none
Generic LDAP Connector - Flowing attributes to non primary object classes RRS feed

  • Question

  • Hi,

    First of all, thanks for the Generic LDAP Connector. It's a great product.

    We are using it to integrate to an LDAP v3 compliant LDAP catalog.

    However, we are having some issues flowing attributes. Apparently, the connector present a "primary" object class of "inetOrgPerson" to MIM2016 (see attached image). The object in the catalog also has the object class "person".

    We need to flow lastName -> sn, but the flow is naturally not done as the object type is "wrong". The object is presented to MIM as inetOrgPerson, and not person which is the object that has the sn attribute in the catalog.

    However, the object in the catalog actually has the class person, as well as inetOrgPerson.

    Any suggestions? How is this supposed to work?

    Thanks!


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Monday, April 18, 2016 7:06 AM

Answers

  • Leo, I've just tested this and see the same behaviour as you. I'm heading towards a bug in the connector for two reasons:

    - If I use the Generic LDAP Connector and target a different LDAP product, I can see all attributes
    - If I use the out-of-box AD LDS connector, I can see all attributes

    Can you raise a support incident with Microsoft?

    Tom Houston, UK Identity Management Practice

    Tuesday, April 19, 2016 9:33 AM

All replies

  • Leo, I can see you've got export attribute flows configured for two objects. You should only need the person to inetOrgPerson object mapping, and configure the lastName to sn attribute flow within this.

    I'm assuming you used the out-of-box inetOrgPerson schema deployment within AD LDS? Just checking your LDAP schema is wired up correctly (based on your other post).

    Cheers,

    Tom Houston, UK Identity Management Practice

    Monday, April 18, 2016 7:53 PM
  • Hi Tom,

    Yes, that it what we're looking to do - one flow only for inetOrgPerson.

    And that's exactly the problem we're having. We cannot select the sn attribute on the inetOrgPerson object type, as you can see if you closer examine the screenshots :)

    The sn attribute is bound to the "person" object type in the schema, so the Generic LDAP agent isn't displaying it for the inetOrgPerson object type - which is our problem (even though the objects in AD LDS are both person and inetOrgPerson).

    We use the out-of-box inetOrgPerson schema deployment within AD LDS.

    Thanks for caring :)


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!


    Tuesday, April 19, 2016 8:38 AM
  • Leo, I've just tested this and see the same behaviour as you. I'm heading towards a bug in the connector for two reasons:

    - If I use the Generic LDAP Connector and target a different LDAP product, I can see all attributes
    - If I use the out-of-box AD LDS connector, I can see all attributes

    Can you raise a support incident with Microsoft?

    Tom Houston, UK Identity Management Practice

    Tuesday, April 19, 2016 9:33 AM
  • Thanks for putting in the time for reproducing this Tom!

    We'll try raising a support incident with Microsoft!


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, April 19, 2016 11:28 AM
  • Reported to MS on MS Connect.

    I don't think these reports are public, but here's the URL:

    https://connect.microsoft.com/site433/feedback/details/2608011/generic-ldap-connector-unable-to-flow-attributes-to-non-primary-object-classes


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, April 19, 2016 12:39 PM
  • Reported to MS on MS Connect.


    Leo, Connect is for preview software and as this connector has GA'ed you'll need to raise it via some kind of support agreement.

    Cheers,

    Tom Houston, UK Identity Management Practice

    Tuesday, April 19, 2016 1:54 PM
  • Thanks Tom. Will do.

    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

    Tuesday, April 19, 2016 2:08 PM