Fixed samples for new LDAP connector

samples/resources/opendj/opendj-localhost-basic.xml

@@ -60,13 +60,13 @@ This resource definition contains only the very basic definitions for midPoint t
 				<icfcldap:port>1389</icfcldap:port>
 				<icfcldap:host>localhost</icfcldap:host>
 				<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
-				<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
+				<icfcldap:bindDn>uid=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
 				<icfcldap:bindPassword>
 	                    <t:clearValue>secret</t:clearValue>
 	            </icfcldap:bindPassword>
 	            <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
 	            <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-				<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                                <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 				<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
 	 			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 			</icfc:configurationProperties>

samples/resources/opendj/opendj-localhost-medium.xml

@@ -74,13 +74,13 @@ It also contains inbound mappings and definition to enable synchronization.
 				<icfcldap:port>1389</icfcldap:port>
 				<icfcldap:host>localhost</icfcldap:host>
 				<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
-				<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
+				<icfcldap:bindDn>uid=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
 				<icfcldap:bindPassword>
 	                    <t:clearValue>secret</t:clearValue>
 	            </icfcldap:bindPassword>
 	            <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
 	            <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-				<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                                <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 				<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
 	 			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 			</icfc:configurationProperties>
@@ -110,7 +110,7 @@ It also contains inbound mappings and definition to enable synchronization.
 			<default>true</default>
 			<objectClass>ri:inetOrgPerson</objectClass>
 			<attribute>
-				<ref>icfs:name</ref>
+				<ref>ri:dn</ref>
 				<displayName>Distinguished Name</displayName>
 				<limitations>
 					<minOccurs>0</minOccurs>
@@ -136,7 +136,7 @@ It also contains inbound mappings and definition to enable synchronization.
 				</outbound>
 			</attribute>
 			<attribute>
-				<ref>icfs:uid</ref>
+				<ref>ri:entryUUID</ref>
 				<displayName>Entry UUID</displayName>
 				<limitations>
 					<access>
@@ -262,9 +262,18 @@ It also contains inbound mappings and definition to enable synchronization.
 				<maxIterations>5</maxIterations>
 			</iteration>
 
+<!--                        <protected>-->
+<!--                <icfs:name>cn=idm,ou=Administrators,dc=example,dc=com</icfs:name>-->
+<!--            </protected>-->
 			<protected>
-                <icfs:name>cn=idm,ou=Administrators,dc=example,dc=com</icfs:name>
-            </protected>
+				<filter>
+					<q:equal>
+						<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching>
+						<q:path>attributes/ri:dn</q:path>
+						<q:value>uid=idm,ou=Administrators,dc=example,dc=com</q:value>
+					</q:equal>
+				</filter>
+			</protected>
 
 			<activation>
                 <administrativeStatus>

samples/resources/opendj/opendj-localhost-resource-sync-advanced.xml

@@ -76,13 +76,13 @@ object.
 			<icfcldap:port>1389</icfcldap:port>
 			<icfcldap:host>localhost</icfcldap:host>
 			<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
-			<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
+			<icfcldap:bindDn>uid=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
 			<icfcldap:bindPassword>
                     <t:clearValue>secret</t:clearValue>
             </icfcldap:bindPassword>
             <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
             <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-			<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                        <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 			<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
  			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 		</icfc:configurationProperties>
@@ -134,7 +134,7 @@ object.
 			<default>true</default>
 			<objectClass>ri:inetOrgPerson</objectClass>
 			<attribute>
-				<ref>icfs:name</ref>
+				<ref>ri:dn</ref>
 				<displayName>Distinguished Name</displayName>
 				<limitations>
 					<minOccurs>0</minOccurs>
@@ -161,7 +161,7 @@ object.
 				</outbound>
 			</attribute>
 			<attribute>
-				<ref>icfs:uid</ref>
+				<ref>ri:entryUUID</ref>
 				<displayName>Entry UUID</displayName>
                 <limitations>
                     <access>
@@ -297,9 +297,18 @@ object.
 				<maxIterations>5</maxIterations>
 			</iteration>
 
+<!--                        <protected>-->
+<!--                <icfs:name>cn=idm,ou=Administrators,dc=example,dc=com</icfs:name>-->
+<!--            </protected>-->
 			<protected>
-                <icfs:name>cn=idm,ou=Administrators,dc=example,dc=com</icfs:name>
-            </protected>
+				<filter>
+					<q:equal>
+						<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching>
+						<q:path>attributes/ri:dn</q:path>
+						<q:value>uid=idm,ou=Administrators,dc=example,dc=com</q:value>
+					</q:equal>
+				</filter>
+			</protected>
 
             <activation>
                 <administrativeStatus>

samples/resources/opendj/opendj-localhost-resource-sync-no-extension-advanced-2.xml

@@ -76,13 +76,13 @@ object.
 				<icfcldap:port>1389</icfcldap:port>
 				<icfcldap:host>localhost</icfcldap:host>
 				<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
-				<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
+				<icfcldap:bindDn>uid=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
 				<icfcldap:bindPassword>
 	                    <t:clearValue>secret</t:clearValue>
 	            </icfcldap:bindPassword>
 	            <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
 	            <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-				<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                                <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 				<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
 	 			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 			</icfc:configurationProperties>            
@@ -132,7 +132,7 @@ object.
 			<default>true</default>
 			<objectClass>ri:inetOrgPerson</objectClass>
 			<attribute>
-				<ref>icfs:name</ref>
+				<ref>ri:dn</ref>
 				<displayName>Distinguished Name</displayName>
 				<description>The DN will be constructed as follows: uid=flastname,ou=people,dc=example,dc=ck</description>
 				<limitations>
@@ -170,7 +170,7 @@ else {
 					</outbound>
 			</attribute>
 			<attribute>
-				<ref>icfs:uid</ref>
+				<ref>ri:entryUUID</ref>
 				<displayName>Entry UUID</displayName>
 				<limitations>
 					<access>
@@ -306,9 +306,19 @@ else {
 				<maxIterations>5</maxIterations>
 			</iteration>
 
+<!--                        <protected>-->
+<!--                <icfs:name>uid=idm,ou=Administrators,dc=example,dc=com</icfs:name>-->
+<!--            </protected>-->
 			<protected>
-                <icfs:name>cn=idm,ou=Administrators,dc=example,dc=com</icfs:name>
-            </protected>
+				<filter>
+					<q:equal>
+						<q:matching>http://prism.evolveum.com/xml/ns/public/matching-rule-3#distinguishedName</q:matching>
+						<q:path>attributes/ri:dn</q:path>
+						<q:value>uid=idm,ou=Administrators,dc=example,dc=com</q:value>
+					</q:equal>
+				</filter>
+			</protected>
+
 
 			<activation>
                 <administrativeStatus>

samples/resources/opendj/opendj-localhost-resource-sync-no-extension-advanced-test.xml

@@ -82,7 +82,7 @@ object.
 	            </icfcldap:bindPassword>
 	            <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
 	            <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-				<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                                <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 				<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
 	 			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 			</icfc:configurationProperties>

samples/resources/opendj/opendj-resource-genericsync.xml

@@ -49,13 +49,13 @@
 				<icfcldap:port>1389</icfcldap:port>
 				<icfcldap:host>localhost</icfcldap:host>
 				<icfcldap:baseContext>dc=example,dc=com</icfcldap:baseContext>
-				<icfcldap:bindDn>cn=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
+				<icfcldap:bindDn>uid=idm,ou=Administrators,dc=example,dc=com</icfcldap:bindDn>
 				<icfcldap:bindPassword>
 	                    <t:clearValue>secret</t:clearValue>
 	            </icfcldap:bindPassword>
 	            <icfcldap:pagingStrategy>auto</icfcldap:pagingStrategy>
 	            <icfcldap:vlvSortAttribute>entryUUID</icfcldap:vlvSortAttribute>
-				<icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>
+<!--                                <icfcldap:accountOperationalAttributes>ds-pwp-account-disabled</icfcldap:accountOperationalAttributes>-->
 				<icfcldap:operationalAttributes>ds-pwp-account-disabled</icfcldap:operationalAttributes>
 	 			<icfcldap:operationalAttributes>isMemberOf</icfcldap:operationalAttributes>
 			</icfc:configurationProperties>
@@ -75,7 +75,7 @@
             <default>true</default>
             <objectClass>ri:inetOrgPerson</objectClass>
             <attribute>
-                <ref>icfs:name</ref>
+                <ref>ri:dn</ref>
                 <displayName>Distinguished Name</displayName>
                 <matchingRule>mr:stringIgnoreCase</matchingRule>
                 <outbound>
@@ -154,7 +154,7 @@
             	<intent>ldapGroup</intent>
             	<direction>objectToSubject</direction>
             	<associationAttribute>ri:uniqueMember</associationAttribute>
-            	<valueAttribute>icfs:name</valueAttribute>
+            	<valueAttribute>ri:dn</valueAttribute>
             </association>
 
             <activation>
@@ -177,7 +177,7 @@
             <displayName>LDAP Group</displayName>
             <objectClass>ri:groupOfUniqueNames</objectClass>
             <attribute>
-                <ref>icfs:name</ref>
+                <ref>ri:dn</ref>
                 <matchingRule>mr:stringIgnoreCase</matchingRule>
                 <outbound>
                     <!-- Name cannot be weak. Changes in name trigger object rename. -->
@@ -226,7 +226,7 @@
             <displayName>Organizational Unit</displayName>
             <objectClass>ri:organizationalUnit</objectClass>
             <attribute>
-                <ref>icfs:name</ref>
+                <ref>ri:dn</ref>
                 <matchingRule>mr:stringIgnoreCase</matchingRule>
                 <outbound>
                     <!-- Name cannot be weak. Changes in name trigger object rename. -->