There appears to be behaviour differences with either com.evolveum.polygon.connector.ldap.LdapConnector versions 1.6 and 2.0 M4 or midPoint versions 3.8 and 3.9.
When a shadow account is created in midPoint not all attribute values are being pulled into midPoint. This is causing reconciliation and discovery issues with users.
- User exists in midPoint, account exists on ODSEE. Assign role in midPoint to user that assigns ODSEE resources. Error occurs with ObjectAlreadyExists error. Shadow is created but has very little information in it. (see attached logs)
- User exists in midPoint, user is assigned role with ODSEE and account exists in ODSEE and is LINKED. Delete the shadow account from midPoint. Make minor update to midPoint user (ie. last name change). Error occurs and shadow is created but has very little information (see screenshot attached).
Environment where functionality works as expected
- midPoint v3.8 support
- LdapConnector v1.6
Environment where error is produced
- midPoint v3.9 support
- LdapConnector v2.0 M4
ODSEE version is 126.96.36.199.
When using either version of com.evolveum.polygon.connector.ldap.ad.AdLdapConnector with our Active Directory environment it works as expected.