<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi Luca,</p>
    <p>please check that your outbound mappings for uid (for accounts)
      and cn (for groups) are weak. I think that should do the trick. DN
      will be changed via the other mapping and changing uid or cn won't
      work because it has been already changed by openLDAP internally.
      Weak mapping will work only when the account is created (and there
      is no other value of uid).</p>
    <p>See example in
<a class="moz-txt-link-freetext" href="https://github.com/Evolveum/midpoint-samples/blob/63de97c300aad96027cc082b403d4aed8236b713/samples/resources/openldap/openldap-localhost-medium.xml#L230">https://github.com/Evolveum/midpoint-samples/blob/63de97c300aad96027cc082b403d4aed8236b713/samples/resources/openldap/openldap-localhost-medium.xml#L230</a></p>
    <p>Best regards,</p>
    <p>Ivan<br>
    </p>
    <div class="moz-cite-prefix">On 5. 1. 2024 11:27, Luca Verardo via
      midPoint wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:75-6597d980-71-7cf12880@30139067">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      Dear community,<br>
      <br>
      I'm in the process of re-creating my OpenLDAP resource using the
      new wizard UI. The basic operations are working correctly and also
      synchronized correctly.<br>
      However, when I try to rename a user, midPoint gives the following
      error :
      <blockquote>
        <p><span style="font-family:Courier New,Courier,monospace;">Error
            modifying LDAP entry
            uid=test-user-rename,ou=People,dc=CORP,dc=org:
            [add:uid=test-user-rename,remove:uid=test-user,]:
            noSuchAttribute: (16)</span></p>
      </blockquote>
      <br>
      Where 'test-user' is the old username, and 'test-user-rename' is
      the new username. I tried to play with the permissive modfiy
      setting of the resource. When it is set to never, midPoint will
      compain that the entry already exists. If set to auto or always,
      it gives the error mentioned above.<br>
      <br>
      The same problem arises when trying to rename a role (which is
      bounded to an OpenLDAP groupOfNames).<br>
      <br>
      Maybe it's wrong, but I think that the reason behind this error is
      that midPoint will try to query the LDAP server with the new UID
      instead of the old one. However, it may totally be something else,
      I'm not sure.<br>
      <br>
      Could someone help me to solve this issue ? You can find below my
      OpenLDAP resource configuration.<br>
      Thanks a lot in advance!<br>
      <br>
    </blockquote>
    <div class="moz-signature">-- <br>
      <p>Best Regards,</p>
      <p style="margin:0px"> <span
style="font-family:'arial' , 'helvetica' , sans-serif , font-size:15px"><strong>Ivan
            Noris</strong> | <span style="font-size:medium"><small>Expert
              Identity Engineer</small></span></span>
      </p>
      <p style="margin:0px"> <span
          style="font-family:'arial' , 'helvetica' , sans-serif"><a
            href="https://evolveum.com/"><img
src="https://evolveum.com/wp-content/uploads/evolveum-email-signature-evolveum-logo.png"
data-mce-src="https://evolveum.com/wp-content/uploads/evolveum-email-signature-evolveum-logo.png"
              width="299" height="73"></a><br>
        </span> <a href="mailto:ivan.noris@evolveum.com"
          style="font-size:13.3333px" class="moz-txt-link-freetext">ivan.noris@evolveum.com</a>
        <span style="font-size:13.3333px"> | </span> <a
          href="http://www.evolveum.com/" style="font-size:13.3333px">www.evolveum.com</a><br>
        <span style="font-size:medium"><small> </small></span>
      </p>
      <a href="https://tiime-unconference.eu/"><img
src="https://evolveum.com/wp-content/uploads/evolveum-at-tiime-2024-email-signature.png"
          alt="Evolveum at TIIME 2024" width="396" height="90"
          border="0"></a>
      <div style="line-height:40%;"> <br>
      </div>
      <div class="moz-signature"> <a
          href="https://www.linkedin.com/company/evolveum"
          data-mce-href="https://www.linkedin.com/company/evolveum"
          moz-do-not-send="true"><img alt="Evolveum LinkedIn"
src="https://evolveum.com/wp-content/uploads/2017/04/LinkedIn.png"
            width="23" height="23" border="0"></a> <a
          href="https://twitter.com/evolveum" target="_blank"
          data-mce-href="https://twitter.com/evolveum"><img
            alt="Evolveum Twitter"
src="https://evolveum.com/wp-content/uploads/Twitter-new.png"
data-mce-src="https://evolveum.com/wp-content/uploads/Twitter-new.png"
            width="23" height="23" border="0"></a> <a
          href="https://www.facebook.com/evolveum" target="_blank"
          data-mce-href="https://www.facebook.com/evolveum"><img
            alt="Evolveum Facebook"
            src="https://evolveum.com/wp-content/uploads/Facebook.png"
data-mce-src="https://evolveum.com/wp-content/uploads/Facebook.png"
            width="23" height="23" border="0"></a>
      </div>
      <p style="margin: 0px;"> <span style="font-size: 9pt;">Disclaimer:
          The contents of this e-mail and attachment(s) thereto are
          confidential and intended for the named recipient(s) only. It
          shall not attach any liability on the originator or Evolveum
          s.r.o. or its affiliates. Any views or opinions presented in
          this email are solely those of the author and may not
          necessarily reflect the opinions of Evolveum s.r.o. or its
          affiliates. Any form of reproduction, dissemination, copying,
          disclosure, modification, distribution and / or publication of
          this message without the prior written consent of the author
          of this e-mail is strictly prohibited. If you have received
          this email in error please delete it and notify the sender
          immediately.</span>
      </p>
    </div>
  </body>
</html>