<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Luca,</p>
<p>I think you are on a good track. It really seems that midpoint
does not see the object class.<br>
</p>
<p>To avoid the simple mistakes:</p>
<p>I assume that openldap is configured correctly. (And that you can
create account there without midPoint using inetOrgPerson +
midPointPerson.)<br>
</p>
<p>I assume that you did upload + test the resource (test resource
will fetch schema from OpenLDAP).</p>
<p>(I was tempted to ask you to add ri: prefix to your
midPointPerson auxiliary object class.)</p>
<p>Are you perhaps using something like this?</p>
<p> <schema><br>
<generationConstraints><br>
<generateObjectClass>ri:inetOrgPerson</generateObjectClass><br>
<generateObjectClass>ri:groupOfUniqueNames</generateObjectClass><br>
<generateObjectClass>ri:groupOfNames</generateObjectClass><br>
<generateObjectClass>ri:organizationalUnit</generateObjectClass><br>
<generateObjectClass>ri:domain</generateObjectClass><br>
<b>
<generateObjectClass>ri:midPointPerson</generateObjectClass></b><b><br>
</b> </generationConstraints><br>
</schema></p>
<p>(Please make sure that if you use generationConstraints, you are
mentioning the auxiliary object classes there too).</p>
<p>I'm out of other ideas for now :)</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 13:21, Luca Verardo
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:B729C9BD-7664-4C67-BA01-9C17BA3D4FB4@verardo.ch">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Yes, I have read this chapter and tried to implement
it in the same way :</div>
<div class=""><br class="">
</div>
<div class=""><font class="" face="ui-monospace, SFMono-Regular,
SF Mono, Menlo, Consolas, Liberation Mono, monospace"
color="#313b45"><span style="caret-color: rgb(49, 59, 69); white-space: pre;" class=""><kind>account</kind>
<intent>default</intent>
<displayName>Default Account</displayName>
<default>true</default>
<objectClass>ri:inetOrgPerson</objectClass>
<auxiliaryObjectClass>midPointPerson</auxiliaryObjectClass></span></font><br
class="">
<div class=""><br class="webkit-block-placeholder">
</div>
<div class="">However, MidPoint seems to not like it very much,
and throws the following error :</div>
<span class=""><br class="">
Auxiliary object class midPointPerson specified in
rOCD+(ACCOUNT:default={.../resource/instance-3}inetOrgPerson)
does not exist</span></div>
<div class=""><span class=""><br class="">
</span></div>
<div class=""><span class="">I think I might need to inform
midPoint about the schema, but I’m not sure how to do it, and
if it is the correct mitigation step about this issue.<br
class="">
</span><span class="">
<div class=""><br class="">
<br class="">
Best regards,<br class="">
Luca Verardo<br class="">
</div>
</span>
<div><br class="">
<blockquote type="cite" class="">
<div class="">Le 21 févr. 2022 à 13:00, Ivan Noris via
midPoint <<a href="mailto:midpoint@lists.evolveum.com"
class="moz-txt-link-freetext" moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
<div class="">
<p class="">Hi Luca,</p>
<p class="">you are right, it's auxiliary object class.
I was trying to find existing example, but I found
nothing.</p>
<p class="">Unless anyone else from the community has a
working ready-to-share example, some bits and pieces:</p>
<p class="">1. please see
<a class="moz-txt-link-freetext"
href="https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/"
moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/resources/auxiliary-object-classes/</a>
for auxiliary object class configuration. If all your
accounts should have the auxiliary object class, the
first chapter Static Use of Auxiliary Object Classes
should be what you need</p>
<p class="">2. Unix Story Test at <a
class="moz-txt-link-freetext"
href="https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/"
moz-do-not-send="true">https://docs.evolveum.com/midpoint/reference/samples/story-tests/unix/</a>
could be also useful for configuration example (even
it's a different scenario and different auxiliary
object class)</p>
<p class="">3. if you can see the
midpointActivationStatus attribute in your resource,
you will probably need something like this in your
LDAP resource XML (based on the documentation I see
that midpointActivationStatus should be string):</p>
<p class=""> <capabilities
xmlns:cap=<a class="moz-txt-link-rfc2396E"
href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
moz-do-not-send="true">"http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"</a>><br
class="">
<configured><br class="">
<cap:activation><br class="">
<cap:status><br class="">
<cap:attribute>ri:midpointActivationStatus</cap:attribute><br
class="">
<cap:enableValue>enabled</cap:enableValue><br
class="">
<cap:disableValue>disabled</cap:disableValue><br
class="">
</cap:status><br class="">
</cap:activation><br class="">
</configured><br class="">
</capabilities></p>
<p class="">and an ordinary outbound
activation/administrativeStatus mapping in the
resource.</p>
<p class="">Unfortunately I do not have the environment
prepared to really test this.</p>
<p class="">Best regards & happy testing,</p>
<p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 21. 2. 2022 11:59, Luca
Verardo wrote:<br class="">
</div>
<blockquote type="cite"
cite="mid:51E4DFA0-433C-4334-B421-AF478F80A743@verardo.ch"
class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
Hello Ivan,
<div class=""><br class="">
</div>
<div class="">Thank you.</div>
<div class=""><br class="">
</div>
<div class="">I added successfully the midPointPerson
schema. However, I cannot get the Auxiliary Object
classes to work. If I understood correctly, to be
able to use midPointActivationStatus, an LDAP user
needs to have inetOrgPerson + midPointPerson.</div>
<div class=""><br class="">
</div>
<div class="">Can you share an example on how to
instruct MidPoint to add this object class to newly
created users ?</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in advance.<br class="">
<div class="">
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class=""><br
class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width:
0px; text-decoration: none;" class="">Best
regards,<br class="">
Luca Verardo</div>
</div>
<div class=""><br class="">
<blockquote type="cite" class="">
<div class="">Le 17 févr. 2022 à 09:32, Ivan
Noris via midPoint <<a
href="mailto:midpoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midpoint@lists.evolveum.com</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8" class="">
<div class="">
<p class="">Hi Luca,</p>
<p class="">please have a look here: <a
class="moz-txt-link-freetext"
href="https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/"
moz-do-not-send="true">https://docs.evolveum.com/connectors/resources/ldap/openldap/structure/</a></p>
<p class="">It is referencing <a
class="moz-txt-link-freetext"
href="https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/openldap</a>
where you have also LDIF files for
OpenLDAP.</p>
<p class="">Hope it helps.</p>
<p class="">Best regards,</p>
<p class="">Ivan<br class="">
</p>
<div class="moz-cite-prefix">On 17. 2. 2022
8:53, Luca Verardo via midPoint wrote:<br
class="">
</div>
<blockquote type="cite"
cite="mid:408F7134-133F-43D8-96FF-0D600D22E1C3@verardo.ch"
class="">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8"
class="">
Dear community,
<div class=""><br class="">
</div>
<div class="">Is there any up to date
documentation explaining how to add and
use the OpenLDAP midPoint schema ? The
one that allows the
midPointAccountStatus (disabled or
enabled) for example.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Thanks a lot in advance.<br
class="">
<div class="">
<div class="">
<div style="caret-color: rgb(0, 0,
0); font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
text-align: start; text-indent:
0px; text-transform: none;
white-space: normal; word-spacing:
0px; -webkit-text-stroke-width:
0px; text-decoration: none;"
class=""><br
class="Apple-interchange-newline">
<br class="">
</div>
<div style="caret-color: rgb(0, 0,
0); font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
text-align: start; text-indent:
0px; text-transform: none;
white-space: normal; word-spacing:
0px; -webkit-text-stroke-width:
0px; text-decoration: none;"
class="">Best regards,<br class="">
Luca</div>
</div>
<br class="">
</div>
</div>
<br class="">
<fieldset
class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com/" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com"
class="moz-txt-link-freetext"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br
class="">
<a class="moz-txt-link-freetext"
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" class="" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br
class="">
midPoint mailing list<br class="">
<a href="mailto:midPoint@lists.evolveum.com"
class="moz-txt-link-freetext" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>