointPerson.)<br class="">
</p><p class="">I assume that you did upload + test the resource (test resource
will fetch schema from OpenLDAP).</p><p class="">(I was tempted to ask you to add ri: prefix to your
midPointPerson auxiliary object class.)</p><p class="">Are you perhaps using something like this?</p><p class=""> <schema><br class="">
<generationConstraints><br class="">
<generateObjectClass>ri:inetOrgPerson</generateObjectClass><br class="">
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br class="">
<generateObjectClass>ri:groupOfNames</generateObjectClass><br class="">
<generateObjectClass>ri:organizationalUnit</generateObjectClass><br class="">
<generateObjectClass>ri:domain</generateObjectClass><br class="">
<b class="">
<generateObjectClass>ri:midPointPerson</generateObjectClass></b><b class=""><br class="">
</b> </generationConstraints><br class="">
</schema></p><p class="">(Please make sure that if you use generationConstraints, you are
mentioning the auxiliary object classes there too).</p><p class="">I'm out of other ideas for now :)</p><p class="">Best regards,</p><p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 13:21, Luca Verardo
wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:B729C9BD-7664-4C67-BA01-9C17BA3D4FB4@verardo.ch" class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Yes, I have read this chapter and tried to implement
it in the same way :</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="ui-monospace, SFMono-Regular,
SF Mono, Menlo, Consolas, Liberation Mono, monospace" color="#313b45"><span style="caret-color: rgb(49, 59, 69); white-space: pre;" class=""><kind>account</kind>
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>midPointPerson</auxiliaryObjectClass></span></font><br class="">
<div class=""><br class="webkit-block-placeholder">
</div>
<div class="">However, MidPoint seems to not like it very much,
and throws the following error :</div>
<span class=""><br class="">
Auxiliary object class midPointPerson specified in
rOCD+(ACCOUNT:default={.../resource/instance-3}inetOrgPerson)
does not exist</span></div>
<div class=""><span class=""><br class="">
</span></div>
<div class=""><span class="">I think I might need to inform
midPoint about the schema, but I’m not sure how to do it, and
if it is the correct mitigation step about this issue.<br class="">
</span><span class="">
<div class=""><br class="">
<br class="">
Best regards,<br class="">
Luca Verardo<br class="">
</div>
</span>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Le 21 févr. 2022 à 13:00, Ivan Noris via
midPoint <<a href="mailto:midpoint@lists.evolveum.com" class="moz-txt-link-freetext" moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
<div class=""><p class="">Hi Luca,</p><p class="">you are right, it's auxiliary object class.
I was trying to find existing example, but I found
nothing.</p><p class="">Unless anyone else from the community has a
working ready-to-share example, some bits and pieces:</p><p class="">1. please see
<a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/" moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/</a>
for auxiliary object class configuration. If all your
accounts should have the auxiliary object class, the
first chapter Static Use of Auxiliary Object Classes
should be what you need</p><p class="">2. Unix Story Test at <a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/" moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/</a>
could be also useful for configuration example (even
it's a different scenario and different auxiliary
object class)</p><p class="">3. if you can see the
midpointActivationStatus attribute in your resource,
you will probably need something like this in your
LDAP resource XML (based on the documentation I see
that midpointActivationStatus should be string):</p><p class=""> <capabilities
xmlns:cap=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3" moz-do-not-send="true">"http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"</a>><br class="">
<configured><br class="">
<cap:activation><br class="">
<cap:status><br class="">
<cap:attribute>ri:midpointActivationStatus</cap:attribute><br class="">
<cap:enableValue>enabled</cap:enableValue><br class="">
<cap:disableValue>disabled</cap:disableValue><br class="">
</cap:status><br class="">
</cap:activation><br class="">
</configured><br class="">
</capabilities></p><p class="">and an ordinary outbound
activation/administrativeStatus mapping in the
resource.</p><p class="">Unfortunately I do not have the environment
prepared to really test this.</p><p class="">Best regards & happy testing,</p><p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 11:59, Luca
Verardo wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:51E4DFA0-433C-4334-B421-AF478F80A743@verardo.ch" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Thank you.</div>
<div class=""><br class="">
</div>
<div class="">I added successfully the midPointPerson
schema. However, I cannot get the Auxiliary Object
classes to work. If I understood correctly, to be
able to use midPointActivationStatus, an LDAP user
needs to have inetOrgPerson + midPointPerson.</div>
<div class=""><br class="">
</div>
<div class="">Can you share an example on how to
instruct MidPoint to add this object class to newly
created users ?</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in advance.<br class="">
<div class="">
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class=""><br class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class="">Best
regards,<br class="">
Luca Verardo</div>
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Le 17 févr. 2022 à 09:32, Ivan
Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com" class="moz-txt-link-freetext" moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><p class="">Hi Luca,</p><p class="">please have a look here: <a class="moz-txt-link-freetext" href="https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/" moz-do-not-send="true">https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/</a></p><p class="">It is referencing <a class="moz-txt-link-freetext" href="https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap" moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap</a>
where you have also LDIF files for
OpenLDAP.</p><p class="">Hope it helps.</p><p class="">Best regards,</p><p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 17. 2. 2022
8:53, Luca Verardo via midPoint wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:408F7134-133F-43D8-96FF-0D600D22E1C3@verardo.ch" class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
Dear community,
<div class=""><br class="">
</div>
<div class="">Is there any up to date
documentation explaining how to add and
use the OpenLDAP midPoint schema ? The
one that allows the
midPointAccountStatus (disabled or
enabled) for example.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in advance.<br class="">
<div class="">
<div class="">
<div style="caret-color: rgb(0, 0,
0); font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
text-align: start; text-indent:
0px; text-transform: none;
white-space: normal; word-spacing:
0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class=""><br class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color: rgb(0, 0,
0); font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
text-align: start; text-indent:
0px; text-transform: none;
white-space: normal; word-spacing:
0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class="">Best regards,<br class="">
Luca</div>
</div>
<br class="">
</div>
</div>
<br class="">
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com/" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com" class="moz-txt-link-freetext" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br class="">
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com/" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com" class="moz-txt-link-freetext" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br class="">
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" class="">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">midPoint mailing list<br class=""><a href="mailto:midPoint@lists.evolveum.com" class="">midPoint@lists.evolveum.com</a><br class="">https://lists.evolveum.com/mailman/listinfo/midpoint<br class=""></div></blockquote></div><br class=""></div></body></html>