Examples with ObjectClass org.identityconnectors.framework.common.objects.ObjectClass used on opensource projects

Example 1 with ObjectClass

use of org.identityconnectors.framework.common.objects.ObjectClass in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method addObject.

@Override
public AsynchronousOperationReturnValue<Collection<ResourceAttribute<?>>> addObject(PrismObject<? extends ShadowType> shadow, Collection<Operation> additionalOperations, StateReporter reporter, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SchemaException, ObjectAlreadyExistsException, ConfigurationException {
    validateShadow(shadow, "add", false);
    ShadowType shadowType = shadow.asObjectable();
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadow);
    OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".addObject");
    result.addParam("resourceObject", shadow);
    // because of serialization issues
    result.addParam("additionalOperations", DebugUtil.debugDump(additionalOperations));
    ObjectClassComplexTypeDefinition ocDef;
    ResourceAttributeContainerDefinition attrContDef = attributesContainer.getDefinition();
    if (attrContDef != null) {
        ocDef = attrContDef.getComplexTypeDefinition();
    } else {
        ocDef = resourceSchema.findObjectClassDefinition(shadow.asObjectable().getObjectClass());
        if (ocDef == null) {
            throw new SchemaException("Unknown object class " + shadow.asObjectable().getObjectClass());
        }
    }
    // getting icf object class from resource object class
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(shadow, getSchemaNamespace(), connectorType, legacySchema);
    if (icfObjectClass == null) {
        result.recordFatalError("Couldn't get icf object class from " + shadow);
        throw new IllegalArgumentException("Couldn't get icf object class from " + shadow);
    }
    // setting ifc attributes from resource object attributes
    Set<Attribute> attributes = null;
    try {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("midPoint object before conversion:\n{}", attributesContainer.debugDump());
        }
        attributes = connIdConvertor.convertFromResourceObject(attributesContainer, ocDef);
        if (shadowType.getCredentials() != null && shadowType.getCredentials().getPassword() != null) {
            PasswordType password = shadowType.getCredentials().getPassword();
            ProtectedStringType protectedString = password.getValue();
            GuardedString guardedPassword = ConnIdUtil.toGuardedString(protectedString, "new password", protector);
            if (guardedPassword != null) {
                attributes.add(AttributeBuilder.build(OperationalAttributes.PASSWORD_NAME, guardedPassword));
            }
        }
        if (ActivationUtil.hasAdministrativeActivation(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME, ActivationUtil.isAdministrativeEnabled(shadowType)));
        }
        if (ActivationUtil.hasValidFrom(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidFrom())));
        }
        if (ActivationUtil.hasValidTo(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.DISABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidTo())));
        }
        if (ActivationUtil.hasLockoutStatus(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.LOCK_OUT_NAME, ActivationUtil.isLockedOut(shadowType)));
        }
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("ICF attributes after conversion:\n{}", ConnIdUtil.dump(attributes));
        }
    } catch (SchemaException | RuntimeException ex) {
        result.recordFatalError("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
        throw new SchemaException("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
    }
    if (attributes == null) {
        result.recordFatalError("Couldn't set attributes for icf.");
        throw new IllegalStateException("Couldn't set attributes for icf.");
    }
    List<String> icfAuxiliaryObjectClasses = new ArrayList<>();
    for (QName auxiliaryObjectClass : shadowType.getAuxiliaryObjectClass()) {
        icfAuxiliaryObjectClasses.add(connIdNameMapper.objectClassToIcf(auxiliaryObjectClass, resourceSchemaNamespace, connectorType, false).getObjectClassValue());
    }
    if (!icfAuxiliaryObjectClasses.isEmpty()) {
        AttributeBuilder ab = new AttributeBuilder();
        ab.setName(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME);
        ab.addValue(icfAuxiliaryObjectClasses);
        attributes.add(ab.build());
    }
    OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
    OperationOptions options = operationOptionsBuilder.build();
    checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.BEFORE, result);
    OperationResult connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".create");
    connIdResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
    connIdResult.addArbitraryCollectionAsParam("auxiliaryObjectClasses", icfAuxiliaryObjectClasses);
    connIdResult.addArbitraryCollectionAsParam("attributes", attributes);
    connIdResult.addArbitraryObjectAsParam("options", options);
    connIdResult.addContext("connector", connIdConnectorFacade.getClass());
    Uid uid = null;
    try {
        // CALL THE ICF FRAMEWORK
        InternalMonitor.recordConnectorOperation("create");
        // TODO provide object name
        recordIcfOperationStart(reporter, ProvisioningOperation.ICF_CREATE, ocDef, null);
        uid = connIdConnectorFacade.create(icfObjectClass, attributes, options);
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_CREATE, ocDef, uid);
    } catch (Throwable ex) {
        // TODO name
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_CREATE, ocDef, ex, null);
        Throwable midpointEx = processIcfException(ex, this, connIdResult);
        result.computeStatus("Add object failed");
        // exception
        if (midpointEx instanceof ObjectAlreadyExistsException) {
            throw (ObjectAlreadyExistsException) midpointEx;
        } else if (midpointEx instanceof CommunicationException) {
            //				result.muteError();
            throw (CommunicationException) midpointEx;
        } else if (midpointEx instanceof GenericFrameworkException) {
            throw (GenericFrameworkException) midpointEx;
        } else if (midpointEx instanceof SchemaException) {
            throw (SchemaException) midpointEx;
        } else if (midpointEx instanceof ConfigurationException) {
            throw (ConfigurationException) midpointEx;
        } else if (midpointEx instanceof RuntimeException) {
            throw (RuntimeException) midpointEx;
        } else if (midpointEx instanceof Error) {
            throw (Error) midpointEx;
        } else {
            throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
        }
    }
    checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.AFTER, result);
    if (uid == null || uid.getUidValue() == null || uid.getUidValue().isEmpty()) {
        connIdResult.recordFatalError("ICF did not returned UID after create");
        result.computeStatus("Add object failed");
        throw new GenericFrameworkException("ICF did not returned UID after create");
    }
    Collection<ResourceAttribute<?>> identifiers = ConnIdUtil.convertToIdentifiers(uid, attributesContainer.getDefinition().getComplexTypeDefinition(), resourceSchema);
    for (ResourceAttribute<?> identifier : identifiers) {
        attributesContainer.getValue().addReplaceExisting(identifier);
    }
    connIdResult.recordSuccess();
    result.recordSuccess();
    return AsynchronousOperationReturnValue.wrap(attributesContainer.getAttributes(), result);
}

Example 2 with ObjectClass

use of org.identityconnectors.framework.common.objects.ObjectClass in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method fetchObject.

@Override
public <T extends ShadowType> PrismObject<T> fetchObject(Class<T> type, ResourceObjectIdentification resourceObjectIdentification, AttributesToReturn attributesToReturn, StateReporter reporter, OperationResult parentResult) throws ObjectNotFoundException, CommunicationException, GenericFrameworkException, SchemaException, SecurityViolationException, ConfigurationException {
    Validate.notNull(resourceObjectIdentification, "Null primary identifiers");
    ObjectClassComplexTypeDefinition objectClassDefinition = resourceObjectIdentification.getObjectClassDefinition();
    // Result type for this operation
    OperationResult result = parentResult.createMinorSubresult(ConnectorInstance.class.getName() + ".fetchObject");
    result.addParam("resourceObjectDefinition", objectClassDefinition);
    result.addParam("identification", resourceObjectIdentification);
    result.addContext("connector", connectorType);
    if (connIdConnectorFacade == null) {
        result.recordFatalError("Attempt to use unconfigured connector");
        throw new IllegalStateException("Attempt to use unconfigured connector " + ObjectTypeUtil.toShortString(connectorType) + " " + description);
    }
    // Get UID from the set of identifiers
    Uid uid;
    try {
        uid = getUid(resourceObjectIdentification);
    } catch (SchemaException e) {
        result.recordFatalError(e);
        throw e;
    }
    if (uid == null) {
        result.recordFatalError("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
        throw new IllegalArgumentException("Required attribute UID not found in identification set while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
    }
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
    if (icfObjectClass == null) {
        result.recordFatalError("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
        throw new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition.getTypeName() + " while attempting to fetch object identified by " + resourceObjectIdentification + " from " + description);
    }
    OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
    convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
    optionsBuilder.setAllowPartialResults(true);
    OperationOptions options = optionsBuilder.build();
    ConnectorObject co = null;
    try {
        // Invoke the ICF connector
        co = fetchConnectorObject(reporter, objectClassDefinition, icfObjectClass, uid, options, result);
    } catch (CommunicationException ex) {
        result.recordFatalError(ex);
        // exception.
        throw ex;
    } catch (GenericFrameworkException ex) {
        result.recordFatalError(ex);
        // exception.
        throw ex;
    } catch (ConfigurationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (SecurityViolationException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (ObjectNotFoundException ex) {
        result.recordFatalError("Object not found");
        throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + "  was not found in " + description);
    } catch (SchemaException ex) {
        result.recordFatalError(ex);
        throw ex;
    } catch (RuntimeException ex) {
        result.recordFatalError(ex);
        throw ex;
    }
    if (co == null) {
        result.recordFatalError("Object not found");
        throw new ObjectNotFoundException("Object identified by " + resourceObjectIdentification + " (ConnId UID " + uid + "), objectClass " + objectClassDefinition.getTypeName() + " was not in " + description);
    }
    PrismObjectDefinition<T> shadowDefinition = toShadowDefinition(objectClassDefinition);
    PrismObject<T> shadow = connIdConvertor.convertToResourceObject(co, shadowDefinition, false, caseIgnoreAttributeNames, legacySchema);
    result.recordSuccess();
    return shadow;
}

Example 3 with ObjectClass

use of org.identityconnectors.framework.common.objects.ObjectClass in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method addConvertedValues.

private void addConvertedValues(Collection<PrismPropertyValue<QName>> pvals, Set<Attribute> attributes, Map<QName, ObjectClassComplexTypeDefinition> auxiliaryObjectClassMap) throws SchemaException {
    if (pvals == null) {
        return;
    }
    AttributeBuilder ab = new AttributeBuilder();
    ab.setName(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME);
    for (PrismPropertyValue<QName> pval : pvals) {
        QName auxQName = pval.getValue();
        ObjectClassComplexTypeDefinition auxDef = resourceSchema.findObjectClassDefinition(auxQName);
        if (auxDef == null) {
            throw new SchemaException("Auxiliary object class " + auxQName + " not found in the schema");
        }
        auxiliaryObjectClassMap.put(auxQName, auxDef);
        ObjectClass icfOc = connIdNameMapper.objectClassToIcf(pval.getValue(), resourceSchemaNamespace, connectorType, false);
        ab.addValue(icfOc.getObjectClassValue());
    }
    attributes.add(ab.build());
}

Example 4 with ObjectClass

use of org.identityconnectors.framework.common.objects.ObjectClass in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method search.

@Override
public <T extends ShadowType> SearchResultMetadata search(final ObjectClassComplexTypeDefinition objectClassDefinition, final ObjectQuery query, final ResultHandler<T> handler, AttributesToReturn attributesToReturn, PagedSearchCapabilityType pagedSearchCapabilityType, SearchHierarchyConstraints searchHierarchyConstraints, final StateReporter reporter, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SecurityViolationException, SchemaException, ObjectNotFoundException {
    // Result type for this operation
    final OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".search");
    result.addParam("objectClass", objectClassDefinition);
    result.addContext("connector", connectorType);
    if (objectClassDefinition == null) {
        result.recordFatalError("Object class not defined");
        throw new IllegalArgumentException("objectClass not defined");
    }
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(objectClassDefinition, getSchemaNamespace(), connectorType, legacySchema);
    if (icfObjectClass == null) {
        IllegalArgumentException ex = new IllegalArgumentException("Unable to determine object class from QName " + objectClassDefinition + " while attempting to search objects by " + ObjectTypeUtil.toShortString(connectorType));
        result.recordFatalError("Unable to determine object class", ex);
        throw ex;
    }
    final PrismObjectDefinition<T> objectDefinition = toShadowDefinition(objectClassDefinition);
    if (pagedSearchCapabilityType == null) {
        pagedSearchCapabilityType = getCapability(PagedSearchCapabilityType.class);
    }
    final boolean useConnectorPaging = pagedSearchCapabilityType != null;
    if (!useConnectorPaging && query != null && query.getPaging() != null && (query.getPaging().getOffset() != null || query.getPaging().getMaxSize() != null)) {
        InternalMonitor.recordConnectorSimulatedPagingSearchCount();
    }
    final Holder<Integer> countHolder = new Holder<>(0);
    ResultsHandler icfHandler = new ResultsHandler() {

        @Override
        public boolean handle(ConnectorObject connectorObject) {
            // Convert ICF-specific connector object to a generic
            // ResourceObject
            recordIcfOperationSuspend(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
            int count = countHolder.getValue();
            countHolder.setValue(count + 1);
            if (!useConnectorPaging) {
                if (query != null && query.getPaging() != null && query.getPaging().getOffset() != null && query.getPaging().getMaxSize() != null) {
                    if (count < query.getPaging().getOffset()) {
                        recordResume();
                        return true;
                    }
                    if (count == (query.getPaging().getOffset() + query.getPaging().getMaxSize())) {
                        recordResume();
                        return false;
                    }
                }
            }
            PrismObject<T> resourceObject;
            try {
                resourceObject = connIdConvertor.convertToResourceObject(connectorObject, objectDefinition, false, caseIgnoreAttributeNames, legacySchema);
            } catch (SchemaException e) {
                recordResume();
                throw new IntermediateException(e);
            }
            // .. and pass it to the handler
            boolean cont = handler.handle(resourceObject);
            if (!cont) {
                result.recordWarning("Stopped on request from the handler");
            }
            recordResume();
            return cont;
        }

        private void recordResume() {
            recordIcfOperationResume(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        }
    };
    OperationOptionsBuilder optionsBuilder = new OperationOptionsBuilder();
    try {
        convertToIcfAttrsToGet(objectClassDefinition, attributesToReturn, optionsBuilder);
        if (query != null && query.isAllowPartialResults()) {
            optionsBuilder.setAllowPartialResults(query.isAllowPartialResults());
        }
        // preparing paging-related options
        if (useConnectorPaging && query != null && query.getPaging() != null) {
            ObjectPaging paging = query.getPaging();
            if (paging.getOffset() != null) {
                // ConnId API says the numbering starts at 1
                optionsBuilder.setPagedResultsOffset(paging.getOffset() + 1);
            }
            if (paging.getMaxSize() != null) {
                optionsBuilder.setPageSize(paging.getMaxSize());
            }
            QName orderByAttributeName;
            boolean isAscending;
            ItemPath orderByPath = paging.getOrderBy();
            String desc;
            if (orderByPath != null && !orderByPath.isEmpty()) {
                orderByAttributeName = ShadowUtil.getAttributeName(orderByPath, "OrderBy path");
                if (SchemaConstants.C_NAME.equals(orderByAttributeName)) {
                    orderByAttributeName = SchemaConstants.ICFS_NAME;
                }
                isAscending = paging.getDirection() != OrderDirection.DESCENDING;
                desc = "(explicitly specified orderBy attribute)";
            } else {
                orderByAttributeName = pagedSearchCapabilityType.getDefaultSortField();
                isAscending = pagedSearchCapabilityType.getDefaultSortDirection() != OrderDirectionType.DESCENDING;
                desc = "(default orderBy attribute from capability definition)";
            }
            if (orderByAttributeName != null) {
                String orderByIcfName = connIdNameMapper.convertAttributeNameToIcf(orderByAttributeName, objectClassDefinition, desc);
                optionsBuilder.setSortKeys(new SortKey(orderByIcfName, isAscending));
            }
        }
        if (searchHierarchyConstraints != null) {
            ResourceObjectIdentification baseContextIdentification = searchHierarchyConstraints.getBaseContext();
            // Only LDAP connector really supports base context. And this one will work better with
            // DN. And DN is secondary identifier (__NAME__). This is ugly, but practical. It works around ConnId problems.
            ResourceAttribute<?> secondaryIdentifier = baseContextIdentification.getSecondaryIdentifier();
            if (secondaryIdentifier == null) {
                SchemaException e = new SchemaException("No secondary identifier in base context identification " + baseContextIdentification);
                result.recordFatalError(e);
                throw e;
            }
            String secondaryIdentifierValue = secondaryIdentifier.getRealValue(String.class);
            ObjectClass baseContextIcfObjectClass = connIdNameMapper.objectClassToIcf(baseContextIdentification.getObjectClassDefinition(), getSchemaNamespace(), connectorType, legacySchema);
            QualifiedUid containerQualifiedUid = new QualifiedUid(baseContextIcfObjectClass, new Uid(secondaryIdentifierValue));
            optionsBuilder.setContainer(containerQualifiedUid);
        }
    } catch (SchemaException e) {
        result.recordFatalError(e);
        throw e;
    }
    // Relax completeness requirements. This is a search, not get. So it is OK to
    // return incomplete member lists and similar attributes.
    optionsBuilder.setAllowPartialAttributeValues(true);
    OperationOptions options = optionsBuilder.build();
    Filter filter;
    try {
        filter = convertFilterToIcf(query, objectClassDefinition);
    } catch (SchemaException | RuntimeException e) {
        result.recordFatalError(e);
        throw e;
    }
    // Connector operation cannot create result for itself, so we need to
    // create result for it
    OperationResult icfResult = result.createSubresult(ConnectorFacade.class.getName() + ".search");
    icfResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
    icfResult.addContext("connector", connIdConnectorFacade.getClass());
    SearchResult icfSearchResult;
    try {
        InternalMonitor.recordConnectorOperation("search");
        recordIcfOperationStart(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        icfSearchResult = connIdConnectorFacade.search(icfObjectClass, filter, icfHandler, options);
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition);
        icfResult.recordSuccess();
    } catch (IntermediateException inex) {
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, inex);
        SchemaException ex = (SchemaException) inex.getCause();
        icfResult.recordFatalError(ex);
        result.recordFatalError(ex);
        throw ex;
    } catch (Throwable ex) {
        recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_SEARCH, objectClassDefinition, ex);
        Throwable midpointEx = processIcfException(ex, this, icfResult);
        result.computeStatus();
        // exception
        if (midpointEx instanceof CommunicationException) {
            throw (CommunicationException) midpointEx;
        } else if (midpointEx instanceof ObjectNotFoundException) {
            throw (ObjectNotFoundException) midpointEx;
        } else if (midpointEx instanceof GenericFrameworkException) {
            throw (GenericFrameworkException) midpointEx;
        } else if (midpointEx instanceof SchemaException) {
            throw (SchemaException) midpointEx;
        } else if (midpointEx instanceof SecurityViolationException) {
            throw (SecurityViolationException) midpointEx;
        } else if (midpointEx instanceof RuntimeException) {
            throw (RuntimeException) midpointEx;
        } else if (midpointEx instanceof Error) {
            throw (Error) midpointEx;
        } else {
            throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
        }
    }
    SearchResultMetadata metadata = null;
    if (icfSearchResult != null) {
        metadata = new SearchResultMetadata();
        metadata.setPagingCookie(icfSearchResult.getPagedResultsCookie());
        if (icfSearchResult.getRemainingPagedResults() >= 0) {
            metadata.setApproxNumberOfAllResults(icfSearchResult.getRemainingPagedResults());
        }
        if (!icfSearchResult.isAllResultsReturned()) {
            metadata.setPartialResults(true);
        }
    }
    if (result.isUnknown()) {
        result.recordSuccess();
    }
    return metadata;
}

Example 5 with ObjectClass

use of org.identityconnectors.framework.common.objects.ObjectClass in project midpoint by Evolveum.

the class ConnIdConvertor method convertToResourceObject.

/**
	 * Converts ICF ConnectorObject to the midPoint ResourceObject.
	 * <p/>
	 * All the attributes are mapped using the same way as they are mapped in
	 * the schema (which is actually no mapping at all now).
	 * <p/>
	 * If an optional ResourceObjectDefinition was provided, the resulting
	 * ResourceObject is schema-aware (getDefinition() method works). If no
	 * ResourceObjectDefinition was provided, the object is schema-less. TODO:
	 * this still needs to be implemented.
	 * 
	 * @param co
	 *            ICF ConnectorObject to convert
	 * @param def
	 *            ResourceObjectDefinition (from the schema) or null
	 * @param full
	 *            if true it describes if the returned resource object should
	 *            contain all of the attributes defined in the schema, if false
	 *            the returned resource object will contain only attributed with
	 *            the non-null values.
	 * @return new mapped ResourceObject instance.
	 * @throws SchemaException
	 */
<T extends ShadowType> PrismObject<T> convertToResourceObject(ConnectorObject co, PrismObjectDefinition<T> objectDefinition, boolean full, boolean caseIgnoreAttributeNames, boolean legacySchema) throws SchemaException {
    PrismObject<T> shadowPrism = null;
    if (objectDefinition != null) {
        shadowPrism = objectDefinition.instantiate();
    } else {
        throw new SchemaException("No definition");
    }
    // LOGGER.trace("Instantiated prism object {} from connector object.",
    // shadowPrism.debugDump());
    T shadow = shadowPrism.asObjectable();
    ResourceAttributeContainer attributesContainer = (ResourceAttributeContainer) shadowPrism.findOrCreateContainer(ShadowType.F_ATTRIBUTES);
    ResourceAttributeContainerDefinition attributesContainerDefinition = attributesContainer.getDefinition();
    shadow.setObjectClass(attributesContainerDefinition.getTypeName());
    List<ObjectClassComplexTypeDefinition> auxiliaryObjectClassDefinitions = new ArrayList<>();
    for (Attribute icfAttr : co.getAttributes()) {
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            List<QName> auxiliaryObjectClasses = shadow.getAuxiliaryObjectClass();
            for (Object auxiliaryIcfObjectClass : icfAttr.getValue()) {
                QName auxiliaryObjectClassQname = icfNameMapper.objectClassToQname(new ObjectClass((String) auxiliaryIcfObjectClass), resourceSchemaNamespace, legacySchema);
                auxiliaryObjectClasses.add(auxiliaryObjectClassQname);
                ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition = icfNameMapper.getResourceSchema().findObjectClassDefinition(auxiliaryObjectClassQname);
                if (auxiliaryObjectClassDefinition == null) {
                    throw new SchemaException("Resource object " + co + " refers to auxiliary object class " + auxiliaryObjectClassQname + " which is not in the schema");
                }
                auxiliaryObjectClassDefinitions.add(auxiliaryObjectClassDefinition);
            }
            break;
        }
    }
    for (Attribute icfAttr : co.getAttributes()) {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Reading ICF attribute {}: {}", icfAttr.getName(), icfAttr.getValue());
        }
        if (icfAttr.getName().equals(Uid.NAME)) {
            // UID is handled specially (see above)
            continue;
        }
        if (icfAttr.is(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME)) {
            // Already processed
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.PASSWORD_NAME)) {
            // password has to go to the credentials section
            ProtectedStringType password = getSingleValue(icfAttr, ProtectedStringType.class);
            if (password == null) {
                // equals() instead of == is needed. The AttributeValueCompleteness enum may be loaded by different classloader
                if (!AttributeValueCompleteness.INCOMPLETE.equals(icfAttr.getAttributeValueCompleteness())) {
                    continue;
                }
                // There is no password value in the ConnId attribute. But it was indicated that
                // that attribute is incomplete. Therefore we can assume that there in fact is a value.
                // We just do not know it.
                ShadowUtil.setPasswordIncomplete(shadow);
                LOGGER.trace("Converted password: (incomplete)");
            } else {
                ShadowUtil.setPassword(shadow, password);
                LOGGER.trace("Converted password: {}", password);
            }
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_NAME)) {
            Boolean enabled = getSingleValue(icfAttr, Boolean.class);
            if (enabled == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            ActivationStatusType activationStatusType;
            if (enabled) {
                activationStatusType = ActivationStatusType.ENABLED;
            } else {
                activationStatusType = ActivationStatusType.DISABLED;
            }
            activationType.setAdministrativeStatus(activationStatusType);
            activationType.setEffectiveStatus(activationStatusType);
            LOGGER.trace("Converted activation administrativeStatus: {}", activationStatusType);
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.ENABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidFrom(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.DISABLE_DATE_NAME)) {
            Long millis = getSingleValue(icfAttr, Long.class);
            if (millis == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            activationType.setValidTo(XmlTypeConverter.createXMLGregorianCalendar(millis));
            continue;
        }
        if (icfAttr.getName().equals(OperationalAttributes.LOCK_OUT_NAME)) {
            Boolean lockOut = getSingleValue(icfAttr, Boolean.class);
            if (lockOut == null) {
                continue;
            }
            ActivationType activationType = ShadowUtil.getOrCreateActivation(shadow);
            LockoutStatusType lockoutStatusType;
            if (lockOut) {
                lockoutStatusType = LockoutStatusType.LOCKED;
            } else {
                lockoutStatusType = LockoutStatusType.NORMAL;
            }
            activationType.setLockoutStatus(lockoutStatusType);
            LOGGER.trace("Converted activation lockoutStatus: {}", lockoutStatusType);
            continue;
        }
        QName qname = icfNameMapper.convertAttributeNameToQName(icfAttr.getName(), attributesContainerDefinition);
        ResourceAttributeDefinition attributeDefinition = attributesContainerDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
        if (attributeDefinition == null) {
            // Try to locate definition in auxiliary object classes
            for (ObjectClassComplexTypeDefinition auxiliaryObjectClassDefinition : auxiliaryObjectClassDefinitions) {
                attributeDefinition = auxiliaryObjectClassDefinition.findAttributeDefinition(qname, caseIgnoreAttributeNames);
                if (attributeDefinition != null) {
                    break;
                }
            }
            if (attributeDefinition == null) {
                throw new SchemaException("Unknown attribute " + qname + " in definition of object class " + attributesContainerDefinition.getTypeName() + ". Original ICF name: " + icfAttr.getName(), qname);
            }
        }
        if (caseIgnoreAttributeNames) {
            // normalized version
            qname = attributeDefinition.getName();
        }
        ResourceAttribute<Object> resourceAttribute = attributeDefinition.instantiate(qname);
        // resource object also with the null-values attributes
        if (full) {
            if (icfAttr.getValue() != null) {
                // of them may need it (e.g. GuardedString)
                for (Object icfValue : icfAttr.getValue()) {
                    Object value = convertValueFromIcf(icfValue, qname);
                    resourceAttribute.add(new PrismPropertyValue<>(value));
                }
            }
            LOGGER.trace("Converted attribute {}", resourceAttribute);
            attributesContainer.getValue().add(resourceAttribute);
        // in this case when false, we need only the attributes with the
        // non-null values.
        } else {
            if (icfAttr.getValue() != null && !icfAttr.getValue().isEmpty()) {
                // Convert the values. While most values do not need
                // conversions, some of them may need it (e.g. GuardedString)
                boolean empty = true;
                for (Object icfValue : icfAttr.getValue()) {
                    if (icfValue != null) {
                        Object value = convertValueFromIcf(icfValue, qname);
                        empty = false;
                        resourceAttribute.add(new PrismPropertyValue<>(value));
                    }
                }
                if (!empty) {
                    LOGGER.trace("Converted attribute {}", resourceAttribute);
                    attributesContainer.getValue().add(resourceAttribute);
                }
            }
        }
    }
    // Add Uid if it is not there already. It can be already present, 
    // e.g. if Uid and Name represent the same attribute
    Uid uid = co.getUid();
    ObjectClassComplexTypeDefinition ocDef = attributesContainerDefinition.getComplexTypeDefinition();
    ResourceAttributeDefinition<String> uidDefinition = ConnIdUtil.getUidDefinition(ocDef);
    if (uidDefinition == null) {
        throw new SchemaException("No definition for ConnId UID attribute found in definition " + ocDef);
    }
    if (attributesContainer.getValue().findItem(uidDefinition.getName()) == null) {
        ResourceAttribute<String> uidRoa = uidDefinition.instantiate();
        uidRoa.setValue(new PrismPropertyValue<String>(uid.getUidValue()));
        attributesContainer.getValue().add(uidRoa);
    }
    return shadowPrism;
}