From Michal_Steklac at datalan.sk  Wed Jun  1 12:58:46 2016
From: Michal_Steklac at datalan.sk (Steklac Michal)
Date: Wed, 1 Jun 2016 10:58:46 +0000
Subject: [midPoint] link account in AD
In-Reply-To: <574DBD8B.708@evolveum.com>
References: <574DA514.9030204@datalan.sk>,<574DBD8B.708@evolveum.com>
Message-ID: <06822B2D6B7CF24EB3DC64BEF1AB75D68A40A0B6@EXCH-MBX1.datalan.sk>

Hi,

when i set secondaryIdentifier
...
	<attribute>
		<ref>ri:sAMAccountName</ref>
		<secondaryIdentifier>true</secondaryIdentifier>
		<displayName>Login name</displayName>
		<description></description>
		<outbound>
			<strength>strong</strength>
			<source>
				<path>$user/name</path>
			</source>
		</outbound>
	</attribute>
...
still receive error ObjectAlredyExists. In attachment is log.

synchronization of dn attribute
...
	<attribute>
		<ref>ri:dn</ref>
		<displayName>Distinguished Name</displayName>
		<description></description>
		<limitations>
			<minOccurs>0</minOccurs>
			<access>
				<read>true</read>
				<add>true</add>
				<modify>true</modify>
			</access>
		</limitations>
		<!--matchingRule>mr:stringIgnoreCase</matchingRule -->
		<inbound>
			<target>
				<path>$user/extension/ADDN</path>
			</target>
		</inbound>
		<outbound>
			<strength>strong</strength>
			<source>
				<path>$user/givenName</path>
			</source>
			<source>
				<path>$user/familyName</path>
			</source>
			<source>
				<path>$user/extension/ext:orgpath</path>
			</source>
			<source>
				<path>$user/activation/administrativeStatus</path>
			</source>
			<source>
				<path>$account/attributes/distinguishedName</path>
			</source>
			<expression>
				<script>
					<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
					</language>
					<code>
						import javax.naming.ldap.Rdn
						import javax.naming.ldap.LdapName
						import
						com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType
log.info('distinguishedName='+distinguishedName);
						dn = new LdapName('DC=pokus,DC=sk')

						if (orgpath) {
							orgpath.tokenize('/').reverse().each { ouname -> dn.add(new Rdn('ou',ouname)) }
						} else {
						}
						dn.add(new Rdn('cn',familyName.toString() + ' ' + givenName.toString()));
						return dn.toString()
					</code>
				</script>
			</expression>
		</outbound>
	</attribute>
...

Thanks & regards
MiSo
________________________________________
Od: midPoint [midpoint-bounces at lists.evolveum.com] v zast&#250;pen&#237; použ&#237;vateľa Ivan Noris [ivan.noris at evolveum.com]
Odoslané: 31. mája 2016 18:36
Do: midpoint at lists.evolveum.com
Predmet: Re: [midPoint] link account in AD

Hi,

I remember to use something like:

                <attribute>
                    <ref>ri:sAMAccountName</ref>
                    <secondaryIdentifier>true</secondaryIdentifier>
...
               </attribute>

to trigger automatic AlreadyExistsException to run discovery,
correlation and link the existing account using correlation expressions.
But I have not tried it recently and not with AdLdap connector at all.

Can you paste XML code how you try to process
$account/attributes/distinguishedName attribute (where you get null)?

Ivan

On 05/31/2016 04:52 PM, Michal Štekláč wrote:
> Hi,
>
> I use ICF com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
> v1.4.2.14 and I want synchronize users to AD and insert to
> organization unit. Users are in hierarchical structure in AD.
> Example:
> CN=Hrasko Janko,ou=BBB,ou=AAA,dc=example,dc=com
> Users exists in AD before start synchronization.
>
> When synchronize user from midpoint which is in OrgUnit AAA, then get
> exception object alredy exist in AD.
> In AD is user CN=Hrasko Janko,ou=BBB,ou=AAA,,dc=example,dc=com and
> synchronization try create CN=Hrasko Janko,ou=AAA,,dc=example,dc=com.
> Correlation atributte is sAMAcountName, which is same and have value
> jhrasko.
>
> 1) Can i link user which is in midpoint with user who exist in AD and
> change dn of user in AD? I don`t want to create new user in AD?
> 2) Can i get dn on user in AD? In old .Net AD connector get dn with
> $account/attributes/distinguishedName. I get null in new AD connector.
>
> Thanks & regards
> MiSo
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

--
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exceptions
Type: application/octet-stream
Size: 14027 bytes
Desc: exceptions
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/2b812bf8/attachment.obj>

From MICHAEL.GRUBER at wwk.de  Wed Jun  1 14:32:08 2016
From: MICHAEL.GRUBER at wwk.de (Gruber, Michael)
Date: Wed, 1 Jun 2016 12:32:08 +0000
Subject: [midPoint] link account in AD
In-Reply-To: <06822B2D6B7CF24EB3DC64BEF1AB75D68A40A0B6@EXCH-MBX1.datalan.sk>
References: <574DA514.9030204@datalan.sk>,<574DBD8B.708@evolveum.com>
 <06822B2D6B7CF24EB3DC64BEF1AB75D68A40A0B6@EXCH-MBX1.datalan.sk>
Message-ID: <D486EE2E07791C4B91565EAA6082630B5506409E@SERV0612.wwk-group.com>

Hi,

since it looks like a one time job to link the active directory users to midpoint you can try to do it in two steps:

1) Linking
remove all outbounds from resource
create and run a recon against active directory (kind: account / objectclass: user / intent: as defined in resource)
As result the midpoint users should have the projection-link to the existing active directory account (assumed sync/correlation is defined properly )

2) add outbound mappings to resource and reconcile midpoint users
Account in active directory should be moved as defined


For getting attributes you may also use
tmpDn = basic.getAttributeValue(shadow, 'http://midpoint.evolveum.com/xml/ns/public/resource/instance-3', 'distinguishedName')
but maybe there value was null because the account was not yet known/linked


regards, michael


-----Ursprüngliche Nachricht-----
Von: midPoint [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Steklac Michal
Gesendet: Mittwoch, 1. Juni 2016 12:59
An: midPoint General Discussion
Betreff: Re: [midPoint] link account in AD

Hi,

when i set secondaryIdentifier
...
        <attribute>
                <ref>ri:sAMAccountName</ref>
                <secondaryIdentifier>true</secondaryIdentifier>
                <displayName>Login name</displayName>
                <description></description>
                <outbound>
                        <strength>strong</strength>
                        <source>
                                <path>$user/name</path>
                        </source>
                </outbound>
        </attribute>
...
still receive error ObjectAlredyExists. In attachment is log.

synchronization of dn attribute
...
        <attribute>
                <ref>ri:dn</ref>
                <displayName>Distinguished Name</displayName>
                <description></description>
                <limitations>
                        <minOccurs>0</minOccurs>
                        <access>
                                <read>true</read>
                                <add>true</add>
                                <modify>true</modify>
                        </access>
                </limitations>
                <!--matchingRule>mr:stringIgnoreCase</matchingRule -->
                <inbound>
                        <target>
                                <path>$user/extension/ADDN</path>
                        </target>
                </inbound>
                <outbound>
                        <strength>strong</strength>
                        <source>
                                <path>$user/givenName</path>
                        </source>
                        <source>
                                <path>$user/familyName</path>
                        </source>
                        <source>
                                <path>$user/extension/ext:orgpath</path>
                        </source>
                        <source>
                                <path>$user/activation/administrativeStatus</path>
                        </source>
                        <source>
                                <path>$account/attributes/distinguishedName</path>
                        </source>
                        <expression>
                                <script>
                                        <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
                                        </language>
                                        <code>
                                                import javax.naming.ldap.Rdn
                                                import javax.naming.ldap.LdapName
                                                import
                                                com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType
log.info('distinguishedName='+distinguishedName);
                                                dn = new LdapName('DC=pokus,DC=sk')

                                                if (orgpath) {
                                                        orgpath.tokenize('/').reverse().each { ouname -> dn.add(new Rdn('ou',ouname)) }
                                                } else {
                                                }
                                                dn.add(new Rdn('cn',familyName.toString() + ' ' + givenName.toString()));
                                                return dn.toString()
                                        </code>
                                </script>
                        </expression>
                </outbound>
        </attribute>
...

Thanks & regards
MiSo
________________________________________
Od: midPoint [midpoint-bounces at lists.evolveum.com] v zast&#250;pen&#237; použ&#237;vateľa Ivan Noris [ivan.noris at evolveum.com]
Odoslané: 31. mája 2016 18:36
Do: midpoint at lists.evolveum.com
Predmet: Re: [midPoint] link account in AD

Hi,

I remember to use something like:

                <attribute>
                    <ref>ri:sAMAccountName</ref>
                    <secondaryIdentifier>true</secondaryIdentifier>
...
               </attribute>

to trigger automatic AlreadyExistsException to run discovery,
correlation and link the existing account using correlation expressions.
But I have not tried it recently and not with AdLdap connector at all.

Can you paste XML code how you try to process
$account/attributes/distinguishedName attribute (where you get null)?

Ivan

On 05/31/2016 04:52 PM, Michal Štekláč wrote:
> Hi,
>
> I use ICF com.evolveum.polygon.connector.ldap.ad.AdLdapConnector
> v1.4.2.14 and I want synchronize users to AD and insert to
> organization unit. Users are in hierarchical structure in AD.
> Example:
> CN=Hrasko Janko,ou=BBB,ou=AAA,dc=example,dc=com
> Users exists in AD before start synchronization.
>
> When synchronize user from midpoint which is in OrgUnit AAA, then get
> exception object alredy exist in AD.
> In AD is user CN=Hrasko Janko,ou=BBB,ou=AAA,,dc=example,dc=com and
> synchronization try create CN=Hrasko Janko,ou=AAA,,dc=example,dc=com.
> Correlation atributte is sAMAcountName, which is same and have value
> jhrasko.
>
> 1) Can i link user which is in midpoint with user who exist in AD and
> change dn of user in AD? I don`t want to create new user in AD?
> 2) Can i get dn on user in AD? In old .Net AD connector get dn with
> $account/attributes/distinguishedName. I get null in new AD connector.
>
> Thanks & regards
> MiSo
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

--
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Werner Quante, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK Pensionsfonds AG, Vorstand: Ansgar Eckert, Karl Ruffing, Heinrich Schüppert; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Ansgar Eckert, Stefan Schneider (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach



From ivan.noris at evolveum.com  Wed Jun  1 14:57:54 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 1 Jun 2016 14:57:54 +0200
Subject: [midPoint] Examples or explanation Tolerant Pattern
In-Reply-To: <46DB2E7F-5C8F-4E95-AB66-AA8219CB20B1@tahzoo.com>
References: <46DB2E7F-5C8F-4E95-AB66-AA8219CB20B1@tahzoo.com>
Message-ID: <574EDBD2.7040806@evolveum.com>

Hi Dick,

I was just testing this and this is how it works:

1) if attribute is set as tolerant, it means, that *during
reconciliation*, the other values of the attribute (not mandated by
midPoint mappings) will be tolerated, i.e. kept, not removed. This is
fine if you manage some group membership by midPoint and other
membership by other means, i.e. manually and  you wish to have both. If
attribute is not tolerant, midPoint would remove the values that are not
provided by mappings in resource schema handling and/or role mappings.

2) tolerantValuePattern and intolerantValuePattern work also only during
reconciliation, but you can specify regexps to match.
Sample for carLicense in LDAP resource:
         <attribute>
            <c:ref>ri:carLicense</c:ref>
            <tolerant>true</tolerant>
            <tolerantValuePattern>^Secret.*$</tolerantValuePattern>
            <intolerantValuePattern>^.*$</intolerantValuePattern>
         </attribute>

This means, that during reconciliation, only values starting with Secret
will be kept and all other will be removed.
To test this silly example, I've done the following:

- put the above attribute definition to OpenLDAP sample
- added OpenLDAP account as projection / assigned role constructing the
account
- added several values of carLicense attribute manually or using
midPoint (Projections-OpenLDAP-expand-carLicense-"+"). From these
values, one is "Secret is my food", second is "XXX", third is "Too many
secrets".
- edited the user again in midPoint, checked "reconcile" checkbox and saved.

After the save (with reconcile checkbox) all values except the "Secret
is my food" are removed from the attribute carLicense, because they are
not mandated by any mapping. The value "Secret is my food" is not
removed, because it matches the "tolerantValuePattern".

The documentation for these little beasts is also in schema:
https://github.com/Evolveum/midpoint/blob/master/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

Hope this helps. I have not yet used this tolerant patterns, so if there
are further questions please ask.

Regards,
Ivan

On 05/26/2016 04:00 PM, Dick Muller wrote:
>
> Hi,
>
>  
>
> Is there somebody that can explain how the tolerant checkbox and
> tolerant patterns work.
>
>  
>
> I want to allow values with the tolerant pattern that end with
> dc=domainname, dc=com.
>
> Is that possible with this function?
>
>  
>
> Kindest regards,
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> *Dick Muller*
>
> Senior Systems Engineer
>
> Delftechpark 37i
> 2628 XJ Delft*
> d*: +31 88 2682586 
> *m:* +31 6 46477690
>
> <http://www.tahzoo.com/>
>
>  
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/3d81f135/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7589 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/3d81f135/attachment.png>

From rijndaal at outlook.it  Wed Jun  1 17:03:09 2016
From: rijndaal at outlook.it (Rijndaal Ramiji)
Date: Wed, 1 Jun 2016 15:03:09 +0000
Subject: [midPoint] Authentication in midPoint through Active Directory
Message-ID: <AM3PR06MB1297A73051E46107FA09C2A2B7470@AM3PR06MB1297.eurprd06.prod.outlook.com>

Hi.

Is it possibile to login in midPoint using AD's credentials?

We would like that every user in midPoint  (or just selected users with a particular role) could do login in the application
using his/her sAMAccountName and AD password speaking directly with the AD itself, without storing passwords in midPoint.

Thank you.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/c37a4dd7/attachment.htm>

From ggallard at identicum.com  Wed Jun  1 23:29:40 2016
From: ggallard at identicum.com (Gustavo J Gallardo)
Date: Wed, 1 Jun 2016 18:29:40 -0300
Subject: [midPoint] Writing a boolean attribute as activation configured
	capability
Message-ID: <CAA68kP_NmHcEbV9w-GoP9Q+NqMGVhC7M-HsZXQYAT5sDEo2jSQ@mail.gmail.com>

We're working with the GoogleApps connector, which does not support
activation, so we set up a configured capability to set the boolean
'suspended' attribute.
We can read and interpret the value correctly, however when writing the
attribute from <capabilities>, it is sending a String instead of a boolean.
If I map the account attribute to a user attribute, we can write it
correctly.

<capabilities>
...
<configured>
<cap:activation>
<cap:status>
<cap:attribute>ri:suspended</cap:attribute>
<cap:enableValue>false</cap:enableValue>
<cap:disableValue>true</cap:disableValue>
</cap:status>
</cap:activation>
</configured>
</capabilities>

Is there any way inside the
.../capabilities/configured/cap:activation/cap:status/cap:enableValue/ to
indicate it has to be treated as a boolean?
We are working with 3.4-SNAPSHOT.


Thanks,

GJG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/2da3d78b/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun  2 01:28:03 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Wed, 1 Jun 2016 16:28:03 -0700
Subject: [midPoint] Recompute All Members for Role
Message-ID: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>

Hello,

I'm trying to recompute all members that are assigned a particuar role. I
tried using the "Recompute All" (http://i.imgur.com/xLXjLwd.png) button in
the "Members" section of a role. This launches a task that is successful
however, it it does not process any objects.

If I manually select the members I want and select "Recompute members"
everything works just fine. Any ideas?

Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160601/c808ec88/attachment.htm>

From mederly at evolveum.com  Thu Jun  2 07:24:25 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 2 Jun 2016 07:24:25 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
Message-ID: <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>

Hello Florin,

If I remember correctly, we've been fixing this problem in master 
(3.4-SNAPSHOT). It should be solved in that branch.

(If not, please drop a jira issue with details how to reproduce, and 
we'll certainly fix that.)

Best regards,

Pavol


On 02.06.2016 1:28, Florin. Stingaciu wrote:
> Hello,
>
> I'm trying to recompute all members that are assigned a particuar 
> role. I tried using the "Recompute All" 
> (http://i.imgur.com/xLXjLwd.png) button in the "Members" section of a 
> role. This launches a task that is successful however, it it does not 
> process any objects.
>
> If I manually select the members I want and select "Recompute members" 
> everything works just fine. Any ideas?
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/c8d95bff/attachment.htm>

From aeroshenko at frte.ru  Thu Jun  2 08:01:43 2016
From: aeroshenko at frte.ru (=?koi8-r?B?5dLP28XOy88g4c7Uz84=?=)
Date: Thu, 2 Jun 2016 06:01:43 +0000
Subject: [midPoint] Synchronizing same user with different resources
 (ObjectAlreadyExistsException)
In-Reply-To: <8c469182c8d6489a9c26c4b685343fe8@exch.sc.exsc.ru>
References: <8c469182c8d6489a9c26c4b685343fe8@exch.sc.exsc.ru>
Message-ID: <eef0f0a264d346518ea33e47a8c45e87@exch.sc.exsc.ru>

I figured out the problem. There were two shadows of one account, that seems to violates unique constraints. First shadow created during import process that passed normally, second shadow created during import process that failed for some reason. I delete one shadow manually, so sync works now.
How many shadows can we have for one account? How to avoid creation of multiple shadows of one account?





Hello!
I'm trying to import accounts from AD resource. These accounts were already imported (LINKED) from another resource configured with same AD . So, users are the same, ADs are the same, resources configurations only differ.  I would like to get midpoint user linked to two projections (accounts).
Midpoint sync process set UNLINKED status for accounts, but then fails them and shows ObjectAlreadyExistsException instead of link the account to midpoint user.
Does it mean that its impossible to have two similar accounts for the same midpoint user? Or something wrong?

Resource config http://pastebin.com/XX6KrcQB

Exception class com.evolveum.midpoint.util.exception.SystemException thrown by object change listener model synchronization service: com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException: Too many iterations (6) for account(ID {.../resource/instance-3}objectGUID = [ 2d42b6f0b3554a4cbe75fb9a8f0a1141 ], type 'default', resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaed(Active Directory Advanced Sync 1)): cannot determine values that satisfy constraints: Found more than one object with attribute {.../resource/instance-3}dn = [ CN=Vilk,DC=igp,DC=local]
com.evolveum.midpoint.util.exception.SystemException: com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException: Too many iterations (6) for account(ID {.../resource/instance-3}objectGUID = [ 2d42b6f0b3554a4cbe75fb9a8f0a1141 ], type 'default', resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaed(Active Directory Advanced Sync 1)): cannot determine values that satisfy constraints: Found more than one object with attribute {.../resource/instance-3}dn = [ CN=Vilk,DC=igp,DC=local ]
                at com.evolveum.midpoint.model.impl.sync.SynchronizationService.notifyChange_aroundBody0(SynchronizationService.java:298) ~[model-impl-3.3.1.jar:na]
                at com.evolveum.midpoint.model.impl.sync.SynchronizationService$AjcClosure1.run(SynchronizationService.java:1) ~[model-impl-3.3.1.jar:na]

Thanks for any suggestions.
Anton.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/7f23b833/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun  2 09:52:39 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 2 Jun 2016 09:52:39 +0200
Subject: [midPoint] Synchronizing same user with different resources
 (ObjectAlreadyExistsException)
In-Reply-To: <eef0f0a264d346518ea33e47a8c45e87@exch.sc.exsc.ru>
References: <8c469182c8d6489a9c26c4b685343fe8@exch.sc.exsc.ru>
 <eef0f0a264d346518ea33e47a8c45e87@exch.sc.exsc.ru>
Message-ID: <574FE5C7.6060301@evolveum.com>

Hi Anton,

one account can have only one shadow. The shadow contains information
about account "name" and identifier. In case of LDAP this is DN and
entryUUID/objectGUID.

Theoretically it should not happen to have two or more shadows for the
same account. Not sure about import, but reconciliation should get rid
of such shadows.

Ivan

On 06/02/2016 08:01 AM, Ерошенко Антон wrote:
>
> I figured out the problem. There were two shadows of one account, that
> seems to violates unique constraints. First shadow created during
> import process that passed normally, second shadow created during
> import process that failed for some reason. I delete one shadow
> manually, so sync works now.
>
> How many shadows can we have for one account? How to avoid creation of
> multiple shadows of one account?
>
>  
>
>  
>
>  
>
>  
>
>  
>
> Hello!
>
> I’m trying to import accounts from AD resource. These accounts were
> already imported (LINKED) from another resource configured with same
> AD . So, users are the same, ADs are the same, resources
> configurations only differ.  I would like to get midpoint user linked
> to two projections (accounts).
>
> Midpoint sync process set UNLINKED status for accounts, but then fails
> them and shows ObjectAlreadyExistsException instead of link the
> account to midpoint user.
>
> Does it mean that its impossible to have two similar accounts for the
> same midpoint user? Or something wrong? 
>
>  
>
> Resource config http://pastebin.com/XX6KrcQB
>
>  
>
> Exception class com.evolveum.midpoint.util.exception.SystemException
> thrown by object change listener model synchronization service:
> com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException: Too
> many iterations (6) for account(ID {.../resource/instance-3}objectGUID
> = [ 2d42b6f0b3554a4cbe75fb9a8f0a1141 ], type 'default',
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaed(Active Directory
> Advanced Sync 1)): cannot determine values that satisfy constraints:
> Found more than one object with attribute {.../resource/instance-3}dn
> = [ CN=Vilk,DC=igp,DC=local]
>
> com.evolveum.midpoint.util.exception.SystemException:
> com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException: Too
> many iterations (6) for account(ID {.../resource/instance-3}objectGUID
> = [ 2d42b6f0b3554a4cbe75fb9a8f0a1141 ], type 'default',
> resource:ef2bc95b-76e0-48e2-86d6-3d4f02d3eaed(Active Directory
> Advanced Sync 1)): cannot determine values that satisfy constraints:
> Found more than one object with attribute {.../resource/instance-3}dn
> = [ CN=Vilk,DC=igp,DC=local ]
>
>                 at
> com.evolveum.midpoint.model.impl.sync.SynchronizationService.notifyChange_aroundBody0(SynchronizationService.java:298)
> ~[model-impl-3.3.1.jar:na]
>
>                 at
> com.evolveum.midpoint.model.impl.sync.SynchronizationService$AjcClosure1.run(SynchronizationService.java:1)
> ~[model-impl-3.3.1.jar:na]
>
>  
>
> Thanks for any suggestions.
>
> Anton.
>
>  
>
>  
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/abfa4a6e/attachment.htm>

From mrveceylan at gmail.com  Thu Jun  2 10:06:07 2016
From: mrveceylan at gmail.com (mceylan)
Date: Thu, 2 Jun 2016 11:06:07 +0300
Subject: [midPoint] Midpoint and SSO
Message-ID: <CADu1p_gOkmQ1r4eUmbOyys1sRkm0PZQGWQKOpnEPGAA0E-oLzw@mail.gmail.com>

hi,

I have a problem with  midpoint and SSO. I followed steps on the
https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO

When I try to get to https://midpoint/ I get 500 and I can see stack trace
in log (below).

My configuration files: ctx-web-security.xml and web.xml are in attachments.


org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException:
SM_USER header not found in request.



Could you help me ?
Thank you very much

   - <https://jira.evolveum.com/browse/MID-2564#>

Merve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/aee836f9/attachment.htm>

From jeverling at bshp.edu  Thu Jun  2 15:34:33 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Thu, 2 Jun 2016 08:34:33 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CADu1p_gOkmQ1r4eUmbOyys1sRkm0PZQGWQKOpnEPGAA0E-oLzw@mail.gmail.com>
References: <CADu1p_gOkmQ1r4eUmbOyys1sRkm0PZQGWQKOpnEPGAA0E-oLzw@mail.gmail.com>
Message-ID: <CAFkZXY5TSaydkP47K_PMhdYNj=PtJHRHcWqAJn8koo-6_-X2Tg@mail.gmail.com>

What SSO method are you using or what SSO agent/client?

JASON

On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:

> hi,
>
> I have a problem with  midpoint and SSO. I followed steps on the
> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>
> When I try to get to https://midpoint/ I get 500 and I can see stack
> trace in log (below).
>
> My configuration files: ctx-web-security.xml and web.xml are in
> attachments.
>
>
> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>
>
>
> Could you help me ?
> Thank you very much
>
>    - <https://jira.evolveum.com/browse/MID-2564#>
>
> Merve
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/d05e632f/attachment.htm>

From mrveceylan at gmail.com  Thu Jun  2 15:39:59 2016
From: mrveceylan at gmail.com (mceylan)
Date: Thu, 2 Jun 2016 16:39:59 +0300
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY5TSaydkP47K_PMhdYNj=PtJHRHcWqAJn8koo-6_-X2Tg@mail.gmail.com>
References: <CADu1p_gOkmQ1r4eUmbOyys1sRkm0PZQGWQKOpnEPGAA0E-oLzw@mail.gmail.com>
 <CAFkZXY5TSaydkP47K_PMhdYNj=PtJHRHcWqAJn8koo-6_-X2Tg@mail.gmail.com>
Message-ID: <CADu1p_iYbOn57zQBqVteXN00403-iV6wXGV2XGLdA=pePLL_Xg@mail.gmail.com>

JAVA jasig cas methods and apache tomcat

2016-06-02 16:34 GMT+03:00 Jason Everling <jeverling at bshp.edu>:

> What SSO method are you using or what SSO agent/client?
>
> JASON
>
> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>
>> hi,
>>
>> I have a problem with  midpoint and SSO. I followed steps on the
>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>
>> When I try to get to https://midpoint/ I get 500 and I can see stack
>> trace in log (below).
>>
>> My configuration files: ctx-web-security.xml and web.xml are in
>> attachments.
>>
>>
>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>
>>
>>
>> Could you help me ?
>> Thank you very much
>>
>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>
>> Merve
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/de8924f9/attachment.htm>

From roman.pudil at ami.cz  Thu Jun  2 15:40:53 2016
From: roman.pudil at ami.cz (Roman Pudil - AMI Praha a.s.)
Date: Thu, 02 Jun 2016 13:40:53 +0000
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY5TSaydkP47K_PMhdYNj=PtJHRHcWqAJn8koo-6_-X2Tg@mail.gmail.com>
Message-ID: <em025b85c4-9069-4854-b9fe-de5cc0cc5e0c@rpudil-dell7440>

Hi Jason,
we tried CAS + MidPoint as SSO solution.

Here is URL with configuration:
https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854

Regards

Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz





Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.



------ Původní zpráva ------
Od: "Jason Everling" <jeverling at bshp.edu>
Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Odesláno: 2.6.2016 15:34:33
Předmět: Re: [midPoint] Midpoint and SSO

>What SSO method are you using or what SSO agent/client?
>
>JASON
>
>On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>hi,
>>
>>I have a problem with  midpoint and SSO. I followed steps on the 
>>https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>When I try to get to https://midpoint/ I get 500 and I can see stack 
>>trace in log (below).
>>
>>My configuration files: ctx-web-security.xml and web.xml are in 
>>attachments.
>>
>>
>>
>>org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: 
>>SM_USER header not found in request.
>>
>>Could you help me ?
>>Thank you very much
>>
>>Merve
>>
>>_______________________________________________
>>midPoint mailing list
>>midPoint at lists.evolveum.com
>>http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
>
>
>CONFIDENTIALITY NOTICE:
>This e-mail together with any attachments is proprietary and 
>confidential; intended for only the recipient(s) named above and may 
>contain information that is privileged. You should not retain, copy or 
>use this e-mail or any attachments for any purpose, or disclose all or 
>any part of the contents to any person. Any views or opinions expressed 
>in this e-mail are those of the author and do not represent those of 
>the Baptist School of Health Professions. If you have received this 
>e-mail in error, or are not the named recipient(s), you are hereby 
>notified that any review, dissemination, distribution or copying of 
>this communication is prohibited by the sender and to do so might 
>constitute a violation of the Electronic Communications Privacy Act, 18 
>U.S.C. section 2510-2521. Please immediately notify the sender and 
>delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/490705ff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4060 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/490705ff/attachment.bin>

From jeverling at bshp.edu  Thu Jun  2 15:51:17 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Thu, 2 Jun 2016 08:51:17 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <em025b85c4-9069-4854-b9fe-de5cc0cc5e0c@rpudil-dell7440>
References: <CAFkZXY5TSaydkP47K_PMhdYNj=PtJHRHcWqAJn8koo-6_-X2Tg@mail.gmail.com>
 <em025b85c4-9069-4854-b9fe-de5cc0cc5e0c@rpudil-dell7440>
Message-ID: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>

We are using the Java CAS Client, in midpoint 3.2, and haven't had any
issues, it was pretty easy to setup. I am looking over my files to see if I
did anything outside of that document or what was commented in
ctx-web-security.xml but I do not think that would be the case.

You can check ours here,
http://pastebin.com/mHW8hvP4


JASON

On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
roman.pudil at ami.cz> wrote:

> Hi Jason,
> we tried CAS + MidPoint as SSO solution.
>
> Here is URL with configuration:
> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>
> Regards
>
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail: roman.pudil at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web: www.ami.cz
>
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> ------ Původní zpráva ------
> Od: "Jason Everling" <jeverling at bshp.edu>
> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
> Odesláno: 2.6.2016 15:34:33
> Předmět: Re: [midPoint] Midpoint and SSO
>
>
> What SSO method are you using or what SSO agent/client?
>
> JASON
>
> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>
>> hi,
>>
>> I have a problem with  midpoint and SSO. I followed steps on the
>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>
>> When I try to get to https://midpoint/ I get 500 and I can see stack
>> trace in log (below).
>>
>> My configuration files: ctx-web-security.xml and web.xml are in
>> attachments.
>>
>>
>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>
>>
>>
>> Could you help me ?
>> Thank you very much
>>
>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>
>> Merve
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/2dfa4cca/attachment.htm>

From roman.pudil at ami.cz  Thu Jun  2 15:56:42 2016
From: roman.pudil at ami.cz (Roman Pudil - AMI Praha a.s.)
Date: Thu, 02 Jun 2016 13:56:42 +0000
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
Message-ID: <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>

Hi Jason,

try to uncoment line with "PRE_AUTH_FILTER".


Regards

Roman Pudil
solution architect

gsm: [+420] 775 663 666
e-mail: roman.pudil at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel./fax: [+420] 274 783 239
web: www.ami.cz





Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
výhradně písemnou formu.



------ Původní zpráva ------
Od: "Jason Everling" <jeverling at bshp.edu>
Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint 
General Discussion" <midpoint at lists.evolveum.com>
Odesláno: 2.6.2016 15:51:17
Předmět: Re: [midPoint] Midpoint and SSO

>We are using the Java CAS Client, in midpoint 3.2, and haven't had any 
>issues, it was pretty easy to setup. I am looking over my files to see 
>if I did anything outside of that document or what was commented in 
>ctx-web-security.xml but I do not think that would be the case.
>
>You can check ours here,
>http://pastebin.com/mHW8hvP4
>
>
>JASON
>
>On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. 
><roman.pudil at ami.cz> wrote:
>>Hi Jason,
>>we tried CAS + MidPoint as SSO solution.
>>
>>Here is URL with configuration:
>>https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>
>>Regards
>>
>>Roman Pudil
>>solution architect
>>
>>gsm: [+420] 775 663 666
>>e-mail: roman.pudil at ami.cz
>>
>>
>>AMI Praha a.s.
>>Pláničkova 11
>>162 00 Praha 6
>>tel./fax: [+420] 274 783 239
>>web: http://www.ami.cz/
>>
>>
>>
>>
>>
>>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
>>společnost AMI Praha a.s.
>>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
>>výhradně písemnou formu.
>>
>>
>>
>>------ Původní zpráva ------
>>Od: "Jason Everling" <jeverling at bshp.edu>
>>Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>Odesláno: 2.6.2016 15:34:33
>>Předmět: Re: [midPoint] Midpoint and SSO
>>
>>>What SSO method are you using or what SSO agent/client?
>>>
>>>JASON
>>>
>>>On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>hi,
>>>>
>>>>I have a problem with  midpoint and SSO. I followed steps on the 
>>>>https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>When I try to get to https://midpoint/ I get 500 and I can see stack 
>>>>trace in log (below).
>>>>
>>>>My configuration files: ctx-web-security.xml and web.xml are in 
>>>>attachments.
>>>>
>>>>
>>>>
>>>>org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: 
>>>>SM_USER header not found in request.
>>>>
>>>>Could you help me ?
>>>>Thank you very much
>>>>
>>>>Merve
>>>>
>>>>_______________________________________________
>>>>midPoint mailing list
>>>>midPoint at lists.evolveum.com
>>>>http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>
>>>
>>>
>>>
>>>CONFIDENTIALITY NOTICE:
>>>This e-mail together with any attachments is proprietary and 
>>>confidential; intended for only the recipient(s) named above and may 
>>>contain information that is privileged. You should not retain, copy 
>>>or use this e-mail or any attachments for any purpose, or disclose 
>>>all or any part of the contents to any person. Any views or opinions 
>>>expressed in this e-mail are those of the author and do not represent 
>>>those of the Baptist School of Health Professions. If you have 
>>>received this e-mail in error, or are not the named recipient(s), you 
>>>are hereby notified that any review, dissemination, distribution or 
>>>copying of this communication is prohibited by the sender and to do 
>>>so might constitute a violation of the Electronic Communications 
>>>Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify 
>>>the sender and delete this e-mail and any attachments from your 
>>>computer.
>>
>>_______________________________________________
>>midPoint mailing list
>>midPoint at lists.evolveum.com
>>http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
>
>
>CONFIDENTIALITY NOTICE:
>This e-mail together with any attachments is proprietary and 
>confidential; intended for only the recipient(s) named above and may 
>contain information that is privileged. You should not retain, copy or 
>use this e-mail or any attachments for any purpose, or disclose all or 
>any part of the contents to any person. Any views or opinions expressed 
>in this e-mail are those of the author and do not represent those of 
>the Baptist School of Health Professions. If you have received this 
>e-mail in error, or are not the named recipient(s), you are hereby 
>notified that any review, dissemination, distribution or copying of 
>this communication is prohibited by the sender and to do so might 
>constitute a violation of the Electronic Communications Privacy Act, 18 
>U.S.C. section 2510-2521. Please immediately notify the sender and 
>delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/ebe9271a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4060 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/ebe9271a/attachment.bin>

From jeverling at bshp.edu  Thu Jun  2 15:57:49 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Thu, 2 Jun 2016 08:57:49 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
Message-ID: <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>

Hah! Wait, I am not the one with issue, it is the other on the thread, Merve

JASON

On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
roman.pudil at ami.cz> wrote:

> Hi Jason,
>
> try to uncoment line with "PRE_AUTH_FILTER".
>
>
> Regards
>
>
> Roman Pudil
> solution architect
>
> gsm: [+420] 775 663 666
> e-mail: roman.pudil at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web: www.ami.cz
>
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> ------ Původní zpráva ------
> Od: "Jason Everling" <jeverling at bshp.edu>
> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
> General Discussion" <midpoint at lists.evolveum.com>
> Odesláno: 2.6.2016 15:51:17
> Předmět: Re: [midPoint] Midpoint and SSO
>
>
> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
> issues, it was pretty easy to setup. I am looking over my files to see if I
> did anything outside of that document or what was commented in
> ctx-web-security.xml but I do not think that would be the case.
>
> You can check ours here,
> http://pastebin.com/mHW8hvP4
>
>
> JASON
>
> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
> roman.pudil at ami.cz> wrote:
>
>> Hi Jason,
>> we tried CAS + MidPoint as SSO solution.
>>
>> Here is URL with configuration:
>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>
>> Regards
>>
>>
>> Roman Pudil
>> solution architect
>>
>> gsm: [+420] 775 663 666
>> e-mail: roman.pudil at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel./fax: [+420] 274 783 239
>> web: http://www.ami.cz/
>>
>>
>>
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>>
>> ------ Původní zpráva ------
>> Od: "Jason Everling" <jeverling at bshp.edu>
>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>> Odesláno: 2.6.2016 15:34:33
>> Předmět: Re: [midPoint] Midpoint and SSO
>>
>>
>> What SSO method are you using or what SSO agent/client?
>>
>> JASON
>>
>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>
>>> hi,
>>>
>>> I have a problem with  midpoint and SSO. I followed steps on the
>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>
>>> When I try to get to https://midpoint/ I get 500 and I can see stack
>>> trace in log (below).
>>>
>>> My configuration files: ctx-web-security.xml and web.xml are in
>>> attachments.
>>>
>>>
>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>
>>>
>>>
>>> Could you help me ?
>>> Thank you very much
>>>
>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>
>>> Merve
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/81287565/attachment.htm>

From mrveceylan at gmail.com  Thu Jun  2 16:43:05 2016
From: mrveceylan at gmail.com (mceylan)
Date: Thu, 2 Jun 2016 17:43:05 +0300
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
Message-ID: <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>

Hi Roman,

why uncomment  line with "PRE_AUTH_FILTER"?

https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
setup Basically
what needs to be done is to uncomment the following line:

<custom-filter position="PRE_AUTH_FILTER" ref=
"requestHeaderAuthenticationFilter" />

2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:

> Hah! Wait, I am not the one with issue, it is the other on the thread,
> Merve
>
> JASON
>
> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
> roman.pudil at ami.cz> wrote:
>
>> Hi Jason,
>>
>> try to uncoment line with "PRE_AUTH_FILTER".
>>
>>
>> Regards
>>
>>
>> Roman Pudil
>> solution architect
>>
>> gsm: [+420] 775 663 666
>> e-mail: roman.pudil at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel./fax: [+420] 274 783 239
>> web: www.ami.cz
>>
>>
>>
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>>
>> ------ Původní zpráva ------
>> Od: "Jason Everling" <jeverling at bshp.edu>
>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>> General Discussion" <midpoint at lists.evolveum.com>
>> Odesláno: 2.6.2016 15:51:17
>> Předmět: Re: [midPoint] Midpoint and SSO
>>
>>
>> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
>> issues, it was pretty easy to setup. I am looking over my files to see if I
>> did anything outside of that document or what was commented in
>> ctx-web-security.xml but I do not think that would be the case.
>>
>> You can check ours here,
>> http://pastebin.com/mHW8hvP4
>>
>>
>> JASON
>>
>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>> roman.pudil at ami.cz> wrote:
>>
>>> Hi Jason,
>>> we tried CAS + MidPoint as SSO solution.
>>>
>>> Here is URL with configuration:
>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>
>>> Regards
>>>
>>>
>>> Roman Pudil
>>> solution architect
>>>
>>> gsm: [+420] 775 663 666
>>> e-mail: roman.pudil at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel./fax: [+420] 274 783 239
>>> web: http://www.ami.cz/
>>>
>>>
>>>
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>>
>>> ------ Původní zpráva ------
>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>> Odesláno: 2.6.2016 15:34:33
>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>
>>>
>>> What SSO method are you using or what SSO agent/client?
>>>
>>> JASON
>>>
>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>
>>>> hi,
>>>>
>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>
>>>> When I try to get to https://midpoint/ I get 500 and I can see stack
>>>> trace in log (below).
>>>>
>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>> attachments.
>>>>
>>>>
>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>
>>>>
>>>>
>>>> Could you help me ?
>>>> Thank you very much
>>>>
>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>
>>>> Merve
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/46bd62ca/attachment.htm>

From jeverling at bshp.edu  Thu Jun  2 18:39:46 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Thu, 2 Jun 2016 11:39:46 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
Message-ID: <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>

He was mentioning that to me thinking it was me having the issues,

Merve, what are you using to pass your HEADER auth? Or are you using CAS?

JASON

On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:

> Hi Roman,
>
> why uncomment  line with "PRE_AUTH_FILTER"?
>
> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
> setup Basically what needs to be done is to uncomment the following line:
>
> <custom-filter position="PRE_AUTH_FILTER" ref=
> "requestHeaderAuthenticationFilter" />
>
> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>
>> Hah! Wait, I am not the one with issue, it is the other on the thread,
>> Merve
>>
>> JASON
>>
>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>> roman.pudil at ami.cz> wrote:
>>
>>> Hi Jason,
>>>
>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>
>>>
>>> Regards
>>>
>>>
>>> Roman Pudil
>>> solution architect
>>>
>>> gsm: [+420] 775 663 666
>>> e-mail: roman.pudil at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel./fax: [+420] 274 783 239
>>> web: www.ami.cz
>>>
>>>
>>>
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>>
>>> ------ Původní zpráva ------
>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>>> General Discussion" <midpoint at lists.evolveum.com>
>>> Odesláno: 2.6.2016 15:51:17
>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>
>>>
>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
>>> issues, it was pretty easy to setup. I am looking over my files to see if I
>>> did anything outside of that document or what was commented in
>>> ctx-web-security.xml but I do not think that would be the case.
>>>
>>> You can check ours here,
>>> http://pastebin.com/mHW8hvP4
>>>
>>>
>>> JASON
>>>
>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>> roman.pudil at ami.cz> wrote:
>>>
>>>> Hi Jason,
>>>> we tried CAS + MidPoint as SSO solution.
>>>>
>>>> Here is URL with configuration:
>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>
>>>> Regards
>>>>
>>>>
>>>> Roman Pudil
>>>> solution architect
>>>>
>>>> gsm: [+420] 775 663 666
>>>> e-mail: roman.pudil at ami.cz
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel./fax: [+420] 274 783 239
>>>> web: http://www.ami.cz/
>>>>
>>>>
>>>>
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>> společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>>
>>>>
>>>> ------ Původní zpráva ------
>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>> Odesláno: 2.6.2016 15:34:33
>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>
>>>>
>>>> What SSO method are you using or what SSO agent/client?
>>>>
>>>> JASON
>>>>
>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>
>>>>> hi,
>>>>>
>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>
>>>>> When I try to get to https://midpoint/ I get 500 and I can see stack
>>>>> trace in log (below).
>>>>>
>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>> attachments.
>>>>>
>>>>>
>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>
>>>>>
>>>>>
>>>>> Could you help me ?
>>>>> Thank you very much
>>>>>
>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>
>>>>> Merve
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/a8ebb285/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun  2 20:36:24 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 2 Jun 2016 11:36:24 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
Message-ID: <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>

Thanks Pavel! I'll upgrade to the latest and let you know how that works
out.


On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> If I remember correctly, we've been fixing this problem in master
> (3.4-SNAPSHOT). It should be solved in that branch.
>
> (If not, please drop a jira issue with details how to reproduce, and we'll
> certainly fix that.)
>
> Best regards,
>
> Pavol
>
> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>
> Hello,
>
> I'm trying to recompute all members that are assigned a particuar role. I
> tried using the "Recompute All" ( <http://i.imgur.com/xLXjLwd.png>
> http://i.imgur.com/xLXjLwd.png) button in the "Members" section of a
> role. This launches a task that is successful however, it it does not
> process any objects.
>
> If I manually select the members I want and select "Recompute members"
> everything works just fine. Any ideas?
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/061b85aa/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun  2 22:56:27 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 2 Jun 2016 13:56:27 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
Message-ID: <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>

Hello again,

I'm having some troubles when rebuilding the master. Here's the
corresponding stack trace: http://pastebin.com/TVUAKURb

Also, I'm using SSO under apache with the following ctx-web-security.xml
file: http://pastebin.com/rvs9cJDj

Any ideas would be greatly appreciated.

Thanks,
-F

On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <fstingaciu at mirantis.com>
wrote:

> Thanks Pavel! I'll upgrade to the latest and let you know how that works
> out.
>
>
> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> If I remember correctly, we've been fixing this problem in master
>> (3.4-SNAPSHOT). It should be solved in that branch.
>>
>> (If not, please drop a jira issue with details how to reproduce, and
>> we'll certainly fix that.)
>>
>> Best regards,
>>
>> Pavol
>>
>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> I'm trying to recompute all members that are assigned a particuar role. I
>> tried using the "Recompute All" ( <http://i.imgur.com/xLXjLwd.png>
>> http://i.imgur.com/xLXjLwd.png) button in the "Members" section of a
>> role. This launches a task that is successful however, it it does not
>> process any objects.
>>
>> If I manually select the members I want and select "Recompute members"
>> everything works just fine. Any ideas?
>>
>> Thanks,
>> -F
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/1d754730/attachment.htm>

From mederly at evolveum.com  Thu Jun  2 23:03:40 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 2 Jun 2016 23:03:40 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
Message-ID: <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>

Hello Florin,

recently we changed the db schema a bit (because of MID-3061 
<https://jira.evolveum.com/browse/MID-3061>).

So, please apply the corresponding migration script 
(config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql). 
Which one - it depends on how old your existing master is. This 
particular problem is related to the latest one (numbered 6).

An alternative is to set hbm2ddl parameter like this (in config.xml file 
in midpoint.home directory):

<configuration>
     <midpoint>
           <repository>
             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
...

(but this is recommended only for testing purposes, because some - but 
only very rare - changes are not correctly applied by hibernate itself)

Best regards,

Pavol


On 02.06.2016 22:56, Florin. Stingaciu wrote:
> Hello again,
>
> I'm having some troubles when rebuilding the master. Here's the 
> corresponding stack trace: http://pastebin.com/TVUAKURb
>
> Also, I'm using SSO under apache with the following 
> ctx-web-security.xml file: http://pastebin.com/rvs9cJDj
>
> Any ideas would be greatly appreciated.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu 
> <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>
>     Thanks Pavel! I'll upgrade to the latest and let you know how that
>     works out.
>
>
>     On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
>         Hello Florin,
>
>         If I remember correctly, we've been fixing this problem in
>         master (3.4-SNAPSHOT). It should be solved in that branch.
>
>         (If not, please drop a jira issue with details how to
>         reproduce, and we'll certainly fix that.)
>
>         Best regards,
>
>         Pavol
>
>
>         On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>         Hello,
>>
>>         I'm trying to recompute all members that are assigned a
>>         particuar role. I tried using the "Recompute All"
>>         (http://i.imgur.com/xLXjLwd.png) button in the "Members"
>>         section of a role. This launches a task that is successful
>>         however, it it does not process any objects.
>>
>>         If I manually select the members I want and select "Recompute
>>         members" everything works just fine. Any ideas?
>>
>>         Thanks,
>>         -F
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>         _______________________________________________
>         midPoint mailing list
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/143e546b/attachment.htm>

From fstingaciu at mirantis.com  Fri Jun  3 00:27:01 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 2 Jun 2016 15:27:01 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
Message-ID: <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>

Hello again,

I managed to get around this issue by actually applying the
mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, however
now I'm running into a strange issue where I can not remove inducements
from a role.

For example: http://imgur.com/a/lWoKT

The inducements stay there no matter how much I try to remove them. Is this
a known issue in the current master?

Thanks,
-F



On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> recently we changed the db schema a bit (because of MID-3061
> <https://jira.evolveum.com/browse/MID-3061>).
>
> So, please apply the corresponding migration script
> (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
> Which one - it depends on how old your existing master is. This particular
> problem is related to the latest one (numbered 6).
>
> An alternative is to set hbm2ddl parameter like this (in config.xml file
> in midpoint.home directory):
>
> <configuration>
>     <midpoint>
>           <repository>
>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
> ...
>
> (but this is recommended only for testing purposes, because some - but
> only very rare - changes are not correctly applied by hibernate itself)
>
> Best regards,
>
> Pavol
>
> On 02.06.2016 22:56, Florin. Stingaciu wrote:
>
> Hello again,
>
> I'm having some troubles when rebuilding the master. Here's the
> corresponding stack trace: http://pastebin.com/TVUAKURb
>
> Also, I'm using SSO under apache with the following ctx-web-security.xml
> file: http://pastebin.com/rvs9cJDj
>
> Any ideas would be greatly appreciated.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <
> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>
>> Thanks Pavel! I'll upgrade to the latest and let you know how that works
>> out.
>>
>>
>> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Florin,
>>>
>>> If I remember correctly, we've been fixing this problem in master
>>> (3.4-SNAPSHOT). It should be solved in that branch.
>>>
>>> (If not, please drop a jira issue with details how to reproduce, and
>>> we'll certainly fix that.)
>>>
>>> Best regards,
>>>
>>> Pavol
>>>
>>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>
>>> Hello,
>>>
>>> I'm trying to recompute all members that are assigned a particuar role.
>>> I tried using the "Recompute All" ( <http://i.imgur.com/xLXjLwd.png>
>>> http://i.imgur.com/xLXjLwd.png) button in the "Members" section of a
>>> role. This launches a task that is successful however, it it does not
>>> process any objects.
>>>
>>> If I manually select the members I want and select "Recompute members"
>>> everything works just fine. Any ideas?
>>>
>>> Thanks,
>>> -F
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/18ac2d44/attachment.htm>

From mederly at evolveum.com  Fri Jun  3 00:37:45 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Fri, 3 Jun 2016 00:37:45 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
Message-ID: <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>

I think it is similar to this one: 
https://jira.evolveum.com/browse/MID-3074.

And I can see this wrong behavior also in my case. This is unpleasant.

We'll fix it soon, hopefully tomorrow. (Now it's after midnight here... )

Best regards,

Pavol


On 03.06.2016 0:27, Florin. Stingaciu wrote:
> Hello again,
>
> I managed to get around this issue by actually applying the 
> mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, 
> however now I'm running into a strange issue where I can not remove 
> inducements from a role.
>
> For example: http://imgur.com/a/lWoKT
>
> The inducements stay there no matter how much I try to remove them. Is 
> this a known issue in the current master?
>
> Thanks,
> -F
>
>
>
> On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     recently we changed the db schema a bit (because of MID-3061
>     <https://jira.evolveum.com/browse/MID-3061>).
>
>     So, please apply the corresponding migration script
>     (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>     Which one - it depends on how old your existing master is. This
>     particular problem is related to the latest one (numbered 6).
>
>     An alternative is to set hbm2ddl parameter like this (in
>     config.xml file in midpoint.home directory):
>
>     <configuration>
>         <midpoint>
>               <repository>
>                 <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>     ...
>
>     (but this is recommended only for testing purposes, because some -
>     but only very rare - changes are not correctly applied by
>     hibernate itself)
>
>     Best regards,
>
>     Pavol
>
>
>     On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>     Hello again,
>>
>>     I'm having some troubles when rebuilding the master. Here's the
>>     corresponding stack trace: http://pastebin.com/TVUAKURb
>>
>>     Also, I'm using SSO under apache with the following
>>     ctx-web-security.xml file: http://pastebin.com/rvs9cJDj
>>
>>     Any ideas would be greatly appreciated.
>>
>>     Thanks,
>>     -F
>>
>>     On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu
>>     <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>>
>>         Thanks Pavel! I'll upgrade to the latest and let you know how
>>         that works out.
>>
>>
>>         On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>             Hello Florin,
>>
>>             If I remember correctly, we've been fixing this problem
>>             in master (3.4-SNAPSHOT). It should be solved in that branch.
>>
>>             (If not, please drop a jira issue with details how to
>>             reproduce, and we'll certainly fix that.)
>>
>>             Best regards,
>>
>>             Pavol
>>
>>
>>             On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>             Hello,
>>>
>>>             I'm trying to recompute all members that are assigned a
>>>             particuar role. I tried using the "Recompute All"
>>>             (http://i.imgur.com/xLXjLwd.png) button in the "Members"
>>>             section of a role. This launches a task that is
>>>             successful however, it it does not process any objects.
>>>
>>>             If I manually select the members I want and select
>>>             "Recompute members" everything works just fine. Any ideas?
>>>
>>>             Thanks,
>>>             -F
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>             _______________________________________________
>>             midPoint mailing list
>>             midPoint at lists.evolveum.com
>>             <mailto:midPoint at lists.evolveum.com>
>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/6649d29f/attachment.htm>

From fstingaciu at mirantis.com  Fri Jun  3 00:40:51 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 2 Jun 2016 15:40:51 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
Message-ID: <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>

Yup, I checked and you can not add an inducement either. Also I believe
some of the associations listed under the profile are wrong. I will write
up a new email for that as well.

Meanwhile I reverted back to the original version. I will keep an eye out
on the ticket.

Have a good night! Thanks for your prompt responses.

Thanks,
-F

On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> I think it is similar to this one:
> <https://jira.evolveum.com/browse/MID-3074>
> https://jira.evolveum.com/browse/MID-3074.
>
> And I can see this wrong behavior also in my case. This is unpleasant.
>
> We'll fix it soon, hopefully tomorrow. (Now it's after midnight here... )
>
> Best regards,
>
> Pavol
>
> On 03.06.2016 0:27, Florin. Stingaciu wrote:
>
> Hello again,
>
> I managed to get around this issue by actually applying the
> mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, however
> now I'm running into a strange issue where I can not remove inducements
> from a role.
>
> For example: http://imgur.com/a/lWoKT
>
> The inducements stay there no matter how much I try to remove them. Is
> this a known issue in the current master?
>
> Thanks,
> -F
>
>
>
> On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> recently we changed the db schema a bit (because of MID-3061
>> <https://jira.evolveum.com/browse/MID-3061>).
>>
>> So, please apply the corresponding migration script
>> (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>> Which one - it depends on how old your existing master is. This particular
>> problem is related to the latest one (numbered 6).
>>
>> An alternative is to set hbm2ddl parameter like this (in config.xml file
>> in midpoint.home directory):
>>
>> <configuration>
>>     <midpoint>
>>           <repository>
>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>> ...
>>
>> (but this is recommended only for testing purposes, because some - but
>> only very rare - changes are not correctly applied by hibernate itself)
>>
>> Best regards,
>>
>> Pavol
>>
>> On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>
>> Hello again,
>>
>> I'm having some troubles when rebuilding the master. Here's the
>> corresponding stack trace:  <http://pastebin.com/TVUAKURb>
>> http://pastebin.com/TVUAKURb
>>
>> Also, I'm using SSO under apache with the following ctx-web-security.xml
>> file:  <http://pastebin.com/rvs9cJDj>http://pastebin.com/rvs9cJDj
>>
>> Any ideas would be greatly appreciated.
>>
>> Thanks,
>> -F
>>
>> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <
>> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>>
>>> Thanks Pavel! I'll upgrade to the latest and let you know how that works
>>> out.
>>>
>>>
>>> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly < <mederly at evolveum.com>
>>> mederly at evolveum.com> wrote:
>>>
>>>> Hello Florin,
>>>>
>>>> If I remember correctly, we've been fixing this problem in master
>>>> (3.4-SNAPSHOT). It should be solved in that branch.
>>>>
>>>> (If not, please drop a jira issue with details how to reproduce, and
>>>> we'll certainly fix that.)
>>>>
>>>> Best regards,
>>>>
>>>> Pavol
>>>>
>>>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>
>>>> Hello,
>>>>
>>>> I'm trying to recompute all members that are assigned a particuar role.
>>>> I tried using the "Recompute All" ( <http://i.imgur.com/xLXjLwd.png>
>>>> http://i.imgur.com/xLXjLwd.png) button in the "Members" section of a
>>>> role. This launches a task that is successful however, it it does not
>>>> process any objects.
>>>>
>>>> If I manually select the members I want and select "Recompute members"
>>>> everything works just fine. Any ideas?
>>>>
>>>> Thanks,
>>>> -F
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160602/c553d0bc/attachment.htm>

From mrveceylan at gmail.com  Fri Jun  3 09:09:22 2016
From: mrveceylan at gmail.com (mceylan)
Date: Fri, 3 Jun 2016 10:09:22 +0300
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
 <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
Message-ID: <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>

Hi,
I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
login page error

stack tree

2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
(com.evolveum.midpoint.web.page.error.PageError): Creating error page for
code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
page using constructor 'public
com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
been thrown during construction!: {}
org.apache.wicket.WicketRuntimeException: Can't instantiate page using
constructor 'public
com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
been thrown during construction!
        at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
~[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
~[wicket-request-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
[wicket-core-6.20.0.jar:6.20.0]
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
[catalina.jar:8.0.33]
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
[catalina.jar:8.0.33]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]




2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:

> He was mentioning that to me thinking it was me having the issues,
>
> Merve, what are you using to pass your HEADER auth? Or are you using CAS?
>
> JASON
>
> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>
>> Hi Roman,
>>
>> why uncomment  line with "PRE_AUTH_FILTER"?
>>
>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>> setup Basically what needs to be done is to uncomment the following
>> line:
>>
>> <custom-filter position="PRE_AUTH_FILTER" ref=
>> "requestHeaderAuthenticationFilter" />
>>
>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>
>>> Hah! Wait, I am not the one with issue, it is the other on the thread,
>>> Merve
>>>
>>> JASON
>>>
>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>> roman.pudil at ami.cz> wrote:
>>>
>>>> Hi Jason,
>>>>
>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>
>>>>
>>>> Regards
>>>>
>>>>
>>>> Roman Pudil
>>>> solution architect
>>>>
>>>> gsm: [+420] 775 663 666
>>>> e-mail: roman.pudil at ami.cz
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel./fax: [+420] 274 783 239
>>>> web: www.ami.cz
>>>>
>>>>
>>>>
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>> společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>>
>>>>
>>>> ------ Původní zpráva ------
>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>>>> General Discussion" <midpoint at lists.evolveum.com>
>>>> Odesláno: 2.6.2016 15:51:17
>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>
>>>>
>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
>>>> issues, it was pretty easy to setup. I am looking over my files to see if I
>>>> did anything outside of that document or what was commented in
>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>
>>>> You can check ours here,
>>>> http://pastebin.com/mHW8hvP4
>>>>
>>>>
>>>> JASON
>>>>
>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>> roman.pudil at ami.cz> wrote:
>>>>
>>>>> Hi Jason,
>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>
>>>>> Here is URL with configuration:
>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> Roman Pudil
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 775 663 666
>>>>> e-mail: roman.pudil at ami.cz
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel./fax: [+420] 274 783 239
>>>>> web: http://www.ami.cz/
>>>>>
>>>>>
>>>>>
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>> společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>>
>>>>>
>>>>> ------ Původní zpráva ------
>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>> Odesláno: 2.6.2016 15:34:33
>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>
>>>>>
>>>>> What SSO method are you using or what SSO agent/client?
>>>>>
>>>>> JASON
>>>>>
>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>>
>>>>>> hi,
>>>>>>
>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>
>>>>>> When I try to get to https://midpoint/ I get 500 and I can see stack
>>>>>> trace in log (below).
>>>>>>
>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>> attachments.
>>>>>>
>>>>>>
>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Could you help me ?
>>>>>> Thank you very much
>>>>>>
>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>
>>>>>> Merve
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Merve CEYLAN
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/f5c3966b/attachment.htm>

From mrveceylan at gmail.com  Fri Jun  3 15:40:18 2016
From: mrveceylan at gmail.com (mceylan)
Date: Fri, 3 Jun 2016 16:40:18 +0300
Subject: [midPoint] Midpoind connect mysql DB
Message-ID: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>

Hi,

Midpoint connection mysql dbtable. I using file
locolhost-dbtable--advanced-sync.xml
Midpoint connection succesfull mysql db.

Midpoint users add resource localhost DBTable

stack tree


Couldn't add object. Schema violation: Schema violation during processing
shadow: shadow: null (OID:null): DB syntax error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column
'__ENABLE__' in 'field list')


   -

-- 

can you help me?
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/e30a17dd/attachment.htm>

From jeverling at bshp.edu  Fri Jun  3 16:03:58 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Fri, 3 Jun 2016 09:03:58 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
 <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
 <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>
Message-ID: <CAFkZXY4LhvTDXcjFrrtUgX34ve_XYqK3-OGvzEWihLQRavt3Ug@mail.gmail.com>

No, you need to comment out that block for CAS auth, that is only used if
you are using another method that passes the auth through the header, look
at mine below, that is correctly done for CAS, well at least for v 3.2

http://pastebin.com/mHW8hvP4

JASON

On Fri, Jun 3, 2016 at 2:09 AM, mceylan <mrveceylan at gmail.com> wrote:

> Hi,
> I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
> login page error
>
> stack tree
>
> 2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
> (com.evolveum.midpoint.web.page.error.PageError): Creating error page for
> code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
> page using constructor 'public
> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
> been thrown during construction!: {}
> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
> constructor 'public
> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
> been thrown during construction!
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
> ~[wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> ~[wicket-request-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> [wicket-core-6.20.0.jar:6.20.0]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>
>
>
>
> 2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>
>> He was mentioning that to me thinking it was me having the issues,
>>
>> Merve, what are you using to pass your HEADER auth? Or are you using CAS?
>>
>> JASON
>>
>> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>>
>>> Hi Roman,
>>>
>>> why uncomment  line with "PRE_AUTH_FILTER"?
>>>
>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>>> setup Basically what needs to be done is to uncomment the following
>>> line:
>>>
>>> <custom-filter position="PRE_AUTH_FILTER" ref=
>>> "requestHeaderAuthenticationFilter" />
>>>
>>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>
>>>> Hah! Wait, I am not the one with issue, it is the other on the thread,
>>>> Merve
>>>>
>>>> JASON
>>>>
>>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>>> roman.pudil at ami.cz> wrote:
>>>>
>>>>> Hi Jason,
>>>>>
>>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> Roman Pudil
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 775 663 666
>>>>> e-mail: roman.pudil at ami.cz
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel./fax: [+420] 274 783 239
>>>>> web: www.ami.cz
>>>>>
>>>>>
>>>>>
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>> společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>>
>>>>>
>>>>> ------ Původní zpráva ------
>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>>>>> General Discussion" <midpoint at lists.evolveum.com>
>>>>> Odesláno: 2.6.2016 15:51:17
>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>
>>>>>
>>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had any
>>>>> issues, it was pretty easy to setup. I am looking over my files to see if I
>>>>> did anything outside of that document or what was commented in
>>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>>
>>>>> You can check ours here,
>>>>> http://pastebin.com/mHW8hvP4
>>>>>
>>>>>
>>>>> JASON
>>>>>
>>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>>> roman.pudil at ami.cz> wrote:
>>>>>
>>>>>> Hi Jason,
>>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>>
>>>>>> Here is URL with configuration:
>>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> Roman Pudil
>>>>>> solution architect
>>>>>>
>>>>>> gsm: [+420] 775 663 666
>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>
>>>>>>
>>>>>> AMI Praha a.s.
>>>>>> Pláničkova 11
>>>>>> 162 00 Praha 6
>>>>>> tel./fax: [+420] 274 783 239
>>>>>> web: http://www.ami.cz/
>>>>>>
>>>>>>
>>>>>>
>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>
>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>>> společnost AMI Praha a.s.
>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>> výhradně písemnou formu.
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------ Původní zpráva ------
>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>> Odesláno: 2.6.2016 15:34:33
>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>
>>>>>>
>>>>>> What SSO method are you using or what SSO agent/client?
>>>>>>
>>>>>> JASON
>>>>>>
>>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>>>
>>>>>>> hi,
>>>>>>>
>>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>>
>>>>>>> When I try to get to https://midpoint/ I get 500 and I can see
>>>>>>> stack trace in log (below).
>>>>>>>
>>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>>> attachments.
>>>>>>>
>>>>>>>
>>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Could you help me ?
>>>>>>> Thank you very much
>>>>>>>
>>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>>
>>>>>>> Merve
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> CONFIDENTIALITY NOTICE:
>>>>>> This e-mail together with any attachments is proprietary and
>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>> computer.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>> Merve CEYLAN
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/da23981a/attachment.htm>

From ivan.noris at evolveum.com  Fri Jun  3 16:58:12 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Fri, 3 Jun 2016 16:58:12 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
Message-ID: <57519B04.9010107@evolveum.com>

Hi Merve,

which SQL creation script have you used to create the MySQL table?
Ivan

On 06/03/2016 03:40 PM, mceylan wrote:
> Hi,
>
> Midpoint connection mysql dbtable. I using file
> locolhost-dbtable--advanced-sync.xml
> Midpoint connection succesfull mysql db.
>
> Midpoint users add resource localhost DBTable  
>
> stack tree 
>
>
> Couldn't add object. Schema violation: Schema violation during
> processing shadow: shadow: null (OID:null): DB syntax error:
> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
> column '__ENABLE__' in 'field list')
>
>  *
>
>
> -- 
>
> can you help me?
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160603/68177817/attachment.htm>

From mrveceylan at gmail.com  Sat Jun  4 21:03:39 2016
From: mrveceylan at gmail.com (mrveceylan at gmail.com)
Date: Sat, 4 Jun 2016 22:03:39 +0300
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <57519B04.9010107@evolveum.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
Message-ID: <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>

I dont now. I want to midpoint connection redmine

iPhone'umdan gönderildi

3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris <ivan.noris at evolveum.com> şunları yazdı:

> Hi Merve,
> 
> which SQL creation script have you used to create the MySQL table?
> Ivan
> 
>> On 06/03/2016 03:40 PM, mceylan wrote:
>> Hi,
>> 
>> Midpoint connection mysql dbtable. I using file locolhost-dbtable--advanced-sync.xml
>> Midpoint connection succesfull mysql db.
>> 
>> Midpoint users add resource localhost DBTable  
>> 
>> stack tree 
>> 
>> 
>> Couldn't add object. Schema violation: Schema violation during processing shadow: shadow: null (OID:null): DB syntax error: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column '__ENABLE__' in 'field list')               
>> 
>> -- 
>> 
>> can you help me?
>> Merve CEYLAN
>> 
>> 
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160604/66a75b98/attachment.htm>

From ivan.noris at evolveum.com  Mon Jun  6 09:24:22 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Mon, 6 Jun 2016 09:24:22 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
Message-ID: <57552526.7020808@evolveum.com>

Hi Merve,

Ah, so you are trying to connect midPoint to existing application
(redmine) with the DBTable connector, right?
This could work, if:

1) the existing application is using only one table
2) if you have created technical user to connect using the connector (as
Test connection works for you, you have at least some permissions)
3) the localhost-dbtable-advanced-sync.xml is a sample for the database
table with fixed columns as created in the *.sql file(s) in the
samples/resources/databasetable directory. So you need to modify your
schema handling to use correct attributes for your application database
table, not for our samples.

Specifically it seems that your database has no "enable/disable" status
attribute. In our sample, we have two configuration elements for
enable/disable:

1) capabilities: defines which database table attribute is used for
enable/disable. In our samples it's attribute/column named "disabled".
If your database table has different column for this, it must be defined
here or removed the section if your db does not support it.
                <capabilities
xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
                        <configured>
                                <cap:activation>
                                        <cap:status>
                                               
<cap:attribute>*ri:disabled*</cap:attribute>
                                               
<cap:enableValue></cap:enableValue>
                                               
<cap:enableValue>false</cap:enableValue>
                                               
<cap:disableValue>true</cap:disableValue>
                                        </cap:status>
                                </cap:activation>
                        </configured>
                </capabilities>

2) activation/administrativeStatus mapping: defines how enable/disable
in midPoint goes to the databasetable (outbound) or vice versa
(inbound). If your db table does not support this, remove/comment this
mapping:

                                <activation>
                                        <administrativeStatus>
                                                <outbound/>
                                                <inbound>
                                                       
<strength>weak</strength>
                                                </inbound>
                                        </administrativeStatus>
                                </activation>
   
Best regards,
Ivan

On 06/04/2016 09:03 PM, mrveceylan at gmail.com wrote:
> I dont now. I want to midpoint connection redmine
>
> iPhone'umdan gönderildi
>
> 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris
> <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> şunları yazdı:
>
>> Hi Merve,
>>
>> which SQL creation script have you used to create the MySQL table?
>> Ivan
>>
>> On 06/03/2016 03:40 PM, mceylan wrote:
>>> Hi,
>>>
>>> Midpoint connection mysql dbtable. I using file
>>> locolhost-dbtable--advanced-sync.xml
>>> Midpoint connection succesfull mysql db.
>>>
>>> Midpoint users add resource localhost DBTable  
>>>
>>> stack tree 
>>>
>>>
>>> Couldn't add object. Schema violation: Schema violation during
>>> processing shadow: shadow: null (OID:null): DB syntax error:
>>> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
>>> column '__ENABLE__' in 'field list')
>>>
>>>  *
>>>
>>>
>>> -- 
>>>
>>> can you help me?
>>> Merve CEYLAN
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/84da6abd/attachment.htm>

From mrveceylan at gmail.com  Mon Jun  6 09:48:36 2016
From: mrveceylan at gmail.com (mceylan)
Date: Mon, 6 Jun 2016 10:48:36 +0300
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <57552526.7020808@evolveum.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
Message-ID: <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>

Thanks Ivan. I connect midpoint mysql db. add users mysql db but i add user
not creating redmine.

Can you help me?

2016-06-06 10:24 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:

> Hi Merve,
>
> Ah, so you are trying to connect midPoint to existing application
> (redmine) with the DBTable connector, right?
> This could work, if:
>
> 1) the existing application is using only one table
> 2) if you have created technical user to connect using the connector (as
> Test connection works for you, you have at least some permissions)
> 3) the localhost-dbtable-advanced-sync.xml is a sample for the database
> table with fixed columns as created in the *.sql file(s) in the
> samples/resources/databasetable directory. So you need to modify your
> schema handling to use correct attributes for your application database
> table, not for our samples.
>
> Specifically it seems that your database has no "enable/disable" status
> attribute. In our sample, we have two configuration elements for
> enable/disable:
>
> 1) capabilities: defines which database table attribute is used for
> enable/disable. In our samples it's attribute/column named "disabled". If
> your database table has different column for this, it must be defined here
> or removed the section if your db does not support it.
>                 <capabilities xmlns:cap=
> "http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>                         <configured>
>                                 <cap:activation>
>                                         <cap:status>
>                                                 <cap:attribute>
> *ri:disabled*</cap:attribute>
>
> <cap:enableValue></cap:enableValue>
>
> <cap:enableValue>false</cap:enableValue>
>
> <cap:disableValue>true</cap:disableValue>
>                                         </cap:status>
>                                 </cap:activation>
>                         </configured>
>                 </capabilities>
>
> 2) activation/administrativeStatus mapping: defines how enable/disable in
> midPoint goes to the databasetable (outbound) or vice versa (inbound). If
> your db table does not support this, remove/comment this mapping:
>
>                                 <activation>
>                                         <administrativeStatus>
>                                                 <outbound/>
>                                                 <inbound>
>
> <strength>weak</strength>
>                                                 </inbound>
>                                         </administrativeStatus>
>                                 </activation>
>
> Best regards,
> Ivan
>
>
> On 06/04/2016 09:03 PM, mrveceylan at gmail.com wrote:
>
> I dont now. I want to midpoint connection redmine
>
> iPhone'umdan gönderildi
>
> 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris <
> <ivan.noris at evolveum.com>ivan.noris at evolveum.com> şunları yazdı:
>
> Hi Merve,
>
> which SQL creation script have you used to create the MySQL table?
> Ivan
>
> On 06/03/2016 03:40 PM, mceylan wrote:
>
> Hi,
>
> Midpoint connection mysql dbtable. I using file
> locolhost-dbtable--advanced-sync.xml
> Midpoint connection succesfull mysql db.
>
> Midpoint users add resource localhost DBTable
>
> stack tree
>
>
> Couldn't add object. Schema violation: Schema violation during processing
> shadow: shadow: null (OID:null): DB syntax error:
> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column
> '__ENABLE__' in 'field list')
>
>
>    -
>
> --
>
> can you help me?
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/b90682e1/attachment.htm>

From ivan.noris at evolveum.com  Mon Jun  6 10:04:44 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Mon, 6 Jun 2016 10:04:44 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
Message-ID: <57552E9C.8040703@evolveum.com>

Please paste error exception from idm.log.

Ivan

On 06/06/2016 09:48 AM, mceylan wrote:
> Thanks Ivan. I connect midpoint mysql db. add users mysql db but i add
> user not creating redmine. 
>
> Can you help me?
>
> 2016-06-06 10:24 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
>     Hi Merve,
>
>     Ah, so you are trying to connect midPoint to existing application
>     (redmine) with the DBTable connector, right?
>     This could work, if:
>
>     1) the existing application is using only one table
>     2) if you have created technical user to connect using the
>     connector (as Test connection works for you, you have at least
>     some permissions)
>     3) the localhost-dbtable-advanced-sync.xml is a sample for the
>     database table with fixed columns as created in the *.sql file(s)
>     in the samples/resources/databasetable directory. So you need to
>     modify your schema handling to use correct attributes for your
>     application database table, not for our samples.
>
>     Specifically it seems that your database has no "enable/disable"
>     status attribute. In our sample, we have two configuration
>     elements for enable/disable:
>
>     1) capabilities: defines which database table attribute is used
>     for enable/disable. In our samples it's attribute/column named
>     "disabled". If your database table has different column for this,
>     it must be defined here or removed the section if your db does not
>     support it.
>                     <capabilities
>     xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>     <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>                             <configured>
>                                     <cap:activation>
>                                             <cap:status>
>                                                    
>     <cap:attribute>*ri:disabled*</cap:attribute>
>                                                    
>     <cap:enableValue></cap:enableValue>
>                                                    
>     <cap:enableValue>false</cap:enableValue>
>                                                    
>     <cap:disableValue>true</cap:disableValue>
>                                             </cap:status>
>                                     </cap:activation>
>                             </configured>
>                     </capabilities>
>
>     2) activation/administrativeStatus mapping: defines how
>     enable/disable in midPoint goes to the databasetable (outbound) or
>     vice versa (inbound). If your db table does not support this,
>     remove/comment this mapping:
>
>                                     <activation>
>                                             <administrativeStatus>
>                                                     <outbound/>
>                                                     <inbound>
>                                                            
>     <strength>weak</strength>
>                                                     </inbound>
>                                             </administrativeStatus>
>                                     </activation>
>        
>     Best regards,
>     Ivan
>
>
>     On 06/04/2016 09:03 PM, mrveceylan at gmail.com
>     <mailto:mrveceylan at gmail.com> wrote:
>>     I dont now. I want to midpoint connection redmine
>>
>>     iPhone'umdan gönderildi
>>
>>     3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris
>>     <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>
>>     şunları yazdı:
>>
>>>     Hi Merve,
>>>
>>>     which SQL creation script have you used to create the MySQL table?
>>>     Ivan
>>>
>>>     On 06/03/2016 03:40 PM, mceylan wrote:
>>>>     Hi,
>>>>
>>>>     Midpoint connection mysql dbtable. I using file
>>>>     locolhost-dbtable--advanced-sync.xml
>>>>     Midpoint connection succesfull mysql db.
>>>>
>>>>     Midpoint users add resource localhost DBTable  
>>>>
>>>>     stack tree 
>>>>
>>>>
>>>>     Couldn't add object. Schema violation: Schema violation during
>>>>     processing shadow: shadow: null (OID:null): DB syntax error:
>>>>     com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
>>>>     column '__ENABLE__' in 'field list')
>>>>
>>>>      *
>>>>
>>>>
>>>>     -- 
>>>>
>>>>     can you help me?
>>>>     Merve CEYLAN
>>>>
>>>>
>>>>     _______________________________________________
>>>>     midPoint mailing list
>>>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>     -- 
>>>       Ing. Ivan Noris
>>>       Senior Identity Management Engineer & IDM Architect
>>>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>       ___________________________________________________
>>>       "Semper ID(e)M Vix."
>>>     _______________________________________________
>>>     midPoint mailing list
>>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/1dbc39b7/attachment.htm>

From mrveceylan at gmail.com  Mon Jun  6 10:09:42 2016
From: mrveceylan at gmail.com (mceylan)
Date: Mon, 6 Jun 2016 11:09:42 +0300
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <57552E9C.8040703@evolveum.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
Message-ID: <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>

Hi ivan,  no problem users add resources localhost db table. I  have a
problem mysql db in users creating redmine users list


idm. log


2016-06-06 10:50:07,763 [REPOSITORY] [midPointScheduler_Worker-7] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:08,002 [REPOSITORY] [midPointScheduler_Worker-7] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:08,228 [REPOSITORY] [midPointScheduler_Worker-6] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:08,453 [REPOSITORY] [midPointScheduler_Worker-7] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:08,666 [REPOSITORY] [midPointScheduler_Worker-6] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:08,891 [REPOSITORY] [midPointScheduler_Worker-7] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:09,080 [REPOSITORY] [midPointScheduler_Worker-7] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:09,081 [REPOSITORY] [midPointScheduler_Worker-6] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 10:50:09,379 [REPOSITORY] [midPointScheduler_Worker-6] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:07,767 [REPOSITORY] [midPointScheduler_Worker-10] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:07,982 [REPOSITORY] [midPointScheduler_Worker-1] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:08,205 [REPOSITORY] [midPointScheduler_Worker-10] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:08,445 [REPOSITORY] [midPointScheduler_Worker-1] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:08,657 [REPOSITORY] [midPointScheduler_Worker-10] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:08,869 [REPOSITORY] [midPointScheduler_Worker-1] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:05:09,090 [REPOSITORY] [midPointScheduler_Worker-10] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
(com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
Can't do reconciliation. Account context doesn't contain current version of
account.
2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread] INFO
(org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
release of batch it still contained JDBC statements
~



2016-06-06 11:04 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:

> Please paste error exception from idm.log.
>
> Ivan
>
>
> On 06/06/2016 09:48 AM, mceylan wrote:
>
> Thanks Ivan. I connect midpoint mysql db. add users mysql db but i add
> user not creating redmine.
>
> Can you help me?
>
> 2016-06-06 10:24 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:
>
>> Hi Merve,
>>
>> Ah, so you are trying to connect midPoint to existing application
>> (redmine) with the DBTable connector, right?
>> This could work, if:
>>
>> 1) the existing application is using only one table
>> 2) if you have created technical user to connect using the connector (as
>> Test connection works for you, you have at least some permissions)
>> 3) the localhost-dbtable-advanced-sync.xml is a sample for the database
>> table with fixed columns as created in the *.sql file(s) in the
>> samples/resources/databasetable directory. So you need to modify your
>> schema handling to use correct attributes for your application database
>> table, not for our samples.
>>
>> Specifically it seems that your database has no "enable/disable" status
>> attribute. In our sample, we have two configuration elements for
>> enable/disable:
>>
>> 1) capabilities: defines which database table attribute is used for
>> enable/disable. In our samples it's attribute/column named "disabled". If
>> your database table has different column for this, it must be defined here
>> or removed the section if your db does not support it.
>>                 <capabilities xmlns:cap=
>> "http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>                         <configured>
>>                                 <cap:activation>
>>                                         <cap:status>
>>                                                 <cap:attribute>
>> *ri:disabled*</cap:attribute>
>>
>> <cap:enableValue></cap:enableValue>
>>
>> <cap:enableValue>false</cap:enableValue>
>>
>> <cap:disableValue>true</cap:disableValue>
>>                                         </cap:status>
>>                                 </cap:activation>
>>                         </configured>
>>                 </capabilities>
>>
>> 2) activation/administrativeStatus mapping: defines how enable/disable in
>> midPoint goes to the databasetable (outbound) or vice versa (inbound). If
>> your db table does not support this, remove/comment this mapping:
>>
>>                                 <activation>
>>                                         <administrativeStatus>
>>                                                 <outbound/>
>>                                                 <inbound>
>>
>> <strength>weak</strength>
>>                                                 </inbound>
>>                                         </administrativeStatus>
>>                                 </activation>
>>
>> Best regards,
>> Ivan
>>
>>
>> On 06/04/2016 09:03 PM, <mrveceylan at gmail.com>mrveceylan at gmail.com wrote:
>>
>> I dont now. I want to midpoint connection redmine
>>
>> iPhone'umdan gönderildi
>>
>> 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris <ivan.noris at evolveum.com>
>> şunları yazdı:
>>
>> Hi Merve,
>>
>> which SQL creation script have you used to create the MySQL table?
>> Ivan
>>
>> On 06/03/2016 03:40 PM, mceylan wrote:
>>
>> Hi,
>>
>> Midpoint connection mysql dbtable. I using file
>> locolhost-dbtable--advanced-sync.xml
>> Midpoint connection succesfull mysql db.
>>
>> Midpoint users add resource localhost DBTable
>>
>> stack tree
>>
>>
>> Couldn't add object. Schema violation: Schema violation during processing
>> shadow: shadow: null (OID:null): DB syntax error:
>> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column
>> '__ENABLE__' in 'field list')
>>
>>
>>    -
>>
>> --
>>
>> can you help me?
>> Merve CEYLAN
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/6f1cd5ea/attachment.htm>

From ivan.noris at evolveum.com  Mon Jun  6 10:46:42 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Mon, 6 Jun 2016 10:46:42 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
 <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
Message-ID: <57553872.3080607@evolveum.com>

Hi Merve,

I would like to understand what are you trying to achieve, what were
your steps on redmine side and how you configured midPoint DBTable
resource. The idm.log you sent unfortunately does not contain anything
regarding DBTable connector/provisioning...

I don't know/use redmine, so I need to understand the environment.

Regards,
Ivan

On 06/06/2016 10:09 AM, mceylan wrote:
>
> Hi ivan,  no problem users add resources localhost db table. I  have a
> problem mysql db in users creating redmine users list
>
>
> idm. log
>
>
> 2016-06-06 10:50:07,763 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,002 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,228 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,453 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,666 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,891 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,080 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,081 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,379 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:07,767 [REPOSITORY] [midPointScheduler_Worker-10]
> INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:07,982 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,205 [REPOSITORY] [midPointScheduler_Worker-10]
> INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,445 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,657 [REPOSITORY] [midPointScheduler_Worker-10]
> INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,869 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:05:09,090 [REPOSITORY] [midPointScheduler_Worker-10]
> INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> 2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
> (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
> Can't do reconciliation. Account context doesn't contain current
> version of account.
> 2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
> HHH000010: On release of batch it still contained JDBC statements
> ~                                                                    
>                                                                      
>                                                       
>
> 2016-06-06 11:04 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
>     Please paste error exception from idm.log.
>
>     Ivan
>
>
>     On 06/06/2016 09:48 AM, mceylan wrote:
>>     Thanks Ivan. I connect midpoint mysql db. add users mysql db but
>>     i add user not creating redmine. 
>>
>>     Can you help me?
>>
>>     2016-06-06 10:24 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
>>     <mailto:ivan.noris at evolveum.com>>:
>>
>>         Hi Merve,
>>
>>         Ah, so you are trying to connect midPoint to existing
>>         application (redmine) with the DBTable connector, right?
>>         This could work, if:
>>
>>         1) the existing application is using only one table
>>         2) if you have created technical user to connect using the
>>         connector (as Test connection works for you, you have at
>>         least some permissions)
>>         3) the localhost-dbtable-advanced-sync.xml is a sample for
>>         the database table with fixed columns as created in the *.sql
>>         file(s) in the samples/resources/databasetable directory. So
>>         you need to modify your schema handling to use correct
>>         attributes for your application database table, not for our
>>         samples.
>>
>>         Specifically it seems that your database has no
>>         "enable/disable" status attribute. In our sample, we have two
>>         configuration elements for enable/disable:
>>
>>         1) capabilities: defines which database table attribute is
>>         used for enable/disable. In our samples it's attribute/column
>>         named "disabled". If your database table has different column
>>         for this, it must be defined here or removed the section if
>>         your db does not support it.
>>                         <capabilities
>>         xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>>         <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>                                 <configured>
>>                                         <cap:activation>
>>                                                 <cap:status>
>>                                                        
>>         <cap:attribute>*ri:disabled*</cap:attribute>
>>                                                        
>>         <cap:enableValue></cap:enableValue>
>>                                                        
>>         <cap:enableValue>false</cap:enableValue>
>>                                                        
>>         <cap:disableValue>true</cap:disableValue>
>>                                                 </cap:status>
>>                                         </cap:activation>
>>                                 </configured>
>>                         </capabilities>
>>
>>         2) activation/administrativeStatus mapping: defines how
>>         enable/disable in midPoint goes to the databasetable
>>         (outbound) or vice versa (inbound). If your db table does not
>>         support this, remove/comment this mapping:
>>
>>                                         <activation>
>>                                                 <administrativeStatus>
>>                                                         <outbound/>
>>                                                         <inbound>
>>                                                                
>>         <strength>weak</strength>
>>                                                         </inbound>
>>                                                 </administrativeStatus>
>>                                         </activation>
>>            
>>         Best regards,
>>         Ivan
>>
>>
>>         On 06/04/2016 09:03 PM, mrveceylan at gmail.com
>>         <mailto:mrveceylan at gmail.com> wrote:
>>>         I dont now. I want to midpoint connection redmine
>>>
>>>         iPhone'umdan gönderildi
>>>
>>>         3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris
>>>         <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>
>>>         şunları yazdı:
>>>
>>>>         Hi Merve,
>>>>
>>>>         which SQL creation script have you used to create the MySQL
>>>>         table?
>>>>         Ivan
>>>>
>>>>         On 06/03/2016 03:40 PM, mceylan wrote:
>>>>>         Hi,
>>>>>
>>>>>         Midpoint connection mysql dbtable. I using file
>>>>>         locolhost-dbtable--advanced-sync.xml
>>>>>         Midpoint connection succesfull mysql db.
>>>>>
>>>>>         Midpoint users add resource localhost DBTable  
>>>>>
>>>>>         stack tree 
>>>>>
>>>>>
>>>>>         Couldn't add object. Schema violation: Schema violation
>>>>>         during processing shadow: shadow: null (OID:null): DB
>>>>>         syntax error:
>>>>>         com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
>>>>>         column '__ENABLE__' in 'field list')
>>>>>
>>>>>          *
>>>>>
>>>>>
>>>>>         -- 
>>>>>
>>>>>         can you help me?
>>>>>         Merve CEYLAN
>>>>>
>>>>>
>>>>>         _______________________________________________
>>>>>         midPoint mailing list
>>>>>         midPoint at lists.evolveum.com
>>>>>         <mailto:midPoint at lists.evolveum.com>
>>>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>         -- 
>>>>           Ing. Ivan Noris
>>>>           Senior Identity Management Engineer & IDM Architect
>>>>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>>           ___________________________________________________
>>>>           "Semper ID(e)M Vix."
>>>>         _______________________________________________
>>>>         midPoint mailing list
>>>>         midPoint at lists.evolveum.com
>>>>         <mailto:midPoint at lists.evolveum.com>
>>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>         -- 
>>           Ing. Ivan Noris
>>           Senior Identity Management Engineer & IDM Architect
>>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>           ___________________________________________________
>>           "Semper ID(e)M Vix."
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     -- 
>>     Merve CEYLAN
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/7a212b23/attachment.htm>

From mrveceylan at gmail.com  Mon Jun  6 11:07:37 2016
From: mrveceylan at gmail.com (mceylan)
Date: Mon, 6 Jun 2016 12:07:37 +0300
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <57553872.3080607@evolveum.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
 <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
 <57553872.3080607@evolveum.com>
Message-ID: <CADu1p_gSpXdO8VDyMvyccrzKeLU2cznS1PY1x2Zaapr7uPAORg@mail.gmail.com>

Hi Ivan,

I use to connect to localhost db-table on a redmine. Midpoint resource list
Localhost DB table succesfull connect.

Users-list users-select user (merve)- add projection-select Localhost
DBTable add resources.



  Localhost DBTable
admin

auth_source_id

created_on

First name

id *

identity_url

language

Last name

last_login_on

mail_notification

must_change_passwd

Name

passwd_changed_on

salt

status *

type

updated_on

association





id and status filled and save. mysqldb users tables creating users (merve).
But  redmine users list not creating users(merve).


















2016-06-06 11:46 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:

> Hi Merve,
>
> I would like to understand what are you trying to achieve, what were your
> steps on redmine side and how you configured midPoint DBTable resource. The
> idm.log you sent unfortunately does not contain anything regarding DBTable
> connector/provisioning...
>
> I don't know/use redmine, so I need to understand the environment.
>
> Regards,
> Ivan
>
>
> On 06/06/2016 10:09 AM, mceylan wrote:
>
>
> Hi ivan,  no problem users add resources localhost db table. I  have a
> problem mysql db in users creating redmine users list
>
>
> idm. log
>
>
> 2016-06-06 10:50:07,763 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,002 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,228 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,453 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,666 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:08,891 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,080 [REPOSITORY] [midPointScheduler_Worker-7] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,081 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 10:50:09,379 [REPOSITORY] [midPointScheduler_Worker-6] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:07,767 [REPOSITORY] [midPointScheduler_Worker-10] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:07,982 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,205 [REPOSITORY] [midPointScheduler_Worker-10] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,445 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,657 [REPOSITORY] [midPointScheduler_Worker-10] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:08,869 [REPOSITORY] [midPointScheduler_Worker-1] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:05:09,090 [REPOSITORY] [midPointScheduler_Worker-10] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> 2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
> (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
> Can't do reconciliation. Account context doesn't contain current version of
> account.
> 2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread] INFO
> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
> release of batch it still contained JDBC statements
> ~
>
>
>
> 2016-06-06 11:04 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:
>
>> Please paste error exception from idm.log.
>>
>> Ivan
>>
>>
>> On 06/06/2016 09:48 AM, mceylan wrote:
>>
>> Thanks Ivan. I connect midpoint mysql db. add users mysql db but i add
>> user not creating redmine.
>>
>> Can you help me?
>>
>> 2016-06-06 10:24 GMT+03:00 Ivan Noris < <ivan.noris at evolveum.com>
>> ivan.noris at evolveum.com>:
>>
>>> Hi Merve,
>>>
>>> Ah, so you are trying to connect midPoint to existing application
>>> (redmine) with the DBTable connector, right?
>>> This could work, if:
>>>
>>> 1) the existing application is using only one table
>>> 2) if you have created technical user to connect using the connector (as
>>> Test connection works for you, you have at least some permissions)
>>> 3) the localhost-dbtable-advanced-sync.xml is a sample for the database
>>> table with fixed columns as created in the *.sql file(s) in the
>>> samples/resources/databasetable directory. So you need to modify your
>>> schema handling to use correct attributes for your application database
>>> table, not for our samples.
>>>
>>> Specifically it seems that your database has no "enable/disable" status
>>> attribute. In our sample, we have two configuration elements for
>>> enable/disable:
>>>
>>> 1) capabilities: defines which database table attribute is used for
>>> enable/disable. In our samples it's attribute/column named "disabled". If
>>> your database table has different column for this, it must be defined here
>>> or removed the section if your db does not support it.
>>>                 <capabilities xmlns:cap=
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>
>>> "http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>>                         <configured>
>>>                                 <cap:activation>
>>>                                         <cap:status>
>>>                                                 <cap:attribute>
>>> *ri:disabled*</cap:attribute>
>>>
>>> <cap:enableValue></cap:enableValue>
>>>
>>> <cap:enableValue>false</cap:enableValue>
>>>
>>> <cap:disableValue>true</cap:disableValue>
>>>                                         </cap:status>
>>>                                 </cap:activation>
>>>                         </configured>
>>>                 </capabilities>
>>>
>>> 2) activation/administrativeStatus mapping: defines how enable/disable
>>> in midPoint goes to the databasetable (outbound) or vice versa (inbound).
>>> If your db table does not support this, remove/comment this mapping:
>>>
>>>                                 <activation>
>>>                                         <administrativeStatus>
>>>                                                 <outbound/>
>>>                                                 <inbound>
>>>
>>> <strength>weak</strength>
>>>                                                 </inbound>
>>>                                         </administrativeStatus>
>>>                                 </activation>
>>>
>>> Best regards,
>>> Ivan
>>>
>>>
>>> On 06/04/2016 09:03 PM, <mrveceylan at gmail.com>mrveceylan at gmail.com
>>> wrote:
>>>
>>> I dont now. I want to midpoint connection redmine
>>>
>>> iPhone'umdan gönderildi
>>>
>>> 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris <
>>> <ivan.noris at evolveum.com>ivan.noris at evolveum.com> şunları yazdı:
>>>
>>> Hi Merve,
>>>
>>> which SQL creation script have you used to create the MySQL table?
>>> Ivan
>>>
>>> On 06/03/2016 03:40 PM, mceylan wrote:
>>>
>>> Hi,
>>>
>>> Midpoint connection mysql dbtable. I using file
>>> locolhost-dbtable--advanced-sync.xml
>>> Midpoint connection succesfull mysql db.
>>>
>>> Midpoint users add resource localhost DBTable
>>>
>>> stack tree
>>>
>>>
>>> Couldn't add object. Schema violation: Schema violation during
>>> processing shadow: shadow: null (OID:null): DB syntax error:
>>> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column
>>> '__ENABLE__' in 'field list')
>>>
>>>
>>>    -
>>>
>>> --
>>>
>>> can you help me?
>>> Merve CEYLAN
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Merve CEYLAN
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/8eaebf16/attachment.htm>

From ivan.noris at evolveum.com  Mon Jun  6 15:54:51 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Mon, 6 Jun 2016 15:54:51 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <CADu1p_gSpXdO8VDyMvyccrzKeLU2cznS1PY1x2Zaapr7uPAORg@mail.gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
 <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
 <57553872.3080607@evolveum.com>
 <CADu1p_gSpXdO8VDyMvyccrzKeLU2cznS1PY1x2Zaapr7uPAORg@mail.gmail.com>
Message-ID: <575580AB.7020908@evolveum.com>

Hi Merve,

what's the relationship between localhost DB table and redmine?

"mysqldb users tables creating users (merve). But  redmine users list
not creating users(merve)."

If provisioning to mysql table works, and you can see accounts there,
provision, modify and delete them, but "redmine users list not creating
users" it's probably outside something midPoint can do. But please
explain how mysql db table and redmine are connected together..

Thanks,
Ivan

On 06/06/2016 11:07 AM, mceylan wrote:
> Hi Ivan,
>
> I use to connect to localhost db-table on a redmine. Midpoint resource
> list Localhost DB table succesfull connect. 
>
> Users-list users-select user (merve)- add projection-select Localhost
> DBTable add resources. 
>
>
>
>   Localhost DBTable
> admin
>
> auth_source_id
>
> created_on
>
> First name 
>
> id *
>
> identity_url
>
> language
>
> Last name 
>
> last_login_on
>
> mail_notification
>
> must_change_passwd
>
> Name 
>
> passwd_changed_on
>
> salt
>
> status *
>
> type
>
> updated_on
>
> association
>
>
>
>
>
> id and status filled and save. mysqldb users tables creating users
> (merve). But  redmine users list not creating users(merve).
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2016-06-06 11:46 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
>     Hi Merve,
>
>     I would like to understand what are you trying to achieve, what
>     were your steps on redmine side and how you configured midPoint
>     DBTable resource. The idm.log you sent unfortunately does not
>     contain anything regarding DBTable connector/provisioning...
>
>     I don't know/use redmine, so I need to understand the environment.
>
>     Regards,
>     Ivan
>
>
>     On 06/06/2016 10:09 AM, mceylan wrote:
>>
>>     Hi ivan,  no problem users add resources localhost db table. I
>>      have a problem mysql db in users creating redmine users list
>>
>>
>>     idm. log
>>
>>
>>     2016-06-06 10:50:07,763 [REPOSITORY] [midPointScheduler_Worker-7]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:08,002 [REPOSITORY] [midPointScheduler_Worker-7]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:08,228 [REPOSITORY] [midPointScheduler_Worker-6]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:08,453 [REPOSITORY] [midPointScheduler_Worker-7]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:08,666 [REPOSITORY] [midPointScheduler_Worker-6]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:08,891 [REPOSITORY] [midPointScheduler_Worker-7]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:09,080 [REPOSITORY] [midPointScheduler_Worker-7]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:09,081 [REPOSITORY] [midPointScheduler_Worker-6]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 10:50:09,379 [REPOSITORY] [midPointScheduler_Worker-6]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:07,767 [REPOSITORY]
>>     [midPointScheduler_Worker-10] INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:07,982 [REPOSITORY] [midPointScheduler_Worker-1]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:08,205 [REPOSITORY]
>>     [midPointScheduler_Worker-10] INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:08,445 [REPOSITORY] [midPointScheduler_Worker-1]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:08,657 [REPOSITORY]
>>     [midPointScheduler_Worker-10] INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:08,869 [REPOSITORY] [midPointScheduler_Worker-1]
>>     INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:05:09,090 [REPOSITORY]
>>     [midPointScheduler_Worker-10] INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
>>     (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
>>     Can't do reconciliation. Account context doesn't contain current
>>     version of account.
>>     2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread] INFO
>>     (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl):
>>     HHH000010: On release of batch it still contained JDBC statements
>>     ~                                                                
>>                                                                      
>>                                                                   
>>
>>     2016-06-06 11:04 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
>>     <mailto:ivan.noris at evolveum.com>>:
>>
>>         Please paste error exception from idm.log.
>>
>>         Ivan
>>
>>
>>         On 06/06/2016 09:48 AM, mceylan wrote:
>>>         Thanks Ivan. I connect midpoint mysql db. add users mysql db
>>>         but i add user not creating redmine. 
>>>
>>>         Can you help me?
>>>
>>>         2016-06-06 10:24 GMT+03:00 Ivan Noris
>>>         <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>:
>>>
>>>             Hi Merve,
>>>
>>>             Ah, so you are trying to connect midPoint to existing
>>>             application (redmine) with the DBTable connector, right?
>>>             This could work, if:
>>>
>>>             1) the existing application is using only one table
>>>             2) if you have created technical user to connect using
>>>             the connector (as Test connection works for you, you
>>>             have at least some permissions)
>>>             3) the localhost-dbtable-advanced-sync.xml is a sample
>>>             for the database table with fixed columns as created in
>>>             the *.sql file(s) in the samples/resources/databasetable
>>>             directory. So you need to modify your schema handling to
>>>             use correct attributes for your application database
>>>             table, not for our samples.
>>>
>>>             Specifically it seems that your database has no
>>>             "enable/disable" status attribute. In our sample, we
>>>             have two configuration elements for enable/disable:
>>>
>>>             1) capabilities: defines which database table attribute
>>>             is used for enable/disable. In our samples it's
>>>             attribute/column named "disabled". If your database
>>>             table has different column for this, it must be defined
>>>             here or removed the section if your db does not support it.
>>>                             <capabilities
>>>             xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>>>             <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>>                                     <configured>
>>>                                             <cap:activation>
>>>                                                     <cap:status>
>>>                                                            
>>>             <cap:attribute>*ri:disabled*</cap:attribute>
>>>                                                            
>>>             <cap:enableValue></cap:enableValue>
>>>                                                            
>>>             <cap:enableValue>false</cap:enableValue>
>>>                                                            
>>>             <cap:disableValue>true</cap:disableValue>
>>>                                                     </cap:status>
>>>                                             </cap:activation>
>>>                                     </configured>
>>>                             </capabilities>
>>>
>>>             2) activation/administrativeStatus mapping: defines how
>>>             enable/disable in midPoint goes to the databasetable
>>>             (outbound) or vice versa (inbound). If your db table
>>>             does not support this, remove/comment this mapping:
>>>
>>>                                             <activation>
>>>                                                    
>>>             <administrativeStatus>
>>>                                                             <outbound/>
>>>                                                             <inbound>
>>>                                                                    
>>>             <strength>weak</strength>
>>>                                                             </inbound>
>>>                                                    
>>>             </administrativeStatus>
>>>                                             </activation>
>>>                
>>>             Best regards,
>>>             Ivan
>>>
>>>
>>>             On 06/04/2016 09:03 PM, mrveceylan at gmail.com
>>>             <mailto:mrveceylan at gmail.com> wrote:
>>>>             I dont now. I want to midpoint connection redmine
>>>>
>>>>             iPhone'umdan gönderildi
>>>>
>>>>             3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris
>>>>             <ivan.noris at evolveum.com
>>>>             <mailto:ivan.noris at evolveum.com>> şunları yazdı:
>>>>
>>>>>             Hi Merve,
>>>>>
>>>>>             which SQL creation script have you used to create the
>>>>>             MySQL table?
>>>>>             Ivan
>>>>>
>>>>>             On 06/03/2016 03:40 PM, mceylan wrote:
>>>>>>             Hi,
>>>>>>
>>>>>>             Midpoint connection mysql dbtable. I using file
>>>>>>             locolhost-dbtable--advanced-sync.xml
>>>>>>             Midpoint connection succesfull mysql db.
>>>>>>
>>>>>>             Midpoint users add resource localhost DBTable  
>>>>>>
>>>>>>             stack tree 
>>>>>>
>>>>>>
>>>>>>             Couldn't add object. Schema violation: Schema
>>>>>>             violation during processing shadow: shadow: null
>>>>>>             (OID:null): DB syntax error:
>>>>>>             com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
>>>>>>             column '__ENABLE__' in 'field list')
>>>>>>
>>>>>>              *
>>>>>>
>>>>>>
>>>>>>             -- 
>>>>>>
>>>>>>             can you help me?
>>>>>>             Merve CEYLAN
>>>>>>
>>>>>>
>>>>>>             _______________________________________________
>>>>>>             midPoint mailing list
>>>>>>             midPoint at lists.evolveum.com
>>>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>             -- 
>>>>>               Ing. Ivan Noris
>>>>>               Senior Identity Management Engineer & IDM Architect
>>>>>               evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>>>               ___________________________________________________
>>>>>               "Semper ID(e)M Vix."
>>>>>             _______________________________________________
>>>>>             midPoint mailing list
>>>>>             midPoint at lists.evolveum.com
>>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>             -- 
>>>               Ing. Ivan Noris
>>>               Senior Identity Management Engineer & IDM Architect
>>>               evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>               ___________________________________________________
>>>               "Semper ID(e)M Vix."
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         -- 
>>>         Merve CEYLAN
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>         -- 
>>           Ing. Ivan Noris
>>           Senior Identity Management Engineer & IDM Architect
>>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>           ___________________________________________________
>>           "Semper ID(e)M Vix."
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     -- 
>>     Merve CEYLAN
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/011648a0/attachment.htm>

From oskar.butovic at ami.cz  Mon Jun  6 17:33:01 2016
From: oskar.butovic at ami.cz (=?UTF-8?Q?Oskar_Butovi=C4=8D_=2D_AMI_Praha_a=2Es=2E?=)
Date: Mon, 6 Jun 2016 17:33:01 +0200
Subject: [midPoint] password policy configuration
Message-ID: <CAE8MtZB8XRg-AnFNf5Fo5=DO7eLuJhbayLVvaCEcbmc69W3wgQ@mail.gmail.com>

Hello Everybody,

I am configuring password policy in midpoint. I have to check that users
username, firstname, surname, and other users attributes are not included
in password. I have looked into midpoint confluence and xsd definitions of
stringpolicy but found nothing which could help me.

Can such additional check be configured in midpoint? What would be the
easiest way to implement such check if it would not be possible to
configure? Is there any extension point where I can add such additional
check by script?

Thanks.

Regards,

Oskar Butovič

-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160606/4a1f3277/attachment.htm>

From mrveceylan at gmail.com  Tue Jun  7 08:33:58 2016
From: mrveceylan at gmail.com (mceylan)
Date: Tue, 7 Jun 2016 09:33:58 +0300
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <575580AB.7020908@evolveum.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
 <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
 <57553872.3080607@evolveum.com>
 <CADu1p_gSpXdO8VDyMvyccrzKeLU2cznS1PY1x2Zaapr7uPAORg@mail.gmail.com>
 <575580AB.7020908@evolveum.com>
Message-ID: <CADu1p_jV_fetVwyyq3OQ17PrXkBDxgbGp3eWMmwRB9=S6xTAeg@mail.gmail.com>

Hi Ivan,

I don't know. Redmine being used at work. I just want users to director of
the MidPoint of the Redmine. The construction work on the Redmine I do not
knom too

Thanks,

Merve

2016-06-06 16:54 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:

> Hi Merve,
>
> what's the relationship between localhost DB table and redmine?
>
> "mysqldb users tables creating users (merve). But  redmine users list not
> creating users(merve)."
>
> If provisioning to mysql table works, and you can see accounts there,
> provision, modify and delete them, but "redmine users list not creating
> users" it's probably outside something midPoint can do. But please explain
> how mysql db table and redmine are connected together..
>
> Thanks,
> Ivan
>
>
> On 06/06/2016 11:07 AM, mceylan wrote:
>
> Hi Ivan,
>
> I use to connect to localhost db-table on a redmine. Midpoint resource
> list Localhost DB table succesfull connect.
>
> Users-list users-select user (merve)- add projection-select Localhost
> DBTable add resources.
>
>
>
>   Localhost DBTable
> admin
>
> auth_source_id
>
> created_on
>
> First name
>
> id *
>
> identity_url
>
> language
>
> Last name
>
> last_login_on
>
> mail_notification
>
> must_change_passwd
>
> Name
>
> passwd_changed_on
>
> salt
>
> status *
>
> type
>
> updated_on
>
> association
>
>
>
>
>
> id and status filled and save. mysqldb users tables creating users
> (merve). But  redmine users list not creating users(merve).
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 2016-06-06 11:46 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com>:
>
>> Hi Merve,
>>
>> I would like to understand what are you trying to achieve, what were your
>> steps on redmine side and how you configured midPoint DBTable resource. The
>> idm.log you sent unfortunately does not contain anything regarding DBTable
>> connector/provisioning...
>>
>> I don't know/use redmine, so I need to understand the environment.
>>
>> Regards,
>> Ivan
>>
>>
>> On 06/06/2016 10:09 AM, mceylan wrote:
>>
>>
>> Hi ivan,  no problem users add resources localhost db table. I  have a
>> problem mysql db in users creating redmine users list
>>
>>
>> idm. log
>>
>>
>> 2016-06-06 10:50:07,763 [REPOSITORY] [midPointScheduler_Worker-7] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:08,002 [REPOSITORY] [midPointScheduler_Worker-7] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:08,228 [REPOSITORY] [midPointScheduler_Worker-6] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:08,453 [REPOSITORY] [midPointScheduler_Worker-7] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:08,666 [REPOSITORY] [midPointScheduler_Worker-6] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:08,891 [REPOSITORY] [midPointScheduler_Worker-7] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:09,080 [REPOSITORY] [midPointScheduler_Worker-7] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:09,081 [REPOSITORY] [midPointScheduler_Worker-6] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 10:50:09,379 [REPOSITORY] [midPointScheduler_Worker-6] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:07,767 [REPOSITORY] [midPointScheduler_Worker-10] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:07,982 [REPOSITORY] [midPointScheduler_Worker-1] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:08,205 [REPOSITORY] [midPointScheduler_Worker-10] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:08,445 [REPOSITORY] [midPointScheduler_Worker-1] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:08,657 [REPOSITORY] [midPointScheduler_Worker-10] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:08,869 [REPOSITORY] [midPointScheduler_Worker-1] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:05:09,090 [REPOSITORY] [midPointScheduler_Worker-10] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> 2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
>> (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
>> Can't do reconciliation. Account context doesn't contain current version of
>> account.
>> 2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread] INFO
>> (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On
>> release of batch it still contained JDBC statements
>> ~
>>
>>
>>
>> 2016-06-06 11:04 GMT+03:00 Ivan Noris < <ivan.noris at evolveum.com>
>> ivan.noris at evolveum.com>:
>>
>>> Please paste error exception from idm.log.
>>>
>>> Ivan
>>>
>>>
>>> On 06/06/2016 09:48 AM, mceylan wrote:
>>>
>>> Thanks Ivan. I connect midpoint mysql db. add users mysql db but i add
>>> user not creating redmine.
>>>
>>> Can you help me?
>>>
>>> 2016-06-06 10:24 GMT+03:00 Ivan Noris < <ivan.noris at evolveum.com>
>>> ivan.noris at evolveum.com>:
>>>
>>>> Hi Merve,
>>>>
>>>> Ah, so you are trying to connect midPoint to existing application
>>>> (redmine) with the DBTable connector, right?
>>>> This could work, if:
>>>>
>>>> 1) the existing application is using only one table
>>>> 2) if you have created technical user to connect using the connector
>>>> (as Test connection works for you, you have at least some permissions)
>>>> 3) the localhost-dbtable-advanced-sync.xml is a sample for the database
>>>> table with fixed columns as created in the *.sql file(s) in the
>>>> samples/resources/databasetable directory. So you need to modify your
>>>> schema handling to use correct attributes for your application database
>>>> table, not for our samples.
>>>>
>>>> Specifically it seems that your database has no "enable/disable" status
>>>> attribute. In our sample, we have two configuration elements for
>>>> enable/disable:
>>>>
>>>> 1) capabilities: defines which database table attribute is used for
>>>> enable/disable. In our samples it's attribute/column named "disabled". If
>>>> your database table has different column for this, it must be defined here
>>>> or removed the section if your db does not support it.
>>>>                 <capabilities xmlns:cap=
>>>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>
>>>> "http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>>>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>>>                         <configured>
>>>>                                 <cap:activation>
>>>>                                         <cap:status>
>>>>                                                 <cap:attribute>
>>>> *ri:disabled*</cap:attribute>
>>>>
>>>> <cap:enableValue></cap:enableValue>
>>>>
>>>> <cap:enableValue>false</cap:enableValue>
>>>>
>>>> <cap:disableValue>true</cap:disableValue>
>>>>                                         </cap:status>
>>>>                                 </cap:activation>
>>>>                         </configured>
>>>>                 </capabilities>
>>>>
>>>> 2) activation/administrativeStatus mapping: defines how enable/disable
>>>> in midPoint goes to the databasetable (outbound) or vice versa (inbound).
>>>> If your db table does not support this, remove/comment this mapping:
>>>>
>>>>                                 <activation>
>>>>                                         <administrativeStatus>
>>>>                                                 <outbound/>
>>>>                                                 <inbound>
>>>>
>>>> <strength>weak</strength>
>>>>                                                 </inbound>
>>>>                                         </administrativeStatus>
>>>>                                 </activation>
>>>>
>>>> Best regards,
>>>> Ivan
>>>>
>>>>
>>>> On 06/04/2016 09:03 PM, <mrveceylan at gmail.com>mrveceylan at gmail.com
>>>> wrote:
>>>>
>>>> I dont now. I want to midpoint connection redmine
>>>>
>>>> iPhone'umdan gönderildi
>>>>
>>>> 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris <
>>>> <ivan.noris at evolveum.com>ivan.noris at evolveum.com> şunları yazdı:
>>>>
>>>> Hi Merve,
>>>>
>>>> which SQL creation script have you used to create the MySQL table?
>>>> Ivan
>>>>
>>>> On 06/03/2016 03:40 PM, mceylan wrote:
>>>>
>>>> Hi,
>>>>
>>>> Midpoint connection mysql dbtable. I using file
>>>> locolhost-dbtable--advanced-sync.xml
>>>> Midpoint connection succesfull mysql db.
>>>>
>>>> Midpoint users add resource localhost DBTable
>>>>
>>>> stack tree
>>>>
>>>>
>>>> Couldn't add object. Schema violation: Schema violation during
>>>> processing shadow: shadow: null (OID:null): DB syntax error:
>>>> com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown column
>>>> '__ENABLE__' in 'field list')
>>>>
>>>>
>>>>    -
>>>>
>>>> --
>>>>
>>>> can you help me?
>>>> Merve CEYLAN
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> --
>>>>   Ing. Ivan Noris
>>>>   Senior Identity Management Engineer & IDM Architect
>>>>   evolveum.com                     evolveum.com/blog/
>>>>   ___________________________________________________
>>>>   "Semper ID(e)M Vix."
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> <midPoint at lists.evolveum.com>midPoint at lists.evolveum.com
>>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>> --
>>>>   Ing. Ivan Noris
>>>>   Senior Identity Management Engineer & IDM Architect
>>>>   evolveum.com                     evolveum.com/blog/
>>>>   ___________________________________________________
>>>>   "Semper ID(e)M Vix."
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>> Merve CEYLAN
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Merve CEYLAN
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/daf2af06/attachment.htm>

From ivan.noris at evolveum.com  Tue Jun  7 08:56:56 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Tue, 7 Jun 2016 08:56:56 +0200
Subject: [midPoint] password policy configuration
In-Reply-To: <CAE8MtZB8XRg-AnFNf5Fo5=DO7eLuJhbayLVvaCEcbmc69W3wgQ@mail.gmail.com>
References: <CAE8MtZB8XRg-AnFNf5Fo5=DO7eLuJhbayLVvaCEcbmc69W3wgQ@mail.gmail.com>
Message-ID: <57567038.8010309@evolveum.com>

Hi Oskar,

I think we're tracking this feature as
https://jira.evolveum.com/browse/MID-1657 "Value policy: excluding
user/account properties". Currently targeted for midPoint 3.5.

My coleagues from development may be able to suggest some workaround.

Regards,
Ivan

On 06/06/2016 05:33 PM, Oskar Butovič - AMI Praha a.s. wrote:
> Hello Everybody,
>
> I am configuring password policy in midpoint. I have to check that
> users username, firstname, surname, and other users attributes are not
> included in password. I have looked into midpoint confluence and xsd
> definitions of stringpolicy but found nothing which could help me.
>
> Can such additional check be configured in midpoint? What would be the
> easiest way to implement such check if it would not be possible to
> configure? Is there any extension point where I can add such
> additional check by script?
>
> Thanks.
>
> Regards,
>
> Oskar Butovič
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 	    	    	
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 	    	    	
>
> AMI Praha a.s.
>
>
> AMI Praha a.s.
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/38b4bd35/attachment.htm>

From ivan.noris at evolveum.com  Tue Jun  7 09:03:13 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Tue, 7 Jun 2016 09:03:13 +0200
Subject: [midPoint] Midpoind connect mysql DB
In-Reply-To: <CADu1p_jV_fetVwyyq3OQ17PrXkBDxgbGp3eWMmwRB9=S6xTAeg@mail.gmail.com>
References: <CADu1p_giYDRF_WLxNRS6UorW1gK7c4rbJ5t4j3n-AaqszazGVg@mail.gmail.com>
 <57519B04.9010107@evolveum.com>
 <77C4115E-66C7-47DA-AC4A-E789B0B1A042@gmail.com>
 <57552526.7020808@evolveum.com>
 <CADu1p_hfHCCiVpqCLFWeJpBjkVDRJAGfcApKv0TXnUP4iO8_Aw@mail.gmail.com>
 <57552E9C.8040703@evolveum.com>
 <CADu1p_hqRzmSBrKjC8JUgzbGmtoWxeudei=HTzvSGhF7Psh07w@mail.gmail.com>
 <57553872.3080607@evolveum.com>
 <CADu1p_gSpXdO8VDyMvyccrzKeLU2cznS1PY1x2Zaapr7uPAORg@mail.gmail.com>
 <575580AB.7020908@evolveum.com>
 <CADu1p_jV_fetVwyyq3OQ17PrXkBDxgbGp3eWMmwRB9=S6xTAeg@mail.gmail.com>
Message-ID: <575671B1.8040300@evolveum.com>

Hi Merve,

I'm sorry, but if provisioning works for DB table and accounts are
created there, there is nothing I can suggest to do with the DB Table
versus Redmine. This seems to be beyond midPoint provisioning.

Regards,
Ivan

On 06/07/2016 08:33 AM, mceylan wrote:
> Hi Ivan,
>
> I don't know. Redmine being used at work. I just want users to
> director of the MidPoint of the Redmine. The construction work on the
> Redmine I do not knom too
>
> Thanks,
>
> Merve
>
> 2016-06-06 16:54 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
>     Hi Merve,
>
>     what's the relationship between localhost DB table and redmine?
>
>     "mysqldb users tables creating users (merve). But  redmine users
>     list not creating users(merve)."
>
>     If provisioning to mysql table works, and you can see accounts
>     there, provision, modify and delete them, but "redmine users list
>     not creating users" it's probably outside something midPoint can
>     do. But please explain how mysql db table and redmine are
>     connected together..
>
>     Thanks,
>     Ivan
>
>
>     On 06/06/2016 11:07 AM, mceylan wrote:
>>     Hi Ivan,
>>
>>     I use to connect to localhost db-table on a redmine. Midpoint
>>     resource list Localhost DB table succesfull connect. 
>>
>>     Users-list users-select user (merve)- add projection-select
>>     Localhost DBTable add resources. 
>>
>>
>>
>>       Localhost DBTable
>>     admin
>>
>>     auth_source_id
>>
>>     created_on
>>
>>     First name 
>>
>>     id *
>>
>>     identity_url
>>
>>     language
>>
>>     Last name 
>>
>>     last_login_on
>>
>>     mail_notification
>>
>>     must_change_passwd
>>
>>     Name 
>>
>>     passwd_changed_on
>>
>>     salt
>>
>>     status *
>>
>>     type
>>
>>     updated_on
>>
>>     association
>>
>>
>>
>>
>>
>>     id and status filled and save. mysqldb users tables creating
>>     users (merve). But  redmine users list not creating users(merve).
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>     2016-06-06 11:46 GMT+03:00 Ivan Noris <ivan.noris at evolveum.com
>>     <mailto:ivan.noris at evolveum.com>>:
>>
>>         Hi Merve,
>>
>>         I would like to understand what are you trying to achieve,
>>         what were your steps on redmine side and how you configured
>>         midPoint DBTable resource. The idm.log you sent unfortunately
>>         does not contain anything regarding DBTable
>>         connector/provisioning...
>>
>>         I don't know/use redmine, so I need to understand the
>>         environment.
>>
>>         Regards,
>>         Ivan
>>
>>
>>         On 06/06/2016 10:09 AM, mceylan wrote:
>>>
>>>         Hi ivan,  no problem users add resources localhost db table.
>>>         I  have a problem mysql db in users creating redmine users list
>>>
>>>
>>>         idm. log
>>>
>>>
>>>         2016-06-06 10:50:07,763 [REPOSITORY]
>>>         [midPointScheduler_Worker-7] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:08,002 [REPOSITORY]
>>>         [midPointScheduler_Worker-7] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:08,228 [REPOSITORY]
>>>         [midPointScheduler_Worker-6] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:08,453 [REPOSITORY]
>>>         [midPointScheduler_Worker-7] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:08,666 [REPOSITORY]
>>>         [midPointScheduler_Worker-6] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:08,891 [REPOSITORY]
>>>         [midPointScheduler_Worker-7] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:09,080 [REPOSITORY]
>>>         [midPointScheduler_Worker-7] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:09,081 [REPOSITORY]
>>>         [midPointScheduler_Worker-6] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 10:50:09,379 [REPOSITORY]
>>>         [midPointScheduler_Worker-6] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:07,767 [REPOSITORY]
>>>         [midPointScheduler_Worker-10] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:07,982 [REPOSITORY]
>>>         [midPointScheduler_Worker-1] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:08,205 [REPOSITORY]
>>>         [midPointScheduler_Worker-10] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:08,445 [REPOSITORY]
>>>         [midPointScheduler_Worker-1] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:08,657 [REPOSITORY]
>>>         [midPointScheduler_Worker-10] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:08,869 [REPOSITORY]
>>>         [midPointScheduler_Worker-1] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:05:09,090 [REPOSITORY]
>>>         [midPointScheduler_Worker-10] INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         2016-06-06 11:07:03,853 [MODEL] [Thread-19] WARN
>>>         (com.evolveum.midpoint.model.impl.lens.projector.ReconciliationProcessor):
>>>         Can't do reconciliation. Account context doesn't contain
>>>         current version of account.
>>>         2016-06-06 11:07:04,492 [REPOSITORY] [ClusterManagerThread]
>>>         INFO
>>>         (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010:
>>>         On release of batch it still contained JDBC statements
>>>         ~                                                          
>>>                                                                    
>>>                                                                    
>>>                       
>>>
>>>         2016-06-06 11:04 GMT+03:00 Ivan Noris
>>>         <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>:
>>>
>>>             Please paste error exception from idm.log.
>>>
>>>             Ivan
>>>
>>>
>>>             On 06/06/2016 09:48 AM, mceylan wrote:
>>>>             Thanks Ivan. I connect midpoint mysql db. add users
>>>>             mysql db but i add user not creating redmine. 
>>>>
>>>>             Can you help me?
>>>>
>>>>             2016-06-06 10:24 GMT+03:00 Ivan Noris
>>>>             <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>:
>>>>
>>>>                 Hi Merve,
>>>>
>>>>                 Ah, so you are trying to connect midPoint to
>>>>                 existing application (redmine) with the DBTable
>>>>                 connector, right?
>>>>                 This could work, if:
>>>>
>>>>                 1) the existing application is using only one table
>>>>                 2) if you have created technical user to connect
>>>>                 using the connector (as Test connection works for
>>>>                 you, you have at least some permissions)
>>>>                 3) the localhost-dbtable-advanced-sync.xml is a
>>>>                 sample for the database table with fixed columns as
>>>>                 created in the *.sql file(s) in the
>>>>                 samples/resources/databasetable directory. So you
>>>>                 need to modify your schema handling to use correct
>>>>                 attributes for your application database table, not
>>>>                 for our samples.
>>>>
>>>>                 Specifically it seems that your database has no
>>>>                 "enable/disable" status attribute. In our sample,
>>>>                 we have two configuration elements for enable/disable:
>>>>
>>>>                 1) capabilities: defines which database table
>>>>                 attribute is used for enable/disable. In our
>>>>                 samples it's attribute/column named "disabled". If
>>>>                 your database table has different column for this,
>>>>                 it must be defined here or removed the section if
>>>>                 your db does not support it.
>>>>                                 <capabilities
>>>>                 xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
>>>>                 <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>>>                                         <configured>
>>>>                                                 <cap:activation>
>>>>                                                         <cap:status>
>>>>                                                                
>>>>                 <cap:attribute>*ri:disabled*</cap:attribute>
>>>>                                                                
>>>>                 <cap:enableValue></cap:enableValue>
>>>>                                                                
>>>>                 <cap:enableValue>false</cap:enableValue>
>>>>                                                                
>>>>                 <cap:disableValue>true</cap:disableValue>
>>>>                                                         </cap:status>
>>>>                                                 </cap:activation>
>>>>                                         </configured>
>>>>                                 </capabilities>
>>>>
>>>>                 2) activation/administrativeStatus mapping: defines
>>>>                 how enable/disable in midPoint goes to the
>>>>                 databasetable (outbound) or vice versa (inbound).
>>>>                 If your db table does not support this,
>>>>                 remove/comment this mapping:
>>>>
>>>>                                                 <activation>
>>>>                                                        
>>>>                 <administrativeStatus>
>>>>                                                                
>>>>                 <outbound/>
>>>>                                                                
>>>>                 <inbound>
>>>>                                                                        
>>>>                 <strength>weak</strength>
>>>>                                                                
>>>>                 </inbound>
>>>>                                                        
>>>>                 </administrativeStatus>
>>>>                                                 </activation>
>>>>                    
>>>>                 Best regards,
>>>>                 Ivan
>>>>
>>>>
>>>>                 On 06/04/2016 09:03 PM, mrveceylan at gmail.com
>>>>                 <mailto:mrveceylan at gmail.com> wrote:
>>>>>                 I dont now. I want to midpoint connection redmine
>>>>>
>>>>>                 iPhone'umdan gönderildi
>>>>>
>>>>>                 3 Haz 2016 tarihinde 17:58 saatinde, Ivan Noris
>>>>>                 <ivan.noris at evolveum.com
>>>>>                 <mailto:ivan.noris at evolveum.com>> şunları yazdı:
>>>>>
>>>>>>                 Hi Merve,
>>>>>>
>>>>>>                 which SQL creation script have you used to create
>>>>>>                 the MySQL table?
>>>>>>                 Ivan
>>>>>>
>>>>>>                 On 06/03/2016 03:40 PM, mceylan wrote:
>>>>>>>                 Hi,
>>>>>>>
>>>>>>>                 Midpoint connection mysql dbtable. I using file
>>>>>>>                 locolhost-dbtable--advanced-sync.xml
>>>>>>>                 Midpoint connection succesfull mysql db.
>>>>>>>
>>>>>>>                 Midpoint users add resource localhost DBTable  
>>>>>>>
>>>>>>>                 stack tree 
>>>>>>>
>>>>>>>
>>>>>>>                 Couldn't add object. Schema violation: Schema
>>>>>>>                 violation during processing shadow: shadow: null
>>>>>>>                 (OID:null): DB syntax error:
>>>>>>>                 com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException(Unknown
>>>>>>>                 column '__ENABLE__' in 'field list')
>>>>>>>
>>>>>>>                  *
>>>>>>>
>>>>>>>
>>>>>>>                 -- 
>>>>>>>
>>>>>>>                 can you help me?
>>>>>>>                 Merve CEYLAN
>>>>>>>
>>>>>>>
>>>>>>>                 _______________________________________________
>>>>>>>                 midPoint mailing list
>>>>>>>                 midPoint at lists.evolveum.com
>>>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>                 -- 
>>>>>>                   Ing. Ivan Noris
>>>>>>                   Senior Identity Management Engineer & IDM Architect
>>>>>>                   evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>>>>                   ___________________________________________________
>>>>>>                   "Semper ID(e)M Vix."
>>>>>>                 _______________________________________________
>>>>>>                 midPoint mailing list
>>>>>>                 midPoint at lists.evolveum.com
>>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 midPoint mailing list
>>>>>                 midPoint at lists.evolveum.com
>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>                 -- 
>>>>                   Ing. Ivan Noris
>>>>                   Senior Identity Management Engineer & IDM Architect
>>>>                   evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>>                   ___________________________________________________
>>>>                   "Semper ID(e)M Vix."
>>>>
>>>>
>>>>                 _______________________________________________
>>>>                 midPoint mailing list
>>>>                 midPoint at lists.evolveum.com
>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>             -- 
>>>>             Merve CEYLAN
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>             -- 
>>>               Ing. Ivan Noris
>>>               Senior Identity Management Engineer & IDM Architect
>>>               evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>>               ___________________________________________________
>>>               "Semper ID(e)M Vix."
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         -- 
>>>         Merve CEYLAN
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>         -- 
>>           Ing. Ivan Noris
>>           Senior Identity Management Engineer & IDM Architect
>>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>>           ___________________________________________________
>>           "Semper ID(e)M Vix."
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     -- 
>>     Merve CEYLAN
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
> Merve CEYLAN
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/95252d46/attachment.htm>

From mrveceylan at gmail.com  Tue Jun  7 09:16:27 2016
From: mrveceylan at gmail.com (mceylan)
Date: Tue, 7 Jun 2016 10:16:27 +0300
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY4LhvTDXcjFrrtUgX34ve_XYqK3-OGvzEWihLQRavt3Ug@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
 <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
 <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>
 <CAFkZXY4LhvTDXcjFrrtUgX34ve_XYqK3-OGvzEWihLQRavt3Ug@mail.gmail.com>
Message-ID: <CADu1p_iXn81LunVMrT=v9K9OnQ+xo4ceJ9Fzc+n4fW0FPQ20gA@mail.gmail.com>

Thanks Jason. I did they say. But I get an error. Midpoint login page error
message

http://localhost:8080/midpoint/j_spring_cas_security_check?ticket=ST-1-ocJ73L6rbrpicihnTSjo-cas01.example.org

Internal Server Error

Unexpected error occurred, if necessary please contact system administrator.


idm.log


2016-06-07 10:15:01,285 [] [http-nio-8080-exec-4] ERROR
(com.evolveum.midpoint.web.util.MidPointProfilingServletFilter):
Encountered exception: java.lang.RuntimeException:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
java.lang.RuntimeException: javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
        at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)
~[cas-client-core-3.3.3.jar:3.3.3]
        at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
~[cas-client-core-3.3.3.jar:3.3.3]
        at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
~[cas-client-core-3.3.3.jar:3.3.3]
        at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
~[spring-security-core-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
~[cas-client-core-3.3.3.jar:3.3.3]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
        at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
        at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
[catalina.jar:8.0.33]
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
[catalina.jar:8.0.33]
        at
org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
~[cas-client-core-3.3.3.jar:3.3.3]
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
[catalina.jar:8.0.33]
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
[catalina.jar:8.0.33]
        at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
        at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
[catalina.jar:8.0.33]
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
[catalina.jar:8.0.33]
        at
com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
~[classes/:na]
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
[catalina.jar:8.0.33]
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
[catalina.jar:8.0.33]


Thanks,

Merve



2016-06-03 17:03 GMT+03:00 Jason Everling <jeverling at bshp.edu>:

> No, you need to comment out that block for CAS auth, that is only used if
> you are using another method that passes the auth through the header, look
> at mine below, that is correctly done for CAS, well at least for v 3.2
>
> http://pastebin.com/mHW8hvP4
>
> JASON
>
> On Fri, Jun 3, 2016 at 2:09 AM, mceylan <mrveceylan at gmail.com> wrote:
>
>> Hi,
>> I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
>> login page error
>>
>> stack tree
>>
>> 2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
>> (com.evolveum.midpoint.web.page.error.PageError): Creating error page for
>> code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
>> page using constructor 'public
>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>> been thrown during construction!: {}
>> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
>> constructor 'public
>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>> been thrown during construction!
>>         at
>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
>> ~[wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>> ~[wicket-request-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>> [wicket-core-6.20.0.jar:6.20.0]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>> [catalina.jar:8.0.33]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>> [catalina.jar:8.0.33]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>
>>
>>
>>
>> 2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>
>>> He was mentioning that to me thinking it was me having the issues,
>>>
>>> Merve, what are you using to pass your HEADER auth? Or are you using CAS?
>>>
>>> JASON
>>>
>>> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>
>>>> Hi Roman,
>>>>
>>>> why uncomment  line with "PRE_AUTH_FILTER"?
>>>>
>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>>>> setup Basically what needs to be done is to uncomment the following
>>>> line:
>>>>
>>>> <custom-filter position="PRE_AUTH_FILTER" ref=
>>>> "requestHeaderAuthenticationFilter" />
>>>>
>>>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>>
>>>>> Hah! Wait, I am not the one with issue, it is the other on the thread,
>>>>> Merve
>>>>>
>>>>> JASON
>>>>>
>>>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>>>> roman.pudil at ami.cz> wrote:
>>>>>
>>>>>> Hi Jason,
>>>>>>
>>>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> Roman Pudil
>>>>>> solution architect
>>>>>>
>>>>>> gsm: [+420] 775 663 666
>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>
>>>>>>
>>>>>> AMI Praha a.s.
>>>>>> Pláničkova 11
>>>>>> 162 00 Praha 6
>>>>>> tel./fax: [+420] 274 783 239
>>>>>> web: www.ami.cz
>>>>>>
>>>>>>
>>>>>>
>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>
>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>>> společnost AMI Praha a.s.
>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>> výhradně písemnou formu.
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------ Původní zpráva ------
>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>; "midPoint
>>>>>> General Discussion" <midpoint at lists.evolveum.com>
>>>>>> Odesláno: 2.6.2016 15:51:17
>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>
>>>>>>
>>>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had
>>>>>> any issues, it was pretty easy to setup. I am looking over my files to see
>>>>>> if I did anything outside of that document or what was commented in
>>>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>>>
>>>>>> You can check ours here,
>>>>>> http://pastebin.com/mHW8hvP4
>>>>>>
>>>>>>
>>>>>> JASON
>>>>>>
>>>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>>>> roman.pudil at ami.cz> wrote:
>>>>>>
>>>>>>> Hi Jason,
>>>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>>>
>>>>>>> Here is URL with configuration:
>>>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> Roman Pudil
>>>>>>> solution architect
>>>>>>>
>>>>>>> gsm: [+420] 775 663 666
>>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>>
>>>>>>>
>>>>>>> AMI Praha a.s.
>>>>>>> Pláničkova 11
>>>>>>> 162 00 Praha 6
>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>> web: http://www.ami.cz/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>
>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>> za společnost AMI Praha a.s.
>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>> výhradně písemnou formu.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------ Původní zpráva ------
>>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>>> Odesláno: 2.6.2016 15:34:33
>>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>>
>>>>>>>
>>>>>>> What SSO method are you using or what SSO agent/client?
>>>>>>>
>>>>>>> JASON
>>>>>>>
>>>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> hi,
>>>>>>>>
>>>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>>>
>>>>>>>> When I try to get to https://midpoint/ I get 500 and I can see
>>>>>>>> stack trace in log (below).
>>>>>>>>
>>>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>>>> attachments.
>>>>>>>>
>>>>>>>>
>>>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Could you help me ?
>>>>>>>> Thank you very much
>>>>>>>>
>>>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>>>
>>>>>>>> Merve
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>> computer.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> CONFIDENTIALITY NOTICE:
>>>>>> This e-mail together with any attachments is proprietary and
>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>> computer.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Merve CEYLAN
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Merve CEYLAN
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/0bbf7dcf/attachment.htm>

From aivo.kuhlberg at rmit.ee  Tue Jun  7 10:10:18 2016
From: aivo.kuhlberg at rmit.ee (Aivo Kuhlberg)
Date: Tue, 7 Jun 2016 08:10:18 +0000
Subject: [midPoint] Question about syncing situation
Message-ID: <1465287016369.84164@rmit.ee>

Hi,

I have question about one syncing situation. I import users from CSV-file and use Exchange connector to sync both AD/Exchange user accounts and groups (as roles). I am testing following situation:

  1.  I create a new group "testgroup" in AD
  2.  I run reconciliation of AD groups and I see that new midPoint role "testgroup" is created from AD group.
  3.  Now I assign this newly created role to midPoint user "testuser". I see that the same AD user account is now group member of testgroup in AD.
  4.  Now I delete in AD group testgroup. This should be OK as midPoint is able to restore deleted AD group and its members.
  5.  After that I do import of users from CSV file. I understand this is unusual situation and I probably should have done before that reconciliation of AD groups and users but I just wanted to see what happens. What happens is that after CSV file import AD group is restored in AD but AD user is not member of this group. Another thing what happens is that I see following error:

2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] [midPointScheduler_Worker-7] ERROR (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error executing changes for (entitlement (group) on resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't add object. Object already exists: Object already exists on the resource: org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)

When I look at the shadow information of testgroup and testuser then I see that they have now following attributes:
For testgroup:
<dead>true</dead>
<synchronizationSituation>deleted</synchronizationSituation>

and for testuser:
<dead>true</dead>
<synchronizationSituation>linked</synchronizationSituation>

I have to fix this situation by deleting manually testgroup and testuser shadows and do reconciliation of AD groups and users.


Has anybody tested that situation and should midPoint 3.3.1 be able to resolve that situation automatically or is it too complex situation and I just have to avoid it by doing AD groups and users reconciliation every time before importing users fom CSV file?

Thanks,
Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/3d76b038/attachment.htm>

From jeverling at bshp.edu  Tue Jun  7 16:31:15 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Tue, 7 Jun 2016 09:31:15 -0500
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CADu1p_iXn81LunVMrT=v9K9OnQ+xo4ceJ9Fzc+n4fW0FPQ20gA@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
 <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
 <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>
 <CAFkZXY4LhvTDXcjFrrtUgX34ve_XYqK3-OGvzEWihLQRavt3Ug@mail.gmail.com>
 <CADu1p_iXn81LunVMrT=v9K9OnQ+xo4ceJ9Fzc+n4fW0FPQ20gA@mail.gmail.com>
Message-ID: <CAFkZXY6PYsmRtFfja=xn9pK4XPuZ8D-haNMb=C6ktBNNQG4cSA@mail.gmail.com>

Did you add the certificate that is being used by CAS to midpoint's
keystore under mindpoint.home? It needs to be there

JASON

On Tue, Jun 7, 2016 at 2:16 AM, mceylan <mrveceylan at gmail.com> wrote:

> Thanks Jason. I did they say. But I get an error. Midpoint login page
> error message
>
>
> http://localhost:8080/midpoint/j_spring_cas_security_check?ticket=ST-1-ocJ73L6rbrpicihnTSjo-cas01.example.org
>
> Internal Server Error
>
> Unexpected error occurred, if necessary please contact system
> administrator.
>
>
> idm.log
>
>
> 2016-06-07 10:15:01,285 [] [http-nio-8080-exec-4] ERROR
> (com.evolveum.midpoint.web.util.MidPointProfilingServletFilter):
> Encountered exception: java.lang.RuntimeException:
> javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
> java.lang.RuntimeException: javax.net.ssl.SSLException:
> java.lang.RuntimeException: Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty
>         at
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)
> ~[cas-client-core-3.3.3.jar:3.3.3]
>         at
> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
> ~[cas-client-core-3.3.3.jar:3.3.3]
>         at
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
> ~[cas-client-core-3.3.3.jar:3.3.3]
>         at
> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
> ~[spring-security-core-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
> ~[cas-client-core-3.3.3.jar:3.3.3]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>         at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>         at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>         at
> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
> ~[cas-client-core-3.3.3.jar:3.3.3]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>         at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>         at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>         at
> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
> ~[classes/:na]
>         at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
> [catalina.jar:8.0.33]
>         at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
> [catalina.jar:8.0.33]
>
>
> Thanks,
>
> Merve
>
>
>
> 2016-06-03 17:03 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>
>> No, you need to comment out that block for CAS auth, that is only used if
>> you are using another method that passes the auth through the header, look
>> at mine below, that is correctly done for CAS, well at least for v 3.2
>>
>> http://pastebin.com/mHW8hvP4
>>
>> JASON
>>
>> On Fri, Jun 3, 2016 at 2:09 AM, mceylan <mrveceylan at gmail.com> wrote:
>>
>>> Hi,
>>> I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
>>> login page error
>>>
>>> stack tree
>>>
>>> 2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
>>> (com.evolveum.midpoint.web.page.error.PageError): Creating error page for
>>> code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
>>> page using constructor 'public
>>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>>> been thrown during construction!: {}
>>> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
>>> constructor 'public
>>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>>> been thrown during construction!
>>>         at
>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>>> ~[wicket-request-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>> [wicket-core-6.20.0.jar:6.20.0]
>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>>> [catalina.jar:8.0.33]
>>>         at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>>> [catalina.jar:8.0.33]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>         at
>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>
>>>
>>>
>>>
>>> 2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>
>>>> He was mentioning that to me thinking it was me having the issues,
>>>>
>>>> Merve, what are you using to pass your HEADER auth? Or are you using
>>>> CAS?
>>>>
>>>> JASON
>>>>
>>>> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>
>>>>> Hi Roman,
>>>>>
>>>>> why uncomment  line with "PRE_AUTH_FILTER"?
>>>>>
>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>>>>> setup Basically what needs to be done is to uncomment the following
>>>>> line:
>>>>>
>>>>> <custom-filter position="PRE_AUTH_FILTER" ref=
>>>>> "requestHeaderAuthenticationFilter" />
>>>>>
>>>>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>>>
>>>>>> Hah! Wait, I am not the one with issue, it is the other on the
>>>>>> thread, Merve
>>>>>>
>>>>>> JASON
>>>>>>
>>>>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>>>>> roman.pudil at ami.cz> wrote:
>>>>>>
>>>>>>> Hi Jason,
>>>>>>>
>>>>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> Roman Pudil
>>>>>>> solution architect
>>>>>>>
>>>>>>> gsm: [+420] 775 663 666
>>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>>
>>>>>>>
>>>>>>> AMI Praha a.s.
>>>>>>> Pláničkova 11
>>>>>>> 162 00 Praha 6
>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>> web: www.ami.cz
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>
>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>> za společnost AMI Praha a.s.
>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>> výhradně písemnou formu.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ------ Původní zpráva ------
>>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>;
>>>>>>> "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>>> Odesláno: 2.6.2016 15:51:17
>>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>>
>>>>>>>
>>>>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had
>>>>>>> any issues, it was pretty easy to setup. I am looking over my files to see
>>>>>>> if I did anything outside of that document or what was commented in
>>>>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>>>>
>>>>>>> You can check ours here,
>>>>>>> http://pastebin.com/mHW8hvP4
>>>>>>>
>>>>>>>
>>>>>>> JASON
>>>>>>>
>>>>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>>>>> roman.pudil at ami.cz> wrote:
>>>>>>>
>>>>>>>> Hi Jason,
>>>>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>>>>
>>>>>>>> Here is URL with configuration:
>>>>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>>
>>>>>>>> Roman Pudil
>>>>>>>> solution architect
>>>>>>>>
>>>>>>>> gsm: [+420] 775 663 666
>>>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>>>
>>>>>>>>
>>>>>>>> AMI Praha a.s.
>>>>>>>> Pláničkova 11
>>>>>>>> 162 00 Praha 6
>>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>>> web: http://www.ami.cz/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>>
>>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>>> za společnost AMI Praha a.s.
>>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>>> výhradně písemnou formu.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ------ Původní zpráva ------
>>>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>>>> Odesláno: 2.6.2016 15:34:33
>>>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>>>
>>>>>>>>
>>>>>>>> What SSO method are you using or what SSO agent/client?
>>>>>>>>
>>>>>>>> JASON
>>>>>>>>
>>>>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> hi,
>>>>>>>>>
>>>>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>>>>
>>>>>>>>> When I try to get to https://midpoint/ I get 500 and I can see
>>>>>>>>> stack trace in log (below).
>>>>>>>>>
>>>>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>>>>> attachments.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Could you help me ?
>>>>>>>>> Thank you very much
>>>>>>>>>
>>>>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>>>>
>>>>>>>>> Merve
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> midPoint mailing list
>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>>> computer.
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> midPoint mailing list
>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>> computer.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> CONFIDENTIALITY NOTICE:
>>>>>> This e-mail together with any attachments is proprietary and
>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>> computer.
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Merve CEYLAN
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> CONFIDENTIALITY NOTICE:
>>>> This e-mail together with any attachments is proprietary and
>>>> confidential; intended for only the recipient(s) named above and may
>>>> contain information that is privileged. You should not retain, copy or use
>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>> of the contents to any person. Any views or opinions expressed in this
>>>> e-mail are those of the author and do not represent those of the Baptist
>>>> School of Health Professions. If you have received this e-mail in error, or
>>>> are not the named recipient(s), you are hereby notified that any review,
>>>> dissemination, distribution or copying of this communication is prohibited
>>>> by the sender and to do so might constitute a violation of the Electronic
>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>> notify the sender and delete this e-mail and any attachments from your
>>>> computer.
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>> Merve CEYLAN
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>>
>> CONFIDENTIALITY NOTICE:
>> This e-mail together with any attachments is proprietary and
>> confidential; intended for only the recipient(s) named above and may
>> contain information that is privileged. You should not retain, copy or use
>> this e-mail or any attachments for any purpose, or disclose all or any part
>> of the contents to any person. Any views or opinions expressed in this
>> e-mail are those of the author and do not represent those of the Baptist
>> School of Health Professions. If you have received this e-mail in error, or
>> are not the named recipient(s), you are hereby notified that any review,
>> dissemination, distribution or copying of this communication is prohibited
>> by the sender and to do so might constitute a violation of the Electronic
>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>> notify the sender and delete this e-mail and any attachments from your
>> computer.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> Merve CEYLAN
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/05199a64/attachment.htm>

From pavol.obertas at saned.sk  Tue Jun  7 19:33:51 2016
From: pavol.obertas at saned.sk (pavol.obertas at saned.sk)
Date: Tue, 7 Jun 2016 19:33:51 +0200
Subject: [midPoint] MidPoint customisation and deployment training
Message-ID: <4888D2FD-25BB-4549-AAD9-B071628562E3@saned.sk>

Dear midPoint partner/supporter.

Herein we would like to let you know about upcoming online customization and deployment  workshop/training.

To make it more time-available for you, we decided to split the training into two sessions. 

The first one will be organized on 14/15th of June and second half on 21/22nd of June.

The training is convenient for European time zones. 

Please let us know your interest and we’ll send you more details regarding this Live Virtual Training.

We’re looking forward to your interest.

Best regards,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/1e4dddb0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SanEd Evolveum.jpg
Type: image/jpeg
Size: 33525 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/1e4dddb0/attachment.jpg>

From fstingaciu at mirantis.com  Tue Jun  7 20:54:05 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Tue, 7 Jun 2016 11:54:05 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
Message-ID: <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>

Hey Pavol,

So I managed to update to the latest version, applied to DB patch, and also
double checked that adding and removing inducements for roles works now.
However, when I try to recompute all members (there's only one member), I
get the following error stack:

2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR
(com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
Recompute: Schema error while creating a search filter: Failed to convert
query. Reason: No definition for item assignment/targetRef in
POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
com.evolveum.midpoint.util.exception.SchemaException: Failed to convert
query. Reason: No definition for item assignment/targetRef in
POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
        at
com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
~[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
[task-quartz-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
[task-quartz-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
[task-quartz-impl-3.4-SNAPSHOT.jar:na]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
[quartz-2.1.3.jar:na]
        at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
[quartz-2.1.3.jar:na]
Caused by: com.evolveum.midpoint.util.exception.SchemaException: No
definition for item assignment/targetRef in POD:{.../common/common-3}object
{.../common/common-3}ObjectType[1,1],RAM
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
~[prism-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
~[prism-3.4-SNAPSHOT.jar:na]
        ... 11 common frames omitted


Any help would be greatly appreciated.

Thanks,
-F

On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu <fstingaciu at mirantis.com>
wrote:

> Yup, I checked and you can not add an inducement either. Also I believe
> some of the associations listed under the profile are wrong. I will write
> up a new email for that as well.
>
> Meanwhile I reverted back to the original version. I will keep an eye out
> on the ticket.
>
> Have a good night! Thanks for your prompt responses.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> I think it is similar to this one:
>> <https://jira.evolveum.com/browse/MID-3074>
>> https://jira.evolveum.com/browse/MID-3074.
>>
>> And I can see this wrong behavior also in my case. This is unpleasant.
>>
>> We'll fix it soon, hopefully tomorrow. (Now it's after midnight here... )
>>
>> Best regards,
>>
>> Pavol
>>
>> On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>
>> Hello again,
>>
>> I managed to get around this issue by actually applying the
>> mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, however
>> now I'm running into a strange issue where I can not remove inducements
>> from a role.
>>
>> For example: http://imgur.com/a/lWoKT
>>
>> The inducements stay there no matter how much I try to remove them. Is
>> this a known issue in the current master?
>>
>> Thanks,
>> -F
>>
>>
>>
>> On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly <mederly at evolveum.com>
>> wrote:
>>
>>> Hello Florin,
>>>
>>> recently we changed the db schema a bit (because of MID-3061
>>> <https://jira.evolveum.com/browse/MID-3061>).
>>>
>>> So, please apply the corresponding migration script
>>> (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>> Which one - it depends on how old your existing master is. This particular
>>> problem is related to the latest one (numbered 6).
>>>
>>> An alternative is to set hbm2ddl parameter like this (in config.xml file
>>> in midpoint.home directory):
>>>
>>> <configuration>
>>>     <midpoint>
>>>           <repository>
>>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>> ...
>>>
>>> (but this is recommended only for testing purposes, because some - but
>>> only very rare - changes are not correctly applied by hibernate itself)
>>>
>>> Best regards,
>>>
>>> Pavol
>>>
>>> On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>
>>> Hello again,
>>>
>>> I'm having some troubles when rebuilding the master. Here's the
>>> corresponding stack trace:  <http://pastebin.com/TVUAKURb>
>>> http://pastebin.com/TVUAKURb
>>>
>>> Also, I'm using SSO under apache with the following ctx-web-security.xml
>>> file:  <http://pastebin.com/rvs9cJDj>http://pastebin.com/rvs9cJDj
>>>
>>> Any ideas would be greatly appreciated.
>>>
>>> Thanks,
>>> -F
>>>
>>> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <
>>> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>>>
>>>> Thanks Pavel! I'll upgrade to the latest and let you know how that
>>>> works out.
>>>>
>>>>
>>>> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly < <mederly at evolveum.com>
>>>> mederly at evolveum.com> wrote:
>>>>
>>>>> Hello Florin,
>>>>>
>>>>> If I remember correctly, we've been fixing this problem in master
>>>>> (3.4-SNAPSHOT). It should be solved in that branch.
>>>>>
>>>>> (If not, please drop a jira issue with details how to reproduce, and
>>>>> we'll certainly fix that.)
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Pavol
>>>>>
>>>>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I'm trying to recompute all members that are assigned a particuar
>>>>> role. I tried using the "Recompute All" (
>>>>> <http://i.imgur.com/xLXjLwd.png>http://i.imgur.com/xLXjLwd.png)
>>>>> button in the "Members" section of a role. This launches a task that is
>>>>> successful however, it it does not process any objects.
>>>>>
>>>>> If I manually select the members I want and select "Recompute members"
>>>>> everything works just fine. Any ideas?
>>>>>
>>>>> Thanks,
>>>>> -F
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/6828bbd6/attachment.htm>

From fstingaciu at mirantis.com  Tue Jun  7 21:15:31 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Tue, 7 Jun 2016 12:15:31 -0700
Subject: [midPoint] Extra Associations under Projections account
Message-ID: <CAMQHPY2wS9jHJ75xsZ666yu=Z+0OebNnUeXD2+Oo2UbTPDppAg@mail.gmail.com>

Hello,

So I have this user which has only one assignment, to role cpe_services.
This role was created using the following metarole:
http://pastebin.com/uMtwyfCV

This metarole has five different inducements:

   - the first inducement is an order one inducement that creates an LDAP
   group with intent 'serviceGroup'
   - the second inducement is an order two inducement that create a
   'default' account if the employee type is equal to 'user'
   - the third inducement is an order two inducement that create a
   'service' account if the employee type is equal to 'service'
   - the fourth and fifth are both second order inducements that generate a
   gid and uid for the user

The assignment of cpe_services to the metarole creates the cpe_services
group in LDAP. The assignment of the user to cpe_services, creates an LDAP
'service' account, however when I look under projections, click on the
account, and look at associations, I see the following:
http://imgur.com/CUEH7uw

The only association there should be the "Service Group" association. The
posixMembership is an entitlement that the serviceAccount can have, however
it is not defined within this metarole. Also, as you can see, the dn for
the association is the same in both.

This problem is not only limited to my serviceGroups entitlement but all
entitlements. It also happens for different types of accounts as well.

Please let me know if I can provide with anything further that would help
debug this issue.

Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/7c605a25/attachment.htm>

From mederly at evolveum.com  Tue Jun  7 22:36:11 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 7 Jun 2016 22:36:11 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
Message-ID: <8b8ce7c8-6edd-8d02-633f-c155e11d318b@evolveum.com>

Hello Florin,

you are right. I was able to reproduce it here.

I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.

(Besides that, I noticed some problems with "Add members" function, so 
I'll continue testing it.)

Best regards,

Pavol


On 07.06.2016 20:54, Florin. Stingaciu wrote:
> Hey Pavol,
>
> So I managed to update to the latest version, applied to DB patch, and 
> also double checked that adding and removing inducements for roles 
> works now. However, when I try to recompute all members (there's only 
> one member), I get the following error stack:
>
> 2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR 
> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler): 
> Recompute: Schema error while creating a search filter: Failed to 
> convert query. Reason: No definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
> com.evolveum.midpoint.util.exception.SchemaException: Failed to 
> convert query. Reason: No definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108) 
> ~[model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at org.quartz.core.JobRunShell.run(JobRunShell.java:213) 
> [quartz-2.1.3.jar:na]
>         at 
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) 
> [quartz-2.1.3.jar:na]
> Caused by: com.evolveum.midpoint.util.exception.SchemaException: No 
> definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         ... 11 common frames omitted
>
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu 
> <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>
>     Yup, I checked and you can not add an inducement either. Also I
>     believe some of the associations listed under the profile are
>     wrong. I will write up a new email for that as well.
>
>     Meanwhile I reverted back to the original version. I will keep an
>     eye out on the ticket.
>
>     Have a good night! Thanks for your prompt responses.
>
>     Thanks,
>     -F
>
>     On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
>         I think it is similar to this one:
>         https://jira.evolveum.com/browse/MID-3074.
>
>         And I can see this wrong behavior also in my case. This is
>         unpleasant.
>
>         We'll fix it soon, hopefully tomorrow. (Now it's after
>         midnight here... )
>
>         Best regards,
>
>         Pavol
>
>
>         On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>         Hello again,
>>
>>         I managed to get around this issue by actually applying the
>>         mysql-upgrade-3.3-3.4.sql patch. Everything came back up just
>>         fine, however now I'm running into a strange issue where I
>>         can not remove inducements from a role.
>>
>>         For example: http://imgur.com/a/lWoKT
>>
>>         The inducements stay there no matter how much I try to remove
>>         them. Is this a known issue in the current master?
>>
>>         Thanks,
>>         -F
>>
>>
>>
>>         On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>             Hello Florin,
>>
>>             recently we changed the db schema a bit (because of
>>             MID-3061 <https://jira.evolveum.com/browse/MID-3061>).
>>
>>             So, please apply the corresponding migration script
>>             (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>             Which one - it depends on how old your existing master
>>             is. This particular problem is related to the latest one
>>             (numbered 6).
>>
>>             An alternative is to set hbm2ddl parameter like this (in
>>             config.xml file in midpoint.home directory):
>>
>>             <configuration>
>>                 <midpoint>
>>                       <repository>
>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>             ...
>>
>>             (but this is recommended only for testing purposes,
>>             because some - but only very rare - changes are not
>>             correctly applied by hibernate itself)
>>
>>             Best regards,
>>
>>             Pavol
>>
>>
>>             On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>             Hello again,
>>>
>>>             I'm having some troubles when rebuilding the master.
>>>             Here's the corresponding stack trace:
>>>             http://pastebin.com/TVUAKURb
>>>
>>>             Also, I'm using SSO under apache with the following
>>>             ctx-web-security.xml file: http://pastebin.com/rvs9cJDj
>>>
>>>             Any ideas would be greatly appreciated.
>>>
>>>             Thanks,
>>>             -F
>>>
>>>             On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu
>>>             <fstingaciu at mirantis.com
>>>             <mailto:fstingaciu at mirantis.com>> wrote:
>>>
>>>                 Thanks Pavel! I'll upgrade to the latest and let you
>>>                 know how that works out.
>>>
>>>
>>>                 On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>>>                 <mederly at evolveum.com <mailto:mederly at evolveum.com>>
>>>                 wrote:
>>>
>>>                     Hello Florin,
>>>
>>>                     If I remember correctly, we've been fixing this
>>>                     problem in master (3.4-SNAPSHOT). It should be
>>>                     solved in that branch.
>>>
>>>                     (If not, please drop a jira issue with details
>>>                     how to reproduce, and we'll certainly fix that.)
>>>
>>>                     Best regards,
>>>
>>>                     Pavol
>>>
>>>
>>>                     On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>                     Hello,
>>>>
>>>>                     I'm trying to recompute all members that are
>>>>                     assigned a particuar role. I tried using the
>>>>                     "Recompute All"
>>>>                     (http://i.imgur.com/xLXjLwd.png) button in the
>>>>                     "Members" section of a role. This launches a
>>>>                     task that is successful however, it it does not
>>>>                     process any objects.
>>>>
>>>>                     If I manually select the members I want and
>>>>                     select "Recompute members" everything works
>>>>                     just fine. Any ideas?
>>>>
>>>>                     Thanks,
>>>>                     -F
>>>>
>>>>
>>>>                     _______________________________________________
>>>>                     midPoint mailing list
>>>>                     midPoint at lists.evolveum.com
>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>                     _______________________________________________
>>>                     midPoint mailing list
>>>                     midPoint at lists.evolveum.com
>>>                     <mailto:midPoint at lists.evolveum.com>
>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>             _______________________________________________
>>             midPoint mailing list
>>             midPoint at lists.evolveum.com
>>             <mailto:midPoint at lists.evolveum.com>
>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>         _______________________________________________
>         midPoint mailing list
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/ecbe750c/attachment.htm>

From mederly at evolveum.com  Tue Jun  7 22:36:18 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 7 Jun 2016 22:36:18 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
Message-ID: <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>

Hello Florin,

you are right. I was able to reproduce it here.

I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.

(Besides that, I noticed some problems with "Add members" function, so 
I'll continue testing it.)

Best regards,

Pavol


On 07.06.2016 20:54, Florin. Stingaciu wrote:
> Hey Pavol,
>
> So I managed to update to the latest version, applied to DB patch, and 
> also double checked that adding and removing inducements for roles 
> works now. However, when I try to recompute all members (there's only 
> one member), I get the following error stack:
>
> 2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR 
> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler): 
> Recompute: Schema error while creating a search filter: Failed to 
> convert query. Reason: No definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
> com.evolveum.midpoint.util.exception.SchemaException: Failed to 
> convert query. Reason: No definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108) 
> ~[model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164) 
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at org.quartz.core.JobRunShell.run(JobRunShell.java:213) 
> [quartz-2.1.3.jar:na]
>         at 
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) 
> [quartz-2.1.3.jar:na]
> Caused by: com.evolveum.midpoint.util.exception.SchemaException: No 
> definition for item assignment/targetRef in 
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124) 
> ~[prism-3.4-SNAPSHOT.jar:na]
>         ... 11 common frames omitted
>
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu 
> <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>
>     Yup, I checked and you can not add an inducement either. Also I
>     believe some of the associations listed under the profile are
>     wrong. I will write up a new email for that as well.
>
>     Meanwhile I reverted back to the original version. I will keep an
>     eye out on the ticket.
>
>     Have a good night! Thanks for your prompt responses.
>
>     Thanks,
>     -F
>
>     On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>
>         I think it is similar to this one:
>         https://jira.evolveum.com/browse/MID-3074.
>
>         And I can see this wrong behavior also in my case. This is
>         unpleasant.
>
>         We'll fix it soon, hopefully tomorrow. (Now it's after
>         midnight here... )
>
>         Best regards,
>
>         Pavol
>
>
>         On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>         Hello again,
>>
>>         I managed to get around this issue by actually applying the
>>         mysql-upgrade-3.3-3.4.sql patch. Everything came back up just
>>         fine, however now I'm running into a strange issue where I
>>         can not remove inducements from a role.
>>
>>         For example: http://imgur.com/a/lWoKT
>>
>>         The inducements stay there no matter how much I try to remove
>>         them. Is this a known issue in the current master?
>>
>>         Thanks,
>>         -F
>>
>>
>>
>>         On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>             Hello Florin,
>>
>>             recently we changed the db schema a bit (because of
>>             MID-3061 <https://jira.evolveum.com/browse/MID-3061>).
>>
>>             So, please apply the corresponding migration script
>>             (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>             Which one - it depends on how old your existing master
>>             is. This particular problem is related to the latest one
>>             (numbered 6).
>>
>>             An alternative is to set hbm2ddl parameter like this (in
>>             config.xml file in midpoint.home directory):
>>
>>             <configuration>
>>                 <midpoint>
>>                       <repository>
>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>             ...
>>
>>             (but this is recommended only for testing purposes,
>>             because some - but only very rare - changes are not
>>             correctly applied by hibernate itself)
>>
>>             Best regards,
>>
>>             Pavol
>>
>>
>>             On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>             Hello again,
>>>
>>>             I'm having some troubles when rebuilding the master.
>>>             Here's the corresponding stack trace:
>>>             http://pastebin.com/TVUAKURb
>>>
>>>             Also, I'm using SSO under apache with the following
>>>             ctx-web-security.xml file: http://pastebin.com/rvs9cJDj
>>>
>>>             Any ideas would be greatly appreciated.
>>>
>>>             Thanks,
>>>             -F
>>>
>>>             On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu
>>>             <fstingaciu at mirantis.com
>>>             <mailto:fstingaciu at mirantis.com>> wrote:
>>>
>>>                 Thanks Pavel! I'll upgrade to the latest and let you
>>>                 know how that works out.
>>>
>>>
>>>                 On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>>>                 <mederly at evolveum.com <mailto:mederly at evolveum.com>>
>>>                 wrote:
>>>
>>>                     Hello Florin,
>>>
>>>                     If I remember correctly, we've been fixing this
>>>                     problem in master (3.4-SNAPSHOT). It should be
>>>                     solved in that branch.
>>>
>>>                     (If not, please drop a jira issue with details
>>>                     how to reproduce, and we'll certainly fix that.)
>>>
>>>                     Best regards,
>>>
>>>                     Pavol
>>>
>>>
>>>                     On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>                     Hello,
>>>>
>>>>                     I'm trying to recompute all members that are
>>>>                     assigned a particuar role. I tried using the
>>>>                     "Recompute All"
>>>>                     (http://i.imgur.com/xLXjLwd.png) button in the
>>>>                     "Members" section of a role. This launches a
>>>>                     task that is successful however, it it does not
>>>>                     process any objects.
>>>>
>>>>                     If I manually select the members I want and
>>>>                     select "Recompute members" everything works
>>>>                     just fine. Any ideas?
>>>>
>>>>                     Thanks,
>>>>                     -F
>>>>
>>>>
>>>>                     _______________________________________________
>>>>                     midPoint mailing list
>>>>                     midPoint at lists.evolveum.com
>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>                     _______________________________________________
>>>                     midPoint mailing list
>>>                     midPoint at lists.evolveum.com
>>>                     <mailto:midPoint at lists.evolveum.com>
>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>             _______________________________________________
>>             midPoint mailing list
>>             midPoint at lists.evolveum.com
>>             <mailto:midPoint at lists.evolveum.com>
>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>         _______________________________________________
>         midPoint mailing list
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/329f3f91/attachment.htm>

From mederly at evolveum.com  Tue Jun  7 22:44:09 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 7 Jun 2016 22:44:09 +0200
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
 <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
Message-ID: <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>

The problem with "Add members" was a misconfiguration in my test 
environment.

So, working with role members should be without problems; please let us 
know if not.

Best regards,

Pavol


On 07.06.2016 22:36, Pavol Mederly wrote:
>
> Hello Florin,
>
> you are right. I was able to reproduce it here.
>
> I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.
>
> (Besides that, I noticed some problems with "Add members" function, so 
> I'll continue testing it.)
>
> Best regards,
>
> Pavol
>
>
> On 07.06.2016 20:54, Florin. Stingaciu wrote:
>> Hey Pavol,
>>
>> So I managed to update to the latest version, applied to DB patch, 
>> and also double checked that adding and removing inducements for 
>> roles works now. However, when I try to recompute all members 
>> (there's only one member), I get the following error stack:
>>
>> 2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR 
>> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler): 
>> Recompute: Schema error while creating a search filter: Failed to 
>> convert query. Reason: No definition for item assignment/targetRef in 
>> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>> com.evolveum.midpoint.util.exception.SchemaException: Failed to 
>> convert query. Reason: No definition for item assignment/targetRef in 
>> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>>         at 
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451) 
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108) 
>> ~[model-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187) 
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155) 
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479) 
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300) 
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164) 
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at org.quartz.core.JobRunShell.run(JobRunShell.java:213) 
>> [quartz-2.1.3.jar:na]
>>         at 
>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557) 
>> [quartz-2.1.3.jar:na]
>> Caused by: com.evolveum.midpoint.util.exception.SchemaException: No 
>> definition for item assignment/targetRef in 
>> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at 
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124) 
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         ... 11 common frames omitted
>>
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>> -F
>>
>> On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu 
>> <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>>
>>     Yup, I checked and you can not add an inducement either. Also I
>>     believe some of the associations listed under the profile are
>>     wrong. I will write up a new email for that as well.
>>
>>     Meanwhile I reverted back to the original version. I will keep an
>>     eye out on the ticket.
>>
>>     Have a good night! Thanks for your prompt responses.
>>
>>     Thanks,
>>     -F
>>
>>     On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>>     <mederly at evolveum.com> wrote:
>>
>>         I think it is similar to this one:
>>         https://jira.evolveum.com/browse/MID-3074.
>>
>>         And I can see this wrong behavior also in my case. This is
>>         unpleasant.
>>
>>         We'll fix it soon, hopefully tomorrow. (Now it's after
>>         midnight here... )
>>
>>         Best regards,
>>
>>         Pavol
>>
>>
>>         On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>         Hello again,
>>>
>>>         I managed to get around this issue by actually applying the
>>>         mysql-upgrade-3.3-3.4.sql patch. Everything came back up
>>>         just fine, however now I'm running into a strange issue
>>>         where I can not remove inducements from a role.
>>>
>>>         For example: http://imgur.com/a/lWoKT
>>>
>>>         The inducements stay there no matter how much I try to
>>>         remove them. Is this a known issue in the current master?
>>>
>>>         Thanks,
>>>         -F
>>>
>>>
>>>
>>>         On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>>         <mederly at evolveum.com> wrote:
>>>
>>>             Hello Florin,
>>>
>>>             recently we changed the db schema a bit (because of
>>>             MID-3061 <https://jira.evolveum.com/browse/MID-3061>).
>>>
>>>             So, please apply the corresponding migration script
>>>             (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>             Which one - it depends on how old your existing master
>>>             is. This particular problem is related to the latest one
>>>             (numbered 6).
>>>
>>>             An alternative is to set hbm2ddl parameter like this (in
>>>             config.xml file in midpoint.home directory):
>>>
>>>             <configuration>
>>>                 <midpoint>
>>>                       <repository>
>>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>             ...
>>>
>>>             (but this is recommended only for testing purposes,
>>>             because some - but only very rare - changes are not
>>>             correctly applied by hibernate itself)
>>>
>>>             Best regards,
>>>
>>>             Pavol
>>>
>>>
>>>             On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>             Hello again,
>>>>
>>>>             I'm having some troubles when rebuilding the master.
>>>>             Here's the corresponding stack trace:
>>>>             http://pastebin.com/TVUAKURb
>>>>
>>>>             Also, I'm using SSO under apache with the following
>>>>             ctx-web-security.xml file: http://pastebin.com/rvs9cJDj
>>>>
>>>>             Any ideas would be greatly appreciated.
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>             On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu
>>>>             <fstingaciu at mirantis.com> wrote:
>>>>
>>>>                 Thanks Pavel! I'll upgrade to the latest and let
>>>>                 you know how that works out.
>>>>
>>>>
>>>>                 On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>>>>                 <mederly at evolveum.com> wrote:
>>>>
>>>>                     Hello Florin,
>>>>
>>>>                     If I remember correctly, we've been fixing this
>>>>                     problem in master (3.4-SNAPSHOT). It should be
>>>>                     solved in that branch.
>>>>
>>>>                     (If not, please drop a jira issue with details
>>>>                     how to reproduce, and we'll certainly fix that.)
>>>>
>>>>                     Best regards,
>>>>
>>>>                     Pavol
>>>>
>>>>
>>>>                     On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>>                     Hello,
>>>>>
>>>>>                     I'm trying to recompute all members that are
>>>>>                     assigned a particuar role. I tried using the
>>>>>                     "Recompute All"
>>>>>                     (http://i.imgur.com/xLXjLwd.png) button in the
>>>>>                     "Members" section of a role. This launches a
>>>>>                     task that is successful however, it it does
>>>>>                     not process any objects.
>>>>>
>>>>>                     If I manually select the members I want and
>>>>>                     select "Recompute members" everything works
>>>>>                     just fine. Any ideas?
>>>>>
>>>>>                     Thanks,
>>>>>                     -F
>>>>>
>>>>>
>>>>>                     _______________________________________________
>>>>>                     midPoint mailing list
>>>>>                     midPoint at lists.evolveum.com
>>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>                     _______________________________________________
>>>>                     midPoint mailing list
>>>>                     midPoint at lists.evolveum.com
>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160607/31f0c937/attachment.htm>

From mrveceylan at gmail.com  Wed Jun  8 09:50:24 2016
From: mrveceylan at gmail.com (mceylan)
Date: Wed, 8 Jun 2016 10:50:24 +0300
Subject: [midPoint] Midpoint and SSO
In-Reply-To: <CAFkZXY6PYsmRtFfja=xn9pK4XPuZ8D-haNMb=C6ktBNNQG4cSA@mail.gmail.com>
References: <CAFkZXY575JjwuJcZQ=qBUXyxMzHYDFutnOb6YyuzPUzeg_NaGg@mail.gmail.com>
 <emfa252e64-136c-4740-85c1-be5969334bc9@rpudil-dell7440>
 <CAFkZXY7pga-ZYSNazvy+mhQvbywgtaUhc7G7y6Yw7QGTKFeN2g@mail.gmail.com>
 <CADu1p_h6hrfR+jvY6dukBEsE0xRN4=q0SGA4sGFrqrBJDRmY6w@mail.gmail.com>
 <CAFkZXY6GM32M2DdXafH+agZ3n6jj=Jwfm=8jvoNrkmaFsWva7Q@mail.gmail.com>
 <CADu1p_jRn6tctrVFZzSrWCvLdKVoONHhvPmgki9mAO1b4W7mzg@mail.gmail.com>
 <CAFkZXY4LhvTDXcjFrrtUgX34ve_XYqK3-OGvzEWihLQRavt3Ug@mail.gmail.com>
 <CADu1p_iXn81LunVMrT=v9K9OnQ+xo4ceJ9Fzc+n4fW0FPQ20gA@mail.gmail.com>
 <CAFkZXY6PYsmRtFfja=xn9pK4XPuZ8D-haNMb=C6ktBNNQG4cSA@mail.gmail.com>
Message-ID: <CADu1p_hcOpWGx7f-acCdkL1i+sBW14gR-HBp4+cukmpE7P1=Zw@mail.gmail.com>

Thanks Jason.


localhost:8080/midpoint   --->>
https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fmidpoint%2Fj_spring_cas_security_check
midpoint login page open.
username and password login  midpoint dasboard.


Now, I do not want to open the CAS page. localhost:8080:/midpoint  open the
midpoint page. MidPoint in the other application I want a login without
password. Have an idea?

Thanks,

Merve


2016-06-07 17:31 GMT+03:00 Jason Everling <jeverling at bshp.edu>:

> Did you add the certificate that is being used by CAS to midpoint's
> keystore under mindpoint.home? It needs to be there
>
> JASON
>
> On Tue, Jun 7, 2016 at 2:16 AM, mceylan <mrveceylan at gmail.com> wrote:
>
>> Thanks Jason. I did they say. But I get an error. Midpoint login page
>> error message
>>
>>
>> http://localhost:8080/midpoint/j_spring_cas_security_check?ticket=ST-1-ocJ73L6rbrpicihnTSjo-cas01.example.org
>>
>> Internal Server Error
>>
>> Unexpected error occurred, if necessary please contact system
>> administrator.
>>
>>
>> idm.log
>>
>>
>> 2016-06-07 10:15:01,285 [] [http-nio-8080-exec-4] ERROR
>> (com.evolveum.midpoint.web.util.MidPointProfilingServletFilter):
>> Encountered exception: java.lang.RuntimeException:
>> javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
>> java.security.InvalidAlgorithmParameterException: the trustAnchors
>> parameter must be non-empty
>> java.lang.RuntimeException: javax.net.ssl.SSLException:
>> java.lang.RuntimeException: Unexpected error:
>> java.security.InvalidAlgorithmParameterException: the trustAnchors
>> parameter must be non-empty
>>         at
>> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:407)
>> ~[cas-client-core-3.3.3.jar:3.3.3]
>>         at
>> org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:45)
>> ~[cas-client-core-3.3.3.jar:3.3.3]
>>         at
>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200)
>> ~[cas-client-core-3.3.3.jar:3.3.3]
>>         at
>> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
>> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
>> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
>> ~[spring-security-core-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
>> ~[spring-security-cas-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
>> ~[cas-client-core-3.3.3.jar:3.3.3]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
>> ~[spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>         at
>> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
>> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>>         at
>> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
>> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>> [catalina.jar:8.0.33]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>> [catalina.jar:8.0.33]
>>         at
>> org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100)
>> ~[cas-client-core-3.3.3.jar:3.3.3]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>> [catalina.jar:8.0.33]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>> [catalina.jar:8.0.33]
>>         at
>> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
>> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>>         at
>> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>> ~[spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>> [catalina.jar:8.0.33]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>> [catalina.jar:8.0.33]
>>         at
>> com.evolveum.midpoint.web.util.MidPointProfilingServletFilter.doFilter(MidPointProfilingServletFilter.java:86)
>> ~[classes/:na]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>> [catalina.jar:8.0.33]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>> [catalina.jar:8.0.33]
>>
>>
>> Thanks,
>>
>> Merve
>>
>>
>>
>> 2016-06-03 17:03 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>
>>> No, you need to comment out that block for CAS auth, that is only used
>>> if you are using another method that passes the auth through the header,
>>> look at mine below, that is correctly done for CAS, well at least for v 3.2
>>>
>>> http://pastebin.com/mHW8hvP4
>>>
>>> JASON
>>>
>>> On Fri, Jun 3, 2016 at 2:09 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>
>>>> Hi,
>>>> I using CAS. uncomment line with  "PRE_AUTH_FILTER" and deploy project
>>>> login page error
>>>>
>>>> stack tree
>>>>
>>>> 2016-06-03 10:05:18,998 [] [http-nio-8080-exec-1] WARN
>>>> (com.evolveum.midpoint.web.page.error.PageError): Creating error page for
>>>> code org.apache.wicket.WicketRuntimeException, exception Can't instantiate
>>>> page using constructor 'public
>>>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>>>> been thrown during construction!: {}
>>>> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
>>>> constructor 'public
>>>> com.evolveum.midpoint.web.page.self.PageSelfDashboard()'. An exception has
>>>> been thrown during construction!
>>>>         at
>>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:194)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:67)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:103)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.DefaultMapperContext.newPageInstance(DefaultMapperContext.java:137)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.core.request.handler.PageProvider.resolvePageInstance(PageProvider.java:268)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.core.request.handler.PageProvider.getPageInstance(PageProvider.java:166)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.handler.render.PageRenderer.getPage(PageRenderer.java:78)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:279)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
>>>> ~[wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
>>>> ~[wicket-request-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:259)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
>>>> [wicket-core-6.20.0.jar:6.20.0]
>>>>         at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
>>>> [catalina.jar:8.0.33]
>>>>         at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
>>>> [catalina.jar:8.0.33]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>         at
>>>> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
>>>> [spring-security-web-3.2.5.RELEASE.jar:3.2.5.RELEASE]
>>>>
>>>>
>>>>
>>>>
>>>> 2016-06-02 19:39 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>>
>>>>> He was mentioning that to me thinking it was me having the issues,
>>>>>
>>>>> Merve, what are you using to pass your HEADER auth? Or are you using
>>>>> CAS?
>>>>>
>>>>> JASON
>>>>>
>>>>> On Thu, Jun 2, 2016 at 9:43 AM, mceylan <mrveceylan at gmail.com> wrote:
>>>>>
>>>>>> Hi Roman,
>>>>>>
>>>>>> why uncomment  line with "PRE_AUTH_FILTER"?
>>>>>>
>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO is
>>>>>> setup Basically what needs to be done is to uncomment the following
>>>>>> line:
>>>>>>
>>>>>> <custom-filter position="PRE_AUTH_FILTER" ref=
>>>>>> "requestHeaderAuthenticationFilter" />
>>>>>>
>>>>>> 2016-06-02 16:57 GMT+03:00 Jason Everling <jeverling at bshp.edu>:
>>>>>>
>>>>>>> Hah! Wait, I am not the one with issue, it is the other on the
>>>>>>> thread, Merve
>>>>>>>
>>>>>>> JASON
>>>>>>>
>>>>>>> On Thu, Jun 2, 2016 at 8:56 AM, Roman Pudil - AMI Praha a.s. <
>>>>>>> roman.pudil at ami.cz> wrote:
>>>>>>>
>>>>>>>> Hi Jason,
>>>>>>>>
>>>>>>>> try to uncoment line with "PRE_AUTH_FILTER".
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>>
>>>>>>>> Roman Pudil
>>>>>>>> solution architect
>>>>>>>>
>>>>>>>> gsm: [+420] 775 663 666
>>>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>>>
>>>>>>>>
>>>>>>>> AMI Praha a.s.
>>>>>>>> Pláničkova 11
>>>>>>>> 162 00 Praha 6
>>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>>> web: www.ami.cz
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>>
>>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>>> za společnost AMI Praha a.s.
>>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>>> výhradně písemnou formu.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ------ Původní zpráva ------
>>>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>>>> Komu: "Roman Pudil - AMI Praha a.s." <roman.pudil at ami.cz>;
>>>>>>>> "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>>>> Odesláno: 2.6.2016 15:51:17
>>>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>>>
>>>>>>>>
>>>>>>>> We are using the Java CAS Client, in midpoint 3.2, and haven't had
>>>>>>>> any issues, it was pretty easy to setup. I am looking over my files to see
>>>>>>>> if I did anything outside of that document or what was commented in
>>>>>>>> ctx-web-security.xml but I do not think that would be the case.
>>>>>>>>
>>>>>>>> You can check ours here,
>>>>>>>> http://pastebin.com/mHW8hvP4
>>>>>>>>
>>>>>>>>
>>>>>>>> JASON
>>>>>>>>
>>>>>>>> On Thu, Jun 2, 2016 at 8:40 AM, Roman Pudil - AMI Praha a.s. <
>>>>>>>> roman.pudil at ami.cz> wrote:
>>>>>>>>
>>>>>>>>> Hi Jason,
>>>>>>>>> we tried CAS + MidPoint as SSO solution.
>>>>>>>>>
>>>>>>>>> Here is URL with configuration:
>>>>>>>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=17760854
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Roman Pudil
>>>>>>>>> solution architect
>>>>>>>>>
>>>>>>>>> gsm: [+420] 775 663 666
>>>>>>>>> e-mail: roman.pudil at ami.cz
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> AMI Praha a.s.
>>>>>>>>> Pláničkova 11
>>>>>>>>> 162 00 Praha 6
>>>>>>>>> tel./fax: [+420] 274 783 239
>>>>>>>>> web: http://www.ami.cz/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>>>>>
>>>>>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá
>>>>>>>>> za společnost AMI Praha a.s.
>>>>>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>>>>>> výhradně písemnou formu.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------ Původní zpráva ------
>>>>>>>>> Od: "Jason Everling" <jeverling at bshp.edu>
>>>>>>>>> Komu: "midPoint General Discussion" <midpoint at lists.evolveum.com>
>>>>>>>>> Odesláno: 2.6.2016 15:34:33
>>>>>>>>> Předmět: Re: [midPoint] Midpoint and SSO
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> What SSO method are you using or what SSO agent/client?
>>>>>>>>>
>>>>>>>>> JASON
>>>>>>>>>
>>>>>>>>> On Thu, Jun 2, 2016 at 3:06 AM, mceylan <mrveceylan at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> hi,
>>>>>>>>>>
>>>>>>>>>> I have a problem with  midpoint and SSO. I followed steps on the
>>>>>>>>>> https://wiki.evolveum.com/display/midPoint/MidPoint+and+SSO+HOWTO
>>>>>>>>>>
>>>>>>>>>> When I try to get to https://midpoint/ I get 500 and I can see
>>>>>>>>>> stack trace in log (below).
>>>>>>>>>>
>>>>>>>>>> My configuration files: ctx-web-security.xml and web.xml are in
>>>>>>>>>> attachments.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Could you help me ?
>>>>>>>>>> Thank you very much
>>>>>>>>>>
>>>>>>>>>>    - <https://jira.evolveum.com/browse/MID-2564#>
>>>>>>>>>>
>>>>>>>>>> Merve
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> midPoint mailing list
>>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>>>> computer.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> midPoint mailing list
>>>>>>>>> midPoint at lists.evolveum.com
>>>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>>> computer.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> CONFIDENTIALITY NOTICE:
>>>>>>> This e-mail together with any attachments is proprietary and
>>>>>>> confidential; intended for only the recipient(s) named above and may
>>>>>>> contain information that is privileged. You should not retain, copy or use
>>>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>>>> computer.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> midPoint at lists.evolveum.com
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Merve CEYLAN
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE:
>>>>> This e-mail together with any attachments is proprietary and
>>>>> confidential; intended for only the recipient(s) named above and may
>>>>> contain information that is privileged. You should not retain, copy or use
>>>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>>>> of the contents to any person. Any views or opinions expressed in this
>>>>> e-mail are those of the author and do not represent those of the Baptist
>>>>> School of Health Professions. If you have received this e-mail in error, or
>>>>> are not the named recipient(s), you are hereby notified that any review,
>>>>> dissemination, distribution or copying of this communication is prohibited
>>>>> by the sender and to do so might constitute a violation of the Electronic
>>>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>>>> notify the sender and delete this e-mail and any attachments from your
>>>>> computer.
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Merve CEYLAN
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>>
>>> CONFIDENTIALITY NOTICE:
>>> This e-mail together with any attachments is proprietary and
>>> confidential; intended for only the recipient(s) named above and may
>>> contain information that is privileged. You should not retain, copy or use
>>> this e-mail or any attachments for any purpose, or disclose all or any part
>>> of the contents to any person. Any views or opinions expressed in this
>>> e-mail are those of the author and do not represent those of the Baptist
>>> School of Health Professions. If you have received this e-mail in error, or
>>> are not the named recipient(s), you are hereby notified that any review,
>>> dissemination, distribution or copying of this communication is prohibited
>>> by the sender and to do so might constitute a violation of the Electronic
>>> Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
>>> notify the sender and delete this e-mail and any attachments from your
>>> computer.
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>> Merve CEYLAN
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Merve CEYLAN
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160608/4ca86f36/attachment.htm>

From michal_steklac at datalan.sk  Wed Jun  8 16:48:06 2016
From: michal_steklac at datalan.sk (=?UTF-8?B?TWljaGFsIMWgdGVrbMOhxI0=?=)
Date: Wed, 8 Jun 2016 16:48:06 +0200
Subject: [midPoint] Synchronizing organizational structure to LDAP
In-Reply-To: <5731B45D.5030705@datalan.sk>
References: <5731B45D.5030705@datalan.sk>
Message-ID: <57583026.8030502@datalan.sk>

Hi,

it is possible add one user to more organization unit in one 
organization hierarchy?

thanks & regards
MiSo

On 10.05.2016 12:13, Michal Štekláč wrote:
> Hi,
>
> I attempt to sync the organizational structure from the CSV resource 
> to LDAP resource. According to the procedure in the wiki 
> (https://wiki.evolveum.com/display/midPoint/OrgSync+Story+Test) I 
> tried to synchronize users in LDAP subtree where the organizational 
> structure (users DN uid=jhrasko,ou=AAA,ou=orgs,dc=example,dc=com).
>
> It would be possible to have all users in LDAP in a subtree 
> ou=people,dc=example,dc=com and organizational structures in a subtree 
> ou=orgs,dc=example,dc=com? The inclusion of users into organizational 
> structure would be using the attribute uniqueMember the organizational 
> unit.
> dn: ou=aaa,ou=orgs,dc=example,dc=com
> ...
> uniqueMember: uid=jhrasko,ou=people,dc=example,dc=com
> uniqueMember: uid=fmrkvicka,ou=people,dc=example,dc=com
> ...
>
> Best regards,
> MiSo
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint



From ivan.noris at evolveum.com  Wed Jun  8 16:52:11 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 8 Jun 2016 16:52:11 +0200
Subject: [midPoint] Synchronizing organizational structure to LDAP
In-Reply-To: <57583026.8030502@datalan.sk>
References: <5731B45D.5030705@datalan.sk> <57583026.8030502@datalan.sk>
Message-ID: <5758311B.5050406@evolveum.com>

Yes, org. structure can do that.

Ivan

On 06/08/2016 04:48 PM, Michal Štekláč wrote:
> Hi,
>
> it is possible add one user to more organization unit in one
> organization hierarchy?
>
> thanks & regards
> MiSo
>
> On 10.05.2016 12:13, Michal Štekláč wrote:
>> Hi,
>>
>> I attempt to sync the organizational structure from the CSV resource
>> to LDAP resource. According to the procedure in the wiki
>> (https://wiki.evolveum.com/display/midPoint/OrgSync+Story+Test) I
>> tried to synchronize users in LDAP subtree where the organizational
>> structure (users DN uid=jhrasko,ou=AAA,ou=orgs,dc=example,dc=com).
>>
>> It would be possible to have all users in LDAP in a subtree
>> ou=people,dc=example,dc=com and organizational structures in a
>> subtree ou=orgs,dc=example,dc=com? The inclusion of users into
>> organizational structure would be using the attribute uniqueMember
>> the organizational unit.
>> dn: ou=aaa,ou=orgs,dc=example,dc=com
>> ...
>> uniqueMember: uid=jhrasko,ou=people,dc=example,dc=com
>> uniqueMember: uid=fmrkvicka,ou=people,dc=example,dc=com
>> ...
>>
>> Best regards,
>> MiSo
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."



From fstingaciu at mirantis.com  Wed Jun  8 20:58:26 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Wed, 8 Jun 2016 11:58:26 -0700
Subject: [midPoint] Recompute All Members for Role
In-Reply-To: <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
 <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
 <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>
Message-ID: <CAMQHPY0EPK2E6pZaodaF3ruVq8f0+vwyYqyshWY3iHg_AzfJrw@mail.gmail.com>

Hello again,

I updated to the latest version however, now I'm experiencing problems when
trying to unassign a role from a user. It fails with the following stack
trace:


2016-06-08 18:51:09,702 [] [Thread-31] ERROR
(com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
in connector:c230c871-6f5b-4525-abee-d2905569b8df(ICF
com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3.0-SNAPSHOT):
resource:a0741b12-c96d-491d-8213-ecad84ab490e(OpenLDAP Accounts Schema)
while adding attribute values to object identified by ICF UID
'uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net': Error modifying
LDAP entry uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
[add:objectClass: top
objectClass: person
objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
Error modifying LDAP entry
uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net: [add:objectClass:
top
objectClass: person
objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
        at
com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:440)
~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
        at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:923)
~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
        at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:914)
~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
        at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:864)
~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
        at
com.evolveum.polygon.connector.ldap.AbstractLdapConnector.addAttributeValues(AbstractLdapConnector.java:804)
~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
        at
org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.addAttributeValues(UpdateImpl.java:129)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_101]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_101]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_101]
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
        at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
~[na:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_101]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_101]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_101]
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
        at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
~[na:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_101]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_101]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_101]
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
        at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
~[na:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_101]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_101]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_101]
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
        at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
~[na:na]
        at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.addAttributeValues(AbstractConnectorFacade.java:199)
~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1791)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:210)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:697)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:529)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:480)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:763)
[provisioning-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1265)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1108)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:704)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:294)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:507)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:336)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:214)
[model-impl-3.4-SNAPSHOT.jar:na]
        at
com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:555)
[model-impl-3.4-SNAPSHOT.jar:na]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.7.0_101]
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[na:1.7.0_101]
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_101]
        at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
        at
org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
[wicket-ioc-7.1.0.jar:7.1.0]
        at com.sun.proxy.$Proxy146.executeChanges(Unknown Source) [na:na]
        at
com.evolveum.midpoint.web.component.progress.ProgressReporter$1.run(ProgressReporter.java:188)
[ProgressReporter$1.class:na]
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101]

I just double checked and this seems to happen with both today's build and
yesterday's build. It seems as even though I'm unassigning the user from a
group it is trying to add an object class to the user DN

Thanks,
-F


On Tue, Jun 7, 2016 at 1:44 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> The problem with "Add members" was a misconfiguration in my test
> environment.
>
> So, working with role members should be without problems; please let us
> know if not.
>
> Best regards,
>
> Pavol
>
> On 07.06.2016 22:36, Pavol Mederly wrote:
>
> Hello Florin,
>
> you are right. I was able to reproduce it here.
>
> I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.
>
> (Besides that, I noticed some problems with "Add members" function, so
> I'll continue testing it.)
>
> Best regards,
>
> Pavol
>
> On 07.06.2016 20:54, Florin. Stingaciu wrote:
>
> Hey Pavol,
>
> So I managed to update to the latest version, applied to DB patch, and
> also double checked that adding and removing inducements for roles works
> now. However, when I try to recompute all members (there's only one
> member), I get the following error stack:
>
> 2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR
> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
> Recompute: Schema error while creating a search filter: Failed to convert
> query. Reason: No definition for item assignment/targetRef in
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
> com.evolveum.midpoint.util.exception.SchemaException: Failed to convert
> query. Reason: No definition for item assignment/targetRef in
> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>         at
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
> ~[model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>         at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
> [quartz-2.1.3.jar:na]
>         at
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
> [quartz-2.1.3.jar:na]
> Caused by: com.evolveum.midpoint.util.exception.SchemaException: No
> definition for item assignment/targetRef in POD:{.../common/common-3}object
> {.../common/common-3}ObjectType[1,1],RAM
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
> ~[prism-3.4-SNAPSHOT.jar:na]
>         ... 11 common frames omitted
>
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
> On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu <
> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>
>> Yup, I checked and you can not add an inducement either. Also I believe
>> some of the associations listed under the profile are wrong. I will write
>> up a new email for that as well.
>>
>> Meanwhile I reverted back to the original version. I will keep an eye out
>> on the ticket.
>>
>> Have a good night! Thanks for your prompt responses.
>>
>> Thanks,
>> -F
>>
>> On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> I think it is similar to this one:
>>> <https://jira.evolveum.com/browse/MID-3074>
>>> https://jira.evolveum.com/browse/MID-3074.
>>>
>>> And I can see this wrong behavior also in my case. This is unpleasant.
>>>
>>> We'll fix it soon, hopefully tomorrow. (Now it's after midnight here... )
>>>
>>> Best regards,
>>>
>>> Pavol
>>>
>>> On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>
>>> Hello again,
>>>
>>> I managed to get around this issue by actually applying the
>>> mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, however
>>> now I'm running into a strange issue where I can not remove inducements
>>> from a role.
>>>
>>> For example:  <http://imgur.com/a/lWoKT>http://imgur.com/a/lWoKT
>>>
>>> The inducements stay there no matter how much I try to remove them. Is
>>> this a known issue in the current master?
>>>
>>> Thanks,
>>> -F
>>>
>>>
>>>
>>> On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly < <mederly at evolveum.com>
>>> mederly at evolveum.com> wrote:
>>>
>>>> Hello Florin,
>>>>
>>>> recently we changed the db schema a bit (because of MID-3061
>>>> <https://jira.evolveum.com/browse/MID-3061>).
>>>>
>>>> So, please apply the corresponding migration script
>>>> (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>> Which one - it depends on how old your existing master is. This particular
>>>> problem is related to the latest one (numbered 6).
>>>>
>>>> An alternative is to set hbm2ddl parameter like this (in config.xml
>>>> file in midpoint.home directory):
>>>>
>>>> <configuration>
>>>>     <midpoint>
>>>>           <repository>
>>>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>> ...
>>>>
>>>> (but this is recommended only for testing purposes, because some - but
>>>> only very rare - changes are not correctly applied by hibernate itself)
>>>>
>>>> Best regards,
>>>>
>>>> Pavol
>>>>
>>>> On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>
>>>> Hello again,
>>>>
>>>> I'm having some troubles when rebuilding the master. Here's the
>>>> corresponding stack trace:  <http://pastebin.com/TVUAKURb>
>>>> http://pastebin.com/TVUAKURb
>>>>
>>>> Also, I'm using SSO under apache with the following
>>>> ctx-web-security.xml file:  <http://pastebin.com/rvs9cJDj>
>>>> http://pastebin.com/rvs9cJDj
>>>>
>>>> Any ideas would be greatly appreciated.
>>>>
>>>> Thanks,
>>>> -F
>>>>
>>>> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <
>>>> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>>>>
>>>>> Thanks Pavel! I'll upgrade to the latest and let you know how that
>>>>> works out.
>>>>>
>>>>>
>>>>> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly <
>>>>> <mederly at evolveum.com>mederly at evolveum.com> wrote:
>>>>>
>>>>>> Hello Florin,
>>>>>>
>>>>>> If I remember correctly, we've been fixing this problem in master
>>>>>> (3.4-SNAPSHOT). It should be solved in that branch.
>>>>>>
>>>>>> (If not, please drop a jira issue with details how to reproduce, and
>>>>>> we'll certainly fix that.)
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Pavol
>>>>>>
>>>>>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm trying to recompute all members that are assigned a particuar
>>>>>> role. I tried using the "Recompute All" (
>>>>>> <http://i.imgur.com/xLXjLwd.png>http://i.imgur.com/xLXjLwd.png)
>>>>>> button in the "Members" section of a role. This launches a task that is
>>>>>> successful however, it it does not process any objects.
>>>>>>
>>>>>> If I manually select the members I want and select "Recompute
>>>>>> members" everything works just fine. Any ideas?
>>>>>>
>>>>>> Thanks,
>>>>>> -F
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> <midPoint at lists.evolveum.com>midPoint at lists.evolveum.com
>>>>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160608/6f9380be/attachment.htm>

From mederly at evolveum.com  Wed Jun  8 22:45:41 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Wed, 8 Jun 2016 22:45:41 +0200
Subject: [midPoint] Unassigning a role (was: Recompute All Members for Role)
In-Reply-To: <CAMQHPY0EPK2E6pZaodaF3ruVq8f0+vwyYqyshWY3iHg_AzfJrw@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
 <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
 <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>
 <CAMQHPY0EPK2E6pZaodaF3ruVq8f0+vwyYqyshWY3iHg_AzfJrw@mail.gmail.com>
Message-ID: <508c2019-a2ca-edd0-d0f9-82f586867f49@evolveum.com>

Hello Florin,

I haven't experienced such an error message. It can be caused by a 
midPoint fault or by a problem in your particular configuration.

You write that you get this error with today's and yesterday's build. Do 
you think it worked well before? Or you didn't try at that time?

Without any other clues, to complete diagnose your problem, it would be 
necessary to see your configuration (resource config, and all relevant 
roles), and the logs. As for the latter, it is best to set model + 
provisioning to TRACE (with specific logging for Clockwork and Projector 
either removed, or set to TRACE as well).

But maybe somebody else would have a better idea; unfortunately, 
midnight is approaching here in Europe, so probably only tomorrow.

Best regards,

Pavol


On 08.06.2016 20:58, Florin. Stingaciu wrote:
> Hello again,
>
> I updated to the latest version however, now I'm experiencing problems 
> when trying to unassign a role from a user. It fails with the 
> following stack trace:
>
>
> 2016-06-08 18:51:09,702 [] [Thread-31] ERROR 
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception 
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException 
> in connector:c230c871-6f5b-4525-abee-d2905569b8df(ICF 
> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3.0-SNAPSHOT): 
> resource:a0741b12-c96d-491d-8213-ecad84ab490e(OpenLDAP Accounts 
> Schema) while adding attribute values to object identified by ICF UID 
> 'uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net': Error 
> modifying LDAP entry 
> uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net: 
> [add:objectClass: top
> objectClass: person
> objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException: 
> Error modifying LDAP entry 
> uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net: 
> [add:objectClass: top
> objectClass: person
> objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>         at 
> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:440) 
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:923) 
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:914) 
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:864) 
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.addAttributeValues(AbstractLdapConnector.java:804) 
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.addAttributeValues(UpdateImpl.java:129) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) 
> ~[na:1.7.0_101]
>         at 
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source) 
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) 
> ~[na:1.7.0_101]
>         at 
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source) 
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) 
> ~[na:1.7.0_101]
>         at 
> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source) 
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) 
> ~[na:1.7.0_101]
>         at 
> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source) 
> ~[na:na]
>         at 
> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.addAttributeValues(AbstractConnectorFacade.java:199) 
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1791) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:210) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:697) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:529) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:480) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:763) 
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1265) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1108) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:704) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:294) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:507) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:336) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:214) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at 
> com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:555) 
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
> ~[na:1.7.0_101]
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) 
> ~[na:1.7.0_101]
>         at 
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507) 
> [wicket-ioc-7.1.0.jar:7.1.0]
>         at com.sun.proxy.$Proxy146.executeChanges(Unknown Source) [na:na]
>         at 
> com.evolveum.midpoint.web.component.progress.ProgressReporter$1.run(ProgressReporter.java:188) 
> [ProgressReporter$1.class:na]
>         at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101]
>
> I just double checked and this seems to happen with both today's build 
> and yesterday's build. It seems as even though I'm unassigning the 
> user from a group it is trying to add an object class to the user DN
>
> Thanks,
> -F
>
>
> On Tue, Jun 7, 2016 at 1:44 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     The problem with "Add members" was a misconfiguration in my test
>     environment.
>
>     So, working with role members should be without problems; please
>     let us know if not.
>
>     Best regards,
>
>     Pavol
>
>
>     On 07.06.2016 22:36, Pavol Mederly wrote:
>>
>>     Hello Florin,
>>
>>     you are right. I was able to reproduce it here.
>>
>>     I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.
>>
>>     (Besides that, I noticed some problems with "Add members"
>>     function, so I'll continue testing it.)
>>
>>     Best regards,
>>
>>     Pavol
>>
>>
>>     On 07.06.2016 20:54, Florin. Stingaciu wrote:
>>>     Hey Pavol,
>>>
>>>     So I managed to update to the latest version, applied to DB
>>>     patch, and also double checked that adding and removing
>>>     inducements for roles works now. However, when I try to
>>>     recompute all members (there's only one member), I get the
>>>     following error stack:
>>>
>>>     2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR
>>>     (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
>>>     Recompute: Schema error while creating a search filter: Failed
>>>     to convert query. Reason: No definition for item
>>>     assignment/targetRef in POD:{.../common/common-3}object
>>>     {.../common/common-3}ObjectType[1,1],RAM
>>>     com.evolveum.midpoint.util.exception.SchemaException: Failed to
>>>     convert query. Reason: No definition for item
>>>     assignment/targetRef in POD:{.../common/common-3}object
>>>     {.../common/common-3}ObjectType[1,1],RAM
>>>             at
>>>     com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
>>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
>>>     ~[model-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
>>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
>>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
>>>     [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
>>>     [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
>>>     [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>             at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
>>>     [quartz-2.1.3.jar:na]
>>>             at
>>>     org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
>>>     [quartz-2.1.3.jar:na]
>>>     Caused by: com.evolveum.midpoint.util.exception.SchemaException:
>>>     No definition for item assignment/targetRef in
>>>     POD:{.../common/common-3}object
>>>     {.../common/common-3}ObjectType[1,1],RAM
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             at
>>>     com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
>>>     ~[prism-3.4-SNAPSHOT.jar:na]
>>>             ... 11 common frames omitted
>>>
>>>
>>>     Any help would be greatly appreciated.
>>>
>>>     Thanks,
>>>     -F
>>>
>>>     On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu
>>>     <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>>>
>>>         Yup, I checked and you can not add an inducement either.
>>>         Also I believe some of the associations listed under the
>>>         profile are wrong. I will write up a new email for that as
>>>         well.
>>>
>>>         Meanwhile I reverted back to the original version. I will
>>>         keep an eye out on the ticket.
>>>
>>>         Have a good night! Thanks for your prompt responses.
>>>
>>>         Thanks,
>>>         -F
>>>
>>>         On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>>             I think it is similar to this one:
>>>             https://jira.evolveum.com/browse/MID-3074.
>>>
>>>             And I can see this wrong behavior also in my case. This
>>>             is unpleasant.
>>>
>>>             We'll fix it soon, hopefully tomorrow. (Now it's after
>>>             midnight here... )
>>>
>>>             Best regards,
>>>
>>>             Pavol
>>>
>>>
>>>             On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>>             Hello again,
>>>>
>>>>             I managed to get around this issue by actually applying
>>>>             the mysql-upgrade-3.3-3.4.sql patch. Everything came
>>>>             back up just fine, however now I'm running into a
>>>>             strange issue where I can not remove inducements from a
>>>>             role.
>>>>
>>>>             For example: http://imgur.com/a/lWoKT
>>>>
>>>>             The inducements stay there no matter how much I try to
>>>>             remove them. Is this a known issue in the current master?
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>
>>>>
>>>>             On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>>>             <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>>
>>>>                 Hello Florin,
>>>>
>>>>                 recently we changed the db schema a bit (because of
>>>>                 MID-3061 <https://jira.evolveum.com/browse/MID-3061>).
>>>>
>>>>                 So, please apply the corresponding migration script
>>>>                 (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>>                 Which one - it depends on how old your existing
>>>>                 master is. This particular problem is related to
>>>>                 the latest one (numbered 6).
>>>>
>>>>                 An alternative is to set hbm2ddl parameter like
>>>>                 this (in config.xml file in midpoint.home directory):
>>>>
>>>>                 <configuration>
>>>>                 <midpoint>
>>>>                 <repository>
>>>>                 <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>>                 ...
>>>>
>>>>                 (but this is recommended only for testing purposes,
>>>>                 because some - but only very rare - changes are not
>>>>                 correctly applied by hibernate itself)
>>>>
>>>>                 Best regards,
>>>>
>>>>                 Pavol
>>>>
>>>>
>>>>                 On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>>                 Hello again,
>>>>>
>>>>>                 I'm having some troubles when rebuilding the
>>>>>                 master. Here's the corresponding stack trace:
>>>>>                 http://pastebin.com/TVUAKURb
>>>>>
>>>>>                 Also, I'm using SSO under apache with the
>>>>>                 following ctx-web-security.xml file:
>>>>>                 http://pastebin.com/rvs9cJDj
>>>>>
>>>>>                 Any ideas would be greatly appreciated.
>>>>>
>>>>>                 Thanks,
>>>>>                 -F
>>>>>
>>>>>                 On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu
>>>>>                 <fstingaciu at mirantis.com
>>>>>                 <mailto:fstingaciu at mirantis.com>> wrote:
>>>>>
>>>>>                     Thanks Pavel! I'll upgrade to the latest and
>>>>>                     let you know how that works out.
>>>>>
>>>>>
>>>>>                     On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly
>>>>>                     <mederly at evolveum.com
>>>>>                     <mailto:mederly at evolveum.com>> wrote:
>>>>>
>>>>>                         Hello Florin,
>>>>>
>>>>>                         If I remember correctly, we've been fixing
>>>>>                         this problem in master (3.4-SNAPSHOT). It
>>>>>                         should be solved in that branch.
>>>>>
>>>>>                         (If not, please drop a jira issue with
>>>>>                         details how to reproduce, and we'll
>>>>>                         certainly fix that.)
>>>>>
>>>>>                         Best regards,
>>>>>
>>>>>                         Pavol
>>>>>
>>>>>
>>>>>                         On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>>>                         Hello,
>>>>>>
>>>>>>                         I'm trying to recompute all members that
>>>>>>                         are assigned a particuar role. I tried
>>>>>>                         using the "Recompute All"
>>>>>>                         (http://i.imgur.com/xLXjLwd.png) button
>>>>>>                         in the "Members" section of a role. This
>>>>>>                         launches a task that is successful
>>>>>>                         however, it it does not process any objects.
>>>>>>
>>>>>>                         If I manually select the members I want
>>>>>>                         and select "Recompute members" everything
>>>>>>                         works just fine. Any ideas?
>>>>>>
>>>>>>                         Thanks,
>>>>>>                         -F
>>>>>>
>>>>>>
>>>>>>                         _______________________________________________
>>>>>>                         midPoint mailing list
>>>>>>                         midPoint at lists.evolveum.com
>>>>>>                         <mailto:midPoint at lists.evolveum.com>
>>>>>>                         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>                         _______________________________________________
>>>>>                         midPoint mailing list
>>>>>                         midPoint at lists.evolveum.com
>>>>>                         <mailto:midPoint at lists.evolveum.com>
>>>>>                         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 midPoint mailing list
>>>>>                 midPoint at lists.evolveum.com
>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>                 _______________________________________________
>>>>                 midPoint mailing list
>>>>                 midPoint at lists.evolveum.com
>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     midPoint mailing list
>>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160608/e4e9d7b4/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun  9 02:22:23 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Wed, 8 Jun 2016 17:22:23 -0700
Subject: [midPoint] [midpoint] Workflow with Approver - Email Notifications
Message-ID: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>

Hello,

I have a role that has an approver and I would like to set up notifications
such that an email is sent out to the Approver of a role (based on the
email found in the Approver account) only when a user has requested access
to this role.

I've tried following the instructions at
https://wiki.evolveum.com/display/midPoint/Notifications, and various
sample configs on your github, but I can't seem to figure it out.

Any help would be greatly appreciated.

Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160608/539b46ee/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun  9 08:46:41 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 06:46:41 +0000
Subject: [midPoint] O365 ConnectorTypeHost
Message-ID: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>

Hi,

In the wiki pages a noticed a good explanation and examples for building a Office365 resource.
But for that you also need the connector it self.

Can I get or find an example somewhere to create one?

Many thanks,


________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1C22B.70AAF790]<http://www.tahzoo.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/c51b562b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7589 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/c51b562b/attachment.png>

From ivan.noris at evolveum.com  Thu Jun  9 09:04:48 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 09:04:48 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
Message-ID: <57591510.2020003@evolveum.com>

Hi Dick,

I'm not using this connector, but you probably need:
https://github.com/Evolveum/connector-office365 (sources)
Can't find JAR in nexus though.

Regards,
Ivan

On 06/09/2016 08:46 AM, Dick Muller wrote:
>
> Hi,
>
>  
>
> In the wiki pages a noticed a good explanation and examples for
> building a Office365 resource.
>
> But for that you also need the connector it self.
>
>  
>
> Can I get or find an example somewhere to create one?
>
>  
>
> Many thanks,
>
>  
>
>  
>
> ------------------------------------------------------------------------
>
> *Dick Muller*
>
> Senior Systems Engineer
>
> Delftechpark 37i
> 2628 XJ Delft*
> d*: +31 88 2682586 
> *m:* +31 6 46477690
>
> <http://www.tahzoo.com/>
>
>  
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/34c910a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7589 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/34c910a3/attachment.png>

From dick.muller at tahzoo.com  Thu Jun  9 12:44:16 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 10:44:16 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57591510.2020003@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
Message-ID: <065332C7-8BCC-4963-92E9-7F4AC2A204F8@tahzoo.com>

Hi Ivan,

Thanks for pointing me to the sources.
What are we supposed to do with this after we compiled the source files?

Do we need to save it in a specific location? And where?

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 9:04 AM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Dick,

I'm not using this connector, but you probably need: https://github.com/Evolveum/connector-office365 (sources)
Can't find JAR in nexus though.

Regards,
Ivan
On 06/09/2016 08:46 AM, Dick Muller wrote:
Hi,

In the wiki pages a noticed a good explanation and examples for building a Office365 resource.
But for that you also need the connector it self.

Can I get or find an example somewhere to create one?

Many thanks,


________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1C24C.A0C67A00]<http://www.tahzoo.com/>





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/cf316f17/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7590 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/cf316f17/attachment.png>

From dick.muller at tahzoo.com  Thu Jun  9 14:15:18 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 12:15:18 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57591510.2020003@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
Message-ID: <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>

Ivan,

We now have a compiled version and I have stored it in the /midpoint/icf-connector folder and restarted MidPoint.
In the Wiki’s there is an example but there is no example for the Office365 ConnectorType xml.

Is there somebody with an example ConnectorType file? I don’t know what the content of the file must be?

Kindest regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 9:04 AM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Dick,

I'm not using this connector, but you probably need: https://github.com/Evolveum/connector-office365 (sources)
Can't find JAR in nexus though.

Regards,
Ivan
On 06/09/2016 08:46 AM, Dick Muller wrote:
Hi,

In the wiki pages a noticed a good explanation and examples for building a Office365 resource.
But for that you also need the connector it self.

Can I get or find an example somewhere to create one?

Many thanks,


________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1C259.582FA390]<http://www.tahzoo.com/>





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/9bfdb8c7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7590 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/9bfdb8c7/attachment.png>

From ivan.noris at evolveum.com  Thu Jun  9 15:22:13 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 15:22:13 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
Message-ID: <57596D85.7000509@evolveum.com>

Hello Dick,

you did it right and faster than I managed to answer :)

I can see some samples here:
https://github.com/Evolveum/midpoint/tree/master/samples/resources/office365

(Yes there is no documentation on wiki yet.)

Best regards,
Ivan

On 06/09/2016 02:15 PM, Dick Muller wrote:
>
> Ivan,
>
>  
>
> We now have a compiled version and I have stored it in the
> /midpoint/icf-connector folder and restarted MidPoint.
>
> In the Wiki’s there is an example but there is no example for the
> Office365 ConnectorType xml.
>
> Is there somebody with an example ConnectorType file? I don’t know
> what the content of the file must be?
>
>  
>
> Kindest regards,
>
> Dick
>
>  
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 9:04 AM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> Hi Dick,
>
> I'm not using this connector, but you probably need:
> https://github.com/Evolveum/connector-office365
> <https://github.com/Evolveum/connector-office365> (sources)
> Can't find JAR in nexus though.
>
> Regards,
> Ivan
>
> On 06/09/2016 08:46 AM, Dick Muller wrote:
>
>     Hi,
>
>      
>
>     In the wiki pages a noticed a good explanation and examples for
>     building a Office365 resource.
>
>     But for that you also need the connector it self.
>
>      
>
>     Can I get or find an example somewhere to create one?
>
>      
>
>     Many thanks,
>
>      
>
>      
>
>     ------------------------------------------------------------------------
>
>     *Dick Muller*
>
>     Senior Systems Engineer
>
>     Delftechpark 37i
>     2628 XJ Delft*
>     d*: +31 88 2682586 
>     *m:* +31 6 46477690
>
>     <http://www.tahzoo.com/>
>
>      
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/5e2303b8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7590 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/5e2303b8/attachment.png>

From dick.muller at tahzoo.com  Thu Jun  9 15:25:58 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 13:25:58 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57596D85.7000509@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
Message-ID: <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>

Hi Ivan,
Yes, but those are resource examples.
I’ve created a resource xml already, but first I need to create the connectorType.
I’ve created a ConnectorType, but do not know how the ConnectorSchema must look like.

Is this something you can help me with?

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:22 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hello Dick,

you did it right and faster than I managed to answer :)

I can see some samples here: https://github.com/Evolveum/midpoint/tree/master/samples/resources/office365

(Yes there is no documentation on wiki yet.)

Best regards,
Ivan
On 06/09/2016 02:15 PM, Dick Muller wrote:
Ivan,

We now have a compiled version and I have stored it in the /midpoint/icf-connector folder and restarted MidPoint.
In the Wiki’s there is an example but there is no example for the Office365 ConnectorType xml.


Is there somebody with an example ConnectorType file? I don’t know what the content of the file must be?

Kindest regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 9:04 AM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Dick,

I'm not using this connector, but you probably need: https://github.com/Evolveum/connector-office365 (sources)
Can't find JAR in nexus though.

Regards,
Ivan
On 06/09/2016 08:46 AM, Dick Muller wrote:
Hi,

In the wiki pages a noticed a good explanation and examples for building a Office365 resource.
But for that you also need the connector it self.

Can I get or find an example somewhere to create one?

Many thanks,


________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1C263.3856D2A0]<http://www.tahzoo.com/>






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/ccef7d0f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7591 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/ccef7d0f/attachment.png>

From ivan.noris at evolveum.com  Thu Jun  9 15:34:26 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 15:34:26 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
Message-ID: <57597062.7050400@evolveum.com>

Hi,

not sure if I understand:

- you build the connector from sources
- you copied the resulting JAR file to "midpoint.home"/icf-connectors/
directory
- you restarted midPoint

If all the above apply, you should see the Connector object in
Repository/Connector. It's also the confirmation that your connector has
been discovered when midPoint started. This information is also in
idm.log - all discovered connector names are printed to idm.log.

If you have the Connector object, you import one of our samples and it
should work.

I'm confused by "I've created a ConnectorType". Please check if your
connector has been detected during startup. The default connector are
LDAP, DBTable and CSVFile, they should be detected as well.

Regards,
Ivan

On 06/09/2016 03:25 PM, Dick Muller wrote:
>
> Hi Ivan,
>
> Yes, but those are resource examples.
>
> I’ve created a resource xml already, but first I need to create the
> connectorType.
> I’ve created a ConnectorType, but do not know how the ConnectorSchema
> must look like.
>
>  
>
> Is this something you can help me with?
>
>  
>
> Kindest regards,
>
>  
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:22 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> Hello Dick,
>
> you did it right and faster than I managed to answer :)
>
> I can see some samples here:
> https://github.com/Evolveum/midpoint/tree/master/samples/resources/office365
>
> (Yes there is no documentation on wiki yet.)
>
> Best regards,
> Ivan
>
> On 06/09/2016 02:15 PM, Dick Muller wrote:
>
>     Ivan,
>
>      
>
>     We now have a compiled version and I have stored it in the
>     /midpoint/icf-connector folder and restarted MidPoint.
>
>     In the Wiki’s there is an example but there is no example for the
>     Office365 ConnectorType xml.
>
>
>     Is there somebody with an example ConnectorType file? I don’t know
>     what the content of the file must be?
>
>      
>
>     Kindest regards,
>
>     Dick
>
>      
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Thursday, June 9, 2016 at 9:04 AM
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>      
>
>     Hi Dick,
>
>     I'm not using this connector, but you probably need:
>     https://github.com/Evolveum/connector-office365
>     <https://github.com/Evolveum/connector-office365> (sources)
>     Can't find JAR in nexus though.
>
>     Regards,
>     Ivan
>
>     On 06/09/2016 08:46 AM, Dick Muller wrote:
>
>         Hi,
>
>          
>
>         In the wiki pages a noticed a good explanation and examples
>         for building a Office365 resource.
>
>         But for that you also need the connector it self.
>
>          
>
>         Can I get or find an example somewhere to create one?
>
>          
>
>         Many thanks,
>
>          
>
>          
>
>         ------------------------------------------------------------------------
>
>         *Dick Muller*
>
>         Senior Systems Engineer
>
>         Delftechpark 37i
>         2628 XJ Delft*
>         d*: +31 88 2682586 
>         *m:* +31 6 46477690
>
>         <http://www.tahzoo.com/>
>
>          
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/8f16bdf0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7591 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/8f16bdf0/attachment.png>

From dick.muller at tahzoo.com  Thu Jun  9 15:36:32 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 13:36:32 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57597062.7050400@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com>
Message-ID: <88490CAD-85D3-424B-A329-08FEF5830A10@tahzoo.com>

OK, then that can be the problem then.
I have added the connector-office365.jar to the directory and restarted.
But the connector is not discovered.

Maybe the connector is correctly compiled? Do you have a compiled version to test?

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:34 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

not sure if I understand:

- you build the connector from sources
- you copied the resulting JAR file to "midpoint.home"/icf-connectors/ directory
- you restarted midPoint

If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.

If you have the Connector object, you import one of our samples and it should work.

I'm confused by "I've created a ConnectorType". Please check if your connector has been detected during startup. The default connector are LDAP, DBTable and CSVFile, they should be detected as well.

Regards,
Ivan
On 06/09/2016 03:25 PM, Dick Muller wrote:
Hi Ivan,
Yes, but those are resource examples.
I’ve created a resource xml already, but first I need to create the connectorType.
I’ve created a ConnectorType, but do not know how the ConnectorSchema must look like.

Is this something you can help me with?

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:22 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hello Dick,

you did it right and faster than I managed to answer :)

I can see some samples here: https://github.com/Evolveum/midpoint/tree/master/samples/resources/office365

(Yes there is no documentation on wiki yet.)

Best regards,
Ivan
On 06/09/2016 02:15 PM, Dick Muller wrote:
Ivan,

We now have a compiled version and I have stored it in the /midpoint/icf-connector folder and restarted MidPoint.
In the Wiki’s there is an example but there is no example for the Office365 ConnectorType xml.



Is there somebody with an example ConnectorType file? I don’t know what the content of the file must be?

Kindest regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 9:04 AM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Dick,

I'm not using this connector, but you probably need: https://github.com/Evolveum/connector-office365 (sources)
Can't find JAR in nexus though.

Regards,
Ivan
On 06/09/2016 08:46 AM, Dick Muller wrote:
Hi,

In the wiki pages a noticed a good explanation and examples for building a Office365 resource.
But for that you also need the connector it self.

Can I get or find an example somewhere to create one?

Many thanks,


________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1C264.B1D32CE0]<http://www.tahzoo.com/>







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/6c77c6d2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7592 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/6c77c6d2/attachment.png>

From ivan.noris at evolveum.com  Thu Jun  9 15:37:04 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 15:37:04 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57597062.7050400@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com>
Message-ID: <57597100.5050406@evolveum.com>

(The Connector XML object should be in Configuration - Repository
Objects - Connector. Typed too fast.)

On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
> If all the above apply, you should see the Connector object in
> Repository/Connector. It's also the confirmation that your connector
> has been discovered when midPoint started. This information is also in
> idm.log - all discovered connector names are printed to idm.log. 

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/ea814049/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun  9 15:38:06 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 13:38:06 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57597100.5050406@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
Message-ID: <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>

Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/b17b55cd/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun  9 15:43:07 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 15:43:07 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
Message-ID: <5759726B.20701@evolveum.com>

You should not manually create Connector (ConnectorType) objects, these
are created by discovering the connectors; they also contain the
connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM
parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This
is the directory, where config.xml exists, and where icf-connectors
directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the
default is probably Tomcat directory. If you find config.xml file,
that's the directory.

Is your Office365 connector in the icf-connectors directory of that
directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan

On 06/09/2016 03:38 PM, Dick Muller wrote:
>
> Yes, but it was not.
>
> It is now, because I created a connector manually, but the Schema part
> is unknown to me.
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:37 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> (The Connector XML object should be in Configuration - Repository
> Objects - Connector. Typed too fast.)
>
> On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
>     If all the above apply, you should see the Connector object in
>     Repository/Connector. It's also the confirmation that your
>     connector has been discovered when midPoint started. This
>     information is also in idm.log - all discovered connector names
>     are printed to idm.log.
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/228a9526/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun  9 16:00:25 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 14:00:25 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <5759726B.20701@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
Message-ID: <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>

Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/1172feb4/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun  9 16:17:06 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 16:17:06 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
Message-ID: <57597A62.6070306@evolveum.com>

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and
read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration): |  Version : 
3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration): |  Sources : 
https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting
system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration): |  Product
information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration):
+------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home =
/opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
/opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint
configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
Discovered ICF bundle on CLASSPATH:
com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
Discovered ICF bundle on CLASSPATH:
com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap
version: 1.4.3.0-SNAPSHOT
*2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO
(com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
Discovered ICF bundle in JAR:
org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3*


This is how my midPoint detected custom (not bundled) connector for
ScriptedSQL.

Ivan

On 06/09/2016 04:00 PM, Dick Muller wrote:
>
> Hi Ivan,
>
>  
>
> I will delete it then.
>
>  
>
> The JVM parameter is –Dmidpoint.home=/data/conf/midpoint
>
>  
>
> There is my config.xml and I also have stored working schema and
> organization schemaextension files there.
>
> So this must be correct.
>
>  
>
> I saved the connector-office365.jar file in the icf-connectors directory.
>
>  
>
> I suddenly thought about permissions on the filesystem. This is
> corrected to the tomcat user and restart again.
>
>  
>
> But still there is no connector loaded in the repository.
>
>  
>
> Thanks,
>
>  
>
> Dick
>
>  
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:43 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> You should not manually create Connector (ConnectorType) objects,
> these are created by discovering the connectors; they also contain the
> connector schema.
>
> So, please:
> 1) check your current "midpoint.home" setting. It should be JVM
> parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This
> is the directory, where config.xml exists, and where icf-connectors
> directory is also stored (with the custom connectors)
> 2) if you are not explicitely setting "midpoint.home" parameter, the
> default is probably Tomcat directory. If you find config.xml file,
> that's the directory.
>
> Is your Office365 connector in the icf-connectors directory of that
> directory?
>
> Unfortunately I have no experience with Office365 connector myself.
>
> Best regards,
> Ivan
>
> On 06/09/2016 03:38 PM, Dick Muller wrote:
>
>     Yes, but it was not.
>
>     It is now, because I created a connector manually, but the Schema
>     part is unknown to me.
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Thursday, June 9, 2016 at 3:37 PM
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>      
>
>     (The Connector XML object should be in Configuration - Repository
>     Objects - Connector. Typed too fast.)
>
>     On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
>         If all the above apply, you should see the Connector object in
>         Repository/Connector. It's also the confirmation that your
>         connector has been discovered when midPoint started. This
>         information is also in idm.log - all discovered connector
>         names are printed to idm.log.
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/d3ba4f45/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun  9 17:08:48 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 15:08:48 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57597A62.6070306@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
Message-ID: <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>

HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/170b8c82/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: idm.log
Type: application/octet-stream
Size: 8746 bytes
Desc: idm.log
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/170b8c82/attachment.obj>

From ivan.noris at evolveum.com  Thu Jun  9 17:38:56 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 9 Jun 2016 17:38:56 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
Message-ID: <57598D90.4030603@evolveum.com>

It really seems strange.
Can you make listing of /data/conf/midpoint and
/data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan

On 06/09/2016 05:08 PM, Dick Muller wrote:
>
> HI Ivan,
>
>  
>
> I checked the file permissions. After that I started a clean logfile
> and a restart of the tomcat services.
>
>  
>
> I do not see anything in the log. You can see my log file in the
> attachments.
>
>  
>
> Regards,
>
> Dick
>
>  
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 4:17 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> Hi,
>
> so /data/conf/midpoint/icf-connectors should be that directory.
> Permissions should allow the Tomcat to read the that file (e.g. 644)
> and read/exec the directory (e.g. 755)
>
> Can you please check idm.log when starting? In my case:
>
> ...
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Version : 
> 3.4-SNAPSHOT
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Sources : 
> https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting
> system : http://jira.evolveum.com/
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Product
> information : http://wiki.evolveum.com/display/midPoint
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration):
> +------------------------------------------------------------------------------------------
> ---+
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home =
> /opt/midpoint.home-pokusy/
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy/ already exists. Reusing it.
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//log already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//schema already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//import already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//export already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
> 2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint
> configuration from file /opt/midpoint.home-pokusy/config.xml
> ...
> 2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH:
> com.evolveum.polygon.connector-csvfile version: 1.4.0.49
> 2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH:
> com.evolveum.polygon.connector-databasetable version: 1.4.0.49
> 2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH:
> com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
> *2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle in JAR:
> org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3*
>
>
> This is how my midPoint detected custom (not bundled) connector for
> ScriptedSQL.
>
> Ivan
>
> On 06/09/2016 04:00 PM, Dick Muller wrote:
>
>     Hi Ivan,
>
>      
>
>     I will delete it then.
>
>      
>
>     The JVM parameter is –Dmidpoint.home=/data/conf/midpoint
>
>      
>
>     There is my config.xml and I also have stored working schema and
>     organization schemaextension files there.
>
>     So this must be correct.
>
>      
>
>     I saved the connector-office365.jar file in the icf-connectors
>     directory.
>
>      
>
>     I suddenly thought about permissions on the filesystem. This is
>     corrected to the tomcat user and restart again.
>
>      
>
>     But still there is no connector loaded in the repository.
>
>      
>
>     Thanks,
>
>      
>
>     Dick
>
>      
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Thursday, June 9, 2016 at 3:43 PM
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>      
>
>     You should not manually create Connector (ConnectorType) objects,
>     these are created by discovering the connectors; they also contain
>     the connector schema.
>
>     So, please:
>     1) check your current "midpoint.home" setting. It should be JVM
>     parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have.
>     This is the directory, where config.xml exists, and where
>     icf-connectors directory is also stored (with the custom connectors)
>     2) if you are not explicitely setting "midpoint.home" parameter,
>     the default is probably Tomcat directory. If you find config.xml
>     file, that's the directory.
>
>     Is your Office365 connector in the icf-connectors directory of
>     that directory?
>
>     Unfortunately I have no experience with Office365 connector myself.
>
>     Best regards,
>     Ivan
>
>     On 06/09/2016 03:38 PM, Dick Muller wrote:
>
>         Yes, but it was not.
>
>         It is now, because I created a connector manually, but the
>         Schema part is unknown to me.
>
>          
>
>         *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>         <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>         Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>         *Organization: *Evolveum, s.r.o.
>         *Reply-To: *midPoint General Discussion
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Date: *Thursday, June 9, 2016 at 3:37 PM
>         *To: *"midpoint at lists.evolveum.com"
>         <mailto:midpoint at lists.evolveum.com>
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>          
>
>         (The Connector XML object should be in Configuration -
>         Repository Objects - Connector. Typed too fast.)
>
>         On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
>             If all the above apply, you should see the Connector
>             object in Repository/Connector. It's also the confirmation
>             that your connector has been discovered when midPoint
>             started. This information is also in idm.log - all
>             discovered connector names are printed to idm.log.
>
>
>
>
>
>         -- 
>
>           Ing. Ivan Noris
>
>           Senior Identity Management Engineer & IDM Architect
>
>           evolveum.com                     evolveum.com/blog/
>
>           ___________________________________________________
>
>           "Semper ID(e)M Vix."
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/be68c9a0/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun  9 18:13:48 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 9 Jun 2016 16:13:48 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <57598D90.4030603@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
Message-ID: <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/74ab5ba2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-09 at 6.12.42 PM.png
Type: image/png
Size: 34608 bytes
Desc: Screen Shot 2016-06-09 at 6.12.42 PM.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160609/74ab5ba2/attachment.png>

From mederly at evolveum.com  Fri Jun 10 12:29:17 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Fri, 10 Jun 2016 12:29:17 +0200
Subject: [midPoint] [midpoint] Workflow with Approver - Email
 Notifications
In-Reply-To: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
Message-ID: <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>

Hello Florin,

it seems that this functionality (notifying the approver) was neither 
documented, nor even fully implemented.

Today I did it - at least in a basic form. Please see 
https://wiki.evolveum.com/display/midPoint/Workflow+notifications. It is 
implemented in today's master: v3.4devel-1847-g290aa7f.

Best regards,

Pavol


On 09.06.2016 2:22, Florin. Stingaciu wrote:
> Hello,
>
> I have a role that has an approver and I would like to set up 
> notifications such that an email is sent out to the Approver of a role 
> (based on the email found in the Approver account) only when a user 
> has requested access to this role.
>
> I've tried following the instructions at 
> https://wiki.evolveum.com/display/midPoint/Notifications, and various 
> sample configs on your github, but I can't seem to figure it out.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/ac819631/attachment.htm>

From dick.muller at tahzoo.com  Fri Jun 10 14:12:09 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Fri, 10 Jun 2016 12:12:09 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
Message-ID: <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>

Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/c73c76d1/attachment.htm>

From jeverling at bshp.edu  Fri Jun 10 15:52:53 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Fri, 10 Jun 2016 08:52:53 -0500
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
Message-ID: <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>

I built this one for ours, we are on 3.2 though, and it imports/discovers
fine and creates the connector resource,

[image: Inline image 1]

Downloadable jar
https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM

JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com> wrote:

> Hi Ivan,
>
>
>
> Is there another colleague that has a compiled version of the
> connector-office365?
>
> Maybe I can try it with that one and see if it is disocovered.
>
>
>
> Thanks,
>
> Dick
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick
> Muller <dick.muller at tahzoo.com>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 6:13 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> Hi Ivan,
>
>
>
> Yes, the lines are present in config.xml
>
>
>
> The ls –la results are in the attachment
>
>
>
> Regards,
>
> Dick
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan
> Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 5:38 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> It really seems strange.
> Can you make listing of /data/conf/midpoint and
> /data/conf/midpoint/icf-connectors (ls -la )?
>
> Also please check if config.xml contains this:
>    <icf>
>       <scanClasspath>true</scanClasspath>
>       <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>     </icf>
> (it should be there by default just before <keystore> element)
>
> Ivan
>
> On 06/09/2016 05:08 PM, Dick Muller wrote:
>
> HI Ivan,
>
>
>
> I checked the file permissions. After that I started a clean logfile and a
> restart of the tomcat services.
>
>
>
> I do not see anything in the log. You can see my log file in the
> attachments.
>
>
>
> Regards,
>
> Dick
>
>
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 4:17 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> Hi,
>
> so /data/conf/midpoint/icf-connectors should be that directory.
> Permissions should allow the Tomcat to read the that file (e.g. 644) and
> read/exec the directory (e.g. 755)
>
> Can you please check idm.log when starting? In my case:
>
> ...
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Version :
> 3.4-SNAPSHOT
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :
> https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system
> : http://jira.evolveum.com/
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Product information :
> http://wiki.evolveum.com/display/midPoint
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration):
> +------------------------------------------------------------------------------------------
> ---+
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home =
> /opt/midpoint.home-pokusy/
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy/ already exists. Reusing it.
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//log already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//schema already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//import already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//export already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
> 2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint
> configuration from file /opt/midpoint.home-pokusy/config.xml
> ...
> 2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile
> version: 1.4.0.49
> 2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH:
> com.evolveum.polygon.connector-databasetable version: 1.4.0.49
> 2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap
> version: 1.4.3.0-SNAPSHOT
> *2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle in JAR:
> org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3*
>
>
> This is how my midPoint detected custom (not bundled) connector for
> ScriptedSQL.
>
> Ivan
>
> On 06/09/2016 04:00 PM, Dick Muller wrote:
>
> Hi Ivan,
>
>
>
> I will delete it then.
>
>
>
> The JVM parameter is –Dmidpoint.home=/data/conf/midpoint
>
>
>
> There is my config.xml and I also have stored working schema and
> organization schemaextension files there.
>
> So this must be correct.
>
>
>
> I saved the connector-office365.jar file in the icf-connectors directory.
>
>
>
> I suddenly thought about permissions on the filesystem. This is corrected
> to the tomcat user and restart again.
>
>
>
> But still there is no connector loaded in the repository.
>
>
>
> Thanks,
>
>
>
> Dick
>
>
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:43 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> You should not manually create Connector (ConnectorType) objects, these
> are created by discovering the connectors; they also contain the connector
> schema.
>
> So, please:
> 1) check your current "midpoint.home" setting. It should be JVM parameter
> -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the
> directory, where config.xml exists, and where icf-connectors directory is
> also stored (with the custom connectors)
> 2) if you are not explicitely setting "midpoint.home" parameter, the
> default is probably Tomcat directory. If you find config.xml file, that's
> the directory.
>
> Is your Office365 connector in the icf-connectors directory of that
> directory?
>
> Unfortunately I have no experience with Office365 connector myself.
>
> Best regards,
> Ivan
>
> On 06/09/2016 03:38 PM, Dick Muller wrote:
>
> Yes, but it was not.
>
> It is now, because I created a connector manually, but the Schema part is
> unknown to me.
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:37 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> (The Connector XML object should be in Configuration - Repository Objects
> - Connector. Typed too fast.)
>
> On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
> If all the above apply, you should see the Connector object in
> Repository/Connector. It's also the confirmation that your connector has
> been discovered when midPoint started. This information is also in idm.log
> - all discovered connector names are printed to idm.log.
>
>
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/46e18688/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23175 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/46e18688/attachment.png>

From dick.muller at tahzoo.com  Fri Jun 10 16:07:46 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Fri, 10 Jun 2016 14:07:46 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
Message-ID: <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>

This is great Jason,

I uploaded it to the directory and restarted the services.
It now discovers the connector. Don’t know why, probably the jar file wasn’t correct after all.

Thanks for providing me your copy. That is a great help.

Regards,
Dick Muller

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 3:52 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

I built this one for ours, we are on 3.2 though, and it imports/discovers fine and creates the connector resource,

[nline image 1]

Downloadable jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM


JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>

Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/68a8e9e4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48875 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/68a8e9e4/attachment.png>

From ivan.noris at evolveum.com  Fri Jun 10 17:27:49 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Fri, 10 Jun 2016 17:27:49 +0200
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
Message-ID: <575ADC75.5040305@evolveum.com>

Glad to hear that!
And THANK you, Jason!

We will also update the wiki sometime soon, and I will check if/when we
can put that connector to nexus.

Regards,
Ivan

On 06/10/2016 04:07 PM, Dick Muller wrote:
>
> This is great Jason,
>
>  
>
> I uploaded it to the directory and restarted the services.
>
> It now discovers the connector. Don’t know why, probably the jar file
> wasn’t correct after all.
>
>  
>
> Thanks for providing me your copy. That is a great help.
>
>  
>
> Regards,
>
> Dick Muller
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Jason Everling <jeverling at bshp.edu>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Friday, June 10, 2016 at 3:52 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>  
>
> I built this one for ours, we are on 3.2 though, and it
> imports/discovers fine and creates the connector resource,
>
>  
>
> nline image 1
>
>  
>
> Downloadable
> jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM
>
>
> JASON
>
>  
>
> On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com
> <mailto:dick.muller at tahzoo.com>> wrote:
>
>     Hi Ivan,
>
>      
>
>     Is there another colleague that has a compiled version of the
>     connector-office365?
>
>     Maybe I can try it with that one and see if it is disocovered.
>
>      
>
>     Thanks,
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com
>     <mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick
>     Muller <dick.muller at tahzoo.com <mailto:dick.muller at tahzoo.com>>
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
>     *Date: *Thursday, June 9, 2016 at 6:13 PM
>     *To: *midPoint General Discussion <midpoint at lists.evolveum.com
>     <mailto:midpoint at lists.evolveum.com>>
>
>
>     *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>      
>
>     Hi Ivan,
>
>      
>
>     Yes, the lines are present in config.xml
>
>      
>
>     The ls –la results are in the attachment
>
>      
>
>     Regards,
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com
>     <mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>>
>     *Date: *Thursday, June 9, 2016 at 5:38 PM
>     *To: *"midpoint at lists.evolveum.com
>     <mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com
>     <mailto:midpoint at lists.evolveum.com>>
>     *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>      
>
>     It really seems strange.
>     Can you make listing of /data/conf/midpoint and
>     /data/conf/midpoint/icf-connectors (ls -la )?
>
>     Also please check if config.xml contains this:
>        <icf>
>           <scanClasspath>true</scanClasspath>
>           <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>         </icf>
>     (it should be there by default just before <keystore> element)
>
>     Ivan
>
>     On 06/09/2016 05:08 PM, Dick Muller wrote:
>
>         HI Ivan,
>
>          
>
>         I checked the file permissions. After that I started a clean
>         logfile and a restart of the tomcat services.
>
>          
>
>         I do not see anything in the log. You can see my log file in
>         the attachments.
>
>          
>
>         Regards,
>
>         Dick
>
>          
>
>          
>
>         *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>         <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>         Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>         *Organization: *Evolveum, s.r.o.
>         *Reply-To: *midPoint General Discussion
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Date: *Thursday, June 9, 2016 at 4:17 PM
>         *To: *"midpoint at lists.evolveum.com"
>         <mailto:midpoint at lists.evolveum.com>
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>          
>
>         Hi,
>
>         so /data/conf/midpoint/icf-connectors should be that directory.
>         Permissions should allow the Tomcat to read the that file
>         (e.g. 644) and read/exec the directory (e.g. 755)
>
>         Can you please check idm.log when starting? In my case:
>
>         ...
>         2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration): |  Version
>         :  3.4-SNAPSHOT
>         2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration): |  Sources
>         :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
>         2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration): |  Bug
>         reporting system : http://jira.evolveum.com/
>         2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration): |  Product
>         information : http://wiki.evolveum.com/display/midPoint
>         2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration):
>         +------------------------------------------------------------------------------------------
>         ---+
>         2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup):
>         midpoint.home = /opt/midpoint.home-pokusy/
>         2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy/ already exists. Reusing it.
>         2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//icf-connectors already exists.
>         Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//log already exists. Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//schema already exists. Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//import already exists. Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//export already exists. Reusing it.
>         2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
>         /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
>         2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.init.StartupConfiguration): Loading
>         midPoint configuration from file
>         /opt/midpoint.home-pokusy/config.xml
>         ...
>         2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
>         Discovered ICF bundle on CLASSPATH:
>         com.evolveum.polygon.connector-csvfile version: 1.4.0.49
>         2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
>         Discovered ICF bundle on CLASSPATH:
>         com.evolveum.polygon.connector-databasetable version: 1.4.0.49
>         2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
>         Discovered ICF bundle on CLASSPATH:
>         com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
>         *2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO
>         (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
>         Discovered ICF bundle in JAR:
>         org.forgerock.openicf.connectors.scriptedsql-conne version:
>         1.1.2.0.em3*
>
>
>         This is how my midPoint detected custom (not bundled)
>         connector for ScriptedSQL.
>
>         Ivan
>
>         On 06/09/2016 04:00 PM, Dick Muller wrote:
>
>             Hi Ivan,
>
>              
>
>             I will delete it then.
>
>              
>
>             The JVM parameter is –Dmidpoint.home=/data/conf/midpoint
>
>              
>
>             There is my config.xml and I also have stored working
>             schema and organization schemaextension files there.
>
>             So this must be correct.
>
>              
>
>             I saved the connector-office365.jar file in the
>             icf-connectors directory.
>
>              
>
>             I suddenly thought about permissions on the filesystem.
>             This is corrected to the tomcat user and restart again.
>
>              
>
>             But still there is no connector loaded in the repository.
>
>              
>
>             Thanks,
>
>              
>
>             Dick
>
>              
>
>              
>
>             *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>             <mailto:midpoint-bounces at lists.evolveum.com> on behalf of
>             Ivan Noris <ivan.noris at evolveum.com>
>             <mailto:ivan.noris at evolveum.com>
>             *Organization: *Evolveum, s.r.o.
>             *Reply-To: *midPoint General Discussion
>             <midpoint at lists.evolveum.com>
>             <mailto:midpoint at lists.evolveum.com>
>             *Date: *Thursday, June 9, 2016 at 3:43 PM
>             *To: *"midpoint at lists.evolveum.com"
>             <mailto:midpoint at lists.evolveum.com>
>             <midpoint at lists.evolveum.com>
>             <mailto:midpoint at lists.evolveum.com>
>             *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>              
>
>             You should not manually create Connector (ConnectorType)
>             objects, these are created by discovering the connectors;
>             they also contain the connector schema.
>
>             So, please:
>             1) check your current "midpoint.home" setting. It should
>             be JVM parameter -Dmidpoint.home=/var/opt/midpoint or
>             whatever you have. This is the directory, where config.xml
>             exists, and where icf-connectors directory is also stored
>             (with the custom connectors)
>             2) if you are not explicitely setting "midpoint.home"
>             parameter, the default is probably Tomcat directory. If
>             you find config.xml file, that's the directory.
>
>             Is your Office365 connector in the icf-connectors
>             directory of that directory?
>
>             Unfortunately I have no experience with Office365
>             connector myself.
>
>             Best regards,
>             Ivan
>
>             On 06/09/2016 03:38 PM, Dick Muller wrote:
>
>                 Yes, but it was not.
>
>                 It is now, because I created a connector manually, but
>                 the Schema part is unknown to me.
>
>                  
>
>                 *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>                 <mailto:midpoint-bounces at lists.evolveum.com> on behalf
>                 of Ivan Noris <ivan.noris at evolveum.com>
>                 <mailto:ivan.noris at evolveum.com>
>                 *Organization: *Evolveum, s.r.o.
>                 *Reply-To: *midPoint General Discussion
>                 <midpoint at lists.evolveum.com>
>                 <mailto:midpoint at lists.evolveum.com>
>                 *Date: *Thursday, June 9, 2016 at 3:37 PM
>                 *To: *"midpoint at lists.evolveum.com"
>                 <mailto:midpoint at lists.evolveum.com>
>                 <midpoint at lists.evolveum.com>
>                 <mailto:midpoint at lists.evolveum.com>
>                 *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>                  
>
>                 (The Connector XML object should be in Configuration -
>                 Repository Objects - Connector. Typed too fast.)
>
>                 On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
>                     If all the above apply, you should see the
>                     Connector object in Repository/Connector. It's
>                     also the confirmation that your connector has been
>                     discovered when midPoint started. This information
>                     is also in idm.log - all discovered connector
>                     names are printed to idm.log.
>
>
>
>
>
>
>                 -- 
>
>                   Ing. Ivan Noris
>
>                   Senior Identity Management Engineer & IDM Architect
>
>                   evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>
>                   ___________________________________________________
>
>                   "Semper ID(e)M Vix."
>
>
>
>
>
>
>                 _______________________________________________
>
>                 midPoint mailing list
>
>                 midPoint at lists.evolveum.com
>                 <mailto:midPoint at lists.evolveum.com>
>
>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>             -- 
>
>               Ing. Ivan Noris
>
>               Senior Identity Management Engineer & IDM Architect
>
>               evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>
>               ___________________________________________________
>
>               "Semper ID(e)M Vix."
>
>
>
>
>
>             _______________________________________________
>
>             midPoint mailing list
>
>             midPoint at lists.evolveum.com
>             <mailto:midPoint at lists.evolveum.com>
>
>             http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>         -- 
>
>           Ing. Ivan Noris
>
>           Senior Identity Management Engineer & IDM Architect
>
>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>
>           ___________________________________________________
>
>           "Semper ID(e)M Vix."
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>  
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and
> confidential; intended for only the recipient(s) named above and may
> contain information that is privileged. You should not retain, copy or
> use this e-mail or any attachments for any purpose, or disclose all or
> any part of the contents to any person. Any views or opinions
> expressed in this e-mail are those of the author and do not represent
> those of the Baptist School of Health Professions. If you have
> received this e-mail in error, or are not the named recipient(s), you
> are hereby notified that any review, dissemination, distribution or
> copying of this communication is prohibited by the sender and to do so
> might constitute a violation of the Electronic Communications Privacy
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender
> and delete this e-mail and any attachments from your computer.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/b7dc11c0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 48875 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/b7dc11c0/attachment.png>

From fstingaciu at mirantis.com  Fri Jun 10 23:24:59 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Fri, 10 Jun 2016 14:24:59 -0700
Subject: [midPoint] Unassigning a role (was: Recompute All Members for
	Role)
In-Reply-To: <508c2019-a2ca-edd0-d0f9-82f586867f49@evolveum.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
 <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
 <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>
 <CAMQHPY0EPK2E6pZaodaF3ruVq8f0+vwyYqyshWY3iHg_AzfJrw@mail.gmail.com>
 <508c2019-a2ca-edd0-d0f9-82f586867f49@evolveum.com>
Message-ID: <CAMQHPY3Nxw56wPqvSVpAPE9XECZjacXTwnxUavsjBkv1Dmkz2Q@mail.gmail.com>

Hello,

So I'm attempting to upgrade from 3.3.1 to the latest build. Before
starting the tomcat server with the latest built, I applied this patch to
the DB server (http://pastebin.com/jZJtbtUT).

Everything comes up fine, but when I try to unassign a role I get an error.
Here's all the relevant configuration, as well as the error with the log
level set to trace for the loggers you requested.


   - Connector Schema Handling section (http://pastebin.com/j4UWFrBU). In
   here there are the following
      - Default account -- used for real People
      - Service account -- used for service accounts
      - User Group Possix Entitlement -- used for user groups that are
      posix groups
      - User Group Group of Names Entitlement -- used for user groups that
      are group of names groups
      - Service Groups Entitlement -- used for service groups
      - Openstack Domains/Groups Entitlement -- used for Openstack groups
   - This is the metarole assigned to the role I'm trying to unassign from
   the user (http://pastebin.com/fhcXnDXE)
      -
      - the first twos inducements are of order one and creates two LDAP
      groups, one posix and one group of names
      - the second inducement is an order two inducement that create a
      'default' account if the employee type is equal to 'user' and associates
      the user with the two created groups
      - the third inducement is an order two inducement that create a
      'service' account if the employee type is equal to 'service' and
associates
      the user with the two created groups
      - the fourth and fifth are both second order inducements that
      generate a gid and uid for the user


So I couldn't actually send you the TRACE level logs as there's a lot of
information in those logs, I'm not permitted to divulge on a mailing list.
Plus they were crazy huge. However, the DEBUG level seem fine:
http://pastebin.com/UXMDpsDr

You can see from the logs that from some reason, when I unassign the user
from the role, it tries to modify the user and add a bunch of auxiliary
object classes that should've been already created.

So I just checked the Shadow object for my user account and there's only
the following object classes:

   <objectClass>ri:inetOrgPerson</objectClass>
   <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
   <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
   <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
   <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>

when there should've been all of the following:

    <objectClass>ri:inetOrgPerson</objectClass>
    <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:organizationalPerson</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:person</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
    <auxiliaryObjectClass>ri:top</auxiliaryObjectClass>

So I went back and started double checking all the shadows, from before and
all of them only have those five auxiliary object classes. However, on my
LDAP, the account has the full set of object classes:

objectClass: inetOrgPerson
objectClass: person
objectClass: ldapPublicKey
objectClass: inetUser
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: top

Meaning that the previous version of midpoint I was using did not store
more than those five auxiliary classes. I just created a brand new user in
this version of Midpoint and all of the classes were stored in the shadow
without any issues.

I will be reverting back to the previous version for now, as I can't use
this version for now. Any ideas on how to resolve this going forward would
be great. Even if it's a hacky solution such as a delta change for shadow
objects that adds the extra aux classes for every shadow that's on that
resource.

Thanks,
-F

On Wed, Jun 8, 2016 at 1:45 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> I haven't experienced such an error message. It can be caused by a
> midPoint fault or by a problem in your particular configuration.
>
> You write that you get this error with today's and yesterday's build. Do
> you think it worked well before? Or you didn't try at that time?
>
> Without any other clues, to complete diagnose your problem, it would be
> necessary to see your configuration (resource config, and all relevant
> roles), and the logs. As for the latter, it is best to set model +
> provisioning to TRACE (with specific logging for Clockwork and Projector
> either removed, or set to TRACE as well).
>
> But maybe somebody else would have a better idea; unfortunately, midnight
> is approaching here in Europe, so probably only tomorrow.
>
> Best regards,
>
> Pavol
>
> On 08.06.2016 20:58, Florin. Stingaciu wrote:
>
> Hello again,
>
> I updated to the latest version however, now I'm experiencing problems
> when trying to unassign a role from a user. It fails with the following
> stack trace:
>
>
> 2016-06-08 18:51:09,702 [] [Thread-31] ERROR
> (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF Exception
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
> in connector:c230c871-6f5b-4525-abee-d2905569b8df(ICF
> com.evolveum.polygon.connector.ldap.LdapConnector v1.4.3.0-SNAPSHOT):
> resource:a0741b12-c96d-491d-8213-ecad84ab490e(OpenLDAP Accounts Schema)
> while adding attribute values to object identified by ICF UID
> 'uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net': Error modifying
> LDAP entry uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
> [add:objectClass: top
> objectClass: person
> objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
> org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
> Error modifying LDAP entry
> uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net: [add:objectClass:
> top
> objectClass: person
> objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>         at
> com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:440)
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:923)
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:914)
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:864)
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at
> com.evolveum.polygon.connector.ldap.AbstractLdapConnector.addAttributeValues(AbstractLdapConnector.java:804)
> ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>         at
> org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.addAttributeValues(UpdateImpl.java:129)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_101]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_101]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
>         at
> org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_101]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_101]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
>         at
> org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_101]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_101]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
>         at
> org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
> ~[na:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_101]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_101]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
>         at
> org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at com.sun.proxy.$Proxy171.addAttributeValues(Unknown Source)
> ~[na:na]
>         at
> org.identityconnectors.framework.impl.api.AbstractConnectorFacade.addAttributeValues(AbstractConnectorFacade.java:199)
> ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1791)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:210)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:697)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:529)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:480)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:763)
> [provisioning-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1265)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1108)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:704)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:294)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:507)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:336)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:214)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at
> com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:555)
> [model-impl-3.4-SNAPSHOT.jar:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.7.0_101]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_101]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_101]
>         at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_101]
>         at
> org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
> [wicket-ioc-7.1.0.jar:7.1.0]
>         at com.sun.proxy.$Proxy146.executeChanges(Unknown Source) [na:na]
>         at
> com.evolveum.midpoint.web.component.progress.ProgressReporter$1.run(ProgressReporter.java:188)
> [ProgressReporter$1.class:na]
>         at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101]
>
> I just double checked and this seems to happen with both today's build and
> yesterday's build. It seems as even though I'm unassigning the user from a
> group it is trying to add an object class to the user DN
>
> Thanks,
> -F
>
>
> On Tue, Jun 7, 2016 at 1:44 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> The problem with "Add members" was a misconfiguration in my test
>> environment.
>>
>> So, working with role members should be without problems; please let us
>> know if not.
>>
>> Best regards,
>>
>> Pavol
>>
>> On 07.06.2016 22:36, Pavol Mederly wrote:
>>
>> Hello Florin,
>>
>> you are right. I was able to reproduce it here.
>>
>> I fixed that, please try the latest master - v3.4devel-1803-g0f5c22f.
>>
>> (Besides that, I noticed some problems with "Add members" function, so
>> I'll continue testing it.)
>>
>> Best regards,
>>
>> Pavol
>>
>> On 07.06.2016 20:54, Florin. Stingaciu wrote:
>>
>> Hey Pavol,
>>
>> So I managed to update to the latest version, applied to DB patch, and
>> also double checked that adding and removing inducements for roles works
>> now. However, when I try to recompute all members (there's only one
>> member), I get the following error stack:
>>
>> 2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8] ERROR
>> (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
>> Recompute: Schema error while creating a search filter: Failed to convert
>> query. Reason: No definition for item assignment/targetRef in
>> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>> com.evolveum.midpoint.util.exception.SchemaException: Failed to convert
>> query. Reason: No definition for item assignment/targetRef in
>> POD:{.../common/common-3}object {.../common/common-3}ObjectType[1,1],RAM
>>         at
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
>> ~[model-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
>> [model-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
>> [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>         at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
>> [quartz-2.1.3.jar:na]
>>         at
>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
>> [quartz-2.1.3.jar:na]
>> Caused by: com.evolveum.midpoint.util.exception.SchemaException: No
>> definition for item assignment/targetRef in POD:{.../common/common-3}object
>> {.../common/common-3}ObjectType[1,1],RAM
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         at
>> com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
>> ~[prism-3.4-SNAPSHOT.jar:na]
>>         ... 11 common frames omitted
>>
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>> -F
>>
>> On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu <
>> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>>
>>> Yup, I checked and you can not add an inducement either. Also I believe
>>> some of the associations listed under the profile are wrong. I will write
>>> up a new email for that as well.
>>>
>>> Meanwhile I reverted back to the original version. I will keep an eye
>>> out on the ticket.
>>>
>>> Have a good night! Thanks for your prompt responses.
>>>
>>> Thanks,
>>> -F
>>>
>>> On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly < <mederly at evolveum.com>
>>> mederly at evolveum.com> wrote:
>>>
>>>> I think it is similar to this one:
>>>> <https://jira.evolveum.com/browse/MID-3074>
>>>> https://jira.evolveum.com/browse/MID-3074.
>>>>
>>>> And I can see this wrong behavior also in my case. This is unpleasant.
>>>>
>>>> We'll fix it soon, hopefully tomorrow. (Now it's after midnight here...
>>>> )
>>>>
>>>> Best regards,
>>>>
>>>> Pavol
>>>>
>>>> On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>>
>>>> Hello again,
>>>>
>>>> I managed to get around this issue by actually applying the
>>>> mysql-upgrade-3.3-3.4.sql patch. Everything came back up just fine, however
>>>> now I'm running into a strange issue where I can not remove inducements
>>>> from a role.
>>>>
>>>> For example:  <http://imgur.com/a/lWoKT>http://imgur.com/a/lWoKT
>>>>
>>>> The inducements stay there no matter how much I try to remove them. Is
>>>> this a known issue in the current master?
>>>>
>>>> Thanks,
>>>> -F
>>>>
>>>>
>>>>
>>>> On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly < <mederly at evolveum.com>
>>>> mederly at evolveum.com> wrote:
>>>>
>>>>> Hello Florin,
>>>>>
>>>>> recently we changed the db schema a bit (because of MID-3061
>>>>> <https://jira.evolveum.com/browse/MID-3061>).
>>>>>
>>>>> So, please apply the corresponding migration script
>>>>> (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>>> Which one - it depends on how old your existing master is. This particular
>>>>> problem is related to the latest one (numbered 6).
>>>>>
>>>>> An alternative is to set hbm2ddl parameter like this (in config.xml
>>>>> file in midpoint.home directory):
>>>>>
>>>>> <configuration>
>>>>>     <midpoint>
>>>>>           <repository>
>>>>>             <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>>> ...
>>>>>
>>>>> (but this is recommended only for testing purposes, because some - but
>>>>> only very rare - changes are not correctly applied by hibernate itself)
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Pavol
>>>>>
>>>>> On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>>
>>>>> Hello again,
>>>>>
>>>>> I'm having some troubles when rebuilding the master. Here's the
>>>>> corresponding stack trace:  <http://pastebin.com/TVUAKURb>
>>>>> http://pastebin.com/TVUAKURb
>>>>>
>>>>> Also, I'm using SSO under apache with the following
>>>>> ctx-web-security.xml file:  <http://pastebin.com/rvs9cJDj>
>>>>> http://pastebin.com/rvs9cJDj
>>>>>
>>>>> Any ideas would be greatly appreciated.
>>>>>
>>>>> Thanks,
>>>>> -F
>>>>>
>>>>> On Thu, Jun 2, 2016 at 11:36 AM, Florin. Stingaciu <
>>>>> <fstingaciu at mirantis.com>fstingaciu at mirantis.com> wrote:
>>>>>
>>>>>> Thanks Pavel! I'll upgrade to the latest and let you know how that
>>>>>> works out.
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 1, 2016 at 10:24 PM, Pavol Mederly <
>>>>>> <mederly at evolveum.com>mederly at evolveum.com> wrote:
>>>>>>
>>>>>>> Hello Florin,
>>>>>>>
>>>>>>> If I remember correctly, we've been fixing this problem in master
>>>>>>> (3.4-SNAPSHOT). It should be solved in that branch.
>>>>>>>
>>>>>>> (If not, please drop a jira issue with details how to reproduce, and
>>>>>>> we'll certainly fix that.)
>>>>>>>
>>>>>>> Best regards,
>>>>>>>
>>>>>>> Pavol
>>>>>>>
>>>>>>> On 02.06.2016 1:28, Florin. Stingaciu wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I'm trying to recompute all members that are assigned a particuar
>>>>>>> role. I tried using the "Recompute All" (
>>>>>>> <http://i.imgur.com/xLXjLwd.png>http://i.imgur.com/xLXjLwd.png)
>>>>>>> button in the "Members" section of a role. This launches a task that is
>>>>>>> successful however, it it does not process any objects.
>>>>>>>
>>>>>>> If I manually select the members I want and select "Recompute
>>>>>>> members" everything works just fine. Any ideas?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> -F
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> midPoint mailing list
>>>>>>> <midPoint at lists.evolveum.com>midPoint at lists.evolveum.com
>>>>>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> <midPoint at lists.evolveum.com>midPoint at lists.evolveum.com
>>>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160610/25ee613a/attachment.htm>

From oskar.butovic at ami.cz  Mon Jun 13 10:17:58 2016
From: oskar.butovic at ami.cz (=?UTF-8?Q?Oskar_Butovi=C4=8D_=2D_AMI_Praha_a=2Es=2E?=)
Date: Mon, 13 Jun 2016 10:17:58 +0200
Subject: [midPoint] storing passwords for external applications
Message-ID: <CAE8MtZBFr5=kjkU4oUyPGsG07wzJ3an1miT3ohDGq75AzOMnNQ@mail.gmail.com>

Hello Everybody,

I am trying to add password for external application (google apps) as a new
attribute for user because i need to store it and be able to edit it later.
I tried to use ProtectedStringType in extension schema. But somehow this
type doesnt work. Midpoint throws exception.

relevant configuration:

<xsd:schema elementFormDefault="qualified"
            targetNamespace="http://avast.com/xml/ns/idmSchema"
            xmlns:tns="http://avast.com/xml/ns/idmSchema"
            xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
            xmlns:c="
http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
            xmlns:xsd="http://www.w3.org/2001/XMLSchema">

    <xsd:complexType name="UserExtensionType">
        <xsd:annotation>
            <xsd:appinfo>
                <a:extension ref="c:UserType"/>
            </xsd:appinfo>
        </xsd:annotation>
        <xsd:sequence>
<xsd:element name="googleAppsPassword" type="t:ProtectedStringType"
minOccurs="0" maxOccurs="unbounded">
                <xsd:annotation>
                    <xsd:appinfo>
                        <a:displayName>Google Apps Password</a:displayName>
                        <a:displayOrder>110</a:displayOrder>
                        <a:help>Password for google apps account</a:help>
                    </xsd:appinfo>
                </xsd:annotation>
            </xsd:element>

exception:

Caused by: org.xml.sax.SAXParseException: undefined simple or complex type
't:ProtectedStringType'
        at
com.sun.xml.xsom.impl.parser.ParserContext$1.reportError(ParserContext.java:180)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at
com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.reportError(NGCCRuntimeEx.java:175)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at
com.sun.xml.xsom.impl.parser.DelayedRef.resolve(DelayedRef.java:110)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at com.sun.xml.xsom.impl.parser.DelayedRef.run(DelayedRef.java:85)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at
com.sun.xml.xsom.impl.parser.ParserContext.getResult(ParserContext.java:135)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at
com.sun.xml.xsom.parser.XSOMParser.getResult(XSOMParser.java:214)
~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
        at
com.evolveum.midpoint.prism.schema.DomToSchemaProcessor.parseSchema(DomToSchemaProcessor.java:233)
~[prism-3.3.1.jar:na]
        ... 75 common frames omitted


Is it a right approach for storing passwords for external applications?
Should i use another type?


Thanks.

Regards,

Oskar Butovič

-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/c8148cd6/attachment.htm>

From benucci.marco92 at gmail.com  Mon Jun 13 11:27:34 2016
From: benucci.marco92 at gmail.com (Marco Benucci)
Date: Mon, 13 Jun 2016 11:27:34 +0200
Subject: [midPoint] get extension attribute in a jasper report
Message-ID: <CAEYZk3T=2KFPM-owTc5e=QZCZpEuztHeEVPwh4jX8TF_ye==fw@mail.gmail.com>

Hi,

I'd like to get some extension attributes from users when I make the "User
in midPoint" report.

I have tried in "report field":
name: /extension/myattriubte
Class: java.lang.String
textFieldExpression:
<textFieldExpression><![CDATA[$F{/extension/myattribute}]]></textFieldExpression>

or

name: Extension
Class: "com.evolveum.midpoint.xml.ns._public.common.common_3.ExtensionType"

textfieldExpression:
<textFieldExpression><![CDATA[$F{Extension}.getAny().toString()]]></textFieldExpression>


but without result....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/7b8a383b/attachment.htm>

From dick.muller at tahzoo.com  Mon Jun 13 14:34:19 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Mon, 13 Jun 2016 12:34:19 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <575ADC75.5040305@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
 <575ADC75.5040305@evolveum.com>
Message-ID: <00E0E1E6-FE88-47FD-89B9-3F51B5AE1F32@tahzoo.com>

Hi,

I’m happy that last Friday the Connector was discovered, but today I have another problem.
I created the SPN on Office365 and is member of the correct role. I checked this.
I added the tenancy name tahzoo365.onmicrosoft.com and applied the principalID with the correct symetricKey.

Whatever I try I keep on getting an error stating that doing GET to /tenantDetails?api-version=2013-11-08 has a exception.

You can find the error in this mail as attachment, together with the officeConnector configuration.

I used the example in the wiki pages for the configuration. https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 5:27 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Glad to hear that!
And THANK you, Jason!

We will also update the wiki sometime soon, and I will check if/when we can put that connector to nexus.

Regards,
Ivan
On 06/10/2016 04:07 PM, Dick Muller wrote:
This is great Jason,

I uploaded it to the directory and restarted the services.
It now discovers the connector. Don’t know why, probably the jar file wasn’t correct after all.

Thanks for providing me your copy. That is a great help.

Regards,
Dick Muller

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu><mailto:jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 3:52 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

I built this one for ours, we are on 3.2 though, and it imports/discovers fine and creates the connector resource,

[line image 1]

Downloadable jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM


JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>

Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/f910e407/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48876 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/f910e407/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-13 at 14.25.47.png
Type: image/png
Size: 24835 bytes
Desc: Screen Shot 2016-06-13 at 14.25.47.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/f910e407/attachment-0001.png>

From jeverling at bshp.edu  Mon Jun 13 18:43:34 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Mon, 13 Jun 2016 11:43:34 -0500
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <00E0E1E6-FE88-47FD-89B9-3F51B5AE1F32@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
 <575ADC75.5040305@evolveum.com>
 <00E0E1E6-FE88-47FD-89B9-3F51B5AE1F32@tahzoo.com>
Message-ID: <CAFkZXY4ct7vJSvjPsCzPDe=cfaABG36rXPrG8MCNS6hbxFt3qA@mail.gmail.com>

Can you add the SSL certificates that is being used by Graph and Office 365
for OAuth authentication? I think it is "DigiCert Baltimore Root/Microsoft
IT SSL SHA2" . I believe that when I did set this up I did add it to the
midpoint keystore under midpoint.home

JASON

On Mon, Jun 13, 2016 at 7:34 AM, Dick Muller <dick.muller at tahzoo.com> wrote:

> Hi,
>
>
>
> I’m happy that last Friday the Connector was discovered, but today I have
> another problem.
>
> I created the SPN on Office365 and is member of the correct role. I
> checked this.
>
> I added the tenancy name tahzoo365.onmicrosoft.com and applied the
> principalID with the correct symetricKey.
>
>
>
> Whatever I try I keep on getting an error stating that doing GET to
> /tenantDetails?api-version=2013-11-08 has a exception.
>
>
>
> You can find the error in this mail as attachment, together with the
> officeConnector configuration.
>
>
>
> I used the example in the wiki pages for the configuration.
> https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819
>
>
>
> Kindest regards,
>
>
>
> Dick
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan
> Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Friday, June 10, 2016 at 5:27 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> Glad to hear that!
> And THANK you, Jason!
>
> We will also update the wiki sometime soon, and I will check if/when we
> can put that connector to nexus.
>
> Regards,
> Ivan
>
> On 06/10/2016 04:07 PM, Dick Muller wrote:
>
> This is great Jason,
>
>
>
> I uploaded it to the directory and restarted the services.
>
> It now discovers the connector. Don’t know why, probably the jar file
> wasn’t correct after all.
>
>
>
> Thanks for providing me your copy. That is a great help.
>
>
>
> Regards,
>
> Dick Muller
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling
> <jeverling at bshp.edu> <jeverling at bshp.edu>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Friday, June 10, 2016 at 3:52 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> I built this one for ours, we are on 3.2 though, and it imports/discovers
> fine and creates the connector resource,
>
>
>
> [image: line image 1]
>
>
>
> Downloadable jar
> https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM
>
>
> JASON
>
>
>
> On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com>
> wrote:
>
> Hi Ivan,
>
>
>
> Is there another colleague that has a compiled version of the
> connector-office365?
>
> Maybe I can try it with that one and see if it is disocovered.
>
>
>
> Thanks,
>
> Dick
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick
> Muller <dick.muller at tahzoo.com>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 6:13 PM
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>
>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> Hi Ivan,
>
>
>
> Yes, the lines are present in config.xml
>
>
>
> The ls –la results are in the attachment
>
>
>
> Regards,
>
> Dick
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan
> Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 5:38 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> It really seems strange.
> Can you make listing of /data/conf/midpoint and
> /data/conf/midpoint/icf-connectors (ls -la )?
>
> Also please check if config.xml contains this:
>    <icf>
>       <scanClasspath>true</scanClasspath>
>       <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>     </icf>
> (it should be there by default just before <keystore> element)
>
> Ivan
>
> On 06/09/2016 05:08 PM, Dick Muller wrote:
>
> HI Ivan,
>
>
>
> I checked the file permissions. After that I started a clean logfile and a
> restart of the tomcat services.
>
>
>
> I do not see anything in the log. You can see my log file in the
> attachments.
>
>
>
> Regards,
>
> Dick
>
>
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 4:17 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> Hi,
>
> so /data/conf/midpoint/icf-connectors should be that directory.
> Permissions should allow the Tomcat to read the that file (e.g. 644) and
> read/exec the directory (e.g. 755)
>
> Can you please check idm.log when starting? In my case:
>
> ...
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Version :
> 3.4-SNAPSHOT
> 2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :
> https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system
> : http://jira.evolveum.com/
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): |  Product information :
> http://wiki.evolveum.com/display/midPoint
> 2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration):
> +------------------------------------------------------------------------------------------
> ---+
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home =
> /opt/midpoint.home-pokusy/
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy/ already exists. Reusing it.
> 2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//log already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//schema already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//import already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//export already exists. Reusing it.
> 2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory
> /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
> 2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint
> configuration from file /opt/midpoint.home-pokusy/config.xml
> ...
> 2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile
> version: 1.4.0.49
> 2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH:
> com.evolveum.polygon.connector-databasetable version: 1.4.0.49
> 2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap
> version: 1.4.3.0-SNAPSHOT
> *2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO
> (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl):
> Discovered ICF bundle in JAR:
> org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3*
>
>
> This is how my midPoint detected custom (not bundled) connector for
> ScriptedSQL.
>
> Ivan
>
> On 06/09/2016 04:00 PM, Dick Muller wrote:
>
> Hi Ivan,
>
>
>
> I will delete it then.
>
>
>
> The JVM parameter is –Dmidpoint.home=/data/conf/midpoint
>
>
>
> There is my config.xml and I also have stored working schema and
> organization schemaextension files there.
>
> So this must be correct.
>
>
>
> I saved the connector-office365.jar file in the icf-connectors directory.
>
>
>
> I suddenly thought about permissions on the filesystem. This is corrected
> to the tomcat user and restart again.
>
>
>
> But still there is no connector loaded in the repository.
>
>
>
> Thanks,
>
>
>
> Dick
>
>
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:43 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> You should not manually create Connector (ConnectorType) objects, these
> are created by discovering the connectors; they also contain the connector
> schema.
>
> So, please:
> 1) check your current "midpoint.home" setting. It should be JVM parameter
> -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the
> directory, where config.xml exists, and where icf-connectors directory is
> also stored (with the custom connectors)
> 2) if you are not explicitely setting "midpoint.home" parameter, the
> default is probably Tomcat directory. If you find config.xml file, that's
> the directory.
>
> Is your Office365 connector in the icf-connectors directory of that
> directory?
>
> Unfortunately I have no experience with Office365 connector myself.
>
> Best regards,
> Ivan
>
> On 06/09/2016 03:38 PM, Dick Muller wrote:
>
> Yes, but it was not.
>
> It is now, because I created a connector manually, but the Schema part is
> unknown to me.
>
>
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris
> <ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com>
> *Date: *Thursday, June 9, 2016 at 3:37 PM
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> <midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] O365 ConnectorTypeHost
>
>
>
> (The Connector XML object should be in Configuration - Repository Objects
> - Connector. Typed too fast.)
>
> On 06/09/2016 03:34 PM, Ivan Noris wrote:
>
>
>
> If all the above apply, you should see the Connector object in
> Repository/Connector. It's also the confirmation that your connector has
> been discovered when midPoint started. This information is also in idm.log
> - all discovered connector names are printed to idm.log.
>
>
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and confidential;
> intended for only the recipient(s) named above and may contain information
> that is privileged. You should not retain, copy or use this e-mail or any
> attachments for any purpose, or disclose all or any part of the contents to
> any person. Any views or opinions expressed in this e-mail are those of the
> author and do not represent those of the Baptist School of Health
> Professions. If you have received this e-mail in error, or are not the
> named recipient(s), you are hereby notified that any review, dissemination,
> distribution or copying of this communication is prohibited by the sender
> and to do so might constitute a violation of the Electronic Communications
> Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the
> sender and delete this e-mail and any attachments from your computer.
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> --
>
>   Ing. Ivan Noris
>
>   Senior Identity Management Engineer & IDM Architect
>
>   evolveum.com                     evolveum.com/blog/
>
>   ___________________________________________________
>
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/6148f542/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48876 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/6148f542/attachment.png>

From dick.muller at tahzoo.com  Mon Jun 13 14:31:57 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Mon, 13 Jun 2016 12:31:57 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <575ADC75.5040305@evolveum.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
 <575ADC75.5040305@evolveum.com>
Message-ID: <8A0DAD07-A2C4-454E-9582-CE86F5A79F96@tahzoo.com>

Hi,

I’m happy that last Friday the Connector was discovered, but today I have another problem.
I created the SPN on Office365 and is member of the correct role. I checked this.
I added the tenancy name tahzoo365.onmicrosoft.com and applied the principalID with the correct symetricKey.

Whatever I try I keep on getting an error stating that doing GET to /tenantDetails?api-version=2013-11-08 has a exception.

You can find the error in this mail as attachment, together with the officeConnector configuration.

I used the example in the wiki pages for the configuration. https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 5:27 PM
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Glad to hear that!
And THANK you, Jason!

We will also update the wiki sometime soon, and I will check if/when we can put that connector to nexus.

Regards,
Ivan
On 06/10/2016 04:07 PM, Dick Muller wrote:
This is great Jason,

I uploaded it to the directory and restarted the services.
It now discovers the connector. Don’t know why, probably the jar file wasn’t correct after all.

Thanks for providing me your copy. That is a great help.

Regards,
Dick Muller

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu><mailto:jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 3:52 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

I built this one for ours, we are on 3.2 though, and it imports/discovers fine and creates the connector resource,

[line image 1]

Downloadable jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM


JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>

Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/ec5f8094/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48876 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/ec5f8094/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-13 at 14.25.47.png
Type: image/png
Size: 24835 bytes
Desc: Screen Shot 2016-06-13 at 14.25.47.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/ec5f8094/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-13 at 14.30.41.png
Type: image/png
Size: 44456 bytes
Desc: Screen Shot 2016-06-13 at 14.30.41.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160613/ec5f8094/attachment-0002.png>

From petr at gasparik.cz  Tue Jun 14 09:43:53 2016
From: petr at gasparik.cz (=?UTF-8?B?UGV0ciBHYcWhcGFyw61r?=)
Date: Tue, 14 Jun 2016 07:43:53 +0000
Subject: [midPoint] List of user roles
Message-ID: <CAFmDq453Rjj=vxYn_JWEZCcvC7xQTzjcg+r5++HoD1emuh1JYg@mail.gmail.com>

Hi,
I am trying to list user roles in notification body.

so basically something like

                    allAssignments = requestee.getAssignment();
                    allAssignments.each {
                        body +=
basic.stringify(it.getTargetRef()?.getOid()) + "\n";
                    };

but with names instead of oid.

What is best practice how to get that?

thank you in advance,
Petr Gašparík
-- 
--
Petr G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/6ddda4a8/attachment.htm>

From dick.muller at tahzoo.com  Tue Jun 14 10:07:02 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Tue, 14 Jun 2016 08:07:02 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <CAFkZXY4ct7vJSvjPsCzPDe=cfaABG36rXPrG8MCNS6hbxFt3qA@mail.gmail.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
 <575ADC75.5040305@evolveum.com>
 <00E0E1E6-FE88-47FD-89B9-3F51B5AE1F32@tahzoo.com>
 <CAFkZXY4ct7vJSvjPsCzPDe=cfaABG36rXPrG8MCNS6hbxFt3qA@mail.gmail.com>
Message-ID: <4DA6AE1D-86F8-4605-9A1E-16507DB25743@tahzoo.com>

Thanks Jason,

I will try to do that. Thanks for the tip.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Monday, June 13, 2016 at 6:43 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Can you add the SSL certificates that is being used by Graph and Office 365 for OAuth authentication? I think it is "DigiCert Baltimore Root/Microsoft IT SSL SHA2" . I believe that when I did set this up I did add it to the midpoint keystore under midpoint.home

JASON

On Mon, Jun 13, 2016 at 7:34 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi,

I’m happy that last Friday the Connector was discovered, but today I have another problem.
I created the SPN on Office365 and is member of the correct role. I checked this.
I added the tenancy name tahzoo365.onmicrosoft.com<http://tahzoo365.onmicrosoft.com> and applied the principalID with the correct symetricKey.

Whatever I try I keep on getting an error stating that doing GET to /tenantDetails?api-version=2013-11-08 has a exception.

You can find the error in this mail as attachment, together with the officeConnector configuration.

I used the example in the wiki pages for the configuration. https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Friday, June 10, 2016 at 5:27 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Glad to hear that!
And THANK you, Jason!

We will also update the wiki sometime soon, and I will check if/when we can put that connector to nexus.

Regards,
Ivan
On 06/10/2016 04:07 PM, Dick Muller wrote:
This is great Jason,

I uploaded it to the directory and restarted the services.
It now discovers the connector. Don’t know why, probably the jar file wasn’t correct after all.

Thanks for providing me your copy. That is a great help.

Regards,
Dick Muller

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu><mailto:jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 3:52 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

I built this one for ours, we are on 3.2 though, and it imports/discovers fine and creates the connector resource,

[ine image 1]

Downloadable jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM


JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>

Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint


--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/af76df77/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48877 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/af76df77/attachment.png>

From B.kazybayev at ktg.kz  Tue Jun 14 11:32:01 2016
From: B.kazybayev at ktg.kz (=?koi8-r?B?4s/MwdQg68Ha2cLBxdc=?=)
Date: Tue, 14 Jun 2016 09:32:01 +0000
Subject: [midPoint] Synchronizing organizational structure with
	DatabaseTableConnector
Message-ID: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>

Hello all,

I'm trying to sync my org data from database table to midpoint. I read all previous topics about that and compose resource xml (in attachment). There is an error: "Failed to import: com.evolveum.midpoint.util.exception.SystemException: Error occurred during resource object shadow owner lookup, reason: Couldn't search user".

Where am I wrong in xml configuration?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/da068f50/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postgres_oracleHR_OrgUnit_Bolat2.xml
Type: application/xml
Size: 21122 bytes
Desc: postgres_oracleHR_OrgUnit_Bolat2.xml
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/da068f50/attachment.xml>

From mederly at evolveum.com  Tue Jun 14 11:40:37 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 11:40:37 +0200
Subject: [midPoint] Synchronizing organizational structure with
 DatabaseTableConnector
In-Reply-To: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>
References: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>
Message-ID: <a97725c5-c8db-d782-077d-83888f22fb73@evolveum.com>

Hello Bolat,

I would suggest replacing c:Identifier with c:identifier (lower-cased) - 
in all paths referencing "identifier" property of the OrgType; including 
the search filter used for correlation.

Best regards,

Pavol

On 14.06.2016 11:32, Болат Казыбаев wrote:
>
> Hello all,
>
> I’m trying to sync my org data from database table to midpoint. I read 
> all previous topics about that and compose resource xml (in 
> attachment). There is an error: “Failed to import: 
> com.evolveum.midpoint.util.exception.SystemException: Error occurred 
> during resource object shadow owner lookup, reason: Couldn't search user”.
>
> Where am I wrong in xml configuration?
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/70e7e7af/attachment.htm>

From marco.benucci.ext at mise.gov.it  Tue Jun 14 11:42:45 2016
From: marco.benucci.ext at mise.gov.it (Marco Benucci (Consulente))
Date: Tue, 14 Jun 2016 09:42:45 +0000
Subject: [midPoint] Synchronizing organizational structure with
 DatabaseTableConnector
Message-ID: <A4994DE4207E4C4C863AA609465D52233EE934DC@MISEEX04.risorse.mise>

Hi,

you have to use in the schemahandling KIND = 'Generic' and OBJECTCLASS = 'CustomorganizationalUnitObjectClass'

And then, in the Synchronization you have to use KIND = 'Generic', OBJECTCLASS = 'CustomorganizationalUnitObjectClass' and FOCUS= 'OrgType'.
I think it will work
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/956e2451/attachment.htm>

From B.kazybayev at ktg.kz  Tue Jun 14 12:31:51 2016
From: B.kazybayev at ktg.kz (=?koi8-r?B?4s/MwdQg68Ha2cLBxdc=?=)
Date: Tue, 14 Jun 2016 10:31:51 +0000
Subject: [midPoint] Approval of adding resource
Message-ID: <40453c4b21bd40ac884ae399663295b6@exch-02.ktg.kz>

Hello,
I want to confirm adding Active Directory(AD) resource account to user by approver (ex. administrator).
It works when I assign role(with <approveRef>) to user manually, but in my case my role is assigned automatically in user template when creating/importing users from csv. In that case AD resource account is linked to user without approval of admin.
How can avoid this?
Also I saw Confirmation part in Synchronization of Resource definition. Is it possible to add approval process in Confirmation part?
If yes, what should I do?


Thanks in advance,
Saule and Bolat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/bcddc22f/attachment.htm>

From B.kazybayev at ktg.kz  Tue Jun 14 12:48:08 2016
From: B.kazybayev at ktg.kz (=?utf-8?B?0JHQvtC70LDRgiDQmtCw0LfRi9Cx0LDQtdCy?=)
Date: Tue, 14 Jun 2016 10:48:08 +0000
Subject: [midPoint] Synchronizing organizational structure with
 DatabaseTableConnector
In-Reply-To: <a97725c5-c8db-d782-077d-83888f22fb73@evolveum.com>
References: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>
 <a97725c5-c8db-d782-077d-83888f22fb73@evolveum.com>
Message-ID: <348dda4cee5f41d989a2cf27f36c1763@exch-02.ktg.kz>

Hi Pavol,

Thank you for your suggestion. I changed “Identifier” to lower-case and it works.  ☺ Now I need to make an organization tree using parent-child reference. In fact now I have, “name” property as org_id, and “costCenter” property as parent_id. Any suggestions how to make it?

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Pavol Mederly
Sent: Tuesday, June 14, 2016 3:41 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Synchronizing organizational structure with DatabaseTableConnector


Hello Bolat,

I would suggest replacing c:Identifier with c:identifier (lower-cased) - in all paths referencing "identifier" property of the OrgType; including the search filter used for correlation.

Best regards,

Pavol
On 14.06.2016 11:32, Болат Казыбаев wrote:
Hello all,

I’m trying to sync my org data from database table to midpoint. I read all previous topics about that and compose resource xml (in attachment). There is an error: “Failed to import: com.evolveum.midpoint.util.exception.SystemException: Error occurred during resource object shadow owner lookup, reason: Couldn't search user”.

Where am I wrong in xml configuration?




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/d282da1f/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 12:53:49 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 12:53:49 +0200
Subject: [midPoint] Approval of adding resource
In-Reply-To: <40453c4b21bd40ac884ae399663295b6@exch-02.ktg.kz>
References: <40453c4b21bd40ac884ae399663295b6@exch-02.ktg.kz>
Message-ID: <1edb0bcc-de45-4c0e-87b5-18a78f4eea56@evolveum.com>

Hello Saule and Bolat,

although it is possible to approve adding resource assignments to users, 
your situation is a bit different.

The difference is in the fact that assignments are generated 
automatically. So, if it could be hacked somehow to start an approval 
process even in this case, the problem would arise when such process 
would finish with "reject" outcome. Any future import or reconciliation 
(or even liveSync in some cases) would trigger the approval process 
again, and again, and again.

I would suggest rethinking this requirement a bit. You could also search 
this mailing list for similar discussions, there were one or two in 
recent months (as far as I know).

As for the confirmation section, it is used only with connection to 
correlation search filter - if the filter returns more values, 
confirmation can be used to definitely select one of them. At least this 
is how I remember the docs; never used that in practice.

Best regards,

Pavol


On 14.06.2016 12:31, Болат Казыбаев wrote:
>
> Hello,
>
> I want to confirm adding Active Directory(AD) resource account to user 
> by approver (ex. administrator).
>
> It works when I assign role(with <approveRef>) to user manually, but 
> in my case my role is assigned automatically in user template when 
> creating/importing users from csv. In that case AD resource account is 
> linked to user without approval of admin.
>
> How can avoid this?
>
> Also I saw Confirmation part in Synchronization of Resource 
> definition. Is it possible to add approval process in Confirmation part?
>
> If yes, what should I do?
>
> Thanks in advance,
>
> Saule and Bolat
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/a784e80a/attachment.htm>

From B.kazybayev at ktg.kz  Tue Jun 14 12:53:47 2016
From: B.kazybayev at ktg.kz (=?koi8-r?B?4s/MwdQg68Ha2cLBxdc=?=)
Date: Tue, 14 Jun 2016 10:53:47 +0000
Subject: [midPoint] Synchronizing organizational structure with
 DatabaseTableConnector
In-Reply-To: <A4994DE4207E4C4C863AA609465D52233EE934DC@MISEEX04.risorse.mise>
References: <A4994DE4207E4C4C863AA609465D52233EE934DC@MISEEX04.risorse.mise>
Message-ID: <b887f61788bb4f038bfe61a5028c1964@exch-02.ktg.kz>

Hi Marco,


Thank you for your suggestion. I have changed the value of kind  element to 'generic' and objectclass to 'CustomorganizationalUnitObjectClass', but without success. I have fixed an issue with lowercase "c:identifier" and now it works. In fact, as Ivan Noris said in previous post "Database connector supports only accounts, i.e. kind=account.
So if you want to import something which is not account, but
organization or role, you have to pretend it's account.
But it will work." I have attached working xml for those who have the same case.

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Marco Benucci (Consulente)
Sent: Tuesday, June 14, 2016 3:43 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Synchronizing organizational structure with DatabaseTableConnector

Hi,

you have to use in the schemahandling KIND = 'Generic' and OBJECTCLASS = 'CustomorganizationalUnitObjectClass'

And then, in the Synchronization you have to use KIND = 'Generic', OBJECTCLASS = 'CustomorganizationalUnitObjectClass' and FOCUS= 'OrgType'.
I think it will work
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/0b4f75a8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postgres_oracleHR_OrgUnit_Bolat2.xml
Type: application/xml
Size: 21116 bytes
Desc: postgres_oracleHR_OrgUnit_Bolat2.xml
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/0b4f75a8/attachment.xml>

From gustav.palos at evolveum.com  Tue Jun 14 13:10:15 2016
From: gustav.palos at evolveum.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=)
Date: Tue, 14 Jun 2016 13:10:15 +0200
Subject: [midPoint] Synchronizing organizational structure with
	DatabaseTableConnector
In-Reply-To: <348dda4cee5f41d989a2cf27f36c1763@exch-02.ktg.kz>
References: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>
 <a97725c5-c8db-d782-077d-83888f22fb73@evolveum.com>
 <348dda4cee5f41d989a2cf27f36c1763@exch-02.ktg.kz>
Message-ID: <CAPXQVkdPMFCAJc0D2Z9rBVvxw5s7KRnD+vRor5pUChT2ToQH0A@mail.gmail.com>

Hi Bolat,

I have an example how can I assign user to existing org in midpoint
by midpoint.searchObjectByName in object template.
The similar can work for you, but you need to run import in right order
(first root, next his childs, ...)

<objectTemplate xmlns="
http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
 xmlns:icfc="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3
"
 xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
"
 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
          xmlns:cap="
http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
          xmlns:apti="
http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
          xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
          xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
          xmlns:cdoext="http://xml.uniba.sk/cdoext"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          oid="10000000-0000-0000-0210-000000000101">
   <name>User Template</name>



  <mapping>
      <name>User org mapping</name>
      <authoritative>true</authoritative>
      <source>
         <c:path xmlns:ext="http://xxx">extension/namesOfOrgs</c:path>
    <c:name>namesOfOrg</c:name>
      </source>
      <expression>
         <script>
          <!-- <relativityMode>absolute</relativityMode> --><!-- FIX for
multivalue -->
            <code>
  import
com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
  import
com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
  import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
  import java.util.*;

  log.info("XXX assigning from org {}" , namesOfOrg)
  if (namesOfOrg != null){

    org = midpoint.searchObjectByName(OrgType.class, namesOfOrg);
    log.info("org {}" , org)
    orgOrt = new ObjectReferenceType();
   orgOrt.setOid(org.getOid());
   orgOrt.setType(OrgType.COMPLEX_TYPE);

   AssignmentType assignment = new AssignmentType();
   assignment.asPrismContainerValue()
   assignment.setTargetRef(orgOrt);

   return assignment
  }
  </code>
         </script>
      </expression>
      <target>
         <c:path>assignment</c:path>
      </target>
      <condition>
         <script>
            <code>
            return namesOfOrg != null
            </code>
         </script>
      </condition>
   </mapping>

</objectTemplate>

Gustav

2016-06-14 12:48 GMT+02:00 Болат Казыбаев <B.kazybayev at ktg.kz>:

> Hi Pavol,
>
>
>
> Thank you for your suggestion. I changed “Identifier” to lower-case and it
> works.  J Now I need to make an organization tree using parent-child
> reference. In fact now I have, “name” property as org_id, and “costCenter”
> property as parent_id. Any suggestions how to make it?
>
>
>
> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On Behalf
> Of *Pavol Mederly
> *Sent:* Tuesday, June 14, 2016 3:41 PM
> *To:* midpoint at lists.evolveum.com
> *Subject:* Re: [midPoint] Synchronizing organizational structure with
> DatabaseTableConnector
>
>
>
> Hello Bolat,
>
> I would suggest replacing c:Identifier with c:identifier (lower-cased) -
> in all paths referencing "identifier" property of the OrgType; including
> the search filter used for correlation.
>
> Best regards,
>
> Pavol
>
> On 14.06.2016 11:32, Болат Казыбаев wrote:
>
> Hello all,
>
>
>
> I’m trying to sync my org data from database table to midpoint. I read all
> previous topics about that and compose resource xml (in attachment). There
> is an error: “Failed to import:
> com.evolveum.midpoint.util.exception.SystemException: Error occurred during
> resource object shadow owner lookup, reason: Couldn't search user”.
>
>
>
> Where am I wrong in xml configuration?
>
>
>
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/a8f2d828/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 13:28:45 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 13:28:45 +0200
Subject: [midPoint] Question about syncing situation
In-Reply-To: <1465287016369.84164@rmit.ee>
References: <1465287016369.84164@rmit.ee>
Message-ID: <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>

Hello Aivo,


midPoint should be able to resolve such situations; although maybe not 
in one iteration (of CSV import). It might be possible that a sequence 
of operations, like:

- import from CSV

- AD reconciliation or user/role recomputation

is necessary to completely recover from such situations.


If there's a sequence of these operation that results in a wrong 
midPoint state (i.e. state that requires manual intervention), it is a bug.


 From your mail I'm not sure if manual intervention is really necessary, 
or if a sequence of import + reconciliation operations would solve the 
problem.


If the former, I would suggest inspecting your synchronization settings 
(in particular, correlation search filter, including matching rules).


(My personal experience with midPoint failing to recover from similar 
strange situations is just like that; after correcting the correlation 
rules midPoint was able to recover from those, although not within one 
import operation.)


Hope this helps.

Pavol


On 07.06.2016 10:10, Aivo Kuhlberg wrote:

> Hi,
>
> I have question about one syncing situation. I import users from 
> CSV-file and use Exchange connector to sync both AD/Exchange user 
> accounts and groups (as roles). I am testing following situation:
>
>  1. I create a new group "testgroup" in AD
>  2. I run reconciliation of AD groups and I see that new midPoint role
>     "testgroup" is created from AD group.
>  3. Now I assign this newly created role to midPoint user "testuser".
>     I see that the same AD user account is now group member of
>     testgroup in AD.
>  4. Now I delete in AD group testgroup. This should be OK as midPoint
>     is able to restore deleted AD group and its members.
>  5. After that I do import of users from CSV file. I understand this
>     is unusual situation and I probably should have done before that
>     reconciliation of AD groups and users but I just wanted to see
>     what happens. What happens is that after CSV file import AD group
>     is restored in AD but AD user is not member of this group. Another
>     thing what happens is that I see following error:
>
> 2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] 
> [midPointScheduler_Worker-7] ERROR 
> (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error 
> executing changes for (entitlement (group) on 
> resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't add 
> object. Object already exists: Object already exists on the resource: 
> org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The 
> object already exists.??: when creating 
> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The 
> object already exists.??: when creating 
> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)
>
> When I look at the shadow information of testgroup and testuser then I 
> see that they have now following attributes:
> For testgroup:
> <dead>true</dead>
> <synchronizationSituation>deleted</synchronizationSituation>
>
> and for testuser:
> <dead>true</dead>
> <synchronizationSituation>linked</synchronizationSituation>
>
> I have to fix this situation by deleting manually testgroup and 
> testuser shadows and do reconciliation of AD groups and users.
>
>
> Has anybody tested that situation and should midPoint 3.3.1 be able to 
> resolve that situation automatically or is it too complex situation 
> and I just have to avoid it by doing AD groups and users 
> reconciliation every time before importing users fom CSV file?
>
> Thanks,
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/c401446d/attachment.htm>

From aivo.kuhlberg at rmit.ee  Tue Jun 14 13:36:19 2016
From: aivo.kuhlberg at rmit.ee (Aivo Kuhlberg)
Date: Tue, 14 Jun 2016 11:36:19 +0000
Subject: [midPoint] Automatic role assignments
Message-ID: <1465904177477.66673@rmit.ee>

Hi,
I would like to create automatic role assignments for users based on the organization unit where each user belongs to. The mechanism should have following functionality:

  1.  When user is added to midPoint s/he will get automatic roles assigned based on the org unit where s/he belongs.
  2.  When user moves to another organization unit then the automatic roles should be reassigned (old org unit automatic roles removed and new org unit automatic roles assigned).
  3.  When existing automatic role is added/changed/deleted the change should be reflected in all users' automatic roles.
  4.  Automatic role assignments should be related with organization hierarchy - eg. top-level org automatic role A will be assigned to all users who belong to top-level and its child organizations. Child org automatic role B should be assigned to only child org users.

Is it possible to implement this setup or at last part of it in midPoint 3.3.1 (or 3.4)? What is the suggested way to implement this?

Thanks,

Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/0bba7a0e/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 13:53:32 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 13:53:32 +0200
Subject: [midPoint] Automatic role assignments
In-Reply-To: <1465904177477.66673@rmit.ee>
References: <1465904177477.66673@rmit.ee>
Message-ID: <647d3883-2b21-dcae-5685-09c6f37b3998@evolveum.com>

Hello Aivo,


it's probably possible.


If there would not be point #4 (hierarchical aspect), your configuration 
could be implemented by inducements defined at various points in the org 
tree.


But point #4 requires more elaborate solution. I would suggest trying 
something like this:


- create a user template containing the following mapping:

   - source: parentOrgRef

   - target: assignment

   - code: something like:

     - take all parentOrgRefs

     - iteratively compute a transitive closure, adding their parents, 
grand-parents, etc, up to the root(s) of the hierarchy

     - collect all inducements of these orgs, and use them as the result 
of this mapping

  (mapping should be declared as 'absolute', not 'relative' one)


Actually I'm not convinced it will work, but ... it's worth a try, maybe 
(giving it ~ 60% chance...)


Inherent limitation of this solution is that it's not able to 
distinguish which assignments are 'manual' and which are 'automatic'. 
I.e. in case that something goes really wrong, we are not able to run 
something like 'total recomputation' which would delete all automatic 
asssignments that are no longer appropriate. This would need to be 
hacked by running a bulk action that would first eliminate all 
'automatic' assignments from a given user, and then run a recomputation 
to provide valid ones.


Another caveat is the order of evaluation of these mappings and existing 
assignments. This would need to be experimented as well.


And, as for #3, in both scenarios (hierarchical or non-hierarchical), 
user recomputation would be needed.


Maybe someone could propose a better solution...


Best regards,

Pavol


On 14.06.2016 13:36, Aivo Kuhlberg wrote:
>
> Hi,
> I would like to create automatic role assignments for users based on 
> the organization unit where each user belongs to. The mechanism should 
> have following functionality:
>
>  1. When user is added to midPoint s/he will get automatic roles
>     assigned based on the org unit where s/he belongs.
>  2. When user moves to another organization unit then the automatic
>     roles should be reassigned (old org unit automatic roles removed
>     and new org unit automatic roles assigned).
>  3. When existing automatic role is added/changed/deleted the change
>     should be reflected in all users' automatic roles.
>  4. Automatic role assignments should be related with organization
>     hierarchy - eg. top-level org automatic role A will be assigned to
>     all users who belong to top-level and its child organizations.
>     Child org automatic role B should be assigned to only child org users.
>
> Is it possible to implement this setup or at last part of it in 
> midPoint 3.3.1 (or 3.4)? What is the suggested way to implement this?
>
>
> Thanks,
>
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/dfd7f54d/attachment.htm>

From aivo.kuhlberg at rmit.ee  Tue Jun 14 13:54:27 2016
From: aivo.kuhlberg at rmit.ee (Aivo Kuhlberg)
Date: Tue, 14 Jun 2016 11:54:27 +0000
Subject: [midPoint] Question about syncing situation
In-Reply-To: <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>
References: <1465287016369.84164@rmit.ee>,
 <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>
Message-ID: <1465905265400.42641@rmit.ee>

Hi Pavol,
Thanks for the answer. Don't know if this is a bug or my bad syncing configuration. I can avoid it by syncing in following order:
First, doing reconciliation of AD groups -> this restores the deleted AD group
Second, doing reconciliation of AD/Exchange users -> this restores AD group user membership
Third, doing CSV import of users -> this reimports all users data to midPoint and provisions the changes to  AD/Exchange

Regards,
Aivo Kuhlberg

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol Mederly <mederly at evolveum.com>
Saadetud: 14. juuni 2016 14:28
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Question about syncing situation


Hello Aivo,


midPoint should be able to resolve such situations; although maybe not in one iteration (of CSV import). It might be possible that a sequence of operations, like:

- import from CSV

- AD reconciliation or user/role recomputation

is necessary to completely recover from such situations.


If there's a sequence of these operation that results in a wrong midPoint state (i.e. state that requires manual intervention), it is a bug.


>From your mail I'm not sure if manual intervention is really necessary, or if a sequence of import + reconciliation operations would solve the problem.


If the former, I would suggest inspecting your synchronization settings (in particular, correlation search filter, including matching rules).


(My personal experience with midPoint failing to recover from similar strange situations is just like that; after correcting the correlation rules midPoint was able to recover from those, although not within one import operation.)


Hope this helps.

Pavol


On 07.06.2016 10:10, Aivo Kuhlberg wrote:

Hi,

I have question about one syncing situation. I import users from CSV-file and use Exchange connector to sync both AD/Exchange user accounts and groups (as roles). I am testing following situation:

  1.  I create a new group "testgroup" in AD
  2.  I run reconciliation of AD groups and I see that new midPoint role "testgroup" is created from AD group.
  3.  Now I assign this newly created role to midPoint user "testuser". I see that the same AD user account is now group member of testgroup in AD.
  4.  Now I delete in AD group testgroup. This should be OK as midPoint is able to restore deleted AD group and its members.
  5.  After that I do import of users from CSV file. I understand this is unusual situation and I probably should have done before that reconciliation of AD groups and users but I just wanted to see what happens. What happens is that after CSV file import AD group is restored in AD but AD user is not member of this group. Another thing what happens is that I see following error:

2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] [midPointScheduler_Worker-7] ERROR (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error executing changes for (entitlement (group) on resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't add object. Object already exists: Object already exists on the resource: org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)

When I look at the shadow information of testgroup and testuser then I see that they have now following attributes:
For testgroup:
<dead>true</dead>
<synchronizationSituation>deleted</synchronizationSituation>

and for testuser:
<dead>true</dead>
<synchronizationSituation>linked</synchronizationSituation>

I have to fix this situation by deleting manually testgroup and testuser shadows and do reconciliation of AD groups and users.


Has anybody tested that situation and should midPoint 3.3.1 be able to resolve that situation automatically or is it too complex situation and I just have to avoid it by doing AD groups and users reconciliation every time before importing users fom CSV file?

Thanks,
Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/5c5be848/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 13:55:57 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 13:55:57 +0200
Subject: [midPoint] Question about syncing situation
In-Reply-To: <1465905265400.42641@rmit.ee>
References: <1465287016369.84164@rmit.ee>
 <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>
 <1465905265400.42641@rmit.ee>
Message-ID: <ae557052-4b31-8e49-f428-1b564c146f4e@evolveum.com>

Aivo,


yes. But if the sync operations go in another order (e.g. CSV import 
first, then reconciliation of AD groups, then AD users, and then perhaps 
again CSV import), is the problem fixed? Or midPoint ends in a wrong state?


Pavol


On 14.06.2016 13:54, Aivo Kuhlberg wrote:
>
> Hi Pavol,
> Thanks for the answer. Don't know if this is a bug or my bad syncing 
> configuration. I can avoid it by syncing in following order:
> First, doing reconciliation of AD groups -> this restores the deleted 
> AD group
> Second, doing reconciliation of AD/Exchange users -> this restores AD 
> group user membership
> Third, doing CSV import of users -> this reimports all users data to 
> midPoint and provisions the changes to  AD/Exchange
>
> Regards,
> Aivo Kuhlberg
>
> ------------------------------------------------------------------------
> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol 
> Mederly <mederly at evolveum.com>
> *Saadetud:* 14. juuni 2016 14:28
> *Adressaat:* midpoint at lists.evolveum.com
> *Teema:* Re: [midPoint] Question about syncing situation
>
> Hello Aivo,
>
>
> midPoint should be able to resolve such situations; although maybe not 
> in one iteration (of CSV import). It might be possible that a sequence 
> of operations, like:
>
> - import from CSV
>
> - AD reconciliation or user/role recomputation
>
> is necessary to completely recover from such situations.
>
>
> If there's a sequence of these operation that results in a wrong 
> midPoint state (i.e. state that requires manual intervention), it is a 
> bug.
>
>
> From your mail I'm not sure if manual intervention is really 
> necessary, or if a sequence of import + reconciliation operations 
> would solve the problem.
>
>
> If the former, I would suggest inspecting your synchronization 
> settings (in particular, correlation search filter, including matching 
> rules).
>
>
> (My personal experience with midPoint failing to recover from similar 
> strange situations is just like that; after correcting the correlation 
> rules midPoint was able to recover from those, although not within one 
> import operation.)
>
>
> Hope this helps.
>
> Pavol
>
>
> On 07.06.2016 10:10, Aivo Kuhlberg wrote:
>
>> Hi,
>>
>> I have question about one syncing situation. I import users from 
>> CSV-file and use Exchange connector to sync both AD/Exchange user 
>> accounts and groups (as roles). I am testing following situation:
>>
>>  1. I create a new group "testgroup" in AD
>>  2. I run reconciliation of AD groups and I see that new midPoint
>>     role "testgroup" is created from AD group.
>>  3. Now I assign this newly created role to midPoint user "testuser".
>>     I see that the same AD user account is now group member of
>>     testgroup in AD.
>>  4. Now I delete in AD group testgroup. This should be OK as midPoint
>>     is able to restore deleted AD group and its members.
>>  5. After that I do import of users from CSV file. I understand this
>>     is unusual situation and I probably should have done before that
>>     reconciliation of AD groups and users but I just wanted to see
>>     what happens. What happens is that after CSV file import AD group
>>     is restored in AD but AD user is not member of this group.
>>     Another thing what happens is that I see following error:
>>
>> 2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] 
>> [midPointScheduler_Worker-7] ERROR 
>> (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error 
>> executing changes for (entitlement (group) on 
>> resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't 
>> add object. Object already exists: Object already exists on the 
>> resource: 
>> org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The 
>> object already exists.??: when creating 
>> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The 
>> object already exists.??: when creating 
>> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)
>>
>> When I look at the shadow information of testgroup and testuser then 
>> I see that they have now following attributes:
>> For testgroup:
>> <dead>true</dead>
>> <synchronizationSituation>deleted</synchronizationSituation>
>>
>> and for testuser:
>> <dead>true</dead>
>> <synchronizationSituation>linked</synchronizationSituation>
>>
>> I have to fix this situation by deleting manually testgroup and 
>> testuser shadows and do reconciliation of AD groups and users.
>>
>>
>> Has anybody tested that situation and should midPoint 3.3.1 be able 
>> to resolve that situation automatically or is it too complex 
>> situation and I just have to avoid it by doing AD groups and users 
>> reconciliation every time before importing users fom CSV file?
>>
>> Thanks,
>> Aivo Kuhlberg
>>
>>
>> ------------------------------------------------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
>> tunnistatud teavet.
>> This e-mail may contain information which is classified for official 
>> use.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/f15f426f/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 14:07:58 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 14:07:58 +0200
Subject: [midPoint] Automatic role assignments
In-Reply-To: <647d3883-2b21-dcae-5685-09c6f37b3998@evolveum.com>
References: <1465904177477.66673@rmit.ee>
 <647d3883-2b21-dcae-5685-09c6f37b3998@evolveum.com>
Message-ID: <55646d3a-419d-fa3d-b98d-ba2eb2d6973f@evolveum.com>

To correct my own answer ... maybe there's yet another possibility:


Let's imagine you have an org O that should induce assigning role R on 
all users that are in O and all of its sub-orgs.


You could implement this by creating inducements of R on O with orders 
of 1, ..., N where N is to estimated maximum depth of the org tree. 
Something like this (for N = 4):


<org xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      oid="6e0ad2bc-1d74-48bd-b7b3-793a33d70cce">
    <name>O</name>
    <displayName>...</displayName>
    <inducement id="1">
       <targetRef oid="190c7097-d18a-4cfe-935f-bf1bcf7ef3eb" 
type="c:RoleType"><!-- X --></targetRef>
    </inducement>
    <inducement id="2">
       <targetRef oid="190c7097-d18a-4cfe-935f-bf1bcf7ef3eb" 
type="c:RoleType"><!-- X --></targetRef>
       <order>2</order>
    </inducement>

    <inducement id="3">
       <targetRef oid="190c7097-d18a-4cfe-935f-bf1bcf7ef3eb" 
type="c:RoleType"><!-- X --></targetRef>
       <order>3</order>
    </inducement>

    <inducement id="4">
       <targetRef oid="190c7097-d18a-4cfe-935f-bf1bcf7ef3eb" 
type="c:RoleType"><!-- X --></targetRef>
       <order>4</order>
    </inducement>

</org>


If a user U has assigned org O3 which is a child of O2 (i.e. has an 
assignment of O2), where O2 is a child of O (i.e. has an assignment of 
O), it will have the following roles added:
- inducements of O3 defined with order=1 (the default)
- inducements of O2 defined with order=2
- inducements of O defined with order=3

I've verified that it basically works. Please note that the roles are 
not shown when user is edited; but they are effectively present. They 
can be displayed by clicking on "Show all assignments" button when 
editing the user:



Best regards,
Pavol

On 14.06.2016 13:53, Pavol Mederly wrote:
>
> Hello Aivo,
>
>
> it's probably possible.
>
>
> If there would not be point #4 (hierarchical aspect), your 
> configuration could be implemented by inducements defined at various 
> points in the org tree.
>
>
> But point #4 requires more elaborate solution. I would suggest trying 
> something like this:
>
>
> - create a user template containing the following mapping:
>
>   - source: parentOrgRef
>
>   - target: assignment
>
>   - code: something like:
>
>     - take all parentOrgRefs
>
>     - iteratively compute a transitive closure, adding their parents, 
> grand-parents, etc, up to the root(s) of the hierarchy
>
>     - collect all inducements of these orgs, and use them as the 
> result of this mapping
>
>  (mapping should be declared as 'absolute', not 'relative' one)
>
>
> Actually I'm not convinced it will work, but ... it's worth a try, 
> maybe (giving it ~ 60% chance...)
>
>
> Inherent limitation of this solution is that it's not able to 
> distinguish which assignments are 'manual' and which are 'automatic'. 
> I.e. in case that something goes really wrong, we are not able to run 
> something like 'total recomputation' which would delete all automatic 
> asssignments that are no longer appropriate. This would need to be 
> hacked by running a bulk action that would first eliminate all 
> 'automatic' assignments from a given user, and then run a 
> recomputation to provide valid ones.
>
>
> Another caveat is the order of evaluation of these mappings and 
> existing assignments. This would need to be experimented as well.
>
>
> And, as for #3, in both scenarios (hierarchical or non-hierarchical), 
> user recomputation would be needed.
>
>
> Maybe someone could propose a better solution...
>
>
> Best regards,
>
> Pavol
>
>
> On 14.06.2016 13:36, Aivo Kuhlberg wrote:
>>
>> Hi,
>> I would like to create automatic role assignments for users based on 
>> the organization unit where each user belongs to. The mechanism 
>> should have following functionality:
>>
>>  1. When user is added to midPoint s/he will get automatic roles
>>     assigned based on the org unit where s/he belongs.
>>  2. When user moves to another organization unit then the automatic
>>     roles should be reassigned (old org unit automatic roles removed
>>     and new org unit automatic roles assigned).
>>  3. When existing automatic role is added/changed/deleted the change
>>     should be reflected in all users' automatic roles.
>>  4. Automatic role assignments should be related with organization
>>     hierarchy - eg. top-level org automatic role A will be assigned
>>     to all users who belong to top-level and its child organizations.
>>     Child org automatic role B should be assigned to only child org
>>     users.
>>
>> Is it possible to implement this setup or at last part of it in 
>> midPoint 3.3.1 (or 3.4)? What is the suggested way to implement this?
>>
>>
>> Thanks,
>>
>> Aivo Kuhlberg
>>
>>
>> ------------------------------------------------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
>> tunnistatud teavet.
>> This e-mail may contain information which is classified for official 
>> use.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/d773c054/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jjhjijaiodcceaik.png
Type: image/png
Size: 16754 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/d773c054/attachment.png>

From aivo.kuhlberg at rmit.ee  Tue Jun 14 14:22:16 2016
From: aivo.kuhlberg at rmit.ee (Aivo Kuhlberg)
Date: Tue, 14 Jun 2016 12:22:16 +0000
Subject: [midPoint] Question about syncing situation
In-Reply-To: <ae557052-4b31-8e49-f428-1b564c146f4e@evolveum.com>
References: <1465287016369.84164@rmit.ee>
 <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>
 <1465905265400.42641@rmit.ee>,
 <ae557052-4b31-8e49-f428-1b564c146f4e@evolveum.com>
Message-ID: <1465906934732.34244@rmit.ee>

If I do it in another order, like first doing CSV import then I see the problems I reported and if I later do any AD reconciliations then the problem is still not solved (errors in log) - I think because of the dead shadows. Because when I delete these dead shadows then AD reconciliations starts working again.


Aivo Kuhlberg        Telefon: (+372) 671 3984
Rahandusministeeriumi Infotehnoloogiakeskus
________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol Mederly <mederly at evolveum.com>
Saadetud: 14. juuni 2016 14:55
Adressaat: midpoint at lists.evolveum.com
Teema: Re: [midPoint] Question about syncing situation


Aivo,


yes. But if the sync operations go in another order (e.g. CSV import first, then reconciliation of AD groups, then AD users, and then perhaps again CSV import), is the problem fixed? Or midPoint ends in a wrong state?


Pavol

On 14.06.2016 13:54, Aivo Kuhlberg wrote:

Hi Pavol,
Thanks for the answer. Don't know if this is a bug or my bad syncing configuration. I can avoid it by syncing in following order:
First, doing reconciliation of AD groups -> this restores the deleted AD group
Second, doing reconciliation of AD/Exchange users -> this restores AD group user membership
Third, doing CSV import of users -> this reimports all users data to midPoint and provisions the changes to  AD/Exchange

Regards,
Aivo Kuhlberg

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> nimelPavol Mederly <mederly at evolveum.com><mailto:mederly at evolveum.com>
Saadetud: 14. juuni 2016 14:28
Adressaat: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Teema: Re: [midPoint] Question about syncing situation


Hello Aivo,


midPoint should be able to resolve such situations; although maybe not in one iteration (of CSV import). It might be possible that a sequence of operations, like:

- import from CSV

- AD reconciliation or user/role recomputation

is necessary to completely recover from such situations.


If there's a sequence of these operation that results in a wrong midPoint state (i.e. state that requires manual intervention), it is a bug.


>From your mail I'm not sure if manual intervention is really necessary, or if a sequence of import + reconciliation operations would solve the problem.


If the former, I would suggest inspecting your synchronization settings (in particular, correlation search filter, including matching rules).


(My personal experience with midPoint failing to recover from similar strange situations is just like that; after correcting the correlation rules midPoint was able to recover from those, although not within one import operation.)


Hope this helps.

Pavol


On 07.06.2016 10:10, Aivo Kuhlberg wrote:

Hi,

I have question about one syncing situation. I import users from CSV-file and use Exchange connector to sync both AD/Exchange user accounts and groups (as roles). I am testing following situation:

  1.  I create a new group "testgroup" in AD
  2.  I run reconciliation of AD groups and I see that new midPoint role "testgroup" is created from AD group.
  3.  Now I assign this newly created role to midPoint user "testuser". I see that the same AD user account is now group member of testgroup in AD.
  4.  Now I delete in AD group testgroup. This should be OK as midPoint is able to restore deleted AD group and its members.
  5.  After that I do import of users from CSV file. I understand this is unusual situation and I probably should have done before that reconciliation of AD groups and users but I just wanted to see what happens. What happens is that after CSV file import AD group is restored in AD but AD user is not member of this group. Another thing what happens is that I see following error:

2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] [midPointScheduler_Worker-7] ERROR (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error executing changes for (entitlement (group) on resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't add object. Object already exists: Object already exists on the resource: org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The object already exists.??: when creating LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)

When I look at the shadow information of testgroup and testuser then I see that they have now following attributes:
For testgroup:
<dead>true</dead>
<synchronizationSituation>deleted</synchronizationSituation>

and for testuser:
<dead>true</dead>
<synchronizationSituation>linked</synchronizationSituation>

I have to fix this situation by deleting manually testgroup and testuser shadows and do reconciliation of AD groups and users.


Has anybody tested that situation and should midPoint 3.3.1 be able to resolve that situation automatically or is it too complex situation and I just have to avoid it by doing AD groups and users reconciliation every time before importing users fom CSV file?

Thanks,
Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/a9051e63/attachment.htm>

From mederly at evolveum.com  Tue Jun 14 14:36:26 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 14 Jun 2016 14:36:26 +0200
Subject: [midPoint] Question about syncing situation
In-Reply-To: <1465906934732.34244@rmit.ee>
References: <1465287016369.84164@rmit.ee>
 <ffdf031a-ddec-9356-f214-47bef77125a6@evolveum.com>
 <1465905265400.42641@rmit.ee>
 <ae557052-4b31-8e49-f428-1b564c146f4e@evolveum.com>
 <1465906934732.34244@rmit.ee>
Message-ID: <46b4c05e-a773-75a5-784e-20a2e0bfce73@evolveum.com>

Yes, now I see... maybe this is really a bug.


But it's quite possible it was corrected recently, as Rado fixed 
something related to handling Object not found exceptions.


Could you try with current 3.4 snapshot? It is already a "near release" 
quality.


Pavol


On 14.06.2016 14:22, Aivo Kuhlberg wrote:
>
> If I do it in another order, like first doing CSV import then I see 
> the problems I reported and if I later do any AD reconciliations then 
> the problem is still not solved (errors in log) - I think because of 
> the dead shadows. Because when I delete these dead shadows then AD 
> reconciliations starts working again.
>
>
> Aivo Kuhlberg        Telefon: (+372) 671 3984
> Rahandusministeeriumi Infotehnoloogiakeskus
> ------------------------------------------------------------------------
> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol 
> Mederly <mederly at evolveum.com>
> *Saadetud:* 14. juuni 2016 14:55
> *Adressaat:* midpoint at lists.evolveum.com
> *Teema:* Re: [midPoint] Question about syncing situation
>
> Aivo,
>
>
> yes. But if the sync operations go in another order (e.g. CSV import 
> first, then reconciliation of AD groups, then AD users, and then 
> perhaps again CSV import), is the problem fixed? Or midPoint ends in a 
> wrong state?
>
>
> Pavol
>
>
> On 14.06.2016 13:54, Aivo Kuhlberg wrote:
>>
>> Hi Pavol,
>> Thanks for the answer. Don't know if this is a bug or my bad syncing 
>> configuration. I can avoid it by syncing in following order:
>> First, doing reconciliation of AD groups -> this restores the deleted 
>> AD group
>> Second, doing reconciliation of AD/Exchange users -> this restores AD 
>> group user membership
>> Third, doing CSV import of users -> this reimports all users data to 
>> midPoint and provisions the changes to  AD/Exchange
>>
>> Regards,
>> Aivo Kuhlberg
>>
>> ------------------------------------------------------------------------
>> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelPavol 
>> Mederly <mederly at evolveum.com>
>> *Saadetud:* 14. juuni 2016 14:28
>> *Adressaat:* midpoint at lists.evolveum.com
>> *Teema:* Re: [midPoint] Question about syncing situation
>>
>> Hello Aivo,
>>
>>
>> midPoint should be able to resolve such situations; although maybe 
>> not in one iteration (of CSV import). It might be possible that a 
>> sequence of operations, like:
>>
>> - import from CSV
>>
>> - AD reconciliation or user/role recomputation
>>
>> is necessary to completely recover from such situations.
>>
>>
>> If there's a sequence of these operation that results in a wrong 
>> midPoint state (i.e. state that requires manual intervention), it is 
>> a bug.
>>
>>
>> From your mail I'm not sure if manual intervention is really 
>> necessary, or if a sequence of import + reconciliation operations 
>> would solve the problem.
>>
>>
>> If the former, I would suggest inspecting your synchronization 
>> settings (in particular, correlation search filter, including 
>> matching rules).
>>
>>
>> (My personal experience with midPoint failing to recover from similar 
>> strange situations is just like that; after correcting the 
>> correlation rules midPoint was able to recover from those, although 
>> not within one import operation.)
>>
>>
>> Hope this helps.
>>
>> Pavol
>>
>>
>> On 07.06.2016 10:10, Aivo Kuhlberg wrote:
>>
>>> Hi,
>>>
>>> I have question about one syncing situation. I import users from 
>>> CSV-file and use Exchange connector to sync both AD/Exchange user 
>>> accounts and groups (as roles). I am testing following situation:
>>>
>>>  1. I create a new group "testgroup" in AD
>>>  2. I run reconciliation of AD groups and I see that new midPoint
>>>     role "testgroup" is created from AD group.
>>>  3. Now I assign this newly created role to midPoint user
>>>     "testuser". I see that the same AD user account is now group
>>>     member of testgroup in AD.
>>>  4. Now I delete in AD group testgroup. This should be OK as
>>>     midPoint is able to restore deleted AD group and its members.
>>>  5. After that I do import of users from CSV file. I understand this
>>>     is unusual situation and I probably should have done before that
>>>     reconciliation of AD groups and users but I just wanted to see
>>>     what happens. What happens is that after CSV file import AD
>>>     group is restored in AD but AD user is not member of this group.
>>>     Another thing what happens is that I see following error:
>>>
>>> 2016-06-06 15:04:01,881 [RESOURCE_OBJECT_CHANGE_LISTENER] 
>>> [midPointScheduler_Worker-7] ERROR 
>>> (com.evolveum.midpoint.model.impl.lens.ChangeExecutor): Error 
>>> executing changes for (entitlement (group) on 
>>> resource:c2c5a39d-44ca-4b84-8cba-82e906cf3564(Exchange)): Couldn't 
>>> add object. Object already exists: Object already exists on the 
>>> resource: 
>>> org.identityconnectors.framework.common.exceptions.AlreadyExistsException(The 
>>> object already exists.??: when creating 
>>> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)->org.identityconnectors.framework.impl.api.remote.RemoteWrappedException(The 
>>> object already exists.??: when creating 
>>> LDAP://server.my.domain/CN=testgroup,OU=Service1,OU=Services,OU=TEST2,DC=my,DC=domain)
>>>
>>> When I look at the shadow information of testgroup and testuser then 
>>> I see that they have now following attributes:
>>> For testgroup:
>>> <dead>true</dead>
>>> <synchronizationSituation>deleted</synchronizationSituation>
>>>
>>> and for testuser:
>>> <dead>true</dead>
>>> <synchronizationSituation>linked</synchronizationSituation>
>>>
>>> I have to fix this situation by deleting manually testgroup and 
>>> testuser shadows and do reconciliation of AD groups and users.
>>>
>>>
>>> Has anybody tested that situation and should midPoint 3.3.1 be able 
>>> to resolve that situation automatically or is it too complex 
>>> situation and I just have to avoid it by doing AD groups and users 
>>> reconciliation every time before importing users fom CSV file?
>>>
>>> Thanks,
>>> Aivo Kuhlberg
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
>>> tunnistatud teavet.
>>> This e-mail may contain information which is classified for official 
>>> use.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> ------------------------------------------------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
>> tunnistatud teavet.
>> This e-mail may contain information which is classified for official 
>> use.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160614/fb3cb0a7/attachment.htm>

From B.kazybayev at ktg.kz  Wed Jun 15 07:30:48 2016
From: B.kazybayev at ktg.kz (=?utf-8?B?0JHQvtC70LDRgiDQmtCw0LfRi9Cx0LDQtdCy?=)
Date: Wed, 15 Jun 2016 05:30:48 +0000
Subject: [midPoint] Synchronizing organizational structure
	with	DatabaseTableConnector
In-Reply-To: <CAPXQVkdPMFCAJc0D2Z9rBVvxw5s7KRnD+vRor5pUChT2ToQH0A@mail.gmail.com>
References: <f0f1cd853fc84a2fa29744e77c9b4c36@exch-02.ktg.kz>
 <a97725c5-c8db-d782-077d-83888f22fb73@evolveum.com>
 <348dda4cee5f41d989a2cf27f36c1763@exch-02.ktg.kz>
 <CAPXQVkdPMFCAJc0D2Z9rBVvxw5s7KRnD+vRor5pUChT2ToQH0A@mail.gmail.com>
Message-ID: <4cd827c0fad34f15a5ac56220a0cb034@exch-02.ktg.kz>

Hi Gustav,


Thank you for your example. As I said before, in previous post: “I have, “name” property as org_id, and “costCenter” property as parent_id.” I made an assignment of root org, even though I am not sure if this a correct way.

<populateItem>
    <expression>
        <assignmentTargetSearch>
           <targetType>c:OrgType</targetType>
           <filter>
               <q:equal>
                   <q:path>c:name</q:path>
                   <expression>
                      <script>
                         <code>
                            return costCenter
                         </code>
                      </script>
                   </expression>
               </q:equal>
            </filter>
         </assignmentTargetSearch>
      </expression>
      <target>
          <c:path>assignment</c:path>
       </target>
</populateItem>

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Palos Gustav
Sent: Tuesday, June 14, 2016 5:10 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Synchronizing organizational structure with DatabaseTableConnector

Hi Bolat,

I have an example how can I assign user to existing org in midpoint by midpoint.searchObjectByName in object template.
The similar can work for you, but you need to run import in right order (first root, next his childs, ...)

<objectTemplate xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
                         xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3"
                         xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
                         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
          xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3"
          xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3"
          xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>"
          xmlns:enc="http://www.w3.org/2001/04/xmlenc#<http://www.w3.org/2001/04/xmlenc>"
          xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
          xmlns:cdoext="http://xml.uniba.sk/cdoext"
          xmlns:xsd="http://www.w3.org/2001/XMLSchema"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          oid="10000000-0000-0000-0210-000000000101">
   <name>User Template</name>



            <mapping>
      <name>User org mapping</name>
      <authoritative>true</authoritative>
      <source>
         <c:path xmlns:ext="http://xxx">extension/namesOfOrgs</c:path>
                        <c:name>namesOfOrg</c:name>
      </source>
      <expression>
         <script>
            <!-- <relativityMode>absolute</relativityMode> --><!-- FIX for multivalue -->
            <code>
                          import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
                          import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
                          import com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType;
                          import java.util.*;

                          log.info<http://log.info>("XXX assigning from org {}" , namesOfOrg)
                          if (namesOfOrg != null){

                                       org = midpoint.searchObjectByName(OrgType.class, namesOfOrg);
                                       log.info<http://log.info>("org {}" , org)
                                       orgOrt = new ObjectReferenceType();
                                      orgOrt.setOid(org.getOid());
                                      orgOrt.setType(OrgType.COMPLEX_TYPE);

                                      AssignmentType assignment = new AssignmentType();
                                      assignment.asPrismContainerValue()
                                      assignment.setTargetRef(orgOrt);

                                      return assignment
                          }
                          </code>
         </script>
      </expression>
      <target>
         <c:path>assignment</c:path>
      </target>
      <condition>
         <script>
            <code>
                        return namesOfOrg != null
            </code>
         </script>
      </condition>
   </mapping>

</objectTemplate>

Gustav

2016-06-14 12:48 GMT+02:00 Болат Казыбаев <B.kazybayev at ktg.kz<mailto:B.kazybayev at ktg.kz>>:
Hi Pavol,

Thank you for your suggestion. I changed “Identifier” to lower-case and it works.  ☺ Now I need to make an organization tree using parent-child reference. In fact now I have, “name” property as org_id, and “costCenter” property as parent_id. Any suggestions how to make it?

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>] On Behalf Of Pavol Mederly
Sent: Tuesday, June 14, 2016 3:41 PM
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Synchronizing organizational structure with DatabaseTableConnector


Hello Bolat,

I would suggest replacing c:Identifier with c:identifier (lower-cased) - in all paths referencing "identifier" property of the OrgType; including the search filter used for correlation.

Best regards,

Pavol
On 14.06.2016 11:32, Болат Казыбаев wrote:
Hello all,

I’m trying to sync my org data from database table to midpoint. I read all previous topics about that and compose resource xml (in attachment). There is an error: “Failed to import: com.evolveum.midpoint.util.exception.SystemException: Error occurred during resource object shadow owner lookup, reason: Couldn't search user”.

Where am I wrong in xml configuration?



_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160615/1869bfb9/attachment.htm>

From ramon.cahenzli at zhdk.ch  Wed Jun 15 17:31:50 2016
From: ramon.cahenzli at zhdk.ch (=?UTF-8?B?UmFtw7Nu?= Cahenzli)
Date: Wed, 15 Jun 2016 17:31:50 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
	DataSource name
Message-ID: <20160615173150.77d0bce9@zhdk.ch>

Hi everyone,

I'm trying to fiddle with midPoint a little and to practice I just
wanted to do something that takes users from a CSV file and creates
them in a MariaDB database.

However, midPoint is not happy with me. It gives me the following error:

Generic connector error for the
resource:b5aa9374-8409-447b-859a-cf73ee0516eb(userdb): Generic
provisioning framework error:
org.identityconnectors.framework.common.exceptions.ConnectorException(javax.naming.NameNotFoundException:
Name [jdbc/peeps] is not bound in this Context. Unable to find
[jdbc].)->javax.naming.NameNotFoundException(Name [jdbc/peeps] is not
bound in this Context. Unable to find [jdbc].)


Even though jdbc/peeps is configured. I've verified it going by this
guide:

http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example

And I can list the users fine.

If I configure every single step by hand instead of using the
DataSource name, it works. But that wasn't the idea of putting it in
the context :)

What can I do to use the datasources configured in the contexts? Or am
I misunderstanding something?

Cheers and thanks,

-- 
—
—
Zürcher Hochschule der Künste
Zurich University of the Arts
—
Ramón Cahenzli, MSc.
IT Architect
GNU/Linux Systems Engineer
—
Pfingstweidstrasse 96, Postfach, 8031 Zürich
Tel. +41 43 446 31 63, Fax +41 43 446 45 21
ramon.cahenzli at zhdk.ch
—
Encrypt things, whee!
https://keybase.io/psyq
—
http://www.zhdk.ch
http://itz.zhdk.ch
http://service.itz.zhdk.ch


From ivan.noris at evolveum.com  Wed Jun 15 20:39:16 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 15 Jun 2016 20:39:16 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <20160615173150.77d0bce9@zhdk.ch>
References: <20160615173150.77d0bce9@zhdk.ch>
Message-ID: <5761A0D4.9080307@evolveum.com>

Hi Ramon,

have you please tried to follow this guide:
https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration
?

I remember to use it some time (long time) ago when I was testing the
Datasource in Tomcat with midpoint.

Best regards,
Ivan

On 06/15/2016 05:31 PM, Ramón Cahenzli wrote:
> Hi everyone,
>
> I'm trying to fiddle with midPoint a little and to practice I just
> wanted to do something that takes users from a CSV file and creates
> them in a MariaDB database.
>
> However, midPoint is not happy with me. It gives me the following error:
>
> Generic connector error for the
> resource:b5aa9374-8409-447b-859a-cf73ee0516eb(userdb): Generic
> provisioning framework error:
> org.identityconnectors.framework.common.exceptions.ConnectorException(javax.naming.NameNotFoundException:
> Name [jdbc/peeps] is not bound in this Context. Unable to find
> [jdbc].)->javax.naming.NameNotFoundException(Name [jdbc/peeps] is not
> bound in this Context. Unable to find [jdbc].)
>
>
> Even though jdbc/peeps is configured. I've verified it going by this
> guide:
>
> http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example
>
> And I can list the users fine.
>
> If I configure every single step by hand instead of using the
> DataSource name, it works. But that wasn't the idea of putting it in
> the context :)
>
> What can I do to use the datasources configured in the contexts? Or am
> I misunderstanding something?
>
> Cheers and thanks,
>

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."



From ivan.noris at evolveum.com  Wed Jun 15 20:43:01 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 15 Jun 2016 20:43:01 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <20160615173150.77d0bce9@zhdk.ch>
References: <20160615173150.77d0bce9@zhdk.ch>
Message-ID: <5761A1B5.7030302@evolveum.com>

OK so maybe I was reacting too soon. It seems you are doing provisioning
to MySQL/MariaDB using datasource...

Could you please share the MySQL resource configuration?

Thanks,
Ivan

On 06/15/2016 05:31 PM, Ramón Cahenzli wrote:
> Hi everyone,
>
> I'm trying to fiddle with midPoint a little and to practice I just
> wanted to do something that takes users from a CSV file and creates
> them in a MariaDB database.
>
> However, midPoint is not happy with me. It gives me the following error:
>
> Generic connector error for the
> resource:b5aa9374-8409-447b-859a-cf73ee0516eb(userdb): Generic
> provisioning framework error:
> org.identityconnectors.framework.common.exceptions.ConnectorException(javax.naming.NameNotFoundException:
> Name [jdbc/peeps] is not bound in this Context. Unable to find
> [jdbc].)->javax.naming.NameNotFoundException(Name [jdbc/peeps] is not
> bound in this Context. Unable to find [jdbc].)
>
>
> Even though jdbc/peeps is configured. I've verified it going by this
> guide:
>
> http://tomcat.apache.org/tomcat-8.0-doc/jndi-datasource-examples-howto.html#MySQL_DBCP_Example
>
> And I can list the users fine.
>
> If I configure every single step by hand instead of using the
> DataSource name, it works. But that wasn't the idea of putting it in
> the context :)
>
> What can I do to use the datasources configured in the contexts? Or am
> I misunderstanding something?
>
> Cheers and thanks,
>

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."



From ivan.noris at evolveum.com  Wed Jun 15 20:44:16 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 15 Jun 2016 20:44:16 +0200
Subject: [midPoint] Authentication in midPoint through Active Directory
In-Reply-To: <AM3PR06MB1297A73051E46107FA09C2A2B7470@AM3PR06MB1297.eurprd06.prod.outlook.com>
References: <AM3PR06MB1297A73051E46107FA09C2A2B7470@AM3PR06MB1297.eurprd06.prod.outlook.com>
Message-ID: <5761A200.4070807@evolveum.com>

Hello,

this is not yet possible using midPoint configuration using connectors.
Closest to this might be SSO (e.g. CAS) system configuration which uses
AD as authentication backend, and midPoint+CAS integration.

There might also be a way of configuring something in Spring Security in
midPoint. But I have never tried - maybe some coleagues, partners and
list members also would have some idea.

Best regards,
Ivan

On 06/01/2016 05:03 PM, Rijndaal Ramiji wrote:
>
> Hi.
>
> Is it possibile to login in midPoint using AD’s credentials?
>
> We would like that every user in midPoint  (or just selected users
> with a particular role) could do login in the application
>
> using his/her sAMAccountName and AD password speaking directly with
> the AD itself, without storing passwords in midPoint.
>
> Thank you.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160615/eda20918/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun 16 08:11:45 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 16 Jun 2016 06:11:45 +0000
Subject: [midPoint] O365 ConnectorTypeHost
In-Reply-To: <4DA6AE1D-86F8-4605-9A1E-16507DB25743@tahzoo.com>
References: <9322187A-F087-41A5-B39B-35BFB36CFE2B@tahzoo.com>
 <57591510.2020003@evolveum.com>
 <B10554A1-2917-4348-9B02-65BB9620FF0A@tahzoo.com>
 <57596D85.7000509@evolveum.com>
 <A9FDA4EB-5C41-4EC4-9383-376C0E1FB880@tahzoo.com>
 <57597062.7050400@evolveum.com> <57597100.5050406@evolveum.com>
 <64CE2B92-50FD-4EA8-80A2-4E6692D706D7@tahzoo.com>
 <5759726B.20701@evolveum.com>
 <AC5B6415-3683-494D-B384-9A8898679BA9@tahzoo.com>
 <57597A62.6070306@evolveum.com>
 <0BDE28B3-D531-4415-8644-8AF49CDB95E8@tahzoo.com>
 <57598D90.4030603@evolveum.com>
 <EBDAD3D5-FFB5-4D3C-A557-4880D7B35579@tahzoo.com>
 <05D96436-BF4B-498C-A356-293A8FBB761C@tahzoo.com>
 <CAFkZXY710Now_R1=tOC7D=Wd2bZX_Szyu3z2wdN09_YZTpB+Cw@mail.gmail.com>
 <1E0CDFDD-7B18-44F4-9868-CD544ABA884A@tahzoo.com>
 <575ADC75.5040305@evolveum.com>
 <00E0E1E6-FE88-47FD-89B9-3F51B5AE1F32@tahzoo.com>
 <CAFkZXY4ct7vJSvjPsCzPDe=cfaABG36rXPrG8MCNS6hbxFt3qA@mail.gmail.com>
 <4DA6AE1D-86F8-4605-9A1E-16507DB25743@tahzoo.com>
Message-ID: <E7B32483-A23D-4561-AB92-355A8B3F404A@tahzoo.com>

Hi Jason,

Thanks for your help. The connector is working.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Tuesday 14 June 2016 at 10:07
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Thanks Jason,

I will try to do that. Thanks for the tip.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Monday, June 13, 2016 at 6:43 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Can you add the SSL certificates that is being used by Graph and Office 365 for OAuth authentication? I think it is "DigiCert Baltimore Root/Microsoft IT SSL SHA2" . I believe that when I did set this up I did add it to the midpoint keystore under midpoint.home

JASON

On Mon, Jun 13, 2016 at 7:34 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi,

I’m happy that last Friday the Connector was discovered, but today I have another problem.
I created the SPN on Office365 and is member of the correct role. I checked this.
I added the tenancy name tahzoo365.onmicrosoft.com<http://tahzoo365.onmicrosoft.com> and applied the principalID with the correct symetricKey.

Whatever I try I keep on getting an error stating that doing GET to /tenantDetails?api-version=2013-11-08 has a exception.

You can find the error in this mail as attachment, together with the officeConnector configuration.

I used the example in the wiki pages for the configuration. https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819

Kindest regards,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Friday, June 10, 2016 at 5:27 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Glad to hear that!
And THANK you, Jason!

We will also update the wiki sometime soon, and I will check if/when we can put that connector to nexus.

Regards,
Ivan
On 06/10/2016 04:07 PM, Dick Muller wrote:
This is great Jason,

I uploaded it to the directory and restarted the services.
It now discovers the connector. Don’t know why, probably the jar file wasn’t correct after all.

Thanks for providing me your copy. That is a great help.

Regards,
Dick Muller

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Jason Everling <jeverling at bshp.edu><mailto:jeverling at bshp.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Friday, June 10, 2016 at 3:52 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

I built this one for ours, we are on 3.2 though, and it imports/discovers fine and creates the connector resource,

[ne image 1]

Downloadable jar https://drive.google.com/open?id=0BzdcPcHxIfp1emNQSm9ROGM0UXM


JASON

On Fri, Jun 10, 2016 at 7:12 AM, Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>> wrote:
Hi Ivan,

Is there another colleague that has a compiled version of the connector-office365?
Maybe I can try it with that one and see if it is disocovered.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Dick Muller <dick.muller at tahzoo.com<mailto:dick.muller at tahzoo.com>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 6:13 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>

Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi Ivan,

Yes, the lines are present in config.xml

The ls –la results are in the attachment

Regards,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Ivan Noris <ivan.noris at evolveum.com<mailto:ivan.noris at evolveum.com>>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Thursday, June 9, 2016 at 5:38 PM
To: "midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>" <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] O365 ConnectorTypeHost

It really seems strange.
Can you make listing of /data/conf/midpoint and /data/conf/midpoint/icf-connectors (ls -la )?

Also please check if config.xml contains this:
   <icf>
      <scanClasspath>true</scanClasspath>
      <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
    </icf>
(it should be there by default just before <keystore> element)

Ivan
On 06/09/2016 05:08 PM, Dick Muller wrote:
HI Ivan,

I checked the file permissions. After that I started a clean logfile and a restart of the tomcat services.

I do not see anything in the log. You can see my log file in the attachments.

Regards,
Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 4:17 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

Hi,

so /data/conf/midpoint/icf-connectors should be that directory.
Permissions should allow the Tomcat to read the that file (e.g. 644) and read/exec the directory (e.g. 755)

Can you please check idm.log when starting? In my case:

...
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4-SNAPSHOT
2016-06-06 14:01:09,326 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  ${scmBranch}
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2016-06-06 14:01:09,327 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +------------------------------------------------------------------------------------------
---+
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = /opt/midpoint.home-pokusy/
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy/ already exists. Reusing it.
2016-06-06 14:01:09,331 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//icf-connectors already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//idm-legacy already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//log already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//schema already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//import already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//export already exists. Reusing it.
2016-06-06 14:01:09,332 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory /opt/midpoint.home-pokusy//tmp already exists. Reusing it.
2016-06-06 14:01:09,333 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file /opt/midpoint.home-pokusy/config.xml
...
2016-06-06 14:01:36,986 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.0.49
2016-06-06 14:01:37,043 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.0.49
2016-06-06 14:01:37,108 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.3.0-SNAPSHOT
2016-06-06 14:01:37,443 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle in JAR: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3


This is how my midPoint detected custom (not bundled) connector for ScriptedSQL.

Ivan
On 06/09/2016 04:00 PM, Dick Muller wrote:
Hi Ivan,

I will delete it then.

The JVM parameter is –Dmidpoint.home=/data/conf/midpoint

There is my config.xml and I also have stored working schema and organization schemaextension files there.
So this must be correct.

I saved the connector-office365.jar file in the icf-connectors directory.

I suddenly thought about permissions on the filesystem. This is corrected to the tomcat user and restart again.

But still there is no connector loaded in the repository.

Thanks,

Dick


From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:43 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

You should not manually create Connector (ConnectorType) objects, these are created by discovering the connectors; they also contain the connector schema.

So, please:
1) check your current "midpoint.home" setting. It should be JVM parameter -Dmidpoint.home=/var/opt/midpoint or whatever you have. This is the directory, where config.xml exists, and where icf-connectors directory is also stored (with the custom connectors)
2) if you are not explicitely setting "midpoint.home" parameter, the default is probably Tomcat directory. If you find config.xml file, that's the directory.

Is your Office365 connector in the icf-connectors directory of that directory?

Unfortunately I have no experience with Office365 connector myself.

Best regards,
Ivan
On 06/09/2016 03:38 PM, Dick Muller wrote:
Yes, but it was not.
It is now, because I created a connector manually, but the Schema part is unknown to me.

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Thursday, June 9, 2016 at 3:37 PM
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] O365 ConnectorTypeHost

(The Connector XML object should be in Configuration - Repository Objects - Connector. Typed too fast.)
On 06/09/2016 03:34 PM, Ivan Noris wrote:


If all the above apply, you should see the Connector object in Repository/Connector. It's also the confirmation that your connector has been discovered when midPoint started. This information is also in idm.log - all discovered connector names are printed to idm.log.







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint


--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com<http://evolveum.com>                     evolveum.com/blog/<http://evolveum.com/blog/>

  ___________________________________________________

  "Semper ID(e)M Vix."

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint




CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/51e37663/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 48878 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/51e37663/attachment.png>

From s.mamayeva at ktg.kz  Thu Jun 16 12:26:21 2016
From: s.mamayeva at ktg.kz (=?koi8-r?B?7cHNwcXXwSDzwdXMxSDzxdLJy8/XzsE=?=)
Date: Thu, 16 Jun 2016 10:26:21 +0000
Subject: [midPoint] Condition for inducment in Metarole
Message-ID: <0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz>

Hello,
I have meta role for groups, that is assigned to organization when creating organization by org template. This role creates groups with members associated with this created midpoint organization in Active Directory(AD). But I want to create only groups in AD by this role and members of this groups should appear in AD only after assigning another role (AD user role) to users. I have another role  -  AD user role, that is assigned to the user manually and by approval of administrator and this role creates account of user in AD.
How and where can I add  such condition? Is it  possible to add condition for inducement?
This is xml of meta role for groups:

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
      oid="11111111-2222-3333-4444-200000000055"
      version="8">
   <name>Metarole for groups</name>
   <metadata>
      <createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp>
      <creatorRef oid="00000000-0000-0000-0000-000000000002" type="c:UserType"><!-- administrator --></creatorRef>
      <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
   </metadata>
   <inducement id="1">
      <construction>
         <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_Saule --></resourceRef>
         <kind>entitlement</kind>
         <intent>group</intent>
      </construction>
   </inducement>
   <inducement id="2">
      <construction>
         <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" type="c:ResourceType"><!-- Ldap_AD_ Saule --></resourceRef>
         <kind>account</kind>
         <intent>default</intent>
         <association>
            <c:ref>ri:group</c:ref>
            <outbound>
               <expression>
                  <associationFromLink>
                     <projectionDiscriminator>
                        <kind>entitlement</kind>
                        <intent>group</intent>
                     </projectionDiscriminator>
                  </associationFromLink>
               </expression>
            </outbound>
         </association>
      </construction>
      <order>2</order>
   </inducement>
</role>

Best regards,
Saule

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/39538e08/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 16 14:29:01 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 16 Jun 2016 14:29:01 +0200
Subject: [midPoint] Writing a boolean attribute as activation configured
 capability
In-Reply-To: <CAA68kP_NmHcEbV9w-GoP9Q+NqMGVhC7M-HsZXQYAT5sDEo2jSQ@mail.gmail.com>
References: <CAA68kP_NmHcEbV9w-GoP9Q+NqMGVhC7M-HsZXQYAT5sDEo2jSQ@mail.gmail.com>
Message-ID: <57629B8D.7050106@evolveum.com>

Hi,

Try to force the value type using the standard xsi:type mechanism. Like 
this:

<cap:enableValue xsi:type="xsd:boolean">false</cap:enableValue>

However, this is quite an old code that originated some 4-5 years ago 
and as far as I know it was never reviewed. So there is that does not 
work then you are most likely hitting a bug. In that case please report 
the issue in Jira.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/01/2016 11:29 PM, Gustavo J Gallardo wrote:
> We're working with the GoogleApps connector, which does not support 
> activation, so we set up a configured capability to set the boolean 
> 'suspended' attribute.
> We can read and interpret the value correctly, however when writing 
> the attribute from <capabilities>, it is sending a String instead of a 
> boolean.
> If I map the account attribute to a user attribute, we can write it 
> correctly.
>
> <capabilities>
> ...
> <configured>
> <cap:activation>
> <cap:status>
> <cap:attribute>ri:suspended</cap:attribute>
> <cap:enableValue>false</cap:enableValue>
> <cap:disableValue>true</cap:disableValue>
> </cap:status>
> </cap:activation>
> </configured>
> </capabilities>
>
> Is there any way inside the 
> .../capabilities/configured/cap:activation/cap:status/cap:enableValue/ 
> to indicate it has to be treated as a boolean?
> We are working with 3.4-SNAPSHOT.
>
>
> Thanks,
>
> GJG
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/83b35109/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 16 14:52:35 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 16 Jun 2016 14:52:35 +0200
Subject: [midPoint] storing passwords for external applications
In-Reply-To: <CAE8MtZBFr5=kjkU4oUyPGsG07wzJ3an1miT3ohDGq75AzOMnNQ@mail.gmail.com>
References: <CAE8MtZBFr5=kjkU4oUyPGsG07wzJ3an1miT3ohDGq75AzOMnNQ@mail.gmail.com>
Message-ID: <5762A113.2050505@evolveum.com>

Hi,

Congratulations. It looks like you have found a bug.

This should work exactly the way as you are trying to use it. Please 
report that bug in the Jira. Also please specify the operation that you 
are trying to do when you are getting the exception so we can reproduce 
the issue easier. Thanks.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/13/2016 10:17 AM, Oskar Butovič - AMI Praha a.s. wrote:
> Hello Everybody,
>
> I am trying to add password for external application (google apps) as 
> a new attribute for user because i need to store it and be able to 
> edit it later. I tried to use ProtectedStringType in extension schema. 
> But somehow this type doesnt work. Midpoint throws exception.
>
> relevant configuration:
>
> <xsd:schema elementFormDefault="qualified"
>             targetNamespace="http://avast.com/xml/ns/idmSchema"
>             xmlns:tns="http://avast.com/xml/ns/idmSchema"
>             xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
>             
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>     <xsd:complexType name="UserExtensionType">
>         <xsd:annotation>
>             <xsd:appinfo>
>                 <a:extension ref="c:UserType"/>
>             </xsd:appinfo>
>         </xsd:annotation>
>         <xsd:sequence>
> <xsd:element name="googleAppsPassword" type="t:ProtectedStringType" 
> minOccurs="0" maxOccurs="unbounded">
> <xsd:annotation>
> <xsd:appinfo>
> <a:displayName>Google Apps Password</a:displayName>
> <a:displayOrder>110</a:displayOrder>
> <a:help>Password for google apps account</a:help>
> </xsd:appinfo>
> </xsd:annotation>
>             </xsd:element>
>
> exception:
>
> Caused by: org.xml.sax.SAXParseException: undefined simple or complex 
> type 't:ProtectedStringType'
>         at 
> com.sun.xml.xsom.impl.parser.ParserContext$1.reportError(ParserContext.java:180) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.reportError(NGCCRuntimeEx.java:175) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.sun.xml.xsom.impl.parser.DelayedRef.resolve(DelayedRef.java:110) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.sun.xml.xsom.impl.parser.DelayedRef.run(DelayedRef.java:85) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.sun.xml.xsom.impl.parser.ParserContext.getResult(ParserContext.java:135) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.sun.xml.xsom.parser.XSOMParser.getResult(XSOMParser.java:214) 
> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>         at 
> com.evolveum.midpoint.prism.schema.DomToSchemaProcessor.parseSchema(DomToSchemaProcessor.java:233) 
> ~[prism-3.3.1.jar:na]
>         ... 75 common frames omitted
>
>
> Is it a right approach for storing passwords for external 
> applications? Should i use another type?
>
>
> Thanks.
>
> Regards,
>
> Oskar Butovič
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 			
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 			
>
> AMI Praha a.s.
>
>
> AMI Praha a.s. 
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/7b4d3049/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 16 17:22:19 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 16 Jun 2016 17:22:19 +0200
Subject: [midPoint] Unassigning a role
In-Reply-To: <CAMQHPY3Nxw56wPqvSVpAPE9XECZjacXTwnxUavsjBkv1Dmkz2Q@mail.gmail.com>
References: <CAMQHPY3sE7dweLZYN09_=MErjjfR=ywmYNpQa2nS05jL0AqunQ@mail.gmail.com>
 <50f86d8f-0f91-f7bc-ddd1-b145e6f873af@evolveum.com>
 <CAMQHPY2wB88AnA+3WJ2RwoJEiiJ52HfxH-EdZKURiv3-zaeU1Q@mail.gmail.com>
 <CAMQHPY1NSWLWjLzDha25JZ7GMvaRXeMpyUj8aourMj1QYx2zbg@mail.gmail.com>
 <10dbf567-41c2-dcd5-9841-50af3d34fcc1@evolveum.com>
 <CAMQHPY2OU-xF7wDhQgmbECo2dGS2e6NWJgUB3dP=UyDcTg+7NA@mail.gmail.com>
 <754b18e6-94e9-9d8e-6a9f-8422d1e39d93@evolveum.com>
 <CAMQHPY04iFsR_ifEk_eVMQP3gRTXD2L=DP1Ug0THvWjpQa7cGQ@mail.gmail.com>
 <CAMQHPY3NB58G_Shc0vn+0Akud6o-HF3rBuamsSVXsneZHAW=cQ@mail.gmail.com>
 <96aff204-d1a0-6dc7-6b97-c9bf3060fd2e@evolveum.com>
 <aead4dad-cbe9-4a3a-ceaf-97755edcca72@evolveum.com>
 <CAMQHPY0EPK2E6pZaodaF3ruVq8f0+vwyYqyshWY3iHg_AzfJrw@mail.gmail.com>
 <508c2019-a2ca-edd0-d0f9-82f586867f49@evolveum.com>
 <CAMQHPY3Nxw56wPqvSVpAPE9XECZjacXTwnxUavsjBkv1Dmkz2Q@mail.gmail.com>
Message-ID: <5762C42B.4090502@evolveum.com>

Hi Florin,

I guess that the error is caused by this:

     Property modification operation:
       auxiliaryObjectClass
         ADD: {...resource/instance-3}top, 
{...resource/instance-3}person, {...resource/instance-3}organizationalPerson
         OLD: {...resource/instance-3}ldapPublicKey, 
{...resource/instance-3}inetUser, {...resource/instance-3}shadowAccount, 
{...resource/instance-3}posixAccount

I guess that the problem is, that midpoint tries to add "top" object 
class. Every LDAP object has to have "top" object class, so the existing 
object surely has it. The LDAP spec also specifies, that if the client 
tries to add a value which already exists in an attribute the LDAP 
server should respond with an error.

Probably the best fix would be to remove "top" from your auxiliary 
object class definitions. I mean this:

<auxiliaryObjectClass>ri:top</auxiliaryObjectClass>

Firstly, "top" is a structural object class, not auxiliary. Secondly, 
you usually does not need to manage the "top" object class at all. Most 
LDAP servers will be OK if you specify just the most concrete object 
class in the object class hierarchy and the server will automatically 
add the superclasses. Please see check the LDAP schema and leave only 
the auxiliary object classes in the <auxiliaryObjectClass> configuration 
property.

There are also alternative solutions by using permissive modify control 
in LDAP or by telling midpoint to explicitly filter out the duplicate 
values. Let me know if the fix with the "top" object class does not work 
for you (yet it should work) and I will provide more details about these 
methods.

-- 
Radovan Semancik
Software Architect
evolveum.com




On 06/10/2016 11:24 PM, Florin. Stingaciu wrote:
> Hello,
>
> So I'm attempting to upgrade from 3.3.1 to the latest build. Before 
> starting the tomcat server with the latest built, I applied this patch 
> to the DB server (http://pastebin.com/jZJtbtUT).
>
> Everything comes up fine, but when I try to unassign a role I get an 
> error. Here's all the relevant configuration, as well as the error 
> with the log level set to trace for the loggers you requested.
>
>   * Connector Schema Handling section (http://pastebin.com/j4UWFrBU).
>     In here there are the following
>       o Default account -- used for real People
>       o Service account -- used for service accounts
>       o User Group Possix Entitlement -- used for user groups that are
>         posix groups
>       o User Group Group of Names Entitlement -- used for user groups
>         that are group of names groups
>       o Service Groups Entitlement -- used for service groups
>       o Openstack Domains/Groups Entitlement -- used for Openstack groups
>   * This is the metarole assigned to the role I'm trying to unassign
>     from the user (http://pastebin.com/fhcXnDXE)
>      o
>
>       o the first twos inducements are of order one and creates two
>         LDAP groups, one posix and one group of names
>       o the second inducement is an order two inducement that create a
>         'default' account if the employee type is equal to 'user' and
>         associates the user with the two created groups
>       o the third inducement is an order two inducement that create a
>         'service' account if the employee type is equal to 'service'
>         and associates the user with the two created groups
>       o the fourth and fifth are both second order inducements that
>         generate a gid and uid for the user
>
>
> So I couldn't actually send you the TRACE level logs as there's a lot 
> of information in those logs, I'm not permitted to divulge on a 
> mailing list. Plus they were crazy huge. However, the DEBUG level seem 
> fine: http://pastebin.com/UXMDpsDr
>
> You can see from the logs that from some reason, when I unassign the 
> user from the role, it tries to modify the user and add a bunch of 
> auxiliary object classes that should've been already created.
>
> So I just checked the Shadow object for my user account and there's 
> only the following object classes:
>
>  <objectClass>ri:inetOrgPerson</objectClass>
>  <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
>
> when there should've been all of the following:
>
> <objectClass>ri:inetOrgPerson</objectClass>
> <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:organizationalPerson</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:person</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:top</auxiliaryObjectClass>
>
> So I went back and started double checking all the shadows, from 
> before and all of them only have those five auxiliary object classes. 
> However, on my LDAP, the account has the full set of object classes:
>
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: ldapPublicKey
> objectClass: inetUser
> objectClass: shadowAccount
> objectClass: organizationalPerson
> objectClass: posixAccount
> objectClass: top
>
> Meaning that the previous version of midpoint I was using did not 
> store more than those five auxiliary classes. I just created a brand 
> new user in this version of Midpoint and all of the classes were 
> stored in the shadow without any issues.
>
> I will be reverting back to the previous version for now, as I can't 
> use this version for now. Any ideas on how to resolve this going 
> forward would be great. Even if it's a hacky solution such as a delta 
> change for shadow objects that adds the extra aux classes for every 
> shadow that's on that resource.
>
> Thanks,
> -F
>
> On Wed, Jun 8, 2016 at 1:45 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     I haven't experienced such an error message. It can be caused by a
>     midPoint fault or by a problem in your particular configuration.
>
>     You write that you get this error with today's and yesterday's
>     build. Do you think it worked well before? Or you didn't try at
>     that time?
>
>     Without any other clues, to complete diagnose your problem, it
>     would be necessary to see your configuration (resource config, and
>     all relevant roles), and the logs. As for the latter, it is best
>     to set model + provisioning to TRACE (with specific logging for
>     Clockwork and Projector either removed, or set to TRACE as well).
>
>     But maybe somebody else would have a better idea; unfortunately,
>     midnight is approaching here in Europe, so probably only tomorrow.
>
>     Best regards,
>
>     Pavol
>
>
>     On 08.06.2016 20:58, Florin. Stingaciu wrote:
>>     Hello again,
>>
>>     I updated to the latest version however, now I'm experiencing
>>     problems when trying to unassign a role from a user. It fails
>>     with the following stack trace:
>>
>>
>>     2016-06-08 18:51:09,702 [] [Thread-31] ERROR
>>     (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF
>>     Exception
>>     org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
>>     in connector:c230c871-6f5b-4525-abee-d2905569b8df(ICF
>>     com.evolveum.polygon.connector.ldap.LdapConnector
>>     v1.4.3.0-SNAPSHOT):
>>     resource:a0741b12-c96d-491d-8213-ecad84ab490e(OpenLDAP Accounts
>>     Schema) while adding attribute values to object identified by ICF
>>     UID 'uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net':
>>     Error modifying LDAP entry
>>     uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
>>     [add:objectClass: top
>>     objectClass: person
>>     objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>>     org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
>>     Error modifying LDAP entry
>>     uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
>>     [add:objectClass: top
>>     objectClass: person
>>     objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>>             at
>>     com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:440)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:923)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:914)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:864)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.addAttributeValues(AbstractLdapConnector.java:804)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.addAttributeValues(UpdateImpl.java:129)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at
>>     org.identityconnectors.framework.impl.api.AbstractConnectorFacade.addAttributeValues(AbstractConnectorFacade.java:199)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1791)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:210)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:697)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:529)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:480)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:763)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1265)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1108)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:704)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:294)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:507)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:336)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:214)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:555)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>>     [wicket-ioc-7.1.0.jar:7.1.0]
>>             at com.sun.proxy.$Proxy146.executeChanges(Unknown Source)
>>     [na:na]
>>             at
>>     com.evolveum.midpoint.web.component.progress.ProgressReporter$1.run(ProgressReporter.java:188)
>>     [ProgressReporter$1.class:na]
>>             at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101]
>>
>>     I just double checked and this seems to happen with both today's
>>     build and yesterday's build. It seems as even though I'm
>>     unassigning the user from a group it is trying to add an object
>>     class to the user DN
>>
>>     Thanks,
>>     -F
>>
>>
>>     On Tue, Jun 7, 2016 at 1:44 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         The problem with "Add members" was a misconfiguration in my
>>         test environment.
>>
>>         So, working with role members should be without problems;
>>         please let us know if not.
>>
>>         Best regards,
>>
>>         Pavol
>>
>>
>>         On 07.06.2016 22:36, Pavol Mederly wrote:
>>>
>>>         Hello Florin,
>>>
>>>         you are right. I was able to reproduce it here.
>>>
>>>         I fixed that, please try the latest master -
>>>         v3.4devel-1803-g0f5c22f.
>>>
>>>         (Besides that, I noticed some problems with "Add members"
>>>         function, so I'll continue testing it.)
>>>
>>>         Best regards,
>>>
>>>         Pavol
>>>
>>>
>>>         On 07.06.2016 20:54, Florin. Stingaciu wrote:
>>>>         Hey Pavol,
>>>>
>>>>         So I managed to update to the latest version, applied to DB
>>>>         patch, and also double checked that adding and removing
>>>>         inducements for roles works now. However, when I try to
>>>>         recompute all members (there's only one member), I get the
>>>>         following error stack:
>>>>
>>>>         2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8]
>>>>         ERROR
>>>>         (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
>>>>         Recompute: Schema error while creating a search filter:
>>>>         Failed to convert query. Reason: No definition for item
>>>>         assignment/targetRef in POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>         com.evolveum.midpoint.util.exception.SchemaException:
>>>>         Failed to convert query. Reason: No definition for item
>>>>         assignment/targetRef in POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
>>>>         ~[model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         org.quartz.core.JobRunShell.run(JobRunShell.java:213)
>>>>         [quartz-2.1.3.jar:na]
>>>>                 at
>>>>         org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
>>>>         [quartz-2.1.3.jar:na]
>>>>         Caused by:
>>>>         com.evolveum.midpoint.util.exception.SchemaException: No
>>>>         definition for item assignment/targetRef in
>>>>         POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 ... 11 common frames omitted
>>>>
>>>>
>>>>         Any help would be greatly appreciated.
>>>>
>>>>         Thanks,
>>>>         -F
>>>>
>>>>         On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu
>>>>         <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>>
>>>>         wrote:
>>>>
>>>>             Yup, I checked and you can not add an inducement
>>>>             either. Also I believe some of the associations listed
>>>>             under the profile are wrong. I will write up a new
>>>>             email for that as well.
>>>>
>>>>             Meanwhile I reverted back to the original version. I
>>>>             will keep an eye out on the ticket.
>>>>
>>>>             Have a good night! Thanks for your prompt responses.
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>             On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>>>>             <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>>
>>>>                 I think it is similar to this one:
>>>>                 https://jira.evolveum.com/browse/MID-3074.
>>>>
>>>>                 And I can see this wrong behavior also in my case.
>>>>                 This is unpleasant.
>>>>
>>>>                 We'll fix it soon, hopefully tomorrow. (Now it's
>>>>                 after midnight here... )
>>>>
>>>>                 Best regards,
>>>>
>>>>                 Pavol
>>>>
>>>>
>>>>                 On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>>>                 Hello again,
>>>>>
>>>>>                 I managed to get around this issue by actually
>>>>>                 applying the mysql-upgrade-3.3-3.4.sql patch.
>>>>>                 Everything came back up just fine, however now I'm
>>>>>                 running into a strange issue where I can not
>>>>>                 remove inducements from a role.
>>>>>
>>>>>                 For example: http://imgur.com/a/lWoKT
>>>>>
>>>>>                 The inducements stay there no matter how much I
>>>>>                 try to remove them. Is this a known issue in the
>>>>>                 current master?
>>>>>
>>>>>                 Thanks,
>>>>>                 -F
>>>>>
>>>>>
>>>>>
>>>>>                 On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>>>>                 <mederly at evolveum.com
>>>>>                 <mailto:mederly at evolveum.com>> wrote:
>>>>>
>>>>>                     Hello Florin,
>>>>>
>>>>>                     recently we changed the db schema a bit
>>>>>                     (because of MID-3061
>>>>>                     <https://jira.evolveum.com/browse/MID-3061>).
>>>>>
>>>>>                     So, please apply the corresponding migration
>>>>>                     script
>>>>>                     (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>>>                     Which one - it depends on how old your
>>>>>                     existing master is. This particular problem is
>>>>>                     related to the latest one (numbered 6).
>>>>>
>>>>>                     An alternative is to set hbm2ddl parameter
>>>>>                     like this (in config.xml file in midpoint.home
>>>>>                     directory):
>>>>>
>>>>>                     <configuration>
>>>>>                     <midpoint>
>>>>>                     <repository>
>>>>>                     <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>>>                     ...
>>>>>
>>>>>                     (but this is recommended only for testing
>>>>>                     purposes, because some - but only very rare -
>>>>>                     changes are not correctly applied by hibernate
>>>>>                     itself)
>>>>>
>>>>>                     Best regards,
>>>>>
>>>>>                     Pavol
>>>>>
>>>>>
>>>>>                     On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>>>                     Hello again,
>>>>>>
>>>>>>                     I'm having some troubles when rebuilding the
>>>>>>                     master. Here's the corresponding stack trace:
>>>>>>                     http://pastebin.com/TVUAKURb
>>>>>>
>>>>>>                     Also, I'm using SSO under apache with the
>>>>>>                     following ctx-web-security.xml file:
>>>>>>                     http://pastebin.com/rvs9cJDj
>>>>>>
>>>>>>                     Any ideas would be greatly appreciated.
>>>>>>
>>>>>>                     Thanks,
>>>>>>                     -F
>>>>>>
>>>>>>                     On Thu, Jun 2, 2016 at 11:36 AM, Florin.
>>>>>>                     Stingaciu <fstingaciu at mirantis.com
>>>>>>                     <mailto:fstingaciu at mirantis.com>> wrote:
>>>>>>
>>>>>>                         Thanks Pavel! I'll upgrade to the latest
>>>>>>                         and let you know how that works out.
>>>>>>
>>>>>>
>>>>>>                         On Wed, Jun 1, 2016 at 10:24 PM, Pavol
>>>>>>                         Mederly <mederly at evolveum.com
>>>>>>                         <mailto:mederly at evolveum.com>> wrote:
>>>>>>
>>>>>>                             Hello Florin,
>>>>>>
>>>>>>                             If I remember correctly, we've been
>>>>>>                             fixing this problem in master
>>>>>>                             (3.4-SNAPSHOT). It should be solved
>>>>>>                             in that branch.
>>>>>>
>>>>>>                             (If not, please drop a jira issue
>>>>>>                             with details how to reproduce, and
>>>>>>                             we'll certainly fix that.)
>>>>>>
>>>>>>                             Best regards,
>>>>>>
>>>>>>                             Pavol
>>>>>>
>>>>>>
>>>>>>                             On 02.06.2016 1:28, Florin. Stingaciu
>>>>>>                             wrote:
>>>>>>>                             Hello,
>>>>>>>
>>>>>>>                             I'm trying to recompute all members
>>>>>>>                             that are assigned a particuar role.
>>>>>>>                             I tried using the "Recompute All"
>>>>>>>                             (http://i.imgur.com/xLXjLwd.png)
>>>>>>>                             button in the "Members" section of a
>>>>>>>                             role. This launches a task that is
>>>>>>>                             successful however, it it does not
>>>>>>>                             process any objects.
>>>>>>>
>>>>>>>                             If I manually select the members I
>>>>>>>                             want and select "Recompute members"
>>>>>>>                             everything works just fine. Any ideas?
>>>>>>>
>>>>>>>                             Thanks,
>>>>>>>                             -F
>>>>>>>
>>>>>>>
>>>>>>>                             _______________________________________________
>>>>>>>                             midPoint mailing list
>>>>>>>                             midPoint at lists.evolveum.com
>>>>>>>                             <mailto:midPoint at lists.evolveum.com>
>>>>>>>                             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>                             _______________________________________________
>>>>>>                             midPoint mailing list
>>>>>>                             midPoint at lists.evolveum.com
>>>>>>                             <mailto:midPoint at lists.evolveum.com>
>>>>>>                             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>                     _______________________________________________
>>>>>>                     midPoint mailing list
>>>>>>                     midPoint at lists.evolveum.com
>>>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>                     _______________________________________________
>>>>>                     midPoint mailing list
>>>>>                     midPoint at lists.evolveum.com
>>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 midPoint mailing list
>>>>>                 midPoint at lists.evolveum.com
>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>                 _______________________________________________
>>>>                 midPoint mailing list
>>>>                 midPoint at lists.evolveum.com
>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         midPoint mailing list
>>>>         midPoint at lists.evolveum.com
>>>>         <mailto:midPoint at lists.evolveum.com>
>>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/d12d1ca4/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 16 17:40:09 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 16 Jun 2016 17:40:09 +0200
Subject: [midPoint] Extra Associations under Projections account
In-Reply-To: <CAMQHPY2wS9jHJ75xsZ666yu=Z+0OebNnUeXD2+Oo2UbTPDppAg@mail.gmail.com>
References: <CAMQHPY2wS9jHJ75xsZ666yu=Z+0OebNnUeXD2+Oo2UbTPDppAg@mail.gmail.com>
Message-ID: <5762C859.5070806@evolveum.com>

Hi Florin,

The two associations that you see are in fact just two images of the 
same group membership. MidPoint will process the same association twice 
and therefore display it twice. The question is why it is processed 
twice. My guess would be that you have two association definitions in 
the account type definition in schemaHandling ("Service groups" and 
"POSIX memebership"). These two definitions most likely point to the 
entitlements that have the same association attribute (most likely 
"member") and the same object class. Therefore when midPoint finds that 
the account is a member of "cpe_services" group it matches both 
definition and therefore it is processed by both of them and therefore 
it appears twice.

To resolve this issue you need to define some information that will tell 
midPoint how to distinguish the associations. I can only guess here, but 
if the groups live in a different parts of the LDAP tree you need a 
baseContext specification. Like this:

   <schemaHandling>

       <objectType>
             <kind>entitlement</kind>
             <intent>ldapGroup</intent>
             <displayName>LDAP Group</displayName>
             <objectClass>ri:groupOfNames</objectClass>
             <baseContext>
<objectClass>ri:organizationalUnit</objectClass>
                 <filter>
                     <q:equal>
                         <q:path>attributes/dn</q:path>
<q:value>ou=groups,dc=example,dc=com</q:value>
                     </q:equal>
                 </filter>
             </baseContext>
             ....


See here: 
https://github.com/Evolveum/midpoint/blob/master/samples/evolveum/resource-openldap.xml
and here: 
https://github.com/Evolveum/midpoint/blob/master/testing/story/src/test/resources/unix/resource-opendj.xml

Or maybe you have wrong specification of <objectClass> in the 
entitlement definitions? Maybe one of them should have "groupOfNames" 
and the other "posixGroup"?

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/07/2016 09:15 PM, Florin. Stingaciu wrote:
> Hello,
>
> So I have this user which has only one assignment, to role 
> cpe_services. This role was created using the following metarole: 
> http://pastebin.com/uMtwyfCV
>
> This metarole has five different inducements:
>
>   * the first inducement is an order one inducement that creates an
>     LDAP group with intent 'serviceGroup'
>   * the second inducement is an order two inducement that create a
>     'default' account if the employee type is equal to 'user'
>   * the third inducement is an order two inducement that create a
>     'service' account if the employee type is equal to 'service'
>   * the fourth and fifth are both second order inducements that
>     generate a gid and uid for the user
>
> The assignment of cpe_services to the metarole creates the 
> cpe_services group in LDAP. The assignment of the user to 
> cpe_services, creates an LDAP 'service' account, however when I look 
> under projections, click on the account, and look at associations, I 
> see the following: http://imgur.com/CUEH7uw
>
> The only association there should be the "Service Group" association. 
> The posixMembership is an entitlement that the serviceAccount can 
> have, however it is not defined within this metarole. Also, as you can 
> see, the dn for the association is the same in both.
>
> This problem is not only limited to my serviceGroups entitlement but 
> all entitlements. It also happens for different types of accounts as 
> well.
>
> Please let me know if I can provide with anything further that would 
> help debug this issue.
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/d3dadae3/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 16 18:06:33 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 16 Jun 2016 18:06:33 +0200
Subject: [midPoint] Unsetting User Password RESTfully
In-Reply-To: <CAMQHPY2XN7XpF3UrO0S5XA-ARqgDMR8E-DrssOqqbUCeVpd8uQ@mail.gmail.com>
References: <CAMQHPY2XN7XpF3UrO0S5XA-ARqgDMR8E-DrssOqqbUCeVpd8uQ@mail.gmail.com>
Message-ID: <5762CE89.6030509@evolveum.com>

Hi Florin,

 From the nature of item deltas you need to specify the value that you 
are deleting for such delta to work. Which is not very desirable when 
working with passwords. But you can use "replace" delta instead of 
"delete" and replace the password with no value. Like this:

                         <objectModification 
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
                                 
xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
                                 
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
                                         <t:itemDelta>
<t:modificationType>replace</t:modificationType>
<t:path>credentials/password/value</t:path>
                                         </t:itemDelta>
                         </objectModification>

This should remove all existing password values and repalce them with no 
value at all. Exactly what you want. Even though I'm not sure if we have 
ever tested that with password over REST we use that approach at several 
places in midPoint and it seems to work well in general case. Please 
give it a try.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 04/29/2016 12:44 AM, Florin. Stingaciu wrote:
> Hello,
>
> I have a particular use case that requires me to unset a user password 
> for its Midpoint account. I understand I could disable the account or 
> change its End User role to prevent a user from logging in, but due to 
> the nature of my use case, I can only achieve this by unsetting the 
> user password.
>
> Another requirement is that I also need to do this using the RESTfull 
> API. I tried to use the following:
>
>
>     <?xml version="1.0"?>
>                             <objectModification
>     xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
>                                    
>     xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
>                                    
>     xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
>                                             <t:itemDelta>
>     <t:modificationType>delete</t:modificationType>
>     <t:path>credentials/password/value</t:path>
>                                             </t:itemDelta>
>                             </objectModification>
>
>
> with a POST request to
>
>     "http://localhost:8080/midpoint/ws/rest/users/{USER_OID}
>     <http://localhost:8080/midpoint/ws/rest/users/%7BUSER_OID%7D>"
>
>
> And I get a 204 Response, however it appears the user's credentials 
> are still there.
>
> Another requirement of this is that this password update action must 
> only be applicable to the Midpoint account and any other accounts that 
> user has must retain whatever password was initially set.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/bed53b69/attachment.htm>

From ramon.cahenzli at zhdk.ch  Fri Jun 17 10:27:41 2016
From: ramon.cahenzli at zhdk.ch (=?UTF-8?B?UmFtw7Nu?= Cahenzli)
Date: Fri, 17 Jun 2016 10:27:41 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <5761A1B5.7030302@evolveum.com>
References: <20160615173150.77d0bce9@zhdk.ch> <5761A1B5.7030302@evolveum.com>
Message-ID: <20160617102741.6414522d@zhdk.ch>

Hi Ivan,

Thanks for the response.

> OK so maybe I was reacting too soon. It seems you are doing
> provisioning to MySQL/MariaDB using datasource...

Yes, that sounds about right (I'm not quite fluent in midPoint lingo
yet) :)

 
> Could you please share the MySQL resource configuration?

I've adapted the config with the first two steps from here:

https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration

The last step isn't necessary because I don't want to keep using H2 for
now in midPoint, but it can't hurt to set up the data sources this way,
correct? The source still works under the name jdbc/peeps when used
from my test JSP.

The config files are in this gist:

https://gist.github.com/psy-q/8c0d931ea53eb35bf5098b59dd38a76d

Cheers,

-- 
—
—
Zürcher Hochschule der Künste
Zurich University of the Arts
—
Ramón Cahenzli, MSc.
IT Architect
GNU/Linux Systems Engineer
—
Pfingstweidstrasse 96, Postfach, 8031 Zürich
Tel. +41 43 446 31 63, Fax +41 43 446 45 21
ramon.cahenzli at zhdk.ch
—
Encrypt things, whee!
https://keybase.io/psyq
—
http://www.zhdk.ch
http://itz.zhdk.ch
http://service.itz.zhdk.ch


From zeipelt at uni-wuppertal.de  Fri Jun 17 12:12:21 2016
From: zeipelt at uni-wuppertal.de (Rene Zeipelt)
Date: Fri, 17 Jun 2016 12:12:21 +0200
Subject: [midPoint] define openldap connector schema with 2 or more object
 classes per entry
Message-ID: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>

hello list,
we try to define a schema for openldap entries which have attributes 
from several object classes (eduPerson, radiusprofile ...).
so we stuck in handle one object class in schema handling definitions. 
reading schemes is no problem. midpoint is the latest
version and openldap is a debian jessie 2.4.40. connector is 
com.evolveum.polygon.connector.ldap.LdapConnector 1.4.2.0.
so define a complextype for own attributes with a nativeobjectclass 
__ACCOUNT__ ends in a "no OID for ..." error. so what we missing?
thanks for any help.
best regards Rene


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5338 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/911e8680/attachment.bin>

From gustav.palos at evolveum.com  Fri Jun 17 12:32:28 2016
From: gustav.palos at evolveum.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=)
Date: Fri, 17 Jun 2016 12:32:28 +0200
Subject: [midPoint] define openldap connector schema with 2 or more
 object classes per entry
In-Reply-To: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>
References: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>
Message-ID: <CAPXQVkdGBfp9Pi2eKUJgo+CutUaO_VsgxV2gvrPQ4Vs=Rr4-Mw@mail.gmail.com>

Hi Rene,

please instead of several <objectType> for each object class use only one
and set <auxiliaryObjectClass>, for example:

        <objectType>
            <kind>account</kind>
            <intent>default</intent>
            <displayName>Default Account</displayName>
            <default>true</default>
            <objectClass>ri:eduPerson</objectClass>
            <auxiliaryObjectClass>radiusprofile</auxiliaryObjectClass>
            <auxiliaryObjectClass>...</auxiliaryObjectClass>
...

best regards,

Gustav


2016-06-17 12:12 GMT+02:00 Rene Zeipelt <zeipelt at uni-wuppertal.de>:

> hello list,
> we try to define a schema for openldap entries which have attributes from
> several object classes (eduPerson, radiusprofile ...).
> so we stuck in handle one object class in schema handling definitions.
> reading schemes is no problem. midpoint is the latest
> version and openldap is a debian jessie 2.4.40. connector is
> com.evolveum.polygon.connector.ldap.LdapConnector 1.4.2.0.
> so define a complextype for own attributes with a nativeobjectclass
> __ACCOUNT__ ends in a "no OID for ..." error. so what we missing?
> thanks for any help.
> best regards Rene
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/7f29ca0b/attachment.htm>

From ivan.noris at evolveum.com  Fri Jun 17 12:46:15 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Fri, 17 Jun 2016 12:46:15 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <20160617102741.6414522d@zhdk.ch>
References: <20160615173150.77d0bce9@zhdk.ch> <5761A1B5.7030302@evolveum.com>
 <20160617102741.6414522d@zhdk.ch>
Message-ID: <5763D4F7.2040306@evolveum.com>

Hi Ramón,

the configuration for datasource is for making midPoint repository use
the datasource instead of jdbc host/port/user/password in config.xml.
That actually works even if I don't use it very often.

But I think we have never used DBTable connector with datasource
configuration ;-)

It seems like the connector is unable to find the datasource. Have you
configured the <tomcat>/conf/context.xml as in the Data source
configuration here
https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration?
Might be that this is somehow changed for Tomcat 8, I was only trying
datasource for Tomcat 7.

But as I've said, I have never used datasource for DBTable connector yet.

I will try to setup similar setup on my side, but it will probably take
a few days.

Best regards,
Ivan

On 06/17/2016 10:27 AM, Ramón Cahenzli wrote:
> Hi Ivan,
>
> Thanks for the response.
>
>> OK so maybe I was reacting too soon. It seems you are doing
>> provisioning to MySQL/MariaDB using datasource...
> Yes, that sounds about right (I'm not quite fluent in midPoint lingo
> yet) :)
>
>  
>> Could you please share the MySQL resource configuration?
> I've adapted the config with the first two steps from here:
>
> https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration
>
> The last step isn't necessary because I don't want to keep using H2 for
> now in midPoint, but it can't hurt to set up the data sources this way,
> correct? The source still works under the name jdbc/peeps when used
> from my test JSP.
>
> The config files are in this gist:
>
> https://gist.github.com/psy-q/8c0d931ea53eb35bf5098b59dd38a76d
>
> Cheers,
>

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."



From radovan.semancik at evolveum.com  Fri Jun 17 13:26:04 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Fri, 17 Jun 2016 13:26:04 +0200
Subject: [midPoint] define openldap connector schema with 2 or more
 object classes per entry
In-Reply-To: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>
References: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>
Message-ID: <5763DE4C.1030100@evolveum.com>

Hi,

LDAP always has just one structural object class (not counting the 
superclasses). If you need more object classes in LDAP then the 
additional object classes are almost certainly auxiliary object classes. 
MidPoint has full support for auxiliary object classes, however the 
documentation is currently missing. However, you may find some 
inspiration in this example: 
https://wiki.evolveum.com/display/midPoint/Unix+Story+Test

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/17/2016 12:12 PM, Rene Zeipelt wrote:
> hello list,
> we try to define a schema for openldap entries which have attributes 
> from several object classes (eduPerson, radiusprofile ...).
> so we stuck in handle one object class in schema handling definitions. 
> reading schemes is no problem. midpoint is the latest
> version and openldap is a debian jessie 2.4.40. connector is 
> com.evolveum.polygon.connector.ldap.LdapConnector 1.4.2.0.
> so define a complextype for own attributes with a nativeobjectclass 
> __ACCOUNT__ ends in a "no OID for ..." error. so what we missing?
> thanks for any help.
> best regards Rene
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/86bc237c/attachment.htm>

From ivan.noris at evolveum.com  Fri Jun 17 13:27:59 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Fri, 17 Jun 2016 13:27:59 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <20160617102741.6414522d@zhdk.ch>
References: <20160615173150.77d0bce9@zhdk.ch> <5761A1B5.7030302@evolveum.com>
 <20160617102741.6414522d@zhdk.ch>
Message-ID: <5763DEBF.4030105@evolveum.com>

Well, I was curious.

I tried this (and it works, to not just tease you):

1. configured datasource (jdbc/testds1) in Tomcat's server.xml just like
in
https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration

2. configured datasource in tomcat's conf/context.xml just like in the
same page

3. in resource, I used this:
            <icfc:configurationProperties
           
xmlns:icscdbtable="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-databasetable/org.identityconnectors.databasetable.DatabaseTableConnector">

                <icscdbtable:table>idrepo</icscdbtable:table>
                <icscdbtable:keyColumn>userId</icscdbtable:keyColumn>
               
<icscdbtable:passwordColumn>password</icscdbtable:passwordColumn>
               
<icscdbtable:jdbcDriver>com.mysql.jdbc.Driver</icscdbtable:jdbcDriver>
               
<icscdbtable:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscdbtable:jdbcUrlTemplate>
               
<icscdbtable:enableEmptyString>false</icscdbtable:enableEmptyString>
               
<icscdbtable:rethrowAllSQLExceptions>true</icscdbtable:rethrowAllSQLExceptions>
               
<icscdbtable:nativeTimestamps>false</icscdbtable:nativeTimestamps>
                <icscdbtable:allNative>false</icscdbtable:allNative>
                <icscdbtable:changeLogColumn></icscdbtable:changeLogColumn>
               
<icscdbtable:datasource>*java:comp/env/jdbc/testds1*</icscdbtable:datasource>
            </icfc:configurationProperties>

I.e. I used the same notation as when config.xml datasource reference is
made, prefixed with "java:comp/env/".
It worked for me. Please try.

Best regards,
Ivan

On 06/17/2016 10:27 AM, Ramón Cahenzli wrote:
> Hi Ivan,
>
> Thanks for the response.
>
>> OK so maybe I was reacting too soon. It seems you are doing
>> provisioning to MySQL/MariaDB using datasource...
> Yes, that sounds about right (I'm not quite fluent in midPoint lingo
> yet) :)
>
>  
>> Could you please share the MySQL resource configuration?
> I've adapted the config with the first two steps from here:
>
> https://wiki.evolveum.com/display/midPoint/Repository+Configuration#RepositoryConfiguration-Datasourceconfiguration
>
> The last step isn't necessary because I don't want to keep using H2 for
> now in midPoint, but it can't hurt to set up the data sources this way,
> correct? The source still works under the name jdbc/peeps when used
> from my test JSP.
>
> The config files are in this gist:
>
> https://gist.github.com/psy-q/8c0d931ea53eb35bf5098b59dd38a76d
>
> Cheers,
>

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/4863e1ba/attachment.htm>

From legeech at inbox.ru  Fri Jun 17 13:35:06 2016
From: legeech at inbox.ru (=?UTF-8?B?b2xlZyBva3VuZXY=?=)
Date: Fri, 17 Jun 2016 14:35:06 +0300
Subject: [midPoint] =?utf-8?q?midpoint_mysql?=
Message-ID: <1466163306.305308884@f367.i.mail.ru>


hi everyone!

your project is very good)

but i have some problems. may be my english is not very well sory/

so
i have:
About midPoint
Version 3.3.1
Git describe git-v3.3.1 and
ICF org.identityconnectors.databasetable.DatabaseTableConnector v1.4.0.49 

i want to connect to other host with mysql
i take sample from git 

<connectorRef type="ConnectorType">
<filter>
<q:equal>
<q:path>c:connectorType</q:path>
<q:value>org.identityconnectors.databasetable.DatabaseTableConnector</q:value>
</q:equal>
</filter>
</connectorRef>
<!-- Configuration section contains configuration of the connector,
such as hostnames and passwords -->
<connectorConfiguration>
<!-- Configuration specific for the DBTable connector -->
<icfc:configurationProperties
xmlns:icscdbtable="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-databasetable/org.identityconnectors.databasetable.DatabaseTableConnector">
<icscdbtable:port>3306</icscdbtable:port>
<icscdbtable:quoting></icscdbtable:quoting>
<icscdbtable:host>192.168.10.208</icscdbtable:host>
<icscdbtable:user>midpoint_tests</icscdbtable:user>
<icscdbtable:password><clearValue>secret</clearValue></icscdbtable:password>
<icscdbtable:database>midpoint_tests</icscdbtable:database>
<icscdbtable:table>idrepo</icscdbtable:table>
<icscdbtable:keyColumn>userId</icscdbtable:keyColumn>
<icscdbtable:passwordColumn>password</icscdbtable:passwordColumn>

<icscdbtable:jdbcDriver>org.gjt.mm.mysql.Driver</icscdbtable:jdbcDriver>     and try com.mysql.jdbc.Driver

<icscdbtable:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscdbtable:jdbcUrlTemplate>
<icscdbtable:enableEmptyString>false</icscdbtable:enableEmptyString>
<icscdbtable:rethrowAllSQLExceptions>true</icscdbtable:rethrowAllSQLExceptions>
<icscdbtable:nativeTimestamps>false</icscdbtable:nativeTimestamps>
<icscdbtable:allNative>false</icscdbtable:allNative>
<icscdbtable:changeLogColumn>change_timestamp</icscdbtable:changeLogColumn>
<icscdbtable:datasource></icscdbtable:datasource>
</icfc:configurationProperties> BUT
i have error 
 Configuration error: JDBC Driver is not found on classpath.

where i have mistake?

-- 
oleg okunev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/a73260ee/attachment.htm>

From ivan.noris at evolveum.com  Fri Jun 17 13:59:24 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Fri, 17 Jun 2016 13:59:24 +0200
Subject: [midPoint] midpoint mysql
In-Reply-To: <1466163306.305308884@f367.i.mail.ru>
References: <1466163306.305308884@f367.i.mail.ru>
Message-ID: <5763E61C.4070708@evolveum.com>

Hi Oleg,

in our samples we are using:

               
<icscdbtable:jdbcDriver>com.mysql.jdbc.Driver</icscdbtable:jdbcDriver>

Please put mysql jdbc driver to Tomcat lib directory. I have:

/usr/local/apache-tomcat/lib/mysql-connector-java-5.1.33.jar

Then restart Tomcat.

Regards,
Ivan

On 06/17/2016 01:35 PM, oleg okunev wrote:
>
> hi everyone!
>
> your project is very good)
>
> but i have some problems. may be my english is not very well sory/
>
> so
> i have:
>
> About midPoint
> Version 3.3.1
> Git describe git-v3.3.1
>
> and
> ICF org.identityconnectors.databasetable.DatabaseTableConnector v1.4.0.49 
>
> i want to connect to other host with mysql
> i take sample from git 
>
> <connectorRef type="ConnectorType">
> <filter>
> <q:equal>
> <q:path>c:connectorType</q:path>
> <q:value>org.identityconnectors.databasetable.DatabaseTableConnector</q:value>
> </q:equal>
> </filter>
> </connectorRef>
>
> <!-- Configuration section contains configuration of the connector,
> such as hostnames and passwords -->
> <connectorConfiguration>
>
> <!-- Configuration specific for the DBTable connector -->
> <icfc:configurationProperties
> xmlns:icscdbtable="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-databasetable/org.identityconnectors.databasetable.DatabaseTableConnector">
> <icscdbtable:port>3306</icscdbtable:port>
> <icscdbtable:quoting></icscdbtable:quoting>
> <icscdbtable:host>192.168.10.208</icscdbtable:host>
> <icscdbtable:user>midpoint_tests</icscdbtable:user>
> <icscdbtable:password><clearValue>secret</clearValue></icscdbtable:password>
> <icscdbtable:database>midpoint_tests</icscdbtable:database>
> <icscdbtable:table>idrepo</icscdbtable:table>
> <icscdbtable:keyColumn>userId</icscdbtable:keyColumn>
> <icscdbtable:passwordColumn>password</icscdbtable:passwordColumn>
>
> <icscdbtable:jdbcDriver>org.gjt.mm.mysql.Driver</icscdbtable:jdbcDriver>
>     and try com.mysql.jdbc.Driver
>
> <icscdbtable:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscdbtable:jdbcUrlTemplate>
> <icscdbtable:enableEmptyString>false</icscdbtable:enableEmptyString>
> <icscdbtable:rethrowAllSQLExceptions>true</icscdbtable:rethrowAllSQLExceptions>
> <icscdbtable:nativeTimestamps>false</icscdbtable:nativeTimestamps>
> <icscdbtable:allNative>false</icscdbtable:allNative>
> <icscdbtable:changeLogColumn>change_timestamp</icscdbtable:changeLogColumn>
> <icscdbtable:datasource></icscdbtable:datasource>
> </icfc:configurationProperties>
>
> BUT
> i have error 
>  Configuration error: JDBC Driver is not found on classpath.
>
> where i have mistake?
>
> -- 
> oleg okunev
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/be8451e8/attachment.htm>

From legeech at inbox.ru  Fri Jun 17 15:04:47 2016
From: legeech at inbox.ru (=?UTF-8?B?b2xlZyBva3VuZXY=?=)
Date: Fri, 17 Jun 2016 16:04:47 +0300
Subject: [midPoint] =?utf-8?q?midpoint_mysql?=
In-Reply-To: <5763E61C.4070708@evolveum.com>
References: <1466163306.305308884@f367.i.mail.ru>
 <5763E61C.4070708@evolveum.com>
Message-ID: <1466168687.726697271@f405.i.mail.ru>

 thank .IT works.  


>Пятница, 17 июня 2016, 14:59 +03:00 от Ivan Noris <ivan.noris at evolveum.com>:
>
>Hi Oleg,
>
>in our samples we are using:
>
>               
<icscdbtable:jdbcDriver>com.mysql.jdbc.Driver</icscdbtable:jdbcDriver>
>
>Please put mysql jdbc driver to Tomcat lib directory. I have:
>
>/usr/local/apache-tomcat/lib/mysql-connector-java-5.1.33.jar
>
>Then restart Tomcat.
>
>Regards,
>Ivan
>
>On 06/17/2016 01:35 PM, oleg okunev
      wrote:
>>
>>hi everyone!
>>
>>your project is very good)
>>
>>but i have some problems. may be my english is not very well sory/
>>
>>so
>>i have:
>>About midPoint
>>Version 3.3.1
>>Git describe git-v3.3.1 and
>>ICF org.identityconnectors.databasetable.DatabaseTableConnector
      v1.4.0.49 
>>
>>i want to connect to other host with mysql
>>i take sample from git 
>>
>><connectorRef
          type="ConnectorType">
>><filter>
>><q:equal>
>><q:path>c:connectorType</q:path>
>><q:value>org.identityconnectors.databasetable.DatabaseTableConnector</q:value>
>></q:equal>
>></filter>
>></connectorRef>
>><!-- Configuration section
          contains configuration of the connector,
>>such as hostnames and passwords
          -->
>><connectorConfiguration>
>><!-- Configuration specific
          for the DBTable connector -->
>><icfc:configurationProperties
>>xmlns:icscdbtable= "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-databasetable/org.identityconnectors.databasetable.DatabaseTableConnector" >
>><icscdbtable:port>3306</icscdbtable:port>
>><icscdbtable:quoting></icscdbtable:quoting>
>><icscdbtable:host>192.168.10.208</icscdbtable:host>
>><icscdbtable:user>midpoint_tests</icscdbtable:user>
>><icscdbtable:password><clearValue>secret</clearValue></icscdbtable:password>
>><icscdbtable:database>midpoint_tests</icscdbtable:database>
>><icscdbtable:table>idrepo</icscdbtable:table>
>><icscdbtable:keyColumn>userId</icscdbtable:keyColumn>
>><icscdbtable:passwordColumn>password</icscdbtable:passwordColumn>
>>
>><icscdbtable:jdbcDriver>org.gjt.mm.mysql.Driver</icscdbtable:jdbcDriver>
              and try com.mysql.jdbc.Driver
>>
>><icscdbtable:jdbcUrlTemplate>jdbc:mysql://%h:%p/%d?useUnicode=true&amp;characterEncoding=utf8&amp;connectionCollation=utf8_bin</icscdbtable:jdbcUrlTemplate>
>><icscdbtable:enableEmptyString>false</icscdbtable:enableEmptyString>
>><icscdbtable:rethrowAllSQLExceptions>true</icscdbtable:rethrowAllSQLExceptions>
>><icscdbtable:nativeTimestamps>false</icscdbtable:nativeTimestamps>
>><icscdbtable:allNative>false</icscdbtable:allNative>
>><icscdbtable:changeLogColumn>change_timestamp</icscdbtable:changeLogColumn>
>><icscdbtable:datasource></icscdbtable:datasource>
>></icfc:configurationProperties> BUT
>>i have error 
>> Configuration error: JDBC Driver is
        not found on classpath.
>>
>>where i have mistake?
>>
>>-- 
>>oleg okunev
>>
>>_______________________________________________
midPoint mailing list
>>midPoint at lists.evolveum.com
>>http://lists.evolveum.com/mailman/listinfo/midpoint
>
>-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."
>_______________________________________________
>midPoint mailing list
>midPoint at lists.evolveum.com
>http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/9393df21/attachment.htm>

From zeipelt at uni-wuppertal.de  Fri Jun 17 22:32:11 2016
From: zeipelt at uni-wuppertal.de (Rene Zeipelt)
Date: Fri, 17 Jun 2016 22:32:11 +0200
Subject: [midPoint] define openldap connector schema with 2 or more
 object classes per entry
In-Reply-To: <CAPXQVkdGBfp9Pi2eKUJgo+CutUaO_VsgxV2gvrPQ4Vs=Rr4-Mw@mail.gmail.com>
References: <e4b0330b-7ee0-8948-8733-9a91335f0eae@uni-wuppertal.de>
 <CAPXQVkdGBfp9Pi2eKUJgo+CutUaO_VsgxV2gvrPQ4Vs=Rr4-Mw@mail.gmail.com>
Message-ID: <854c25a4-d723-b887-54a0-f7b66fd7f67d@uni-wuppertal.de>

hello Pálos,
using <auxiliaryObjectClass>radiusprofile</auxiliaryObjectClass> works. 
thank you.
best regards Rene


Am 17.06.2016 um 12:32 schrieb Pálos Gustáv:
> Hi Rene,
>
> please instead of several <objectType> for each object class use only 
> one and set <auxiliaryObjectClass>, for example:
>
>         <objectType>
>             <kind>account</kind>
>             <intent>default</intent>
>             <displayName>Default Account</displayName>
>             <default>true</default>
> <objectClass>ri:eduPerson</objectClass>
> <auxiliaryObjectClass>radiusprofile</auxiliaryObjectClass>
> <auxiliaryObjectClass>...</auxiliaryObjectClass>
> ...
>
> best regards,
>
> Gustav
>
>
> 2016-06-17 12:12 GMT+02:00 Rene Zeipelt <zeipelt at uni-wuppertal.de 
> <mailto:zeipelt at uni-wuppertal.de>>:
>
>     hello list,
>     we try to define a schema for openldap entries which have
>     attributes from several object classes (eduPerson, radiusprofile ...).
>     so we stuck in handle one object class in schema handling
>     definitions. reading schemes is no problem. midpoint is the latest
>     version and openldap is a debian jessie 2.4.40. connector is
>     com.evolveum.polygon.connector.ldap.LdapConnector 1.4.2.0.
>     so define a complextype for own attributes with a
>     nativeobjectclass __ACCOUNT__ ends in a "no OID for ..." error. so
>     what we missing?
>     thanks for any help.
>     best regards Rene
>
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/0c823815/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5338 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160617/0c823815/attachment.bin>

From petr.gasparik at ami.cz  Sat Jun 18 00:08:36 2016
From: petr.gasparik at ami.cz (=?UTF-8?B?UGV0ciBHYcWhcGFyw61rIC0gQU1JIFByYWhhIGEucy4=?=)
Date: Sat, 18 Jun 2016 00:08:36 +0200
Subject: [midPoint] Fwd: Translation!
In-Reply-To: <CABAspd0sFpCYUuD=o7BeZe0+Pk-Lm2LcqdTAXrAQ8HWBeM7sYg@mail.gmail.com>
References: <CABAspd0sFpCYUuD=o7BeZe0+Pk-Lm2LcqdTAXrAQ8HWBeM7sYg@mail.gmail.com>
Message-ID: <CABAspd2ce1_drK7n7RzmdijsGQPffTEfXt1P-ykUPb5v5ErFdQ@mail.gmail.com>

Hi midPoint enthusiasts!
I would like to tell you that we proudly finished 100% localization of
midPoint into Czech!

But there is more languages to work on.
*Is your language covered?*
*See here: https://www.transifex.com/evolveum/midpoint/languages/
<https://www.transifex.com/evolveum/midpoint/languages/>*

If it is not 100% covered (for example, hungarian, turkish, spanish...),
you are more than welcome to join our force - simply ask to be added to
team of translator for chosen language, and I admin you like a breeze!
You can even ask for new language, if it is missing! (someone said Klingon?)

---

Have a great day!
Looking forward for next version around the corner :)

Petr Gašparík, head of translations :))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160618/d03c9f20/attachment.htm>

From fstingaciu at mirantis.com  Tue Jun 21 00:43:54 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Mon, 20 Jun 2016 15:43:54 -0700
Subject: [midPoint] [midpoint] Workflow with Approver - Email
	Notifications
In-Reply-To: <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
Message-ID: <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>

Hey Pavol,

So I only now got around to setting up this feature and I get the following
error: http://pastebin.com/V0v1ASW1

I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.

Thanks,
-F

On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> it seems that this functionality (notifying the approver) was neither
> documented, nor even fully implemented.
>
> Today I did it - at least in a basic form. Please see
> <https://wiki.evolveum.com/display/midPoint/Workflow+notifications>
> https://wiki.evolveum.com/display/midPoint/Workflow+notifications. It is
> implemented in today's master: v3.4devel-1847-g290aa7f.
>
> Best regards,
>
> Pavol
>
> On 09.06.2016 2:22, Florin. Stingaciu wrote:
>
> Hello,
>
> I have a role that has an approver and I would like to set up
> notifications such that an email is sent out to the Approver of a role
> (based on the email found in the Approver account) only when a user has
> requested access to this role.
>
> I've tried following the instructions at
> <https://wiki.evolveum.com/display/midPoint/Notifications>
> https://wiki.evolveum.com/display/midPoint/Notifications, and various
> sample configs on your github, but I can't seem to figure it out.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160620/b4ae4382/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 00:56:10 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 00:56:10 +0200
Subject: [midPoint] [midpoint] Workflow with Approver - Email
 Notifications
In-Reply-To: <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
Message-ID: <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>

Hello Florin,

this is a really stupid bug of mine. Should be fixed in current master 
(v3.4devel-2005-g247bc68); but not tested as I currently have no 
"no-encryption" mail server at hand.

Please try and tell me if it works.

Best regards,

Pavol


On 21.06.2016 0:43, Florin. Stingaciu wrote:
> Hey Pavol,
>
> So I only now got around to setting up this feature and I get the 
> following error: http://pastebin.com/V0v1ASW1
>
> I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>
> Thanks,
> -F
>
> On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     it seems that this functionality (notifying the approver) was
>     neither documented, nor even fully implemented.
>
>     Today I did it - at least in a basic form. Please see
>     https://wiki.evolveum.com/display/midPoint/Workflow+notifications.
>     It is implemented in today's master: v3.4devel-1847-g290aa7f.
>
>     Best regards,
>
>     Pavol
>
>
>     On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>     Hello,
>>
>>     I have a role that has an approver and I would like to set up
>>     notifications such that an email is sent out to the Approver of a
>>     role (based on the email found in the Approver account) only when
>>     a user has requested access to this role.
>>
>>     I've tried following the instructions at
>>     https://wiki.evolveum.com/display/midPoint/Notifications, and
>>     various sample configs on your github, but I can't seem to figure
>>     it out.
>>
>>     Any help would be greatly appreciated.
>>
>>     Thanks,
>>     -F
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/dd21f7de/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 12:07:18 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 12:07:18 +0200
Subject: [midPoint] List of user roles
In-Reply-To: <CAFmDq453Rjj=vxYn_JWEZCcvC7xQTzjcg+r5++HoD1emuh1JYg@mail.gmail.com>
References: <CAFmDq453Rjj=vxYn_JWEZCcvC7xQTzjcg+r5++HoD1emuh1JYg@mail.gmail.com>
Message-ID: <b6f7f9ac-206a-73f5-26af-19bc393ac44f@evolveum.com>

Hello Petr,

sorry for the late answer, this message completely flew out of my sight.

I think that the only possible way is to repeatedly call 
midpoint.getObject method for each OID in order to get the name.

You could speed it up by setting "noFetch" option.

As for the object type (required for getObject method): you can retrieve 
it from the targetRef, or set directly to ObjectType.class - when 
retrieving the name only, it shouldn't be a problem.

Beware of exception handling (object not found, security violation, 
...). I usually put OID instead of name in such cases.

In the future we perhaps should provide some method in midpoint 
functions library to do that. Maybe you could log a jira.

Best regards,

Pavol


On 14.06.2016 9:43, Petr Gašparík wrote:
> Hi,
> I am trying to list user roles in notification body.
>
> so basically something like
>
>                     allAssignments = requestee.getAssignment();
>                     allAssignments.each {
>                         body += 
> basic.stringify(it.getTargetRef()?.getOid()) + "\n";
>                     };
>
> but with names instead of oid.
>
> What is best practice how to get that?
>
> thank you in advance,
> Petr Gašparík
> -- 
> -- 
> Petr G.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/1532a62f/attachment.htm>

From mmarchese at identicum.com  Tue Jun 21 17:33:36 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Tue, 21 Jun 2016 12:33:36 -0300
Subject: [midPoint] Best Way to Perform Loopback Actions
Message-ID: <CAG3rmdo_Dz09D20wSSPVf=NxtktJ0HK2TB9EtpYb_BjSk-E1NQ@mail.gmail.com>

Hi all,

We need to add some loopback actions once users are created in midpoint,
e.g. after a user is created in MidPoint, say with a file connector, set
the user email address based on the Names provided during the creation
process.

Which is the best way to achieve this? Is there a particular connector to
do this?

Thanks in Advance,
*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/f163502f/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 18:24:04 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 18:24:04 +0200
Subject: [midPoint] Best Way to Perform Loopback Actions
In-Reply-To: <CAG3rmdo_Dz09D20wSSPVf=NxtktJ0HK2TB9EtpYb_BjSk-E1NQ@mail.gmail.com>
References: <CAG3rmdo_Dz09D20wSSPVf=NxtktJ0HK2TB9EtpYb_BjSk-E1NQ@mail.gmail.com>
Message-ID: <87802987-7a84-ae96-4e9e-49d074b4dc2a@evolveum.com>

Hello Martin,

perhaps the best way of achieving that is using object templates, see 
https://wiki.evolveum.com/display/midPoint/Object+Template.

Best regards,
Pavol

On 21.06.2016 17:33, Martin Marchese wrote:
> Hi all,
>
> We need to add some loopback actions once users are created in 
> midpoint, e.g. after a user is created in MidPoint, say with a file 
> connector, set the user email address based on the Names provided 
> during the creation process.
>
> Which is the best way to achieve this? Is there a particular connector 
> to do this?
>
> Thanks in Advance,
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/12ac051a/attachment.htm>

From mmarchese at identicum.com  Tue Jun 21 20:52:21 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Tue, 21 Jun 2016 15:52:21 -0300
Subject: [midPoint] Best Way to Perform Loopback Actions
In-Reply-To: <87802987-7a84-ae96-4e9e-49d074b4dc2a@evolveum.com>
References: <CAG3rmdo_Dz09D20wSSPVf=NxtktJ0HK2TB9EtpYb_BjSk-E1NQ@mail.gmail.com>
 <87802987-7a84-ae96-4e9e-49d074b4dc2a@evolveum.com>
Message-ID: <CAG3rmdq=31e9es45MJveyf6fkqi=zx2QNw4qhTPdbsD0WWFgBQ@mail.gmail.com>

Thanks Pavol, I wil try that, seems like it will work.

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Tue, Jun 21, 2016 at 1:24 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Martin,
>
> perhaps the best way of achieving that is using object templates, see
> <https://wiki.evolveum.com/display/midPoint/Object+Template>
> https://wiki.evolveum.com/display/midPoint/Object+Template.
> Best regards,
> Pavol
>
>
> On 21.06.2016 17:33, Martin Marchese wrote:
>
> Hi all,
>
> We need to add some loopback actions once users are created in midpoint,
> e.g. after a user is created in MidPoint, say with a file connector, set
> the user email address based on the Names provided during the creation
> process.
>
> Which is the best way to achieve this? Is there a particular connector to
> do this?
>
> Thanks in Advance,
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/5231e82c/attachment.htm>

From fstingaciu at mirantis.com  Tue Jun 21 21:02:18 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Tue, 21 Jun 2016 12:02:18 -0700
Subject: [midPoint] [midpoint] Workflow with Approver - Email
	Notifications
In-Reply-To: <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
Message-ID: <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>

Hello,

This is still an issue on:

Version 3.4-SNAPSHOT
Git describe git-v3.4devel-2018-g0e2e4d9
Build at Tue, 21 Jun 2016 18:24:18 +0000

Thanks,
-F

On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> this is a really stupid bug of mine. Should be fixed in current master
> (v3.4devel-2005-g247bc68); but not tested as I currently have no
> "no-encryption" mail server at hand.
>
> Please try and tell me if it works.
>
> Best regards,
>
> Pavol
>
> On 21.06.2016 0:43, Florin. Stingaciu wrote:
>
> Hey Pavol,
>
> So I only now got around to setting up this feature and I get the
> following error: http://pastebin.com/V0v1ASW1
>
> I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>
> Thanks,
> -F
>
> On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> it seems that this functionality (notifying the approver) was neither
>> documented, nor even fully implemented.
>>
>> Today I did it - at least in a basic form. Please see
>> <https://wiki.evolveum.com/display/midPoint/Workflow+notifications>
>> https://wiki.evolveum.com/display/midPoint/Workflow+notifications. It is
>> implemented in today's master: v3.4devel-1847-g290aa7f.
>>
>> Best regards,
>>
>> Pavol
>>
>> On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> I have a role that has an approver and I would like to set up
>> notifications such that an email is sent out to the Approver of a role
>> (based on the email found in the Approver account) only when a user has
>> requested access to this role.
>>
>> I've tried following the instructions at
>> <https://wiki.evolveum.com/display/midPoint/Notifications>
>> https://wiki.evolveum.com/display/midPoint/Notifications, and various
>> sample configs on your github, but I can't seem to figure it out.
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>> -F
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/a2029417/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 21:52:52 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 21:52:52 +0200
Subject: [midPoint] [midpoint] Workflow with Approver - Email
 Notifications
In-Reply-To: <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
 <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
Message-ID: <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>

Hello Florin,

could you please send me your current notification configuration, plus 
current stack trace (for git-v3.4devel-2018)?

Thank you

Pavol


On 21.06.2016 21:02, Florin. Stingaciu wrote:
> Hello,
>
> This is still an issue on:
>
> Version 	3.4-SNAPSHOT
> Git describe 	git-v3.4devel-2018-g0e2e4d9
> Build at 	Tue, 21 Jun 2016 18:24:18 +0000
>
>
> Thanks,
> -F
>
> On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     this is a really stupid bug of mine. Should be fixed in current
>     master (v3.4devel-2005-g247bc68); but not tested as I currently
>     have no "no-encryption" mail server at hand.
>
>     Please try and tell me if it works.
>
>     Best regards,
>
>     Pavol
>
>
>     On 21.06.2016 0:43, Florin. Stingaciu wrote:
>>     Hey Pavol,
>>
>>     So I only now got around to setting up this feature and I get the
>>     following error: http://pastebin.com/V0v1ASW1
>>
>>     I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>>
>>     Thanks,
>>     -F
>>
>>     On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         Hello Florin,
>>
>>         it seems that this functionality (notifying the approver) was
>>         neither documented, nor even fully implemented.
>>
>>         Today I did it - at least in a basic form. Please see
>>         https://wiki.evolveum.com/display/midPoint/Workflow+notifications.
>>         It is implemented in today's master: v3.4devel-1847-g290aa7f.
>>
>>         Best regards,
>>
>>         Pavol
>>
>>
>>         On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>>         Hello,
>>>
>>>         I have a role that has an approver and I would like to set
>>>         up notifications such that an email is sent out to the
>>>         Approver of a role (based on the email found in the Approver
>>>         account) only when a user has requested access to this role.
>>>
>>>         I've tried following the instructions at
>>>         https://wiki.evolveum.com/display/midPoint/Notifications,
>>>         and various sample configs on your github, but I can't seem
>>>         to figure it out.
>>>
>>>         Any help would be greatly appreciated.
>>>
>>>         Thanks,
>>>         -F
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/a4033975/attachment.htm>

From fstingaciu at mirantis.com  Tue Jun 21 22:03:04 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Tue, 21 Jun 2016 13:03:04 -0700
Subject: [midPoint] [midpoint] Workflow with Approver - Email
	Notifications
In-Reply-To: <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
 <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
 <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>
Message-ID: <CAMQHPY1ovebvMHFHRa0AFLfHwZbKjhLWSLXX_KpCAJ2rutjHVg@mail.gmail.com>

Hey,

   <notificationConfiguration>
      <handler>
         <simpleWorkflowNotifier>
            <transport>mail</transport>
         </simpleWorkflowNotifier>
      </handler>
      <mail>
         <server>
            <host>smtp.symcpe.net</host>
            <port>25</port>
         </server>
         <debug>true</debug>
      </mail>
   </notificationConfiguration>


and here's the stacktrace: http://pastebin.com/s5SeMZns

Thanks,
-F

On Tue, Jun 21, 2016 at 12:52 PM, Pavol Mederly <mederly at evolveum.com>
wrote:

> Hello Florin,
>
> could you please send me your current notification configuration, plus
> current stack trace (for git-v3.4devel-2018)?
>
> Thank you
>
> Pavol
>
> On 21.06.2016 21:02, Florin. Stingaciu wrote:
>
> Hello,
>
> This is still an issue on:
>
> Version 3.4-SNAPSHOT
> Git describe git-v3.4devel-2018-g0e2e4d9
> Build at Tue, 21 Jun 2016 18:24:18 +0000
>
> Thanks,
> -F
>
> On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> this is a really stupid bug of mine. Should be fixed in current master
>> (v3.4devel-2005-g247bc68); but not tested as I currently have no
>> "no-encryption" mail server at hand.
>>
>> Please try and tell me if it works.
>>
>> Best regards,
>>
>> Pavol
>>
>> On 21.06.2016 0:43, Florin. Stingaciu wrote:
>>
>> Hey Pavol,
>>
>> So I only now got around to setting up this feature and I get the
>> following error:  <http://pastebin.com/V0v1ASW1>
>> http://pastebin.com/V0v1ASW1
>>
>> I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>>
>> Thanks,
>> -F
>>
>> On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Florin,
>>>
>>> it seems that this functionality (notifying the approver) was neither
>>> documented, nor even fully implemented.
>>>
>>> Today I did it - at least in a basic form. Please see
>>> <https://wiki.evolveum.com/display/midPoint/Workflow+notifications>
>>> https://wiki.evolveum.com/display/midPoint/Workflow+notifications. It
>>> is implemented in today's master: v3.4devel-1847-g290aa7f.
>>>
>>> Best regards,
>>>
>>> Pavol
>>>
>>> On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>>
>>> Hello,
>>>
>>> I have a role that has an approver and I would like to set up
>>> notifications such that an email is sent out to the Approver of a role
>>> (based on the email found in the Approver account) only when a user has
>>> requested access to this role.
>>>
>>> I've tried following the instructions at
>>> <https://wiki.evolveum.com/display/midPoint/Notifications>
>>> https://wiki.evolveum.com/display/midPoint/Notifications, and various
>>> sample configs on your github, but I can't seem to figure it out.
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Thanks,
>>> -F
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/9b2d9e9c/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 22:33:25 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 22:33:25 +0200
Subject: [midPoint] [midpoint] Workflow with Approver - Email
 Notifications
In-Reply-To: <CAMQHPY1ovebvMHFHRa0AFLfHwZbKjhLWSLXX_KpCAJ2rutjHVg@mail.gmail.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
 <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
 <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>
 <CAMQHPY1ovebvMHFHRa0AFLfHwZbKjhLWSLXX_KpCAJ2rutjHVg@mail.gmail.com>
Message-ID: <580bd872-6f78-ecb4-a431-12d4222572ec@evolveum.com>

Florin,

fixed in v3.4devel-2019-ge4519d0. If there would be yet another NPE or 
other error, please let us know.

Best regards,

Pavol


On 21.06.2016 22:03, Florin. Stingaciu wrote:
> Hey,
>
>    <notificationConfiguration>
>       <handler>
>          <simpleWorkflowNotifier>
>             <transport>mail</transport>
>          </simpleWorkflowNotifier>
>       </handler>
>       <mail>
>          <server>
>             <host>smtp.symcpe.net <http://smtp.symcpe.net></host>
>             <port>25</port>
>          </server>
>          <debug>true</debug>
>       </mail>
>    </notificationConfiguration>
>
>
> and here's the stacktrace: http://pastebin.com/s5SeMZns
>
> Thanks,
> -F
>
> On Tue, Jun 21, 2016 at 12:52 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     could you please send me your current notification configuration,
>     plus current stack trace (for git-v3.4devel-2018)?
>
>     Thank you
>
>     Pavol
>
>
>     On 21.06.2016 21:02, Florin. Stingaciu wrote:
>>     Hello,
>>
>>     This is still an issue on:
>>
>>     Version 	3.4-SNAPSHOT
>>     Git describe 	git-v3.4devel-2018-g0e2e4d9
>>     Build at 	Tue, 21 Jun 2016 18:24:18 +0000
>>
>>
>>     Thanks,
>>     -F
>>
>>     On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         Hello Florin,
>>
>>         this is a really stupid bug of mine. Should be fixed in
>>         current master (v3.4devel-2005-g247bc68); but not tested as I
>>         currently have no "no-encryption" mail server at hand.
>>
>>         Please try and tell me if it works.
>>
>>         Best regards,
>>
>>         Pavol
>>
>>
>>         On 21.06.2016 0:43, Florin. Stingaciu wrote:
>>>         Hey Pavol,
>>>
>>>         So I only now got around to setting up this feature and I
>>>         get the following error: http://pastebin.com/V0v1ASW1
>>>
>>>         I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>>>
>>>         Thanks,
>>>         -F
>>>
>>>         On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly
>>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>>             Hello Florin,
>>>
>>>             it seems that this functionality (notifying the
>>>             approver) was neither documented, nor even fully
>>>             implemented.
>>>
>>>             Today I did it - at least in a basic form. Please see
>>>             https://wiki.evolveum.com/display/midPoint/Workflow+notifications.
>>>             It is implemented in today's master:
>>>             v3.4devel-1847-g290aa7f.
>>>
>>>             Best regards,
>>>
>>>             Pavol
>>>
>>>
>>>             On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>>>             Hello,
>>>>
>>>>             I have a role that has an approver and I would like to
>>>>             set up notifications such that an email is sent out to
>>>>             the Approver of a role (based on the email found in the
>>>>             Approver account) only when a user has requested access
>>>>             to this role.
>>>>
>>>>             I've tried following the instructions at
>>>>             https://wiki.evolveum.com/display/midPoint/Notifications,
>>>>             and various sample configs on your github, but I can't
>>>>             seem to figure it out.
>>>>
>>>>             Any help would be greatly appreciated.
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/5b72b78c/attachment.htm>

From fstingaciu at mirantis.com  Tue Jun 21 23:36:12 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Tue, 21 Jun 2016 14:36:12 -0700
Subject: [midPoint] [midpoint] Workflow with Approver - Email
	Notifications
In-Reply-To: <580bd872-6f78-ecb4-a431-12d4222572ec@evolveum.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
 <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
 <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>
 <CAMQHPY1ovebvMHFHRa0AFLfHwZbKjhLWSLXX_KpCAJ2rutjHVg@mail.gmail.com>
 <580bd872-6f78-ecb4-a431-12d4222572ec@evolveum.com>
Message-ID: <CAMQHPY1e9Z4+Ut22o-tTk7cGiz_e7m-tSuS8nAfZUhYv3VfYjA@mail.gmail.com>

Works great now! Thanks.

>From a user experience it would be nice if the Approver would receive a
link in the email to the work item so he could approve it. Otherwise,
everything is great!

Thanks,
-F

On Tue, Jun 21, 2016 at 1:33 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Florin,
>
> fixed in v3.4devel-2019-ge4519d0. If there would be yet another NPE or
> other error, please let us know.
>
> Best regards,
>
> Pavol
>
> On 21.06.2016 22:03, Florin. Stingaciu wrote:
>
> Hey,
>
>    <notificationConfiguration>
>       <handler>
>          <simpleWorkflowNotifier>
>             <transport>mail</transport>
>          </simpleWorkflowNotifier>
>       </handler>
>       <mail>
>          <server>
>             <host>smtp.symcpe.net</host>
>             <port>25</port>
>          </server>
>          <debug>true</debug>
>       </mail>
>    </notificationConfiguration>
>
>
> and here's the stacktrace: http://pastebin.com/s5SeMZns
>
> Thanks,
> -F
>
> On Tue, Jun 21, 2016 at 12:52 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> could you please send me your current notification configuration, plus
>> current stack trace (for git-v3.4devel-2018)?
>>
>> Thank you
>>
>> Pavol
>>
>> On 21.06.2016 21:02, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> This is still an issue on:
>>
>> Version 3.4-SNAPSHOT
>> Git describe git-v3.4devel-2018-g0e2e4d9
>> Build at Tue, 21 Jun 2016 18:24:18 +0000
>>
>> Thanks,
>> -F
>>
>> On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Florin,
>>>
>>> this is a really stupid bug of mine. Should be fixed in current master
>>> (v3.4devel-2005-g247bc68); but not tested as I currently have no
>>> "no-encryption" mail server at hand.
>>>
>>> Please try and tell me if it works.
>>>
>>> Best regards,
>>>
>>> Pavol
>>>
>>> On 21.06.2016 0:43, Florin. Stingaciu wrote:
>>>
>>> Hey Pavol,
>>>
>>> So I only now got around to setting up this feature and I get the
>>> following error:  <http://pastebin.com/V0v1ASW1>
>>> http://pastebin.com/V0v1ASW1
>>>
>>> I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>>>
>>> Thanks,
>>> -F
>>>
>>> On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly < <mederly at evolveum.com>
>>> mederly at evolveum.com> wrote:
>>>
>>>> Hello Florin,
>>>>
>>>> it seems that this functionality (notifying the approver) was neither
>>>> documented, nor even fully implemented.
>>>>
>>>> Today I did it - at least in a basic form. Please see
>>>> https://wiki.evolveum.com/display/midPoint/Workflow+notifications. It
>>>> is implemented in today's master: v3.4devel-1847-g290aa7f.
>>>>
>>>> Best regards,
>>>>
>>>> Pavol
>>>>
>>>> On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>>>
>>>> Hello,
>>>>
>>>> I have a role that has an approver and I would like to set up
>>>> notifications such that an email is sent out to the Approver of a role
>>>> (based on the email found in the Approver account) only when a user has
>>>> requested access to this role.
>>>>
>>>> I've tried following the instructions at
>>>> <https://wiki.evolveum.com/display/midPoint/Notifications>
>>>> https://wiki.evolveum.com/display/midPoint/Notifications, and various
>>>> sample configs on your github, but I can't seem to figure it out.
>>>>
>>>> Any help would be greatly appreciated.
>>>>
>>>> Thanks,
>>>> -F
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/09b873ad/attachment.htm>

From mederly at evolveum.com  Tue Jun 21 23:40:15 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Tue, 21 Jun 2016 23:40:15 +0200
Subject: [midPoint] [midpoint] Workflow with Approver - Email
 Notifications
In-Reply-To: <CAMQHPY1e9Z4+Ut22o-tTk7cGiz_e7m-tSuS8nAfZUhYv3VfYjA@mail.gmail.com>
References: <CAMQHPY3z78kJwyin90__2pEcs=y7Ek7jS3zKyowUOJnemU0AEQ@mail.gmail.com>
 <359c6d5b-0983-733f-1282-f56055c1b818@evolveum.com>
 <CAMQHPY3_GoM1M+w8d9Oi9o-aPiVvErLptybaagAL+HDLcQ-m9g@mail.gmail.com>
 <964799f9-5bdb-5d75-c845-4ec36f7c615b@evolveum.com>
 <CAMQHPY003iDHoKRSaAKB30S_ViS9Qaf-Yb82QwmNceRApmkDcA@mail.gmail.com>
 <16d28896-5b45-173b-61a1-f7785e472368@evolveum.com>
 <CAMQHPY1ovebvMHFHRa0AFLfHwZbKjhLWSLXX_KpCAJ2rutjHVg@mail.gmail.com>
 <580bd872-6f78-ecb4-a431-12d4222572ec@evolveum.com>
 <CAMQHPY1e9Z4+Ut22o-tTk7cGiz_e7m-tSuS8nAfZUhYv3VfYjA@mail.gmail.com>
Message-ID: <01a1cfa5-bb53-1acb-15df-24a9f00b6e05@evolveum.com>

I'm glad it works.

And yes, it is good idea. By chance, Ivan logged it few days ago as 
well: https://jira.evolveum.com/browse/MID-3169. Hopefully it will be 
implemented in 3.5.

Best regards,

Pavol


On 21.06.2016 23:36, Florin. Stingaciu wrote:
> Works great now! Thanks.
>
> From a user experience it would be nice if the Approver would receive 
> a link in the email to the work item so he could approve it. 
> Otherwise, everything is great!
>
> Thanks,
> -F
>
> On Tue, Jun 21, 2016 at 1:33 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Florin,
>
>     fixed in v3.4devel-2019-ge4519d0. If there would be yet another
>     NPE or other error, please let us know.
>
>     Best regards,
>
>     Pavol
>
>
>     On 21.06.2016 22:03, Florin. Stingaciu wrote:
>>     Hey,
>>
>>        <notificationConfiguration>
>>           <handler>
>>              <simpleWorkflowNotifier>
>>     <transport>mail</transport>
>>              </simpleWorkflowNotifier>
>>           </handler>
>>           <mail>
>>              <server>
>>                 <host>smtp.symcpe.net <http://smtp.symcpe.net></host>
>>                 <port>25</port>
>>              </server>
>>              <debug>true</debug>
>>           </mail>
>>        </notificationConfiguration>
>>
>>
>>     and here's the stacktrace: http://pastebin.com/s5SeMZns
>>
>>     Thanks,
>>     -F
>>
>>     On Tue, Jun 21, 2016 at 12:52 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         Hello Florin,
>>
>>         could you please send me your current notification
>>         configuration, plus current stack trace (for git-v3.4devel-2018)?
>>
>>         Thank you
>>
>>         Pavol
>>
>>
>>         On 21.06.2016 21:02, Florin. Stingaciu wrote:
>>>         Hello,
>>>
>>>         This is still an issue on:
>>>
>>>         Version 	3.4-SNAPSHOT
>>>         Git describe 	git-v3.4devel-2018-g0e2e4d9
>>>         Build at 	Tue, 21 Jun 2016 18:24:18 +0000
>>>
>>>
>>>         Thanks,
>>>         -F
>>>
>>>         On Mon, Jun 20, 2016 at 3:56 PM, Pavol Mederly
>>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>>             Hello Florin,
>>>
>>>             this is a really stupid bug of mine. Should be fixed in
>>>             current master (v3.4devel-2005-g247bc68); but not tested
>>>             as I currently have no "no-encryption" mail server at hand.
>>>
>>>             Please try and tell me if it works.
>>>
>>>             Best regards,
>>>
>>>             Pavol
>>>
>>>
>>>             On 21.06.2016 0:43, Florin. Stingaciu wrote:
>>>>             Hey Pavol,
>>>>
>>>>             So I only now got around to setting up this feature and
>>>>             I get the following error: http://pastebin.com/V0v1ASW1
>>>>
>>>>             I'm currently on eb30d71c2b8660d2182229217c8ec4627645b90f.
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>             On Fri, Jun 10, 2016 at 3:29 AM, Pavol Mederly
>>>>             <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>>
>>>>                 Hello Florin,
>>>>
>>>>                 it seems that this functionality (notifying the
>>>>                 approver) was neither documented, nor even fully
>>>>                 implemented.
>>>>
>>>>                 Today I did it - at least in a basic form. Please
>>>>                 see
>>>>                 https://wiki.evolveum.com/display/midPoint/Workflow+notifications.
>>>>                 It is implemented in today's master:
>>>>                 v3.4devel-1847-g290aa7f.
>>>>
>>>>                 Best regards,
>>>>
>>>>                 Pavol
>>>>
>>>>
>>>>                 On 09.06.2016 2:22, Florin. Stingaciu wrote:
>>>>>                 Hello,
>>>>>
>>>>>                 I have a role that has an approver and I would
>>>>>                 like to set up notifications such that an email is
>>>>>                 sent out to the Approver of a role (based on the
>>>>>                 email found in the Approver account) only when a
>>>>>                 user has requested access to this role.
>>>>>
>>>>>                 I've tried following the instructions at
>>>>>                 https://wiki.evolveum.com/display/midPoint/Notifications,
>>>>>                 and various sample configs on your github, but I
>>>>>                 can't seem to figure it out.
>>>>>
>>>>>                 Any help would be greatly appreciated.
>>>>>
>>>>>                 Thanks,
>>>>>                 -F
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 midPoint mailing list
>>>>>                 midPoint at lists.evolveum.com
>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>                 _______________________________________________
>>>>                 midPoint mailing list
>>>>                 midPoint at lists.evolveum.com
>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com
>>>>             <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160621/cbd48bf8/attachment.htm>

From ramon.cahenzli at zhdk.ch  Wed Jun 22 07:55:00 2016
From: ramon.cahenzli at zhdk.ch (=?UTF-8?B?UmFtw7Nu?= Cahenzli)
Date: Wed, 22 Jun 2016 07:55:00 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <5763DEBF.4030105@evolveum.com>
References: <20160615173150.77d0bce9@zhdk.ch> <5761A1B5.7030302@evolveum.com>
 <20160617102741.6414522d@zhdk.ch> <5763DEBF.4030105@evolveum.com>
Message-ID: <20160622075500.3dc03957@zhdk.ch>

Hi Ivan and everyone,

On Fri, 17 Jun 2016 13:27:59 +0200
Ivan Noris <ivan.noris at evolveum.com> wrote:

> I.e. I used the same notation as when config.xml datasource reference
> is made, prefixed with "java:comp/env/".
> It worked for me. Please try.

That's the ticket! Thanks!

java:comp/env is absolutely required. The tooltip in the (i) bubble
next to "Datasource Path" gives only jdbc/SampleDataSourceName as
example, though. Is this something that's clear to Java people (which I
am not) or should the tooltip also be adapted to include java:comp/env?

I could make a ticket in JIRA if so. Tested on 4b2267.

Cheers,

-- 
—
—
Zürcher Hochschule der Künste
Zurich University of the Arts
—
Ramón Cahenzli, MSc.
IT Architect
GNU/Linux Systems Engineer
—
Pfingstweidstrasse 96, Postfach, 8031 Zürich
Tel. +41 43 446 31 63, Fax +41 43 446 45 21
ramon.cahenzli at zhdk.ch
—
Encrypt things, whee!
https://keybase.io/psyq
—
http://www.zhdk.ch
http://itz.zhdk.ch
http://service.itz.zhdk.ch


From gustav.palos at evolveum.com  Wed Jun 22 08:54:46 2016
From: gustav.palos at evolveum.com (=?UTF-8?B?UMOhbG9zIEd1c3TDoXY=?=)
Date: Wed, 22 Jun 2016 08:54:46 +0200
Subject: [midPoint] MySQL/MariaDB resource can't be reached by its
 DataSource name
In-Reply-To: <20160622075500.3dc03957@zhdk.ch>
References: <20160615173150.77d0bce9@zhdk.ch> <5761A1B5.7030302@evolveum.com>
 <20160617102741.6414522d@zhdk.ch> <5763DEBF.4030105@evolveum.com>
 <20160622075500.3dc03957@zhdk.ch>
Message-ID: <CAPXQVkdtppgdLFyN-aPKx79bTOAxWx0NRm6DUyZoQ_8RP0itSg@mail.gmail.com>

Hi

i put this example to tooltip:
https://github.com/Evolveum/openicf/commit/5442dee570c11fae841e131e04a9bf9311879790

Gustav

2016-06-22 7:55 GMT+02:00 Ramón Cahenzli <ramon.cahenzli at zhdk.ch>:

> Hi Ivan and everyone,
>
> On Fri, 17 Jun 2016 13:27:59 +0200
> Ivan Noris <ivan.noris at evolveum.com> wrote:
>
> > I.e. I used the same notation as when config.xml datasource reference
> > is made, prefixed with "java:comp/env/".
> > It worked for me. Please try.
>
> That's the ticket! Thanks!
>
> java:comp/env is absolutely required. The tooltip in the (i) bubble
> next to "Datasource Path" gives only jdbc/SampleDataSourceName as
> example, though. Is this something that's clear to Java people (which I
> am not) or should the tooltip also be adapted to include java:comp/env?
>
> I could make a ticket in JIRA if so. Tested on 4b2267.
>
> Cheers,
>
> --
> —
> —
> Zürcher Hochschule der Künste
> Zurich University of the Arts
> —
> Ramón Cahenzli, MSc.
> IT Architect
> GNU/Linux Systems Engineer
> —
> Pfingstweidstrasse 96, Postfach, 8031 Zürich
> Tel. +41 43 446 31 63, Fax +41 43 446 45 21
> ramon.cahenzli at zhdk.ch
> —
> Encrypt things, whee!
> https://keybase.io/psyq
> —
> http://www.zhdk.ch
> http://itz.zhdk.ch
> http://service.itz.zhdk.ch
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160622/deeccfae/attachment.htm>

From legeech at inbox.ru  Wed Jun 22 09:40:32 2016
From: legeech at inbox.ru (=?UTF-8?B?b2xlZyBva3VuZXY=?=)
Date: Wed, 22 Jun 2016 10:40:32 +0300
Subject: [midPoint] =?utf-8?q?LOTUS_NOTES?=
Message-ID: <1466581232.563075982@f316.i.mail.ru>


i want ask about  Lotus Notes Connector

what the status?

can i test it?

-- 
oleg okunev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160622/c3a1643e/attachment.htm>

From vilo.repan at evolveum.com  Wed Jun 22 09:55:33 2016
From: vilo.repan at evolveum.com (Viliam Repan)
Date: Wed, 22 Jun 2016 09:55:33 +0200
Subject: [midPoint] LOTUS NOTES
In-Reply-To: <1466581232.563075982@f316.i.mail.ru>
References: <1466581232.563075982@f316.i.mail.ru>
Message-ID: <576A4475.7010301@evolveum.com>

Hi Oleg,

Lotus notes connector was used/tested by a few users, but code wasn't 
touched for a while.
I remember there were some limitations, as connector is using only 
Notes.jar API and not full Lotus Notes installation (like Sun 
adapter/connector was using).

Sure you can grab it and try it out.

viliam

On 22.06.2016 09:40, oleg okunev wrote:
>
> i want ask about Lotus Notes Connector
>
> what the status?
>
> can i test it?
>
> -- 
> oleg okunev
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ing. Viliam Repáň
Evolveum, s.r.o.

tel: +421 910 797978
mail: vilo.repan at evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160622/778601a2/attachment.htm>

From ivan.noris at evolveum.com  Wed Jun 22 15:31:26 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 22 Jun 2016 15:31:26 +0200
Subject: [midPoint] LOTUS NOTES
In-Reply-To: <576A4475.7010301@evolveum.com>
References: <1466581232.563075982@f316.i.mail.ru>
 <576A4475.7010301@evolveum.com>
Message-ID: <576A932E.4080407@evolveum.com>

I think the limitations were the password reset option using some Lotus
Identity Vault (or what was the name of the technology). This was not
implemented AFAIK.

But of course, try.

Regards,
Ivan

On 06/22/2016 09:55 AM, Viliam Repan wrote:
> Hi Oleg,
>
> Lotus notes connector was used/tested by a few users, but code wasn't
> touched for a while.
> I remember there were some limitations, as connector is using only
> Notes.jar API and not full Lotus Notes installation (like Sun
> adapter/connector was using).
>
> Sure you can grab it and try it out.
>
> viliam
>
> On 22.06.2016 09:40, oleg okunev wrote:
>>
>> i want ask about Lotus Notes Connector
>>
>> what the status?
>>
>> can i test it?
>>
>> -- 
>> oleg okunev
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
> Ing. Viliam Repáň
> Evolveum, s.r.o.
>
> tel: +421 910 797978
> mail: vilo.repan at evolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160622/d2cb1344/attachment.htm>

From mmarchese at identicum.com  Wed Jun 22 19:03:40 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Wed, 22 Jun 2016 14:03:40 -0300
Subject: [midPoint] iterationToken in Object Template
Message-ID: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>

Hi all,

I have an Object Template for users, and since I need email to be unique, I
defined an iteration on it:

*<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
*  <name>User Template CSV sync</name>*
*  <iteration>*
*    <maxIterations>10</maxIterations>*
*    <tokenExpression>*
*      <script>*
*        <code>*
*          if (iteration == 0) {*
*            return "";*
*          } else {*
*            return ""+iteration;*
*          }*
*        </code>*
*      </script>*
*    </tokenExpression>*
*  </iteration>*
*...*
*...*

And then within the emailAddress mapping:

<mapping>
    <strength>weak</strength>
    <source>
      <path>givenName</path>
    </source>
    <source>
      <path>familyName</path>
    </source>
    <expression>
      <script>
        <language>
http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
</language>
        <code>
          def givenNameStr = ''+givenName
          givenNameStr.substring(0,1) + '' + familyName + iterationToken +
'@domain.com'
        </code>
      </script>
    </expression>
    <target>
      <path>$user/emailAddress</path>
    </target>
  </mapping>

The problem is that whenever I create a user, the email is always being set
as if the iterationToken is '' and this result on duplicate emailAddress
attribute among users.

Is there something I'm doing wrong?

Thanks in Advance

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160622/7e48a208/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun 23 08:23:45 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 23 Jun 2016 08:23:45 +0200
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
Message-ID: <576B8071.5080501@evolveum.com>

Hi Martin,

my guess is that you are using object template, where name is not
generated using iterationToken. I have searched our samples for the
object template you've pasted and found one - possibly the same.

The iterationToken in emailAddress will be non-empty only if the
iterator was used to generate the unique name.
So, for example, if I tried to create one user called identicum01
(given: John, family: Smith) and another user called identicum02 (given:
John, family: Smith), the usernames are unique, so the emailAddress
attribute will both contain empty iterationToken, which is indeed not
expected. The iterationToken is only used when you have configured the
mapping for user/name attribute to use it. And then you can use
iterationToken also in other mappings.

If user/name is generated from given and family names, iterationToken
would be used for both user/name values, and the same value would then
be used in the emailAddress. The iterationToken is single-value
attribute stored in User object and triggered only if the username is
not unique and the mapping for user/name is using the iterationToken.

See my attached object template; I've just tried it with the following
use case:
1. create new user in midPoint, givenName: John, familyName: Smith,
password: whatever. No name attribute filled. Save.
Username JSmith was generated, emailAddress=JSmith at domain.com
2. create new user in midPoint, givenName: John, familyName: Smith,
password: whatever. No name attribute filled. Save.
Username JSmith1 was generated, emailAddress=JSmith1 at domain.com

I think this is what you were trying to achieve.
Of course you need to specify the mapping strength as normal or strong
if you wish to generate new user/name and user/emailAddress whenever
user is renamed. If you don't need this, and only wish to set it for the
very first time, weak is OK.

See also https://jira.evolveum.com/browse/MID-1977

Regards,
Ivan

<objectTemplate
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
               
xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
                xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
               
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
                xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
               
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
                oid="c0c010c0-d34d-b33f-f00d-777222222333"
                version="1">
   <name>User Template CSV sync</name>
   <description>
            Alternative User Template Object.
            This object is used when creating a new account, to set it
up as needed.
                </description>
   <metadata>
      <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
      <creatorRef oid="00000000-0000-0000-0000-000000000002"
type="c:UserType"><!-- administrator --></creatorRef>
     
<createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
   </metadata>
   <iteration>
      <maxIterations>10</maxIterations>
      <tokenExpression>
         <script>
            <code>
          if (iteration == 0) {
            return "";
          } else {
            return ""+iteration;
          }
        </code>
         </script>
      </tokenExpression>
   </iteration>
   <mapping>
      <description>
                Property mapping.
                Defines how properties of user object are set up.
                This specific definition sets a full name as a concatenation
                of givenName and familyName.
                        </description>
      <strength>weak</strength>
      <source>
         <c:path>$user/givenName</c:path>
      </source>
      <source>
         <c:path>$user/familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
                                                givenName + ' ' + familyName
                                        </code>
         </script>
      </expression>
      <target>
         <c:path>fullName</c:path>
      </target>
   </mapping>
   <mapping>
      <strength>weak</strength>
      <source>
         <c:path>givenName</c:path>
      </source>
      <source>
         <c:path>familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
          def givenNameStr = ''+givenName
          givenNameStr.substring(0,1) + '' + familyName + iterationToken
+ '@domain.com'
        </code>
         </script>
      </expression>
      <target>
         <c:path>$user/emailAddress</c:path>
      </target>
   </mapping>
   <mapping>
      <strength>weak</strength>
      <source>
         <c:path>givenName</c:path>
      </source>
      <source>
         <c:path>familyName</c:path>
      </source>
      <expression>
         <script>
           
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
            <code>
          def givenNameStr = ''+givenName
          givenNameStr.substring(0,1) + '' + familyName + iterationToken
        </code>
         </script>
      </expression>
      <target>
         <c:path>$user/name</c:path>
      </target>
   </mapping>
</objectTemplate>

On 06/22/2016 07:03 PM, Martin Marchese wrote:
> Hi all,
>
> I have an Object Template for users, and since I need email to be
> unique, I defined an iteration on it:
>
> /<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">/
> /  <name>User Template CSV sync</name>/
> /  <iteration>/
> /    <maxIterations>10</maxIterations>/
> /    <tokenExpression>/
> /      <script>/
> /        <code>/
> /          if (iteration == 0) {/
> /            return "";/
> /          } else {/
> /            return ""+iteration;/
> /          }/
> /        </code>/
> /      </script>/
> /    </tokenExpression>/
> /  </iteration>/
> /.../
> /.../
> /
> /
> And then within the emailAddress mapping:
>
> <mapping>
>     <strength>weak</strength>
>     <source>
>       <path>givenName</path>
>     </source>
>     <source>
>       <path>familyName</path>
>     </source>
>     <expression>
>       <script>
>        
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>         <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName +
> iterationToken + '@domain.com <http://domain.com>'
>         </code>
>       </script>
>     </expression>
>     <target>
>       <path>$user/emailAddress</path>
>     </target>
>   </mapping>
>
> The problem is that whenever I create a user, the email is always
> being set as if the iterationToken is '' and this result on duplicate
> emailAddress attribute among users.
>
> Is there something I'm doing wrong?
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/c143c233/attachment.htm>

From i.dorofeev at solarsecurity.ru  Thu Jun 23 11:28:26 2016
From: i.dorofeev at solarsecurity.ru (=?koi8-r?B?5M/Sz8bFxdcg6czY0Q==?=)
Date: Thu, 23 Jun 2016 09:28:26 +0000
Subject: [midPoint] Projector waves
Message-ID: <F82253638486D44DABA51EC404D48AF3574D46D6@EX-MB2.solar.local>

Hi guys,

Recently I've come across a wiki page https://wiki.evolveum.com/display/midPoint/Simplification+of+processing+in+clockwork+and+projector and have been trying to comprehend what projector waves are all about. The given explanation, to be honest, isn't clear enough. I have examined the source code as well. Could you give a bit more detailed reasons for waves and ideas behind them? Probably, some use cases or anything else?

__________________________

Ilya Dorofeev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/90d60377/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 23 13:09:33 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 23 Jun 2016 13:09:33 +0200
Subject: [midPoint] Projector waves
In-Reply-To: <F82253638486D44DABA51EC404D48AF3574D46D6@EX-MB2.solar.local>
References: <F82253638486D44DABA51EC404D48AF3574D46D6@EX-MB2.solar.local>
Message-ID: <576BC36D.50301@evolveum.com>

Hi,

There are several reasons. But perhaps the most important is 
provisioning dependencies: 
https://wiki.evolveum.com/display/midPoint/Provisioning+Dependencies
Resources (or even projections) with dependencies need to be processed 
sequentially. Outbound expression of a dependent projection needs to be 
reflected in the input of the "dependee" projection. So our solution is 
to sort the projections into waves. All the independent projections are 
processed in the first wave, all the dependent in second wave, all that 
depends on those in third wave and so on.

The other reason is that there are also attributes that the resource 
sets or changes by itself (we call them "volatile attributes"). So after 
provisioning an account we need to re-read that account and apply 
inbound expressions to make sure that these volatile attribute are 
correctly applied to the focal object (e.g. user). Therefore even if 
there are no dependencies there is always a "half-wave" at the end of 
every projector run to make sure that provisioning side-effects are 
processed correctly.

Overall, I'm more than aware that the waves are not an ideal way how to 
process this partially parallel partially sequential computation. A 
parallel tree-like approach would be much more appropriate. But also 
much more complex and significantly harder to debug. Therefore we have 
decided to go with waves at the beginning and change the implementation 
to a tree-based processing when needed.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/23/2016 11:28 AM, Дорофеев Илья wrote:
>
> Hi guys,
>
> Recently I’ve come across a wiki page 
> https://wiki.evolveum.com/display/midPoint/Simplification+of+processing+in+clockwork+and+projector 
> and have been trying to comprehend what projector waves are all about. 
> The given explanation, to be honest, isn’t clear enough. I have 
> examined the source code as well. Could you give a bit more detailed 
> reasons for waves and ideas behind them? Probably, some use cases or 
> anything else?
>
> __________________________
>
> Ilya Dorofeev
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/66da182e/attachment.htm>

From i.dorofeev at solarsecurity.ru  Thu Jun 23 13:51:50 2016
From: i.dorofeev at solarsecurity.ru (=?utf-8?B?0JTQvtGA0L7RhNC10LXQsiDQmNC70YzRjw==?=)
Date: Thu, 23 Jun 2016 11:51:50 +0000
Subject: [midPoint] Projector waves
In-Reply-To: <576BC36D.50301@evolveum.com>
References: <F82253638486D44DABA51EC404D48AF3574D46D6@EX-MB2.solar.local>
 <576BC36D.50301@evolveum.com>
Message-ID: <F82253638486D44DABA51EC404D48AF3574D495A@EX-MB2.solar.local>

Hi Radovan,

Thanks for the thorough answer. Truth be known, I was expecting to receive it from you ☺

__________________________

Ilya Dorofeev

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Radovan Semancik
Sent: Thursday, June 23, 2016 2:10 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Projector waves

Hi,

There are several reasons. But perhaps the most important is provisioning dependencies: https://wiki.evolveum.com/display/midPoint/Provisioning+Dependencies
Resources (or even projections) with dependencies need to be processed sequentially. Outbound expression of a dependent projection needs to be reflected in the input of the "dependee" projection. So our solution is to sort the projections into waves. All the independent projections are processed in the first wave, all the dependent in second wave, all that depends on those in third wave and so on.

The other reason is that there are also attributes that the resource sets or changes by itself (we call them "volatile attributes"). So after provisioning an account we need to re-read that account and apply inbound expressions to make sure that these volatile attribute are correctly applied to the focal object (e.g. user). Therefore even if there are no dependencies there is always a "half-wave" at the end of every projector run to make sure that provisioning side-effects are processed correctly.

Overall, I'm more than aware that the waves are not an ideal way how to process this partially parallel partially sequential computation. A parallel tree-like approach would be much more appropriate. But also much more complex and significantly harder to debug. Therefore we have decided to go with waves at the beginning and change the implementation to a tree-based processing when needed.



--

Radovan Semancik

Software Architect

evolveum.com


On 06/23/2016 11:28 AM, Дорофеев Илья wrote:
Hi guys,

Recently I’ve come across a wiki page https://wiki.evolveum.com/display/midPoint/Simplification+of+processing+in+clockwork+and+projector and have been trying to comprehend what projector waves are all about. The given explanation, to be honest, isn’t clear enough. I have examined the source code as well. Could you give a bit more detailed reasons for waves and ideas behind them? Probably, some use cases or anything else?

__________________________

Ilya Dorofeev





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/be88737f/attachment.htm>

From mmarchese at identicum.com  Thu Jun 23 16:00:08 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Thu, 23 Jun 2016 11:00:08 -0300
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <576B8071.5080501@evolveum.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
 <576B8071.5080501@evolveum.com>
Message-ID: <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>

Thanks Ivan,

In fact, I just need to get uniqueness in the emailAddress (I've already
have username uniqueness since it's a personal ID #). The emailAddress, has
nothing to do with the username in our design. Is there another way to
achieve a field uniqueness?

Regards,

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi Martin,
>
> my guess is that you are using object template, where name is not
> generated using iterationToken. I have searched our samples for the object
> template you've pasted and found one - possibly the same.
>
> The iterationToken in emailAddress will be non-empty only if the iterator
> was used to generate the unique name.
> So, for example, if I tried to create one user called identicum01 (given:
> John, family: Smith) and another user called identicum02 (given: John,
> family: Smith), the usernames are unique, so the emailAddress attribute
> will both contain empty iterationToken, which is indeed not expected. The
> iterationToken is only used when you have configured the mapping for
> user/name attribute to use it. And then you can use iterationToken also in
> other mappings.
>
> If user/name is generated from given and family names, iterationToken
> would be used for both user/name values, and the same value would then be
> used in the emailAddress. The iterationToken is single-value attribute
> stored in User object and triggered only if the username is not unique and
> the mapping for user/name is using the iterationToken.
>
> See my attached object template; I've just tried it with the following use
> case:
> 1. create new user in midPoint, givenName: John, familyName: Smith,
> password: whatever. No name attribute filled. Save.
> Username JSmith was generated, emailAddress=JSmith at domain.com
> 2. create new user in midPoint, givenName: John, familyName: Smith,
> password: whatever. No name attribute filled. Save.
> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>
> I think this is what you were trying to achieve.
> Of course you need to specify the mapping strength as normal or strong if
> you wish to generate new user/name and user/emailAddress whenever user is
> renamed. If you don't need this, and only wish to set it for the very first
> time, weak is OK.
>
> See also https://jira.evolveum.com/browse/MID-1977
>
> Regards,
> Ivan
>
> <objectTemplate xmlns=
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                 xmlns:icfs=
> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>                 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> <http://prism.evolveum.com/xml/ns/public/types-3>
>                 xmlns:c=
> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
> <http://prism.evolveum.com/xml/ns/public/query-3>
>                 xmlns:ri=
> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>                 oid="c0c010c0-d34d-b33f-f00d-777222222333"
>                 version="1">
>    <name>User Template CSV sync</name>
>    <description>
>             Alternative User Template Object.
>             This object is used when creating a new account, to set it up
> as needed.
>                 </description>
>    <metadata>
>       <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
> type="c:UserType"><!-- administrator --></creatorRef>
>       <createChannel>
> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
> </createChannel>
>    </metadata>
>    <iteration>
>       <maxIterations>10</maxIterations>
>       <tokenExpression>
>          <script>
>             <code>
>           if (iteration == 0) {
>             return "";
>           } else {
>             return ""+iteration;
>           }
>         </code>
>          </script>
>       </tokenExpression>
>    </iteration>
>    <mapping>
>       <description>
>                 Property mapping.
>                 Defines how properties of user object are set up.
>                 This specific definition sets a full name as a
> concatenation
>                 of givenName and familyName.
>                         </description>
>       <strength>weak</strength>
>       <source>
>          <c:path>$user/givenName</c:path>
>       </source>
>       <source>
>          <c:path>$user/familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>                                                 givenName + ' ' +
> familyName
>                                         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>fullName</c:path>
>       </target>
>    </mapping>
>    <mapping>
>       <strength>weak</strength>
>       <source>
>          <c:path>givenName</c:path>
>       </source>
>       <source>
>          <c:path>familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken +
> '@domain.com'
>         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>$user/emailAddress</c:path>
>       </target>
>    </mapping>
>    <mapping>
>       <strength>weak</strength>
>       <source>
>          <c:path>givenName</c:path>
>       </source>
>       <source>
>          <c:path>familyName</c:path>
>       </source>
>       <expression>
>          <script>
>             <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>             <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>         </code>
>          </script>
>       </expression>
>       <target>
>          <c:path>$user/name</c:path>
>       </target>
>    </mapping>
> </objectTemplate>
>
>
> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>
> Hi all,
>
> I have an Object Template for users, and since I need email to be unique,
> I defined an iteration on it:
>
> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
> *  <name>User Template CSV sync</name>*
> *  <iteration>*
> *    <maxIterations>10</maxIterations>*
> *    <tokenExpression>*
> *      <script>*
> *        <code>*
> *          if (iteration == 0) {*
> *            return "";*
> *          } else {*
> *            return ""+iteration;*
> *          }*
> *        </code>*
> *      </script>*
> *    </tokenExpression>*
> *  </iteration>*
> *...*
> *...*
>
> And then within the emailAddress mapping:
>
> <mapping>
>     <strength>weak</strength>
>     <source>
>       <path>givenName</path>
>     </source>
>     <source>
>       <path>familyName</path>
>     </source>
>     <expression>
>       <script>
>         <language>
> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
> </language>
>         <code>
>           def givenNameStr = ''+givenName
>           givenNameStr.substring(0,1) + '' + familyName + iterationToken +
> '@domain.com'
>         </code>
>       </script>
>     </expression>
>     <target>
>       <path>$user/emailAddress</path>
>     </target>
>   </mapping>
>
> The problem is that whenever I create a user, the email is always being
> set as if the iterationToken is '' and this result on duplicate
> emailAddress attribute among users.
>
> Is there something I'm doing wrong?
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/faca4607/attachment.htm>

From andreas.kuestner at daasi.de  Thu Jun 23 16:17:04 2016
From: andreas.kuestner at daasi.de (=?UTF-8?Q?Andreas_K=c3=bcstner?=)
Date: Thu, 23 Jun 2016 16:17:04 +0200
Subject: [midPoint] How is it possible to create a new object
Message-ID: <09e2bf6a-c0e3-6e5c-240e-35403b486fbd@daasi.de>

Hello List,

is it possible to create a new object like this:

Object: Employment
  - Attribute: employee_number : String
  - Attribute: description: String
  - Reference to: organisation_unit : Link
  - Reference to: sub_organisation_unit : Link
  - Reference to: costcenter : Link

Object: Costcenter
  - Attribute: costcenter_number : String
  - Attribute: description : String

...


and to show these Object in the webui?

I know it is mentioned in the wiki here: ->
https://wiki.evolveum.com/display/midPoint/Repository+Subsystem
(Creating New Objects)

and here:
https://wiki.evolveum.com/display/midPoint/Data+Model#DataModel-GenericObject

Do i have to create the xsd-schemas?
If i create such an object will it be sychronizable to other resources
(via mapping)?
Is there a sample for this?

Thanks for help!

Andy



From mmarchese at identicum.com  Thu Jun 23 16:59:13 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Thu, 23 Jun 2016 11:59:13 -0300
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
 <576B8071.5080501@evolveum.com>
 <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>
Message-ID: <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>

To clarify, we are facing 2 different problems:

- Defining emailAddress as unique within the MidPoint schema (is this
possible?), to get MidPoint return an error whenever the emailAddress
already exists.

- Generating an unique emailAddress from the objectTemplate, but not the
username.

Thanks in Advance

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com>
wrote:

> Thanks Ivan,
>
> In fact, I just need to get uniqueness in the emailAddress (I've already
> have username uniqueness since it's a personal ID #). The emailAddress, has
> nothing to do with the username in our design. Is there another way to
> achieve a field uniqueness?
>
> Regards,
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Martin,
>>
>> my guess is that you are using object template, where name is not
>> generated using iterationToken. I have searched our samples for the object
>> template you've pasted and found one - possibly the same.
>>
>> The iterationToken in emailAddress will be non-empty only if the iterator
>> was used to generate the unique name.
>> So, for example, if I tried to create one user called identicum01 (given:
>> John, family: Smith) and another user called identicum02 (given: John,
>> family: Smith), the usernames are unique, so the emailAddress attribute
>> will both contain empty iterationToken, which is indeed not expected. The
>> iterationToken is only used when you have configured the mapping for
>> user/name attribute to use it. And then you can use iterationToken also in
>> other mappings.
>>
>> If user/name is generated from given and family names, iterationToken
>> would be used for both user/name values, and the same value would then be
>> used in the emailAddress. The iterationToken is single-value attribute
>> stored in User object and triggered only if the username is not unique and
>> the mapping for user/name is using the iterationToken.
>>
>> See my attached object template; I've just tried it with the following
>> use case:
>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>> password: whatever. No name attribute filled. Save.
>> Username JSmith was generated, emailAddress=JSmith at domain.com
>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>> password: whatever. No name attribute filled. Save.
>> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>>
>> I think this is what you were trying to achieve.
>> Of course you need to specify the mapping strength as normal or strong if
>> you wish to generate new user/name and user/emailAddress whenever user is
>> renamed. If you don't need this, and only wish to set it for the very first
>> time, weak is OK.
>>
>> See also https://jira.evolveum.com/browse/MID-1977
>>
>> Regards,
>> Ivan
>>
>> <objectTemplate xmlns=
>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>                 xmlns:icfs=
>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>                 xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>                 xmlns:c=
>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>                 xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>                 xmlns:ri=
>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>                 oid="c0c010c0-d34d-b33f-f00d-777222222333"
>>                 version="1">
>>    <name>User Template CSV sync</name>
>>    <description>
>>             Alternative User Template Object.
>>             This object is used when creating a new account, to set it up
>> as needed.
>>                 </description>
>>    <metadata>
>>       <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"><!-- administrator --></creatorRef>
>>       <createChannel>
>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>> </createChannel>
>>    </metadata>
>>    <iteration>
>>       <maxIterations>10</maxIterations>
>>       <tokenExpression>
>>          <script>
>>             <code>
>>           if (iteration == 0) {
>>             return "";
>>           } else {
>>             return ""+iteration;
>>           }
>>         </code>
>>          </script>
>>       </tokenExpression>
>>    </iteration>
>>    <mapping>
>>       <description>
>>                 Property mapping.
>>                 Defines how properties of user object are set up.
>>                 This specific definition sets a full name as a
>> concatenation
>>                 of givenName and familyName.
>>                         </description>
>>       <strength>weak</strength>
>>       <source>
>>          <c:path>$user/givenName</c:path>
>>       </source>
>>       <source>
>>          <c:path>$user/familyName</c:path>
>>       </source>
>>       <expression>
>>          <script>
>>             <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>>             <code>
>>                                                 givenName + ' ' +
>> familyName
>>                                         </code>
>>          </script>
>>       </expression>
>>       <target>
>>          <c:path>fullName</c:path>
>>       </target>
>>    </mapping>
>>    <mapping>
>>       <strength>weak</strength>
>>       <source>
>>          <c:path>givenName</c:path>
>>       </source>
>>       <source>
>>          <c:path>familyName</c:path>
>>       </source>
>>       <expression>
>>          <script>
>>             <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>>             <code>
>>           def givenNameStr = ''+givenName
>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>> + '@domain.com'
>>         </code>
>>          </script>
>>       </expression>
>>       <target>
>>          <c:path>$user/emailAddress</c:path>
>>       </target>
>>    </mapping>
>>    <mapping>
>>       <strength>weak</strength>
>>       <source>
>>          <c:path>givenName</c:path>
>>       </source>
>>       <source>
>>          <c:path>familyName</c:path>
>>       </source>
>>       <expression>
>>          <script>
>>             <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>>             <code>
>>           def givenNameStr = ''+givenName
>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>         </code>
>>          </script>
>>       </expression>
>>       <target>
>>          <c:path>$user/name</c:path>
>>       </target>
>>    </mapping>
>> </objectTemplate>
>>
>>
>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>
>> Hi all,
>>
>> I have an Object Template for users, and since I need email to be unique,
>> I defined an iteration on it:
>>
>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>> *  <name>User Template CSV sync</name>*
>> *  <iteration>*
>> *    <maxIterations>10</maxIterations>*
>> *    <tokenExpression>*
>> *      <script>*
>> *        <code>*
>> *          if (iteration == 0) {*
>> *            return "";*
>> *          } else {*
>> *            return ""+iteration;*
>> *          }*
>> *        </code>*
>> *      </script>*
>> *    </tokenExpression>*
>> *  </iteration>*
>> *...*
>> *...*
>>
>> And then within the emailAddress mapping:
>>
>> <mapping>
>>     <strength>weak</strength>
>>     <source>
>>       <path>givenName</path>
>>     </source>
>>     <source>
>>       <path>familyName</path>
>>     </source>
>>     <expression>
>>       <script>
>>         <language>
>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>> </language>
>>         <code>
>>           def givenNameStr = ''+givenName
>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>> + '@domain.com'
>>         </code>
>>       </script>
>>     </expression>
>>     <target>
>>       <path>$user/emailAddress</path>
>>     </target>
>>   </mapping>
>>
>> The problem is that whenever I create a user, the email is always being
>> set as if the iterationToken is '' and this result on duplicate
>> emailAddress attribute among users.
>>
>> Is there something I'm doing wrong?
>>
>> Thanks in Advance
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/f8a45eb3/attachment.htm>

From radovan.semancik at evolveum.com  Thu Jun 23 17:20:30 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Thu, 23 Jun 2016 17:20:30 +0200
Subject: [midPoint] How is it possible to create a new object
In-Reply-To: <09e2bf6a-c0e3-6e5c-240e-35403b486fbd@daasi.de>
References: <09e2bf6a-c0e3-6e5c-240e-35403b486fbd@daasi.de>
Message-ID: <576BFE3E.5000205@evolveum.com>

Hi,

Yes and no ...

MidPoint philosophy is to have an handful of very generic reusable 
object types. Such as user, org, role, service. These objects can be 
used to represent almost any concept in the IDM field. E.g. role can 
represent security roles, work positions, responsiblities; org can 
represent functional organizational units (divisions, sections), but 
also projects or ad-hoc teams. Services can represent devices, servers, 
networks, etc. Each object has appropriate typing property (roleType, 
orgType, ...) that can be used to distinguish these subtypes and sill 
have very efficient data storage, scalability, etc. My estimate is that 
90% of all IDM use cases can be implemented by using this method. E.g. 
your costcenter can be modeled as a role or org in midPoint. This is 
also somehow well supported in GUI, especially for organizational units 
(not so well for roles yet).

In addition to that every focal object (user, role, org, service) can 
have assignments. Assignments represent policy-base relations between 
objects. Assignment is also an extensible data structure and it can have 
custom properties. Therefore your Employment object can be represented 
as assignment. In fact assignment already has description and 
organizational unit link. Parametric assignments like these work 
perfectly in midPoint core and we are using them is several projects. 
However they are only partially supported in GUI.

We have decided to go this way because if you base your data model on 
existing concepts you will automatically gain all the advantages that we 
have already implemented. E.g. if you base your Employment concept on 
assignment you will automatically gain ability to create new employments 
in GUI, you will be able to use authorizations to select which 
employment types are assignable by which employees (operators), they 
will be automatically considered in reconciliation code, etc. This saves 
a huge amount of customization effort.

Maybe it is just me, but I can feel the taste of one particular 
competing IDM system in this question :-) ... and that's right, midPoint 
does not have such an extreme flexibility. But we have a working GUI 
that you can just reuse and you do not need to develop a completely 
custom GUI by yourself, you do not need to reimplement the 
synchronization logic for each object type and so on. We strongly prefer 
reuse of code and concepts over reinventing everything from scratch for 
each and every deployment.

Yet, there are two more alternative ways:

Your Costcenter concept is very simple and you can implement is as a 
simple lookup table. This is reasonably well supported out-of-the-box 
although it is not well documented. So I have written a very basic 
documentation here: https://wiki.evolveum.com/display/midPoint/Lookup+Tables

Second option is to use the GenericObjectType. This object type was 
designed to cover the remaining 10% of cases. But actually it looks like 
it almost never used. I assume that the reason is that all practical 
cases can be modeled using the normal midPoint approch. And as nobody is 
asking for better GenericObjectType support then naturally the midPoint 
support for GenericObjectType is very ... minimal. It should work well 
in midPoint core, however it is not very well tested and it is not 
supported in the GUI at all.

I would strongly recommend to use the common midPoint approach, model 
your Employment as an assignment, model your Costcenter as a lookup 
table or a role. If there are some parts that you are missing in 
midPoint GUI we will be happy to implement them given the right 
motivations. I would recommend you to secure appropriate subscription 
which can cover the development of the missing part. Or maybe to sponsor 
the missing features or to develop them yourself and contribute them.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 06/23/2016 04:17 PM, Andreas Küstner wrote:
> Hello List,
>
> is it possible to create a new object like this:
>
> Object: Employment
>    - Attribute: employee_number : String
>    - Attribute: description: String
>    - Reference to: organisation_unit : Link
>    - Reference to: sub_organisation_unit : Link
>    - Reference to: costcenter : Link
>
> Object: Costcenter
>    - Attribute: costcenter_number : String
>    - Attribute: description : String
>
> ...
>
>
> and to show these Object in the webui?
>
> I know it is mentioned in the wiki here: ->
> https://wiki.evolveum.com/display/midPoint/Repository+Subsystem
> (Creating New Objects)
>
> and here:
> https://wiki.evolveum.com/display/midPoint/Data+Model#DataModel-GenericObject
>
> Do i have to create the xsd-schemas?
> If i create such an object will it be sychronizable to other resources
> (via mapping)?
> Is there a sample for this?
>
> Thanks for help!
>
> Andy
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint




From jeverling at bshp.edu  Thu Jun 23 17:42:07 2016
From: jeverling at bshp.edu (Jason Everling)
Date: Thu, 23 Jun 2016 10:42:07 -0500
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
 <576B8071.5080501@evolveum.com>
 <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>
 <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>
Message-ID: <CAFkZXY6Ub3aCtwWEx6BJfuq2te-YObRSx+cWHGQKAPYE4mPt_A@mail.gmail.com>

We generate both email and username with iterationToken so it would not
apply to you but I did find the below, looks sort of like yours but also
has a few extra,

https://github.com/Evolveum/midpoint/blob/master/model/model-intest/src/test/resources/iteration/user-template-iteration-unique-email.xml



JASON

On Thu, Jun 23, 2016 at 9:59 AM, Martin Marchese <mmarchese at identicum.com>
wrote:

> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not the
> username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com
> > wrote:
>
>> Thanks Ivan,
>>
>> In fact, I just need to get uniqueness in the emailAddress (I've already
>> have username uniqueness since it's a personal ID #). The emailAddress, has
>> nothing to do with the username in our design. Is there another way to
>> achieve a field uniqueness?
>>
>> Regards,
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris <ivan.noris at evolveum.com>
>> wrote:
>>
>>> Hi Martin,
>>>
>>> my guess is that you are using object template, where name is not
>>> generated using iterationToken. I have searched our samples for the object
>>> template you've pasted and found one - possibly the same.
>>>
>>> The iterationToken in emailAddress will be non-empty only if the
>>> iterator was used to generate the unique name.
>>> So, for example, if I tried to create one user called identicum01
>>> (given: John, family: Smith) and another user called identicum02 (given:
>>> John, family: Smith), the usernames are unique, so the emailAddress
>>> attribute will both contain empty iterationToken, which is indeed not
>>> expected. The iterationToken is only used when you have configured the
>>> mapping for user/name attribute to use it. And then you can use
>>> iterationToken also in other mappings.
>>>
>>> If user/name is generated from given and family names, iterationToken
>>> would be used for both user/name values, and the same value would then be
>>> used in the emailAddress. The iterationToken is single-value attribute
>>> stored in User object and triggered only if the username is not unique and
>>> the mapping for user/name is using the iterationToken.
>>>
>>> See my attached object template; I've just tried it with the following
>>> use case:
>>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith was generated, emailAddress=JSmith at domain.com
>>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith1 was generated, emailAddress=JSmith1 at domain.com
>>>
>>> I think this is what you were trying to achieve.
>>> Of course you need to specify the mapping strength as normal or strong
>>> if you wish to generate new user/name and user/emailAddress whenever user
>>> is renamed. If you don't need this, and only wish to set it for the very
>>> first time, weak is OK.
>>>
>>> See also https://jira.evolveum.com/browse/MID-1977
>>>
>>> Regards,
>>> Ivan
>>>
>>> <objectTemplate xmlns=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>>                 xmlns:icfs=
>>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>>                 xmlns:t=
>>> "http://prism.evolveum.com/xml/ns/public/types-3"
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>>                 xmlns:c=
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>>                 xmlns:q=
>>> "http://prism.evolveum.com/xml/ns/public/query-3"
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>>                 xmlns:ri=
>>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>>                 oid="c0c010c0-d34d-b33f-f00d-777222222333"
>>>                 version="1">
>>>    <name>User Template CSV sync</name>
>>>    <description>
>>>             Alternative User Template Object.
>>>             This object is used when creating a new account, to set it
>>> up as needed.
>>>                 </description>
>>>    <metadata>
>>>       <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>>>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
>>> type="c:UserType"><!-- administrator --></creatorRef>
>>>       <createChannel>
>>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>>> </createChannel>
>>>    </metadata>
>>>    <iteration>
>>>       <maxIterations>10</maxIterations>
>>>       <tokenExpression>
>>>          <script>
>>>             <code>
>>>           if (iteration == 0) {
>>>             return "";
>>>           } else {
>>>             return ""+iteration;
>>>           }
>>>         </code>
>>>          </script>
>>>       </tokenExpression>
>>>    </iteration>
>>>    <mapping>
>>>       <description>
>>>                 Property mapping.
>>>                 Defines how properties of user object are set up.
>>>                 This specific definition sets a full name as a
>>> concatenation
>>>                 of givenName and familyName.
>>>                         </description>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>$user/givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>$user/familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>                                                 givenName + ' ' +
>>> familyName
>>>                                         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>fullName</c:path>
>>>       </target>
>>>    </mapping>
>>>    <mapping>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>>         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>$user/emailAddress</c:path>
>>>       </target>
>>>    </mapping>
>>>    <mapping>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>>         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>$user/name</c:path>
>>>       </target>
>>>    </mapping>
>>> </objectTemplate>
>>>
>>>
>>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>>
>>> Hi all,
>>>
>>> I have an Object Template for users, and since I need email to be
>>> unique, I defined an iteration on it:
>>>
>>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>>> *  <name>User Template CSV sync</name>*
>>> *  <iteration>*
>>> *    <maxIterations>10</maxIterations>*
>>> *    <tokenExpression>*
>>> *      <script>*
>>> *        <code>*
>>> *          if (iteration == 0) {*
>>> *            return "";*
>>> *          } else {*
>>> *            return ""+iteration;*
>>> *          }*
>>> *        </code>*
>>> *      </script>*
>>> *    </tokenExpression>*
>>> *  </iteration>*
>>> *...*
>>> *...*
>>>
>>> And then within the emailAddress mapping:
>>>
>>> <mapping>
>>>     <strength>weak</strength>
>>>     <source>
>>>       <path>givenName</path>
>>>     </source>
>>>     <source>
>>>       <path>familyName</path>
>>>     </source>
>>>     <expression>
>>>       <script>
>>>         <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>         <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>>         </code>
>>>       </script>
>>>     </expression>
>>>     <target>
>>>       <path>$user/emailAddress</path>
>>>     </target>
>>>   </mapping>
>>>
>>> The problem is that whenever I create a user, the email is always being
>>> set as if the iterationToken is '' and this result on duplicate
>>> emailAddress attribute among users.
>>>
>>> Is there something I'm doing wrong?
>>>
>>> Thanks in Advance
>>>
>>> *Ing. Martín Marchese*
>>> Identicum S.A.
>>> Anchorena 1357 PB
>>> Tel: +54 (11) 3526.5509
>>> mmarchese at identicum.com
>>> www.identicum.com
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>

-- 


CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; 
intended for only the recipient(s) named above and may contain information 
that is privileged. You should not retain, copy or use this e-mail or any 
attachments for any purpose, or disclose all or any part of the contents to 
any person. Any views or opinions expressed in this e-mail are those of the 
author and do not represent those of the Baptist School of Health 
Professions. If you have received this e-mail in error, or are not the 
named recipient(s), you are hereby notified that any review, dissemination, 
distribution or copying of this communication is prohibited by the sender 
and to do so might constitute a violation of the Electronic Communications 
Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the 
sender and delete this e-mail and any attachments from your computer. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/52a12433/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun 23 21:13:44 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 23 Jun 2016 21:13:44 +0200
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
 <576B8071.5080501@evolveum.com>
 <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>
 <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>
Message-ID: <576C34E8.20206@evolveum.com>

Hi Martin,

the sample referenced by Jason should work for having unique
emailAddress attribute and not doing anything with user/name. I have not
used this combination in my projects.

For defining emailAddress as unique: maybe this blog could help:
https://evolveum.com/blog/unique-e-mail-address-value/

See the mapping "My object template: Validate emailAddress uniqueness".
MidPoint will throw an exception whenever the new value of emailAddress
attribute is already used in other midPoint user. It's quite ugly, but
it works.

Regards,
Ivan

On 06/23/2016 04:59 PM, Martin Marchese wrote:
> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not
> the username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese
> <mmarchese at identicum.com <mailto:mmarchese at identicum.com>> wrote:
>
>     Thanks Ivan,
>
>     In fact, I just need to get uniqueness in the emailAddress (I've
>     already have username uniqueness since it's a personal ID #). The
>     emailAddress, has nothing to do with the username in our design.
>     Is there another way to achieve a field uniqueness?
>
>     Regards,
>
>     *Ing. Martín Marchese*
>     Identicum S.A.
>     Anchorena 1357 PB
>     Tel: +54 (11) 3526.5509
>     mmarchese at identicum.com <mailto:mmarchese at identicum.com>
>     www.identicum.com <http://www.identicum.com>
>
>     On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris
>     <ivan.noris at evolveum.com <mailto:ivan.noris at evolveum.com>> wrote:
>
>         Hi Martin,
>
>         my guess is that you are using object template, where name is
>         not generated using iterationToken. I have searched our
>         samples for the object template you've pasted and found one -
>         possibly the same.
>
>         The iterationToken in emailAddress will be non-empty only if
>         the iterator was used to generate the unique name.
>         So, for example, if I tried to create one user called
>         identicum01 (given: John, family: Smith) and another user
>         called identicum02 (given: John, family: Smith), the usernames
>         are unique, so the emailAddress attribute will both contain
>         empty iterationToken, which is indeed not expected. The
>         iterationToken is only used when you have configured the
>         mapping for user/name attribute to use it. And then you can
>         use iterationToken also in other mappings.
>
>         If user/name is generated from given and family names,
>         iterationToken would be used for both user/name values, and
>         the same value would then be used in the emailAddress. The
>         iterationToken is single-value attribute stored in User object
>         and triggered only if the username is not unique and the
>         mapping for user/name is using the iterationToken.
>
>         See my attached object template; I've just tried it with the
>         following use case:
>         1. create new user in midPoint, givenName: John, familyName:
>         Smith, password: whatever. No name attribute filled. Save.
>         Username JSmith was generated, emailAddress=JSmith at domain.com
>         <mailto:emailAddress=JSmith at domain.com>
>         2. create new user in midPoint, givenName: John, familyName:
>         Smith, password: whatever. No name attribute filled. Save.
>         Username JSmith1 was generated,
>         emailAddress=JSmith1 at domain.com
>         <mailto:emailAddress=JSmith1 at domain.com>
>
>         I think this is what you were trying to achieve.
>         Of course you need to specify the mapping strength as normal
>         or strong if you wish to generate new user/name and
>         user/emailAddress whenever user is renamed. If you don't need
>         this, and only wish to set it for the very first time, weak is OK.
>
>         See also https://jira.evolveum.com/browse/MID-1977
>
>         Regards,
>         Ivan
>
>         <objectTemplate
>         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>         <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                        
>         xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>         <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>                        
>         xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>         <http://prism.evolveum.com/xml/ns/public/types-3>
>                        
>         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>         <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>                        
>         xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>         <http://prism.evolveum.com/xml/ns/public/query-3>
>                        
>         xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>         <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>                         oid="c0c010c0-d34d-b33f-f00d-777222222333"
>                         version="1">
>            <name>User Template CSV sync</name>
>            <description>
>                     Alternative User Template Object.
>                     This object is used when creating a new account,
>         to set it up as needed.
>                         </description>
>            <metadata>
>              
>         <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>               <creatorRef oid="00000000-0000-0000-0000-000000000002"
>         type="c:UserType"><!-- administrator --></creatorRef>
>              
>         <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>            </metadata>
>            <iteration>
>               <maxIterations>10</maxIterations>
>               <tokenExpression>
>                  <script>
>                     <code>
>                   if (iteration == 0) {
>                     return "";
>                   } else {
>                     return ""+iteration;
>                   }
>                 </code>
>                  </script>
>               </tokenExpression>
>            </iteration>
>            <mapping>
>               <description>
>                         Property mapping.
>                         Defines how properties of user object are set up.
>                         This specific definition sets a full name as a
>         concatenation
>                         of givenName and familyName.
>                                 </description>
>               <strength>weak</strength>
>               <source>
>                  <c:path>$user/givenName</c:path>
>               </source>
>               <source>
>                  <c:path>$user/familyName</c:path>
>               </source>
>               <expression>
>                  <script>
>                    
>         <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>                     <code>
>                                                         givenName + '
>         ' + familyName
>                                                 </code>
>                  </script>
>               </expression>
>               <target>
>                  <c:path>fullName</c:path>
>               </target>
>            </mapping>
>            <mapping>
>               <strength>weak</strength>
>               <source>
>                  <c:path>givenName</c:path>
>               </source>
>               <source>
>                  <c:path>familyName</c:path>
>               </source>
>               <expression>
>                  <script>
>                    
>         <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>                     <code>
>                   def givenNameStr = ''+givenName
>                   givenNameStr.substring(0,1) + '' + familyName +
>         iterationToken + '@domain.com <http://domain.com>'
>                 </code>
>                  </script>
>               </expression>
>               <target>
>                  <c:path>$user/emailAddress</c:path>
>               </target>
>            </mapping>
>            <mapping>
>               <strength>weak</strength>
>               <source>
>                  <c:path>givenName</c:path>
>               </source>
>               <source>
>                  <c:path>familyName</c:path>
>               </source>
>               <expression>
>                  <script>
>                    
>         <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>                     <code>
>                   def givenNameStr = ''+givenName
>                   givenNameStr.substring(0,1) + '' + familyName +
>         iterationToken
>                 </code>
>                  </script>
>               </expression>
>               <target>
>                  <c:path>$user/name</c:path>
>               </target>
>            </mapping>
>         </objectTemplate>
>
>
>         On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>         Hi all,
>>
>>         I have an Object Template for users, and since I need email
>>         to be unique, I defined an iteration on it:
>>
>>         /<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">/
>>         /  <name>User Template CSV sync</name>/
>>         /  <iteration>/
>>         /    <maxIterations>10</maxIterations>/
>>         /    <tokenExpression>/
>>         /      <script>/
>>         /        <code>/
>>         /          if (iteration == 0) {/
>>         /            return "";/
>>         /          } else {/
>>         /            return ""+iteration;/
>>         /          }/
>>         /        </code>/
>>         /      </script>/
>>         /    </tokenExpression>/
>>         /  </iteration>/
>>         /.../
>>         /.../
>>         /
>>         /
>>         And then within the emailAddress mapping:
>>
>>         <mapping>
>>             <strength>weak</strength>
>>             <source>
>>               <path>givenName</path>
>>             </source>
>>             <source>
>>               <path>familyName</path>
>>             </source>
>>             <expression>
>>               <script>
>>                
>>         <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>>                 <code>
>>                   def givenNameStr = ''+givenName
>>                   givenNameStr.substring(0,1) + '' + familyName +
>>         iterationToken + '@domain.com <http://domain.com>'
>>                 </code>
>>               </script>
>>             </expression>
>>             <target>
>>               <path>$user/emailAddress</path>
>>             </target>
>>           </mapping>
>>
>>         The problem is that whenever I create a user, the email is
>>         always being set as if the iterationToken is '' and this
>>         result on duplicate emailAddress attribute among users.
>>
>>         Is there something I'm doing wrong?
>>
>>         Thanks in Advance
>>
>>         *Ing. Martín Marchese*
>>         Identicum S.A.
>>         Anchorena 1357 PB
>>         Tel: +54 (11) 3526.5509
>>         mmarchese at identicum.com <mailto:mmarchese at identicum.com>
>>         www.identicum.com <http://www.identicum.com>
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>         -- 
>           Ing. Ivan Noris
>           Senior Identity Management Engineer & IDM Architect
>           evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>           ___________________________________________________
>           "Semper ID(e)M Vix."
>
>
>         _______________________________________________
>         midPoint mailing list
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/5a91b5d7/attachment.htm>

From mmarchese at identicum.com  Thu Jun 23 22:22:59 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Thu, 23 Jun 2016 17:22:59 -0300
Subject: [midPoint] iterationToken in Object Template
In-Reply-To: <576C34E8.20206@evolveum.com>
References: <CAG3rmdoHvW3-o70fZUktcJZVaabDrUxJmT9Zvh+v0PKMRfCh0A@mail.gmail.com>
 <576B8071.5080501@evolveum.com>
 <CAG3rmdp2WTVRtGGJ7miXrFu0nYE7iOCQKLsUDL=HUcNyC2FG4w@mail.gmail.com>
 <CAG3rmdoO9E5wNKfofvs52FHLEvWn0B61CKnXaPrNkxMmhXigUA@mail.gmail.com>
 <576C34E8.20206@evolveum.com>
Message-ID: <CAG3rmdrxh0YbCL_fb63wgzw1eNBdeme-CC9F1N5NNWySgQzq1g@mail.gmail.com>

Thanks both,

We tried that example and worked like charm!

Regards

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Thu, Jun 23, 2016 at 4:13 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi Martin,
>
> the sample referenced by Jason should work for having unique emailAddress
> attribute and not doing anything with user/name. I have not used this
> combination in my projects.
>
> For defining emailAddress as unique: maybe this blog could help:
> https://evolveum.com/blog/unique-e-mail-address-value/
>
> See the mapping "My object template: Validate emailAddress uniqueness".
> MidPoint will throw an exception whenever the new value of emailAddress
> attribute is already used in other midPoint user. It's quite ugly, but it
> works.
>
> Regards,
> Ivan
>
>
> On 06/23/2016 04:59 PM, Martin Marchese wrote:
>
> To clarify, we are facing 2 different problems:
>
> - Defining emailAddress as unique within the MidPoint schema (is this
> possible?), to get MidPoint return an error whenever the emailAddress
> already exists.
>
> - Generating an unique emailAddress from the objectTemplate, but not the
> username.
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
> On Thu, Jun 23, 2016 at 11:00 AM, Martin Marchese <mmarchese at identicum.com
> > wrote:
>
>> Thanks Ivan,
>>
>> In fact, I just need to get uniqueness in the emailAddress (I've already
>> have username uniqueness since it's a personal ID #). The emailAddress, has
>> nothing to do with the username in our design. Is there another way to
>> achieve a field uniqueness?
>>
>> Regards,
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Anchorena 1357 PB
>> Tel: +54 (11) 3526.5509
>> mmarchese at identicum.com
>> www.identicum.com
>>
>> On Thu, Jun 23, 2016 at 3:23 AM, Ivan Noris < <ivan.noris at evolveum.com>
>> ivan.noris at evolveum.com> wrote:
>>
>>> Hi Martin,
>>>
>>> my guess is that you are using object template, where name is not
>>> generated using iterationToken. I have searched our samples for the object
>>> template you've pasted and found one - possibly the same.
>>>
>>> The iterationToken in emailAddress will be non-empty only if the
>>> iterator was used to generate the unique name.
>>> So, for example, if I tried to create one user called identicum01
>>> (given: John, family: Smith) and another user called identicum02 (given:
>>> John, family: Smith), the usernames are unique, so the emailAddress
>>> attribute will both contain empty iterationToken, which is indeed not
>>> expected. The iterationToken is only used when you have configured the
>>> mapping for user/name attribute to use it. And then you can use
>>> iterationToken also in other mappings.
>>>
>>> If user/name is generated from given and family names, iterationToken
>>> would be used for both user/name values, and the same value would then be
>>> used in the emailAddress. The iterationToken is single-value attribute
>>> stored in User object and triggered only if the username is not unique and
>>> the mapping for user/name is using the iterationToken.
>>>
>>> See my attached object template; I've just tried it with the following
>>> use case:
>>> 1. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith was generated, <emailAddress=JSmith at domain.com>
>>> emailAddress=JSmith at domain.com
>>> 2. create new user in midPoint, givenName: John, familyName: Smith,
>>> password: whatever. No name attribute filled. Save.
>>> Username JSmith1 was generated, <emailAddress=JSmith1 at domain.com>
>>> emailAddress=JSmith1 at domain.com
>>>
>>> I think this is what you were trying to achieve.
>>> Of course you need to specify the mapping strength as normal or strong
>>> if you wish to generate new user/name and user/emailAddress whenever user
>>> is renamed. If you don't need this, and only wish to set it for the very
>>> first time, weak is OK.
>>>
>>> See also https://jira.evolveum.com/browse/MID-1977
>>>
>>> Regards,
>>> Ivan
>>>
>>> <objectTemplate xmlns=
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>>                 xmlns:icfs=
>>> "http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>
>>>                 xmlns:t=
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>> "http://prism.evolveum.com/xml/ns/public/types-3"
>>> <http://prism.evolveum.com/xml/ns/public/types-3>
>>>                 xmlns:c=
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>> "http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>
>>>                 xmlns:q=
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>> "http://prism.evolveum.com/xml/ns/public/query-3"
>>> <http://prism.evolveum.com/xml/ns/public/query-3>
>>>                 xmlns:ri=
>>> "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>
>>>                 oid="c0c010c0-d34d-b33f-f00d-777222222333"
>>>                 version="1">
>>>    <name>User Template CSV sync</name>
>>>    <description>
>>>             Alternative User Template Object.
>>>             This object is used when creating a new account, to set it
>>> up as needed.
>>>                 </description>
>>>    <metadata>
>>>       <createTimestamp>2016-06-23T08:14:13.745+02:00</createTimestamp>
>>>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
>>> type="c:UserType"><!-- administrator --></creatorRef>
>>>       <createChannel>
>>> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>>> </createChannel>
>>>    </metadata>
>>>    <iteration>
>>>       <maxIterations>10</maxIterations>
>>>       <tokenExpression>
>>>          <script>
>>>             <code>
>>>           if (iteration == 0) {
>>>             return "";
>>>           } else {
>>>             return ""+iteration;
>>>           }
>>>         </code>
>>>          </script>
>>>       </tokenExpression>
>>>    </iteration>
>>>    <mapping>
>>>       <description>
>>>                 Property mapping.
>>>                 Defines how properties of user object are set up.
>>>                 This specific definition sets a full name as a
>>> concatenation
>>>                 of givenName and familyName.
>>>                         </description>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>$user/givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>$user/familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>                                                 givenName + ' ' +
>>> familyName
>>>                                         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>fullName</c:path>
>>>       </target>
>>>    </mapping>
>>>    <mapping>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>>         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>$user/emailAddress</c:path>
>>>       </target>
>>>    </mapping>
>>>    <mapping>
>>>       <strength>weak</strength>
>>>       <source>
>>>          <c:path>givenName</c:path>
>>>       </source>
>>>       <source>
>>>          <c:path>familyName</c:path>
>>>       </source>
>>>       <expression>
>>>          <script>
>>>             <language>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>             <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>>         </code>
>>>          </script>
>>>       </expression>
>>>       <target>
>>>          <c:path>$user/name</c:path>
>>>       </target>
>>>    </mapping>
>>> </objectTemplate>
>>>
>>>
>>> On 06/22/2016 07:03 PM, Martin Marchese wrote:
>>>
>>> Hi all,
>>>
>>> I have an Object Template for users, and since I need email to be
>>> unique, I defined an iteration on it:
>>>
>>> *<objectTemplate oid="c0c010c0-d34d-b33f-f00d-777222222333">*
>>> *  <name>User Template CSV sync</name>*
>>> *  <iteration>*
>>> *    <maxIterations>10</maxIterations>*
>>> *    <tokenExpression>*
>>> *      <script>*
>>> *        <code>*
>>> *          if (iteration == 0) {*
>>> *            return "";*
>>> *          } else {*
>>> *            return ""+iteration;*
>>> *          }*
>>> *        </code>*
>>> *      </script>*
>>> *    </tokenExpression>*
>>> *  </iteration>*
>>> *...*
>>> *...*
>>>
>>> And then within the emailAddress mapping:
>>>
>>> <mapping>
>>>     <strength>weak</strength>
>>>     <source>
>>>       <path>givenName</path>
>>>     </source>
>>>     <source>
>>>       <path>familyName</path>
>>>     </source>
>>>     <expression>
>>>       <script>
>>>         <language>
>>> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy>
>>> http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy
>>> </language>
>>>         <code>
>>>           def givenNameStr = ''+givenName
>>>           givenNameStr.substring(0,1) + '' + familyName + iterationToken
>>> + '@domain.com'
>>>         </code>
>>>       </script>
>>>     </expression>
>>>     <target>
>>>       <path>$user/emailAddress</path>
>>>     </target>
>>>   </mapping>
>>>
>>> The problem is that whenever I create a user, the email is always being
>>> set as if the iterationToken is '' and this result on duplicate
>>> emailAddress attribute among users.
>>>
>>> Is there something I'm doing wrong?
>>>
>>> Thanks in Advance
>>>
>>> *Ing. Martín Marchese*
>>> Identicum S.A.
>>> Anchorena 1357 PB
>>> Tel: +54 (11) 3526.5509
>>> mmarchese at identicum.com
>>> www.identicum.com
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>> --
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160623/f5a05ff8/attachment.htm>

From andreas.kuestner at daasi.de  Fri Jun 24 09:11:46 2016
From: andreas.kuestner at daasi.de (=?UTF-8?Q?Andreas_K=c3=bcstner?=)
Date: Fri, 24 Jun 2016 09:11:46 +0200
Subject: [midPoint] How is it possible to create a new object
In-Reply-To: <576BFE3E.5000205@evolveum.com>
References: <09e2bf6a-c0e3-6e5c-240e-35403b486fbd@daasi.de>
 <576BFE3E.5000205@evolveum.com>
Message-ID: <25971bea-d027-1341-3d38-88ce475e7be1@daasi.de>

Hello Radovan,

thank you for your good explanation!
We do a research here to compare some of the well known IDMs, and yes
your right, i've tried to get a similar approach in MidPoint like in the
"other" IDM.
So i will try to go the MidPoint way.

Thanks again for this good information!

Andy

Am 23.06.2016 um 17:20 schrieb Radovan Semancik:
> Hi,
> 
> Yes and no ...
> 
> MidPoint philosophy is to have an handful of very generic reusable
> object types. Such as user, org, role, service. These objects can be
> used to represent almost any concept in the IDM field. E.g. role can
> represent security roles, work positions, responsiblities; org can
> represent functional organizational units (divisions, sections), but
> also projects or ad-hoc teams. Services can represent devices, servers,
> networks, etc. Each object has appropriate typing property (roleType,
> orgType, ...) that can be used to distinguish these subtypes and sill
> have very efficient data storage, scalability, etc. My estimate is that
> 90% of all IDM use cases can be implemented by using this method. E.g.
> your costcenter can be modeled as a role or org in midPoint. This is
> also somehow well supported in GUI, especially for organizational units
> (not so well for roles yet).
> 
> In addition to that every focal object (user, role, org, service) can
> have assignments. Assignments represent policy-base relations between
> objects. Assignment is also an extensible data structure and it can have
> custom properties. Therefore your Employment object can be represented
> as assignment. In fact assignment already has description and
> organizational unit link. Parametric assignments like these work
> perfectly in midPoint core and we are using them is several projects.
> However they are only partially supported in GUI.
> 
> We have decided to go this way because if you base your data model on
> existing concepts you will automatically gain all the advantages that we
> have already implemented. E.g. if you base your Employment concept on
> assignment you will automatically gain ability to create new employments
> in GUI, you will be able to use authorizations to select which
> employment types are assignable by which employees (operators), they
> will be automatically considered in reconciliation code, etc. This saves
> a huge amount of customization effort.
> 
> Maybe it is just me, but I can feel the taste of one particular
> competing IDM system in this question :-) ... and that's right, midPoint
> does not have such an extreme flexibility. But we have a working GUI
> that you can just reuse and you do not need to develop a completely
> custom GUI by yourself, you do not need to reimplement the
> synchronization logic for each object type and so on. We strongly prefer
> reuse of code and concepts over reinventing everything from scratch for
> each and every deployment.
> 
> Yet, there are two more alternative ways:
> 
> Your Costcenter concept is very simple and you can implement is as a
> simple lookup table. This is reasonably well supported out-of-the-box
> although it is not well documented. So I have written a very basic
> documentation here:
> https://wiki.evolveum.com/display/midPoint/Lookup+Tables
> 
> Second option is to use the GenericObjectType. This object type was
> designed to cover the remaining 10% of cases. But actually it looks like
> it almost never used. I assume that the reason is that all practical
> cases can be modeled using the normal midPoint approch. And as nobody is
> asking for better GenericObjectType support then naturally the midPoint
> support for GenericObjectType is very ... minimal. It should work well
> in midPoint core, however it is not very well tested and it is not
> supported in the GUI at all.
> 
> I would strongly recommend to use the common midPoint approach, model
> your Employment as an assignment, model your Costcenter as a lookup
> table or a role. If there are some parts that you are missing in
> midPoint GUI we will be happy to implement them given the right
> motivations. I would recommend you to secure appropriate subscription
> which can cover the development of the missing part. Or maybe to sponsor
> the missing features or to develop them yourself and contribute them.
> 


From radovan.semancik at evolveum.com  Fri Jun 24 14:43:07 2016
From: radovan.semancik at evolveum.com (Radovan Semancik)
Date: Fri, 24 Jun 2016 14:43:07 +0200
Subject: [midPoint]  MidPoint 3.4 "Heisenberg" released
Message-ID: <576D2ADB.8020002@evolveum.com>

The Evolveum team is proud to announce the release of midPoint version 3.4

Release 3.4 is a seventeenth midPoint release code-named "Heisenberg". 
The 3.4 release brings identity governance features and significant user 
interface improvements. MidPoint 3.4 is one of the major milestones in 
midPoint project history.

For more information about the Lincoln release please see release notes 
at http://wiki.evolveum.com/display/midPoint/Release+3.4

We would like to express a special thanks for all midPoint subscribers, 
supporters and especially the contributors. The Evolveum team would like 
to express many thanks for your interest, feedback and contributions.

About MidPoint

MidPoint is a comprehensive open-source identity management system. It 
is a system that synchronizes several identity repositories, manages 
them and makes them available in unified form. It handles identity 
provisioning, identity synchronization, identity workflow automation, it 
implements advanced access control models, enforces policies and 
provides numerous features in the field of enterprise and Internet 
identity management and identity governance. The development process of 
midPoint is pragmatic and open, it focuses on usability and solutions to 
the practical identity management challenges.

For more information please see http://midpoint.evolveum.com/

About Evolveum

Evolveum is a company committed to develop creative, open and - most 
importantly - working software. We work hard to continually improve the 
software in a creative way. All software that we develop is open-source 
using completely open development process. The software is created with 
one critical goal in mind: usability. The software must work, it must be 
efficient solution to an existing problem, the software must provide 
value. Evolveum works in a close cooperation with partners and volunteer 
contributors to make this possible.

For more details please see http://evolveum.com/

-- 
Radovan Semancik
Software Architect
evolveum.com


From dick.muller at tahzoo.com  Tue Jun 28 15:05:12 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Tue, 28 Jun 2016 13:05:12 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
Message-ID: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>

Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D14E.77452710]<http://www.tahzoo.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/638ca9a8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7589 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/638ca9a8/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-28 at 15.02.09.png
Type: image/png
Size: 58943 bytes
Desc: Screen Shot 2016-06-28 at 15.02.09.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/638ca9a8/attachment-0001.png>

From oskar.butovic at ami.cz  Tue Jun 28 15:15:15 2016
From: oskar.butovic at ami.cz (=?UTF-8?Q?Oskar_Butovi=C4=8D_=2D_AMI_Praha_a=2Es=2E?=)
Date: Tue, 28 Jun 2016 15:15:15 +0200
Subject: [midPoint] assignment checking
Message-ID: <CAE8MtZDc=UESknfLqAbvJ-hAsqXf78tfvspjm4if6kCoMLiiKw@mail.gmail.com>

Hello All,

I am trying to check in mapping in user template wether the user has
particular role.

for example following scenario
i create new user with identityType (extension parameter) employee. I wan
to assign role Employee to users with this type.
in some time employee leaves company and his account is cancelled by
assigning expiredEmployee role

i understand that so far it can be made by setting
<authoritative>true</authoritative>

but i also want for this role to be kept when user is editted ad his
identity Type is no longer employee.

this could be done with <authoritative>false</authoritative> but it then
prevent prevoius scenario. If i would be able to check current roles of the
user i could accomplish all required behaviour
with <authoritative>true</authoritative>.

Do you have any advice or code snippet how to resolve this problem?

Regards

Oskar Butovič

-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/3ad65ebe/attachment.htm>

From ivan.noris at evolveum.com  Tue Jun 28 15:17:51 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Tue, 28 Jun 2016 15:17:51 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
Message-ID: <577278FF.2020006@evolveum.com>

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17
(including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector
version was tagged as 1.4.2.17, so that should be the version you want
to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by
Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT
connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in
the resources, as we were discussing during the training.

Best regards,
Ivan

On 06/28/2016 03:05 PM, Dick Muller wrote:
>
> Hi,
>
> I upgraded to the latest 3.4 version and wanted to install ADLDAP
> connectors.
>
> I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives
> problems during syncing. I think this is already described in JIRA.
>
> I want to use the latest version 1.4.3.0-snapshot but get an error
> during TEST of the resource.
>
>  
>
> I’ve included the Error message as attachment.
>
>  
>
> Hope somebody can help me with this.
>
>  
>
> Regards,
>
>  
>
> ------------------------------------------------------------------------
>
> *Dick Muller*
>
> Senior Systems Engineer
>
> Delftechpark 37i
> 2628 XJ Delft*
> d*: +31 88 2682586 
> *m:* +31 6 46477690
>
> <http://www.tahzoo.com/>
>
>  
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/d4b95379/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7589 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160628/d4b95379/attachment.png>

From dick.muller at tahzoo.com  Wed Jun 29 07:36:21 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Wed, 29 Jun 2016 05:36:21 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
Message-ID: <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>

Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D1D8.ED9A2B60]<http://www.tahzoo.com/>






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/d22dacba/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7591 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/d22dacba/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-28 at 13.45.27.png
Type: image/png
Size: 51236 bytes
Desc: Screen Shot 2016-06-28 at 13.45.27.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/d22dacba/attachment-0001.png>

From dick.muller at tahzoo.com  Wed Jun 29 07:33:56 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Wed, 29 Jun 2016 05:33:56 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <577278FF.2020006@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
Message-ID: <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>

Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D1D8.9706A030]<http://www.tahzoo.com/>





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e41a7520/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7590 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e41a7520/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-06-28 at 13.45.27.png
Type: image/png
Size: 51236 bytes
Desc: Screen Shot 2016-06-28 at 13.45.27.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e41a7520/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ExportedData_ResourceType_1467178306038.xml
Type: application/xml
Size: 357716 bytes
Desc: ExportedData_ResourceType_1467178306038.xml
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e41a7520/attachment.xml>

From ivan.noris at evolveum.com  Wed Jun 29 09:19:55 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 09:19:55 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
Message-ID: <5773769B.9010304@evolveum.com>

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be
displayed. Somewhere will be ICF Create or ICF Update operation logged,
including the parameters from provisioning. This would help to see what
was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation
would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right?
Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan

On 06/29/2016 07:36 AM, Dick Muller wrote:
>
> Hi Ivan,
>
>  
>
> I get an error when I add a projection to the user with an LDAPS
> connection.
>
> (See the attachment)
>
> I’ve checked the synchronization mappings and synchronization tab.
> I’ve got the reconcile checked and kind and intent correctly configured.
>
>  
>
> Thanks,
>
>  
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Tuesday 28 June 2016 at 15:17
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> Hi Dick,
>
> AFAIK with midPoint 3.4 you should see LDAP connectors version
> 1.4.2.17 (including AdLdap).
>
> The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
> connector version was tagged as 1.4.2.17, so that should be the
> version you want to use.
>
> What sync problems with 1.4.2.x are you referring to?
>
> The error message means that there is no connector (JAR) referenced by
> Connector repository object (1.4.3.0-SNAPSHOT).
>
> You need to update all resources referencing to the 1.4.3.0-SNAPSHOT
> connectors to refer to 1.4.2.17. (By changing the oid in connectorRef
> in the resources, as we were discussing during the training.
>
> Best regards,
> Ivan
>
> On 06/28/2016 03:05 PM, Dick Muller wrote:
>
>     Hi,
>
>     I upgraded to the latest 3.4 version and wanted to install ADLDAP
>     connectors.
>
>     I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives
>     problems during syncing. I think this is already described in JIRA.
>
>     I want to use the latest version 1.4.3.0-snapshot but get an error
>     during TEST of the resource.
>
>      
>
>     I’ve included the Error message as attachment.
>
>      
>
>     Hope somebody can help me with this.
>
>      
>
>     Regards,
>
>      
>
>     ------------------------------------------------------------------------
>
>     *Dick Muller*
>
>     Senior Systems Engineer
>
>     Delftechpark 37i
>     2628 XJ Delft*
>     d*: +31 88 2682586 
>     *m:* +31 6 46477690
>
>     <http://www.tahzoo.com/>
>
>      
>
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/f9d0e705/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7591 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/f9d0e705/attachment.png>

From dick.muller at tahzoo.com  Wed Jun 29 13:25:04 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Wed, 29 Jun 2016 11:25:04 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <5773769B.9010304@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
Message-ID: <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>

HI Ivan,

The logfile tells that there is a constraint error because the object already exists.
But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

I’ve included the log in the mail.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan
On 06/29/2016 07:36 AM, Dick Muller wrote:
Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D209.A44EC7A0]<http://www.tahzoo.com/>







_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2eda9963/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7592 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2eda9963/attachment.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: result-4.txt
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2eda9963/attachment.txt>

From dick.muller at tahzoo.com  Wed Jun 29 13:57:46 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Wed, 29 Jun 2016 11:57:46 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
Message-ID: <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>

Ivan,

I used a sample LDAP resource file and seems that the attribute (that I do not need btw) with the name objectCategory was giving problems.
Now I have anoter error, stating that the object can’t be created because of an invalied attribute.

The error log is in the attachments of this mail.

I hope you can think of something, because we are talking about pretty standard attributes I think.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 13:25
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

HI Ivan,

The logfile tells that there is a constraint error because the object already exists.
But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

I’ve included the log in the mail.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To: "midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan
On 06/29/2016 07:36 AM, Dick Muller wrote:
Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D20E.36331EB0]<http://www.tahzoo.com/>








_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/cd5c1a22/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7593 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/cd5c1a22/attachment.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: result-5.txt
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/cd5c1a22/attachment.txt>

From ivan.noris at evolveum.com  Wed Jun 29 15:17:43 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 15:17:43 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
Message-ID: <5773CA77.8030205@evolveum.com>

Hi Dick,

already exists may be thrown if the userPrincipalName is already taken.
Please check also for that.

Ivan

On 06/29/2016 01:25 PM, Dick Muller wrote:
>
> HI Ivan,
>
>  
>
> The logfile tells that there is a constraint error because the object
> already exists.
>
> But that is absolutely not true. I’ve looked in the AD domain and
> forest for the same account, but it doesn’t exist.
>
>  
>
> I’ve included the log in the mail.
>
>  
>
> Thanks,
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Wednesday 29 June 2016 at 09:19
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> Hi Dick,
>
> I don't see anything obvious yet.
> Please try to get:
> 1) stack trace from midpoint idm.log when this operation fails
> 2) the (red) result can be clicked and whole tree of operations will
> be displayed. Somewhere will be ICF Create or ICF Update operation
> logged, including the parameters from provisioning. This would help to
> see what was sent to the connector.
>
> Also tracing org.identityconnectors.framework.api during this
> operation would help too. (idm.log will contain the information)
>
> The cn=ldap.test,... account is the one you are trying to create,
> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>
> Ivan
>
> On 06/29/2016 07:36 AM, Dick Muller wrote:
>
>     Hi Ivan,
>
>      
>
>     I get an error when I add a projection to the user with an LDAPS
>     connection.
>
>     (See the attachment)
>
>     I’ve checked the synchronization mappings and synchronization tab.
>     I’ve got the reconcile checked and kind and intent correctly
>     configured.
>
>      
>
>     Thanks,
>
>      
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Tuesday 28 June 2016 at 15:17
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>      
>
>     Hi Dick,
>
>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>     1.4.2.17 (including AdLdap).
>
>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>     connector version was tagged as 1.4.2.17, so that should be the
>     version you want to use.
>
>     What sync problems with 1.4.2.x are you referring to?
>
>     The error message means that there is no connector (JAR)
>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>
>     You need to update all resources referencing to the
>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the
>     oid in connectorRef in the resources, as we were discussing during
>     the training.
>
>     Best regards,
>     Ivan
>
>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>
>         Hi,
>
>         I upgraded to the latest 3.4 version and wanted to install
>         ADLDAP connectors.
>
>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>         gives problems during syncing. I think this is already
>         described in JIRA.
>
>         I want to use the latest version 1.4.3.0-snapshot but get an
>         error during TEST of the resource.
>
>          
>
>         I’ve included the Error message as attachment.
>
>          
>
>         Hope somebody can help me with this.
>
>          
>
>         Regards,
>
>          
>
>         ------------------------------------------------------------------------
>
>         *Dick Muller*
>
>         Senior Systems Engineer
>
>         Delftechpark 37i
>         2628 XJ Delft*
>         d*: +31 88 2682586 
>         *m:* +31 6 46477690
>
>         <http://www.tahzoo.com/>
>
>          
>
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e934bb35/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7592 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e934bb35/attachment.png>

From ivan.noris at evolveum.com  Wed Jun 29 15:24:42 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 15:24:42 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
Message-ID: <5773CC1A.60409@evolveum.com>

Hi Dick,

please add trace logging for com.evolveum.polygon.connector.ldap

Troubleshooting AD is not always easy, you can see how cryptic the error
messages returned from AD are.
What value are you setting to objectCategory? I see that sample with

                        <attribute>
                                <ref>ri:objectCategory</ref>
                                <!-- This is defined as mandatory in top
object class.
                                     But it is not really mandatory.
Well done Microsoft. -->
                                <limitations>
                                        <minOccurs>0</minOccurs>
                                </limitations>
                                <outbound>
                                        <expression>
                                               
<value>CN=Person,CN=Schema,CN=Configuration,DC=win,DC=evolveum,DC=com</value>
                                        </expression>
                                </outbound>
                        </attribute>

(of course the suffix is different in your domain...)

Ivan

On 06/29/2016 01:57 PM, Dick Muller wrote:
>
> Ivan,
>
>  
>
> I used a sample LDAP resource file and seems that the attribute (that
> I do not need btw) with the name objectCategory was giving problems.
>
> Now I have anoter error, stating that the object can’t be created
> because of an invalied attribute.
>
>  
>
> The error log is in the attachments of this mail.
>
>  
>
> I hope you can think of something, because we are talking about pretty
> standard attributes I think.
>
>  
>
> Thanks,
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Dick Muller <dick.muller at tahzoo.com>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Wednesday 29 June 2016 at 13:25
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> HI Ivan,
>
>  
>
> The logfile tells that there is a constraint error because the object
> already exists.
>
> But that is absolutely not true. I’ve looked in the AD domain and
> forest for the same account, but it doesn’t exist.
>
>  
>
> I’ve included the log in the mail.
>
>  
>
> Thanks,
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Wednesday 29 June 2016 at 09:19
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> Hi Dick,
>
> I don't see anything obvious yet.
> Please try to get:
> 1) stack trace from midpoint idm.log when this operation fails
> 2) the (red) result can be clicked and whole tree of operations will
> be displayed. Somewhere will be ICF Create or ICF Update operation
> logged, including the parameters from provisioning. This would help to
> see what was sent to the connector.
>
> Also tracing org.identityconnectors.framework.api during this
> operation would help too. (idm.log will contain the information)
>
> The cn=ldap.test,... account is the one you are trying to create,
> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>
> Ivan
>
> On 06/29/2016 07:36 AM, Dick Muller wrote:
>
>     Hi Ivan,
>
>      
>
>     I get an error when I add a projection to the user with an LDAPS
>     connection.
>
>     (See the attachment)
>
>     I’ve checked the synchronization mappings and synchronization tab.
>     I’ve got the reconcile checked and kind and intent correctly
>     configured.
>
>      
>
>     Thanks,
>
>      
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Tuesday 28 June 2016 at 15:17
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>      
>
>     Hi Dick,
>
>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>     1.4.2.17 (including AdLdap).
>
>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>     connector version was tagged as 1.4.2.17, so that should be the
>     version you want to use.
>
>     What sync problems with 1.4.2.x are you referring to?
>
>     The error message means that there is no connector (JAR)
>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>
>     You need to update all resources referencing to the
>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the
>     oid in connectorRef in the resources, as we were discussing during
>     the training.
>
>     Best regards,
>     Ivan
>
>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>
>         Hi,
>
>         I upgraded to the latest 3.4 version and wanted to install
>         ADLDAP connectors.
>
>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>         gives problems during syncing. I think this is already
>         described in JIRA.
>
>         I want to use the latest version 1.4.3.0-snapshot but get an
>         error during TEST of the resource.
>
>          
>
>         I’ve included the Error message as attachment.
>
>          
>
>         Hope somebody can help me with this.
>
>          
>
>         Regards,
>
>          
>
>         ------------------------------------------------------------------------
>
>         *Dick Muller*
>
>         Senior Systems Engineer
>
>         Delftechpark 37i
>         2628 XJ Delft*
>         d*: +31 88 2682586 
>         *m:* +31 6 46477690
>
>         <http://www.tahzoo.com/>
>
>          
>
>
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/69adadaa/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/69adadaa/attachment.png>

From MICHAEL.GRUBER at wwk.de  Wed Jun 29 15:35:16 2016
From: MICHAEL.GRUBER at wwk.de (Gruber, Michael)
Date: Wed, 29 Jun 2016 13:35:16 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <5773CC1A.60409@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
 <5773CC1A.60409@evolveum.com>
Message-ID: <D486EE2E07791C4B91565EAA6082630B55083420@SERV0612.wwk-group.com>

Hi,

Maybe it is caused by cn. Log shows
cn= LDAP Test
but in cn part of dn ther is a dot cn=ldap.test

{Name=__NAME__, Value=[cn=ldap.test,ou=Employees DC,ou=Tahzoo,dc=na1,dc=tahzooint,dc=com
{Name=cn, Value=[LDAP Test]}


It should not be necessary to add cn explicitly since it is already in dn.


Regards, michael





Von: midPoint [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Ivan Noris
Gesendet: Mittwoch, 29. Juni 2016 15:25
An: midpoint at lists.evolveum.com
Betreff: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

please add trace logging for com.evolveum.polygon.connector.ldap

Troubleshooting AD is not always easy, you can see how cryptic the error messages returned from AD are.
What value are you setting to objectCategory? I see that sample with

                        <attribute>
                                <ref>ri:objectCategory</ref>
                                <!-- This is defined as mandatory in top object class.
                                     But it is not really mandatory. Well done Microsoft. -->
                                <limitations>
                                        <minOccurs>0</minOccurs>
                                </limitations>
                                <outbound>
                                        <expression>
                                                <value>CN=Person,CN=Schema,CN=Configuration,DC=win,DC=evolveum,DC=com</value>
                                        </expression>
                                </outbound>
                        </attribute>

(of course the suffix is different in your domain...)

Ivan
On 06/29/2016 01:57 PM, Dick Muller wrote:
Ivan,

I used a sample LDAP resource file and seems that the attribute (that I do not need btw) with the name objectCategory was giving problems.
Now I have anoter error, stating that the object can’t be created because of an invalied attribute.

The error log is in the attachments of this mail.

I hope you can think of something, because we are talking about pretty standard attributes I think.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com><mailto:dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 13:25
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

HI Ivan,

The logfile tells that there is a constraint error because the object already exists.
But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

I’ve included the log in the mail.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan
On 06/29/2016 07:36 AM, Dick Muller wrote:
Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:image001.png at 01D1D21B.D5258190]<http://www.tahzoo.com/>









_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint







--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."






_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint





--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."

WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr. Frank Schindelhauer, Sitz München, Registergericht München HR B 211; WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.), Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Werner Quante, Sitz München, Registergericht München HR B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH, Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München, Registergericht München HR B 76323; WWK Pensionsfonds AG, Vorstand: Ansgar Eckert, Karl Ruffing, Heinrich Schüppert; Vorsitzender des Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment S.A., Verwaltungsrat: Karl Ruffing (V.), Ansgar Eckert, Stefan Schneider (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2ad6557f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7593 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/2ad6557f/attachment.png>

From ivan.noris at evolveum.com  Wed Jun 29 15:55:01 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 15:55:01 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <D486EE2E07791C4B91565EAA6082630B55083420@SERV0612.wwk-group.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
 <5773CC1A.60409@evolveum.com>
 <D486EE2E07791C4B91565EAA6082630B55083420@SERV0612.wwk-group.com>
Message-ID: <5773D335.9030906@evolveum.com>

Hmm,

good point, Michael! I can see such mapping also in our samples. But I
remember that years ago I must have removed ri:cn attribute mapping for
old AD connector because the attribute caused troubles.

Dick, can you please remove/comment the attribute configuration for
ri:cn and try again?

Thank you.
Ivan

On 06/29/2016 03:35 PM, Gruber, Michael wrote:
>
> Hi,
>
>  
>
> Maybe it is caused by cn. Log shows
>
> cn=LDAP Test
>
> but in cn part of dn ther is a dot cn=ldap.test
>
>  
>
> {Name=__NAME__, Value=[cn=ldap.test,ou=Employees
> DC,ou=Tahzoo,dc=na1,dc=tahzooint,dc=com
>
> {Name=cn, Value=[LDAP Test]}
>
>  
>
>  
>
> It should not be necessary to add cn explicitly since it is already in dn.
>
>  
>
>  
>
> Regards, michael
>
>  
>
>  
>
>  
>
>  
>
>  
>
> *Von:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *Im
> Auftrag von *Ivan Noris
> *Gesendet:* Mittwoch, 29. Juni 2016 15:25
> *An:* midpoint at lists.evolveum.com
> *Betreff:* Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> Hi Dick,
>
> please add trace logging for com.evolveum.polygon.connector.ldap
>
> Troubleshooting AD is not always easy, you can see how cryptic the
> error messages returned from AD are.
> What value are you setting to objectCategory? I see that sample with
>
>                         <attribute>
>                                 <ref>ri:objectCategory</ref>
>                                 <!-- This is defined as mandatory in
> top object class.
>                                      But it is not really mandatory.
> Well done Microsoft. -->
>                                 <limitations>
>                                         <minOccurs>0</minOccurs>
>                                 </limitations>
>                                 <outbound>
>                                         <expression>
>                                                
> <value>CN=Person,CN=Schema,CN=Configuration,DC=win,DC=evolveum,DC=com</value>
>                                         </expression>
>                                 </outbound>
>                         </attribute>
>
> (of course the suffix is different in your domain...)
>
> Ivan
>
> On 06/29/2016 01:57 PM, Dick Muller wrote:
>
>     Ivan,
>
>      
>
>     I used a sample LDAP resource file and seems that the attribute
>     (that I do not need btw) with the name objectCategory was giving
>     problems.
>
>     Now I have anoter error, stating that the object can’t be created
>     because of an invalied attribute.
>
>      
>
>     The error log is in the attachments of this mail.
>
>      
>
>     I hope you can think of something, because we are talking about
>     pretty standard attributes I think.
>
>      
>
>     Thanks,
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Dick
>     Muller <dick.muller at tahzoo.com> <mailto:dick.muller at tahzoo.com>
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Wednesday 29 June 2016 at 13:25
>     *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>      
>
>     HI Ivan,
>
>      
>
>     The logfile tells that there is a constraint error because the
>     object already exists.
>
>     But that is absolutely not true. I’ve looked in the AD domain and
>     forest for the same account, but it doesn’t exist.
>
>      
>
>     I’ve included the log in the mail.
>
>      
>
>     Thanks,
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Wednesday 29 June 2016 at 09:19
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>      
>
>     Hi Dick,
>
>     I don't see anything obvious yet.
>     Please try to get:
>     1) stack trace from midpoint idm.log when this operation fails
>     2) the (red) result can be clicked and whole tree of operations
>     will be displayed. Somewhere will be ICF Create or ICF Update
>     operation logged, including the parameters from provisioning. This
>     would help to see what was sent to the connector.
>
>     Also tracing org.identityconnectors.framework.api during this
>     operation would help too. (idm.log will contain the information)
>
>     The cn=ldap.test,... account is the one you are trying to create,
>     right? Does "ou=Employees DC" exist in OU=Tahzoo?
>
>     Ivan
>
>     On 06/29/2016 07:36 AM, Dick Muller wrote:
>
>         Hi Ivan,
>
>          
>
>         I get an error when I add a projection to the user with an
>         LDAPS connection.
>
>         (See the attachment)
>
>         I’ve checked the synchronization mappings and synchronization
>         tab. I’ve got the reconcile checked and kind and intent
>         correctly configured.
>
>          
>
>         Thanks,
>
>          
>
>         Dick
>
>          
>
>         *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>         <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>         Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>         *Organization: *Evolveum, s.r.o.
>         *Reply-To: *midPoint General Discussion
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Date: *Tuesday 28 June 2016 at 15:17
>         *To: *"midpoint at lists.evolveum.com"
>         <mailto:midpoint at lists.evolveum.com>
>         <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>         *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>          
>
>         Hi Dick,
>
>         AFAIK with midPoint 3.4 you should see LDAP connectors version
>         1.4.2.17 (including AdLdap).
>
>         The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>         connector version was tagged as 1.4.2.17, so that should be
>         the version you want to use.
>
>         What sync problems with 1.4.2.x are you referring to?
>
>         The error message means that there is no connector (JAR)
>         referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>
>         You need to update all resources referencing to the
>         1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing
>         the oid in connectorRef in the resources, as we were
>         discussing during the training.
>
>         Best regards,
>         Ivan
>
>         On 06/28/2016 03:05 PM, Dick Muller wrote:
>
>             Hi,
>
>             I upgraded to the latest 3.4 version and wanted to install
>             ADLDAP connectors.
>
>             I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>             gives problems during syncing. I think this is already
>             described in JIRA.
>
>             I want to use the latest version 1.4.3.0-snapshot but get
>             an error during TEST of the resource.
>
>              
>
>             I’ve included the Error message as attachment.
>
>              
>
>             Hope somebody can help me with this.
>
>              
>
>             Regards,
>
>              
>
>             ------------------------------------------------------------------------
>
>             *Dick Muller*
>
>             Senior Systems Engineer
>
>             Delftechpark 37i
>             2628 XJ Delft*
>             d*: +31 88 2682586 
>             *m:* +31 6 46477690
>
>             <http://www.tahzoo.com/>
>
>              
>
>
>
>
>
>
>
>
>             _______________________________________________
>
>             midPoint mailing list
>
>             midPoint at lists.evolveum.com
>             <mailto:midPoint at lists.evolveum.com>
>
>             http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
>
>         -- 
>
>           Ing. Ivan Noris
>
>           Senior Identity Management Engineer & IDM Architect
>
>           evolveum.com                     evolveum.com/blog/
>
>           ___________________________________________________
>
>           "Semper ID(e)M Vix."
>
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
> WWK Lebensversicherung a. G., Vorstand: Jürgen Schrameier (V.), Rainer
> Gebhart (stv. V.), Dirk Fassott; Vorsitzender des Aufsichtsrats: Dr.
> Frank Schindelhauer, Sitz München, Registergericht München HR B 211;
> WWK Allgemeine Versicherung AG, Vorstand: Jürgen Schrameier (V.),
> Rainer Gebhart (stv. V.), Dirk Fassott; Vorsitzender des
> Aufsichtsrats: Werner Quante, Sitz München, Registergericht München HR
> B 5553; WWK Vermögensverwaltungs und Dienstleistungs GmbH,
> Geschäftsführer: Karl Ruffing, Stefan Sedlmeir, Sitz München,
> Registergericht München HR B 76323; WWK Pensionsfonds AG, Vorstand:
> Ansgar Eckert, Karl Ruffing, Heinrich Schüppert; Vorsitzender des
> Aufsichtsrats: Dirk Fassott, Sitz München, Registergericht München HR
> B 146295; Hausanschrift: Marsstraße 37, 80335 München; WWK Investment
> S.A., Verwaltungsrat: Karl Ruffing (V.), Ansgar Eckert, Stefan
> Schneider (Hauck & Aufhäuser), Handelsregister: R.C. Luxembourg Nr. B
> 81 270, Sitz der Gesellschaft: 1c, rue Gabriel Lippmann, L-5365 Munsbach
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e70a78d5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/e70a78d5/attachment.png>

From mmarchese at identicum.com  Wed Jun 29 16:56:03 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Wed, 29 Jun 2016 11:56:03 -0300
Subject: [midPoint] Role-Entitlement Assignment
Message-ID: <CAG3rmdpVDGRDPzJGKXMtjZd+1j8U4Z9HoN6K3Rq-G5a=L521wQ@mail.gmail.com>

Hi All!,

I have a question on Role-Entitlement assignment:

I have an Entitlement representing LDAP groups (it does not exist in
midpoint, just in the resource, so it does not have a shadow).

I found the following example:
<assignment>
    <construction>
        <resourceRef oid="10000000-0000-0000-0000-000000000004" type=
"c:ResourceType"/>
        <kind>account</kind>
        <association>
            <ref>ri:group</ref>
            <outbound>
                <expression>
                    <value>
                        <shadowRef oid=
"20000000-0000-0000-3333-000000000001"/>
                    </value>
                </expression>
            </outbound>
        </association>
    </construction>
</assignment>

However, as I don't have the shadow created in MidPoint, I can't add the
shadow OID for reference. Is there a way to achieve this and not creating
the object within MidPoint?

Another question, as this assignment will probably be done a non-tech
customer, is there a way to do this assignment thru the UI?

Thanks in advance

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/4a21223c/attachment.htm>

From ivan.noris at evolveum.com  Wed Jun 29 17:06:55 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 17:06:55 +0200
Subject: [midPoint] Role-Entitlement Assignment
In-Reply-To: <CAG3rmdpVDGRDPzJGKXMtjZd+1j8U4Z9HoN6K3Rq-G5a=L521wQ@mail.gmail.com>
References: <CAG3rmdpVDGRDPzJGKXMtjZd+1j8U4Z9HoN6K3Rq-G5a=L521wQ@mail.gmail.com>
Message-ID: <5773E40F.8040906@evolveum.com>

Hi Martin,

you can use associationTargetSearch in role:

. . .
    <inducement>
        <construction>
                <resourceRef oid="00000000-dc00-dc00-0001-100000000002"
type="c:ResourceType"/>
        <kind>account</kind>
        <association>
            <ref>ri:group</ref>
            <outbound>
                <strength>strong</strength>
                <expression>
                    <associationTargetSearch>
                        <filter>
                            <q:equal>
                                <q:path>attributes/ri:dn</q:path>
                               
<q:value>cn=group1,ou=foo,ou=bar,dc=example,dc=com</q:value>
                            </q:equal>
                        </filter>
                       <searchStrategy>onResourceIfNeeded</searchStrategy>
                    </associationTargetSearch>
                </expression>
            </outbound>
          </association>
        </construction>
      </inducement>
...

The above example tries to construct an account (intent is not
specified, thus default) and associate with an entitlement, which has
"ri:dn" attribute equal to "cn=group1,ou=foo,ou=bar,dc=example,dc=com".
This will search the group on the resource.
The shadow will be created after the group is found. Further
associations will use the shadow instead of looking up (searching) on
resource.

Regards,
Ivan

On 06/29/2016 04:56 PM, Martin Marchese wrote:
> Hi All!,
>
> I have a question on Role-Entitlement assignment:
>
> I have an Entitlement representing LDAP groups (it does not exist in
> midpoint, just in the resource, so it does not have a shadow).
>
> I found the following example:
> |<||assignment||>|
> |    ||<||construction||>|
> |        ||<||resourceRef| |oid||=||"10000000-0000-0000-0000-000000000004"| |type||=||"c:ResourceType"||/>|
> |        ||<||kind||>account</||kind||>|
> |        ||<||association||>|
> |            ||<||ref||>ri:group</||ref||>|
> |            ||<||outbound||>|
> |                ||<||expression||>|
> |                    ||<||value||>|
> |                        ||<||shadowRef| |oid||=||"20000000-0000-0000-3333-000000000001"||/>|
> |                    ||</||value||>|
> |                ||</||expression||>|
> |            ||</||outbound||>|
> |        ||</||association||>|
> |    ||</||construction||>|
> |</||assignment||>|
>
> However, as I don't have the shadow created in MidPoint, I can't add
> the shadow OID for reference. Is there a way to achieve this and not
> creating the object within MidPoint?
> |
> |
> |Another question, as this assignment will probably be done a non-tech
> customer, is there a way to do this assignment thru the UI?|
> |
> |
> |Thanks in advance|
>
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/15715ff8/attachment.htm>

From ivan.noris at evolveum.com  Wed Jun 29 18:25:20 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 18:25:20 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
Message-ID: <5773F670.7090502@evolveum.com>

Hi Dick,

FYI I have just tried resource-localhost.xml from
testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa
correctly, I was able to create an account using Add projection without
any problems. I have not changed anything in the sample.

Strange enough :-) I have not touched ri:cn at all. But of course my
objectCategory DN is valid.

FYI I was trying to send userPrincipalName attribute as
user at domain@domain (because of bad mapping) and the error message
returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22
(Invalid argument), data 0". But tracing showed the value I was trying
to send, so it helped me to diagnose it instantly.

Regards,
Ivan

On 06/29/2016 01:57 PM, Dick Muller wrote:
>
> Ivan,
>
>  
>
> I used a sample LDAP resource file and seems that the attribute (that
> I do not need btw) with the name objectCategory was giving problems.
>
> Now I have anoter error, stating that the object can’t be created
> because of an invalied attribute.
>
>  
>
> The error log is in the attachments of this mail.
>
>  
>
> I hope you can think of something, because we are talking about pretty
> standard attributes I think.
>
>  
>
> Thanks,
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Dick Muller <dick.muller at tahzoo.com>
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Wednesday 29 June 2016 at 13:25
> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> HI Ivan,
>
>  
>
> The logfile tells that there is a constraint error because the object
> already exists.
>
> But that is absolutely not true. I’ve looked in the AD domain and
> forest for the same account, but it doesn’t exist.
>
>  
>
> I’ve included the log in the mail.
>
>  
>
> Thanks,
>
> Dick
>
>  
>
> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
> Ivan Noris <ivan.noris at evolveum.com>
> *Organization: *Evolveum, s.r.o.
> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
> *Date: *Wednesday 29 June 2016 at 09:19
> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>  
>
> Hi Dick,
>
> I don't see anything obvious yet.
> Please try to get:
> 1) stack trace from midpoint idm.log when this operation fails
> 2) the (red) result can be clicked and whole tree of operations will
> be displayed. Somewhere will be ICF Create or ICF Update operation
> logged, including the parameters from provisioning. This would help to
> see what was sent to the connector.
>
> Also tracing org.identityconnectors.framework.api during this
> operation would help too. (idm.log will contain the information)
>
> The cn=ldap.test,... account is the one you are trying to create,
> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>
> Ivan
>
> On 06/29/2016 07:36 AM, Dick Muller wrote:
>
>     Hi Ivan,
>
>      
>
>     I get an error when I add a projection to the user with an LDAPS
>     connection.
>
>     (See the attachment)
>
>     I’ve checked the synchronization mappings and synchronization tab.
>     I’ve got the reconcile checked and kind and intent correctly
>     configured.
>
>      
>
>     Thanks,
>
>      
>
>     Dick
>
>      
>
>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>     *Organization: *Evolveum, s.r.o.
>     *Reply-To: *midPoint General Discussion
>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>     *Date: *Tuesday 28 June 2016 at 15:17
>     *To: *"midpoint at lists.evolveum.com"
>     <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
>     <mailto:midpoint at lists.evolveum.com>
>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>
>      
>
>     Hi Dick,
>
>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>     1.4.2.17 (including AdLdap).
>
>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>     connector version was tagged as 1.4.2.17, so that should be the
>     version you want to use.
>
>     What sync problems with 1.4.2.x are you referring to?
>
>     The error message means that there is no connector (JAR)
>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>
>     You need to update all resources referencing to the
>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the
>     oid in connectorRef in the resources, as we were discussing during
>     the training.
>
>     Best regards,
>     Ivan
>
>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>
>         Hi,
>
>         I upgraded to the latest 3.4 version and wanted to install
>         ADLDAP connectors.
>
>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>         gives problems during syncing. I think this is already
>         described in JIRA.
>
>         I want to use the latest version 1.4.3.0-snapshot but get an
>         error during TEST of the resource.
>
>          
>
>         I’ve included the Error message as attachment.
>
>          
>
>         Hope somebody can help me with this.
>
>          
>
>         Regards,
>
>          
>
>         ------------------------------------------------------------------------
>
>         *Dick Muller*
>
>         Senior Systems Engineer
>
>         Delftechpark 37i
>         2628 XJ Delft*
>         d*: +31 88 2682586 
>         *m:* +31 6 46477690
>
>         <http://www.tahzoo.com/>
>
>          
>
>
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
>
>     -- 
>
>       Ing. Ivan Noris
>
>       Senior Identity Management Engineer & IDM Architect
>
>       evolveum.com                     evolveum.com/blog/
>
>       ___________________________________________________
>
>       "Semper ID(e)M Vix."
>
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/8592cd51/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/8592cd51/attachment.png>

From mmarchese at identicum.com  Wed Jun 29 20:23:20 2016
From: mmarchese at identicum.com (Martin Marchese)
Date: Wed, 29 Jun 2016 15:23:20 -0300
Subject: [midPoint] Role-Entitlement Assignment
In-Reply-To: <5773E40F.8040906@evolveum.com>
References: <CAG3rmdpVDGRDPzJGKXMtjZd+1j8U4Z9HoN6K3Rq-G5a=L521wQ@mail.gmail.com>
 <5773E40F.8040906@evolveum.com>
Message-ID: <CAG3rmdqfqY=-qSV0w42t-5bSHwec=40GiLtfjL=YZMKQpg6hqg@mail.gmail.com>

Thanks Ivan, I'll try this.

Is there a way to do this assignment from the MidPoint UI? The end-user is
not tech, so it will be great if they can do this kind of assignment from
the UI.

Regards,

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com

On Wed, Jun 29, 2016 at 12:06 PM, Ivan Noris <ivan.noris at evolveum.com>
wrote:

> Hi Martin,
>
> you can use associationTargetSearch in role:
>
> . . .
>     <inducement>
>         <construction>
>                 <resourceRef oid="00000000-dc00-dc00-0001-100000000002"
> type="c:ResourceType"/>
>         <kind>account</kind>
>         <association>
>             <ref>ri:group</ref>
>             <outbound>
>                 <strength>strong</strength>
>                 <expression>
>                     <associationTargetSearch>
>                         <filter>
>                             <q:equal>
>                                 <q:path>attributes/ri:dn</q:path>
>
> <q:value>cn=group1,ou=foo,ou=bar,dc=example,dc=com</q:value>
>                             </q:equal>
>                         </filter>
>                        <searchStrategy>onResourceIfNeeded</searchStrategy>
>                     </associationTargetSearch>
>                 </expression>
>             </outbound>
>           </association>
>         </construction>
>       </inducement>
> ...
>
> The above example tries to construct an account (intent is not specified,
> thus default) and associate with an entitlement, which has "ri:dn"
> attribute equal to "cn=group1,ou=foo,ou=bar,dc=example,dc=com". This will
> search the group on the resource.
> The shadow will be created after the group is found. Further associations
> will use the shadow instead of looking up (searching) on resource.
>
> Regards,
> Ivan
>
>
> On 06/29/2016 04:56 PM, Martin Marchese wrote:
>
> Hi All!,
>
> I have a question on Role-Entitlement assignment:
>
> I have an Entitlement representing LDAP groups (it does not exist in
> midpoint, just in the resource, so it does not have a shadow).
>
> I found the following example:
> <assignment>
>     <construction>
>         <resourceRef oid="10000000-0000-0000-0000-000000000004" type=
> "c:ResourceType"/>
>         <kind>account</kind>
>         <association>
>             <ref>ri:group</ref>
>             <outbound>
>                 <expression>
>                     <value>
>                         <shadowRef oid=
> "20000000-0000-0000-3333-000000000001"/>
>                     </value>
>                 </expression>
>             </outbound>
>         </association>
>     </construction>
> </assignment>
>
> However, as I don't have the shadow created in MidPoint, I can't add the
> shadow OID for reference. Is there a way to achieve this and not creating
> the object within MidPoint?
>
> Another question, as this assignment will probably be done a non-tech
> customer, is there a way to do this assignment thru the UI?
>
> Thanks in advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/91383757/attachment.htm>

From fstingaciu at mirantis.com  Wed Jun 29 21:08:00 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Wed, 29 Jun 2016 12:08:00 -0700
Subject: [midPoint] 3.4 Upgrade issues
Message-ID: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>

Hello,

I just tried upgrading from 3.3.1 to 3.4 and as soon as I start tomcat7, I
get the following errors:

http://pastebin.com/itePGbGn

When I try to access it via my browser it just loads indefinitely.

Also to make matters worse, when I try to revert to my previous version, it
fails with the same error.

Any help would be greatly appreciated, as right now I don't have have a
working Midpoint instance anymore.

Thanks,
-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/905e9682/attachment.htm>

From smckinney at symas.com  Wed Jun 29 21:14:02 2016
From: smckinney at symas.com (Shawn McKinney)
Date: Wed, 29 Jun 2016 14:14:02 -0500
Subject: [midPoint] 3.4 Upgrade issues
In-Reply-To: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
References: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
Message-ID: <15B81CC7-C41B-44B6-9522-6C1658126BBF@symas.com>


> On Jun 29, 2016, at 2:08 PM, Florin. Stingaciu <fstingaciu at mirantis.com> wrote:
> 
> 
> I just tried upgrading from 3.3.1 to 3.4 and as soon as I start tomcat7, I get the following errors: 
> 
> http://pastebin.com/itePGbGn
> 
> When I try to access it via my browser it just loads indefinitely. 
> 
> Also to make matters worse, when I try to revert to my previous version, it fails with the same error. 
> 
> Any help would be greatly appreciated, as right now I don't have have a working Midpoint instance anymore. 
> 

Florin the error you have pasted isn’t ringing a bell for me but when I first tried the upgrade last week I too had some errors when I restarted tomcat.  What I learned was in addition to redeploying with the new war file, I had to run the postgres update script and delete the previous ldap connector.  

It’s is described a bit here:
https://wiki.evolveum.com/display/midPoint/Release+3.4#Release3.4-UpgradefrommidPoint3.3and3.3.1

Once I performed those steps everything was fine again.  

Hope this helps.

Shawn

From fstingaciu at mirantis.com  Wed Jun 29 21:27:15 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Wed, 29 Jun 2016 12:27:15 -0700
Subject: [midPoint] 3.4 Upgrade issues
In-Reply-To: <15B81CC7-C41B-44B6-9522-6C1658126BBF@symas.com>
References: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
 <15B81CC7-C41B-44B6-9522-6C1658126BBF@symas.com>
Message-ID: <CAMQHPY3N9zj7gaL90WqPPWH278k7Yby82sREhRx5bwBNJj0MOw@mail.gmail.com>

Hey Shawn,

Thanks for the quick reply, but I don't believe this is my issue as I was
running trunk and already had to perform the DB patches.

Thanks,
-F

On Wed, Jun 29, 2016 at 12:14 PM, Shawn McKinney <smckinney at symas.com>
wrote:

>
> > On Jun 29, 2016, at 2:08 PM, Florin. Stingaciu <fstingaciu at mirantis.com>
> wrote:
> >
> >
> > I just tried upgrading from 3.3.1 to 3.4 and as soon as I start tomcat7,
> I get the following errors:
> >
> > http://pastebin.com/itePGbGn
> >
> > When I try to access it via my browser it just loads indefinitely.
> >
> > Also to make matters worse, when I try to revert to my previous version,
> it fails with the same error.
> >
> > Any help would be greatly appreciated, as right now I don't have have a
> working Midpoint instance anymore.
> >
>
> Florin the error you have pasted isn’t ringing a bell for me but when I
> first tried the upgrade last week I too had some errors when I restarted
> tomcat.  What I learned was in addition to redeploying with the new war
> file, I had to run the postgres update script and delete the previous ldap
> connector.
>
> It’s is described a bit here:
>
> https://wiki.evolveum.com/display/midPoint/Release+3.4#Release3.4-UpgradefrommidPoint3.3and3.3.1
>
> Once I performed those steps everything was fine again.
>
> Hope this helps.
>
> Shawn
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/50d995da/attachment.htm>

From ivan.noris at evolveum.com  Wed Jun 29 22:04:09 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Wed, 29 Jun 2016 22:04:09 +0200
Subject: [midPoint] Role-Entitlement Assignment
In-Reply-To: <CAG3rmdqfqY=-qSV0w42t-5bSHwec=40GiLtfjL=YZMKQpg6hqg@mail.gmail.com>
References: <CAG3rmdpVDGRDPzJGKXMtjZd+1j8U4Z9HoN6K3Rq-G5a=L521wQ@mail.gmail.com>
 <5773E40F.8040906@evolveum.com>
 <CAG3rmdqfqY=-qSV0w42t-5bSHwec=40GiLtfjL=YZMKQpg6hqg@mail.gmail.com>
Message-ID: <577429B9.8000508@evolveum.com>

Hi Martin,

if you create the role, it can be assigned as a role assignment, so all
the end user knows is a name of the role. The role may just construct
the account, set attribute values (similar/additional to schema handling
mappings) and associate the account with entitlements. That's all
encapsulated in the role.

But the role with the association must be defined and imported from XML
file - at least for now.

Regards,
Ivan

On 06/29/2016 08:23 PM, Martin Marchese wrote:
> Thanks Ivan, I'll try this.
>
> Is there a way to do this assignment from the MidPoint UI? The
> end-user is not tech, so it will be great if they can do this kind of
> assignment from the UI.
>
> Regards,
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Anchorena 1357 PB
> Tel: +54 (11) 3526.5509
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
> On Wed, Jun 29, 2016 at 12:06 PM, Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> wrote:
>
>     Hi Martin,
>
>     you can use associationTargetSearch in role:
>
>     . . .
>         <inducement>
>             <construction>
>                     <resourceRef
>     oid="00000000-dc00-dc00-0001-100000000002" type="c:ResourceType"/>
>             <kind>account</kind>
>             <association>
>                 <ref>ri:group</ref>
>                 <outbound>
>                     <strength>strong</strength>
>                     <expression>
>                         <associationTargetSearch>
>                             <filter>
>                                 <q:equal>
>                                     <q:path>attributes/ri:dn</q:path>
>                                    
>     <q:value>cn=group1,ou=foo,ou=bar,dc=example,dc=com</q:value>
>                                 </q:equal>
>                             </filter>
>                           
>     <searchStrategy>onResourceIfNeeded</searchStrategy>
>                         </associationTargetSearch>
>                     </expression>
>                 </outbound>
>               </association>
>             </construction>
>           </inducement>
>     ...
>
>     The above example tries to construct an account (intent is not
>     specified, thus default) and associate with an entitlement, which
>     has "ri:dn" attribute equal to
>     "cn=group1,ou=foo,ou=bar,dc=example,dc=com". This will search the
>     group on the resource.
>     The shadow will be created after the group is found. Further
>     associations will use the shadow instead of looking up (searching)
>     on resource.
>
>     Regards,
>     Ivan
>
>
>     On 06/29/2016 04:56 PM, Martin Marchese wrote:
>>     Hi All!,
>>
>>     I have a question on Role-Entitlement assignment:
>>
>>     I have an Entitlement representing LDAP groups (it does not exist
>>     in midpoint, just in the resource, so it does not have a shadow).
>>
>>     I found the following example:
>>     |<||assignment||>|
>>     |    ||<||construction||>|
>>     |        ||<||resourceRef| |oid||=||"10000000-0000-0000-0000-000000000004"| |type||=||"c:ResourceType"||/>|
>>     |        ||<||kind||>account</||kind||>|
>>     |        ||<||association||>|
>>     |            ||<||ref||>ri:group</||ref||>|
>>     |            ||<||outbound||>|
>>     |                ||<||expression||>|
>>     |                    ||<||value||>|
>>     |                        ||<||shadowRef| |oid||=||"20000000-0000-0000-3333-000000000001"||/>|
>>     |                    ||</||value||>|
>>     |                ||</||expression||>|
>>     |            ||</||outbound||>|
>>     |        ||</||association||>|
>>     |    ||</||construction||>|
>>     |</||assignment||>|
>>
>>     However, as I don't have the shadow created in MidPoint, I can't
>>     add the shadow OID for reference. Is there a way to achieve this
>>     and not creating the object within MidPoint?
>>     |
>>     |
>>     |Another question, as this assignment will probably be done a
>>     non-tech customer, is there a way to do this assignment thru the UI?|
>>     |
>>     |
>>     |Thanks in advance|
>>
>>
>>     *Ing. Martín Marchese*
>>     Identicum S.A.
>>     Anchorena 1357 PB
>>     Tel: +54 (11) 3526.5509
>>     mmarchese at identicum.com <mailto:mmarchese at identicum.com>
>>     www.identicum.com <http://www.identicum.com>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper ID(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/f530731d/attachment.htm>

From mederly at evolveum.com  Wed Jun 29 22:05:55 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Wed, 29 Jun 2016 22:05:55 +0200
Subject: [midPoint] 3.4 Upgrade issues
In-Reply-To: <CAMQHPY3N9zj7gaL90WqPPWH278k7Yby82sREhRx5bwBNJj0MOw@mail.gmail.com>
References: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
 <15B81CC7-C41B-44B6-9522-6C1658126BBF@symas.com>
 <CAMQHPY3N9zj7gaL90WqPPWH278k7Yby82sREhRx5bwBNJj0MOw@mail.gmail.com>
Message-ID: <cd9b5727-ae04-a540-5a44-6acdfadf2e0b@evolveum.com>

Hello Florin,

this is really strange. The errors you see in the log file are probably 
caused by version mismatch of LDAP connector (1.4.3.0-SNAPSHOT in 
pre-3.4 version versus 1.4.2.17 in 3.4).

But these errors by themselves shouldn't prevent you from logging in.

Actually I have almost no idea what could went wrong.

Please, could you share last 50-100 lines from your tomcat access log 
file? Hopefully me or somebody else would be able to look at it tomorrow.

Best regards,

Pavol



On 29.06.2016 21:27, Florin. Stingaciu wrote:
> Hey Shawn,
>
> Thanks for the quick reply, but I don't believe this is my issue as I 
> was running trunk and already had to perform the DB patches.
>
> Thanks,
> -F
>
> On Wed, Jun 29, 2016 at 12:14 PM, Shawn McKinney <smckinney at symas.com 
> <mailto:smckinney at symas.com>> wrote:
>
>
>     > On Jun 29, 2016, at 2:08 PM, Florin. Stingaciu
>     <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>> wrote:
>     >
>     >
>     > I just tried upgrading from 3.3.1 to 3.4 and as soon as I start
>     tomcat7, I get the following errors:
>     >
>     > http://pastebin.com/itePGbGn
>     >
>     > When I try to access it via my browser it just loads indefinitely.
>     >
>     > Also to make matters worse, when I try to revert to my previous
>     version, it fails with the same error.
>     >
>     > Any help would be greatly appreciated, as right now I don't have
>     have a working Midpoint instance anymore.
>     >
>
>     Florin the error you have pasted isn’t ringing a bell for me but
>     when I first tried the upgrade last week I too had some errors
>     when I restarted tomcat.  What I learned was in addition to
>     redeploying with the new war file, I had to run the postgres
>     update script and delete the previous ldap connector.
>
>     It’s is described a bit here:
>     https://wiki.evolveum.com/display/midPoint/Release+3.4#Release3.4-UpgradefrommidPoint3.3and3.3.1
>
>     Once I performed those steps everything was fine again.
>
>     Hope this helps.
>
>     Shawn
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/fe0e748a/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun 30 08:04:23 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 30 Jun 2016 08:04:23 +0200
Subject: [midPoint] 3.4 Upgrade issues
In-Reply-To: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
References: <CAMQHPY2APR-pqb+P0zc5cdYnBBc2a3=zuXe0KmM0GbcZQsirGg@mail.gmail.com>
Message-ID: <5774B667.4090108@evolveum.com>

Hi Florin,

are you trying to log in as user who has projection on LDAP resource?
Are you able to login as administrator?

If you are able to login as administrator, can you please test
connection for the LDAP resource? For me it also seems to be a problem
with 1.4.3.0-SNAPSHOT connector (which does not exist after upgrade;
1.4.2.17 exists).

Ivan

On 06/29/2016 09:08 PM, Florin. Stingaciu wrote:
> Hello, 
>
> I just tried upgrading from 3.3.1 to 3.4 and as soon as I start
> tomcat7, I get the following errors: 
>
> http://pastebin.com/itePGbGn
>
> When I try to access it via my browser it just loads indefinitely. 
>
> Also to make matters worse, when I try to revert to my previous
> version, it fails with the same error. 
>
> Any help would be greatly appreciated, as right now I don't have have
> a working Midpoint instance anymore. 
>
> Thanks, 
> -F 
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/c04652f6/attachment.htm>

From dick.muller at tahzoo.com  Thu Jun 30 09:44:22 2016
From: dick.muller at tahzoo.com (Dick Muller)
Date: Thu, 30 Jun 2016 07:44:22 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <5773F670.7090502@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>,
 <5773F670.7090502@evolveum.com>
Message-ID: <BY1PR0601MB1192FF5DDAF10A85B230AC3696240@BY1PR0601MB1192.namprd06.prod.outlook.com>

Hi Ivan,


Maybe good to know.


I solved it. The problem was that the CNvalue was different from the CN part in the DN.

That has to be the same and therefor it resulted in an error.


Thanks for your help.


Dick

________________________________
Van: midPoint <midpoint-bounces at lists.evolveum.com> namens Ivan Noris <ivan.noris at evolveum.com>
Verzonden: woensdag 29 juni 2016 18:25:20
Aan: midPoint General Discussion
Onderwerp: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

FYI I have just tried resource-localhost.xml from testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa correctly, I was able to create an account using Add projection without any problems. I have not changed anything in the sample.

Strange enough :-) I have not touched ri:cn at all. But of course my objectCategory DN is valid.

FYI I was trying to send userPrincipalName attribute as user at domain@domain (because of bad mapping) and the error message returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0". But tracing showed the value I was trying to send, so it helped me to diagnose it instantly.

Regards,
Ivan

On 06/29/2016 01:57 PM, Dick Muller wrote:
Ivan,

I used a sample LDAP resource file and seems that the attribute (that I do not need btw) with the name objectCategory was giving problems.
Now I have anoter error, stating that the object can’t be created because of an invalied attribute.

The error log is in the attachments of this mail.

I hope you can think of something, because we are talking about pretty standard attributes I think.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller <dick.muller at tahzoo.com><mailto:dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 13:25
To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

HI Ivan,

The logfile tells that there is a constraint error because the object already exists.
But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

I’ve included the log in the mail.

Thanks,
Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan
On 06/29/2016 07:36 AM, Dick Muller wrote:
Hi Ivan,

I get an error when I add a projection to the user with an LDAPS connection.
(See the attachment)
I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

Thanks,

Dick

From: midPoint <midpoint-bounces at lists.evolveum.com><mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris <ivan.noris at evolveum.com><mailto:ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To: "midpoint at lists.evolveum.com"<mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com><mailto:midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan
On 06/28/2016 03:05 PM, Dick Muller wrote:
Hi,
I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.
I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.
I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

I’ve included the Error message as attachment.

Hope somebody can help me with this.

Regards,

________________________________
Dick Muller
Senior Systems Engineer
Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586
m: +31 6 46477690
[cid:part6.06010305.09040709 at evolveum.com]<http://www.tahzoo.com/>








_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint






--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."





_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint




--

  Ing. Ivan Noris

  Senior Identity Management Engineer & IDM Architect

  evolveum.com                     evolveum.com/blog/

  ___________________________________________________

  "Semper ID(e)M Vix."



_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint



--
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/9a63c28a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ATT00001.png
Type: image/png
Size: 7593 bytes
Desc: ATT00001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/9a63c28a/attachment.png>

From ivan.noris at evolveum.com  Thu Jun 30 09:47:01 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 30 Jun 2016 09:47:01 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <BY1PR0601MB1192FF5DDAF10A85B230AC3696240@BY1PR0601MB1192.namprd06.prod.outlook.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
 <5773F670.7090502@evolveum.com>
 <BY1PR0601MB1192FF5DDAF10A85B230AC3696240@BY1PR0601MB1192.namprd06.prod.outlook.com>
Message-ID: <5774CE75.2080206@evolveum.com>

Hi Dick,

this makes sense now; in my experiments both were based on the same
value. I will try to retest without having attribute configuration for
CN at all.

Thank you for reporting back.

Regards,
Ivan

On 06/30/2016 09:44 AM, Dick Muller wrote:
>
> Hi Ivan,
>
>
> Maybe good to know.
>
>
> I solved it. The problem was that the CNvalue was different from the
> CN part in the DN.
>
> That has to be the same and therefor it resulted in an error.
>
>
> Thanks for your help.
>
>
> Dick
>
> ------------------------------------------------------------------------
> *Van:* midPoint <midpoint-bounces at lists.evolveum.com> namens Ivan
> Noris <ivan.noris at evolveum.com>
> *Verzonden:* woensdag 29 juni 2016 18:25:20
> *Aan:* midPoint General Discussion
> *Onderwerp:* Re: [midPoint] LDAP connector 1.4.3 was not found
>  
> Hi Dick,
>
> FYI I have just tried resource-localhost.xml from
> testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa
> correctly, I was able to create an account using Add projection
> without any problems. I have not changed anything in the sample.
>
> Strange enough :-) I have not touched ri:cn at all. But of course my
> objectCategory DN is valid.
>
> FYI I was trying to send userPrincipalName attribute as
> user at domain@domain (because of bad mapping) and the error message
> returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22
> (Invalid argument), data 0". But tracing showed the value I was trying
> to send, so it helped me to diagnose it instantly.
>
> Regards,
> Ivan
>
> On 06/29/2016 01:57 PM, Dick Muller wrote:
>>
>> Ivan,
>>
>>  
>>
>> I used a sample LDAP resource file and seems that the attribute (that
>> I do not need btw) with the name objectCategory was giving problems.
>>
>> Now I have anoter error, stating that the object can’t be created
>> because of an invalied attribute.
>>
>>  
>>
>> The error log is in the attachments of this mail.
>>
>>  
>>
>> I hope you can think of something, because we are talking about
>> pretty standard attributes I think.
>>
>>  
>>
>> Thanks,
>>
>> Dick
>>
>>  
>>
>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>> Dick Muller <dick.muller at tahzoo.com>
>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Date: *Wednesday 29 June 2016 at 13:25
>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>
>>  
>>
>> HI Ivan,
>>
>>  
>>
>> The logfile tells that there is a constraint error because the object
>> already exists.
>>
>> But that is absolutely not true. I’ve looked in the AD domain and
>> forest for the same account, but it doesn’t exist.
>>
>>  
>>
>> I’ve included the log in the mail.
>>
>>  
>>
>> Thanks,
>>
>> Dick
>>
>>  
>>
>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>> Ivan Noris <ivan.noris at evolveum.com>
>> *Organization: *Evolveum, s.r.o.
>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Date: *Wednesday 29 June 2016 at 09:19
>> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>
>>  
>>
>> Hi Dick,
>>
>> I don't see anything obvious yet.
>> Please try to get:
>> 1) stack trace from midpoint idm.log when this operation fails
>> 2) the (red) result can be clicked and whole tree of operations will
>> be displayed. Somewhere will be ICF Create or ICF Update operation
>> logged, including the parameters from provisioning. This would help
>> to see what was sent to the connector.
>>
>> Also tracing org.identityconnectors.framework.api during this
>> operation would help too. (idm.log will contain the information)
>>
>> The cn=ldap.test,... account is the one you are trying to create,
>> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>>
>> Ivan
>>
>> On 06/29/2016 07:36 AM, Dick Muller wrote:
>>
>>     Hi Ivan,
>>
>>      
>>
>>     I get an error when I add a projection to the user with an LDAPS
>>     connection.
>>
>>     (See the attachment)
>>
>>     I’ve checked the synchronization mappings and synchronization
>>     tab. I’ve got the reconcile checked and kind and intent correctly
>>     configured.
>>
>>      
>>
>>     Thanks,
>>
>>      
>>
>>     Dick
>>
>>      
>>
>>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>>     *Organization: *Evolveum, s.r.o.
>>     *Reply-To: *midPoint General Discussion
>>     <mailto:midpoint at lists.evolveum.com><midpoint at lists.evolveum.com>
>>     *Date: *Tuesday 28 June 2016 at 15:17
>>     *To: *"midpoint at lists.evolveum.com"
>>     <mailto:midpoint at lists.evolveum.com>
>>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>
>>      
>>
>>     Hi Dick,
>>
>>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>>     1.4.2.17 (including AdLdap).
>>
>>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>>     connector version was tagged as 1.4.2.17, so that should be the
>>     version you want to use.
>>
>>     What sync problems with 1.4.2.x are you referring to?
>>
>>     The error message means that there is no connector (JAR)
>>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>>
>>     You need to update all resources referencing to the
>>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing
>>     the oid in connectorRef in the resources, as we were discussing
>>     during the training.
>>
>>     Best regards,
>>     Ivan
>>
>>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>>
>>         Hi,
>>
>>         I upgraded to the latest 3.4 version and wanted to install
>>         ADLDAP connectors.
>>
>>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>>         gives problems during syncing. I think this is already
>>         described in JIRA.
>>
>>         I want to use the latest version 1.4.3.0-snapshot but get an
>>         error during TEST of the resource.
>>
>>          
>>
>>         I’ve included the Error message as attachment.
>>
>>          
>>
>>         Hope somebody can help me with this.
>>
>>          
>>
>>         Regards,
>>
>>          
>>
>>         ------------------------------------------------------------------------
>>
>>         *Dick Muller*
>>
>>         Senior Systems Engineer
>>
>>         Delftechpark 37i
>>         2628 XJ Delft*
>>         d*: +31 88 2682586 
>>         *m:* +31 6 46477690
>>
>>         <http://www.tahzoo.com/>
>>
>>          
>>
>>
>>
>>
>>
>>
>>
>>         _______________________________________________
>>
>>         midPoint mailing list
>>
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>
>>
>>     -- 
>>
>>       Ing. Ivan Noris
>>
>>       Senior Identity Management Engineer & IDM Architect
>>
>>       evolveum.com                     evolveum.com/blog/
>>
>>       ___________________________________________________
>>
>>       "Semper ID(e)M Vix."
>>
>>
>>
>>
>>
>>     _______________________________________________
>>
>>     midPoint mailing list
>>
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> -- 
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/8d946870/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/8d946870/attachment.png>

From mederly at evolveum.com  Thu Jun 30 15:27:29 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 15:27:29 +0200
Subject: [midPoint] assignment checking
In-Reply-To: <CAE8MtZDc=UESknfLqAbvJ-hAsqXf78tfvspjm4if6kCoMLiiKw@mail.gmail.com>
References: <CAE8MtZDc=UESknfLqAbvJ-hAsqXf78tfvspjm4if6kCoMLiiKw@mail.gmail.com>
Message-ID: <70827a95-35ba-8176-43c6-7dda752d9992@evolveum.com>

Hello Oskar,

I don't quite understand your situation.

 1. You create a user of 'employee' type and automatically assign him
    Employee role. OK.
 2. Then he leaves the company.
 3. You say that his account is cancelled by assigning ExpiredEmployee role.

Why don't you simply unassign the Employee role?

---

But back to your question: you can simply check all directly assigned 
roles by iterating through user.getAssignment() objects (of 
AssignmentType), and selecting those with getTargetRef() != null and 
getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).

Best regards,

Pavol


On 28.06.2016 15:15, Oskar Butovič - AMI Praha a.s. wrote:
> Hello All,
>
> I am trying to check in mapping in user template wether the user has 
> particular role.
>
> for example following scenario
> i create new user with identityType (extension parameter) employee. I 
> wan to assign role Employee to users with this type.
> in some time employee leaves company and his account is cancelled by 
> assigning expiredEmployee role
>
> i understand that so far it can be made by setting 
> <authoritative>true</authoritative>
>
> but i also want for this role to be kept when user is editted ad his 
> identity Type is no longer employee.
>
> this could be done with <authoritative>false</authoritative> but it 
> then prevent prevoius scenario. If i would be able to check current 
> roles of the user i could accomplish all required behaviour 
> with <authoritative>true</authoritative>.
>
> Do you have any advice or code snippet how to resolve this problem?
>
> Regards
>
> Oskar Butovič
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 			
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 			
>
> AMI Praha a.s.
>
>
> AMI Praha a.s. 
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za 
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/04ef3d65/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun 30 15:54:38 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 30 Jun 2016 15:54:38 +0200
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <5774CE75.2080206@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
 <5773F670.7090502@evolveum.com>
 <BY1PR0601MB1192FF5DDAF10A85B230AC3696240@BY1PR0601MB1192.namprd06.prod.outlook.com>
 <5774CE75.2080206@evolveum.com>
Message-ID: <5775249E.9010902@evolveum.com>

So after my tests with the same resource config with removed ri:cn
attribute definition, and the same AD, the provisioning works. I have
tried Add and Rename.

So I think AD will either ignore the CN attribute completely, or just
work unless the CN is different from RDN (cn) in DN.

So either use CN mapping and DN mapping in the consistent way, or it
seems the CN mapping may be omitted.

Regards,
Ivan

On 06/30/2016 09:47 AM, Ivan Noris wrote:
> Hi Dick,
>
> this makes sense now; in my experiments both were based on the same
> value. I will try to retest without having attribute configuration for
> CN at all.
>
> Thank you for reporting back.
>
> Regards,
> Ivan
>
> On 06/30/2016 09:44 AM, Dick Muller wrote:
>>
>> Hi Ivan,
>>
>>
>> Maybe good to know.
>>
>>
>> I solved it. The problem was that the CNvalue was different from the
>> CN part in the DN.
>>
>> That has to be the same and therefor it resulted in an error.
>>
>>
>> Thanks for your help.
>>
>>
>> Dick
>>
>> ------------------------------------------------------------------------
>> *Van:* midPoint <midpoint-bounces at lists.evolveum.com> namens Ivan
>> Noris <ivan.noris at evolveum.com>
>> *Verzonden:* woensdag 29 juni 2016 18:25:20
>> *Aan:* midPoint General Discussion
>> *Onderwerp:* Re: [midPoint] LDAP connector 1.4.3 was not found
>>  
>> Hi Dick,
>>
>> FYI I have just tried resource-localhost.xml from
>> testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa
>> correctly, I was able to create an account using Add projection
>> without any problems. I have not changed anything in the sample.
>>
>> Strange enough :-) I have not touched ri:cn at all. But of course my
>> objectCategory DN is valid.
>>
>> FYI I was trying to send userPrincipalName attribute as
>> user at domain@domain (because of bad mapping) and the error message
>> returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22
>> (Invalid argument), data 0". But tracing showed the value I was
>> trying to send, so it helped me to diagnose it instantly.
>>
>> Regards,
>> Ivan
>>
>> On 06/29/2016 01:57 PM, Dick Muller wrote:
>>>
>>> Ivan,
>>>
>>>  
>>>
>>> I used a sample LDAP resource file and seems that the attribute
>>> (that I do not need btw) with the name objectCategory was giving
>>> problems.
>>>
>>> Now I have anoter error, stating that the object can’t be created
>>> because of an invalied attribute.
>>>
>>>  
>>>
>>> The error log is in the attachments of this mail.
>>>
>>>  
>>>
>>> I hope you can think of something, because we are talking about
>>> pretty standard attributes I think.
>>>
>>>  
>>>
>>> Thanks,
>>>
>>> Dick
>>>
>>>  
>>>
>>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>>> Dick Muller <dick.muller at tahzoo.com>
>>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Date: *Wednesday 29 June 2016 at 13:25
>>> *To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>  
>>>
>>> HI Ivan,
>>>
>>>  
>>>
>>> The logfile tells that there is a constraint error because the
>>> object already exists.
>>>
>>> But that is absolutely not true. I’ve looked in the AD domain and
>>> forest for the same account, but it doesn’t exist.
>>>
>>>  
>>>
>>> I’ve included the log in the mail.
>>>
>>>  
>>>
>>> Thanks,
>>>
>>> Dick
>>>
>>>  
>>>
>>> *From: *midPoint <midpoint-bounces at lists.evolveum.com> on behalf of
>>> Ivan Noris <ivan.noris at evolveum.com>
>>> *Organization: *Evolveum, s.r.o.
>>> *Reply-To: *midPoint General Discussion <midpoint at lists.evolveum.com>
>>> *Date: *Wednesday 29 June 2016 at 09:19
>>> *To: *"midpoint at lists.evolveum.com" <midpoint at lists.evolveum.com>
>>> *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>  
>>>
>>> Hi Dick,
>>>
>>> I don't see anything obvious yet.
>>> Please try to get:
>>> 1) stack trace from midpoint idm.log when this operation fails
>>> 2) the (red) result can be clicked and whole tree of operations will
>>> be displayed. Somewhere will be ICF Create or ICF Update operation
>>> logged, including the parameters from provisioning. This would help
>>> to see what was sent to the connector.
>>>
>>> Also tracing org.identityconnectors.framework.api during this
>>> operation would help too. (idm.log will contain the information)
>>>
>>> The cn=ldap.test,... account is the one you are trying to create,
>>> right? Does "ou=Employees DC" exist in OU=Tahzoo?
>>>
>>> Ivan
>>>
>>> On 06/29/2016 07:36 AM, Dick Muller wrote:
>>>
>>>     Hi Ivan,
>>>
>>>      
>>>
>>>     I get an error when I add a projection to the user with an LDAPS
>>>     connection.
>>>
>>>     (See the attachment)
>>>
>>>     I’ve checked the synchronization mappings and synchronization
>>>     tab. I’ve got the reconcile checked and kind and intent
>>>     correctly configured.
>>>
>>>      
>>>
>>>     Thanks,
>>>
>>>      
>>>
>>>     Dick
>>>
>>>      
>>>
>>>     *From: *midPoint <midpoint-bounces at lists.evolveum.com>
>>>     <mailto:midpoint-bounces at lists.evolveum.com> on behalf of Ivan
>>>     Noris <ivan.noris at evolveum.com> <mailto:ivan.noris at evolveum.com>
>>>     *Organization: *Evolveum, s.r.o.
>>>     *Reply-To: *midPoint General Discussion
>>>     <mailto:midpoint at lists.evolveum.com><midpoint at lists.evolveum.com>
>>>     *Date: *Tuesday 28 June 2016 at 15:17
>>>     *To: *"midpoint at lists.evolveum.com"
>>>     <mailto:midpoint at lists.evolveum.com>
>>>     <midpoint at lists.evolveum.com> <mailto:midpoint at lists.evolveum.com>
>>>     *Subject: *Re: [midPoint] LDAP connector 1.4.3 was not found
>>>
>>>      
>>>
>>>     Hi Dick,
>>>
>>>     AFAIK with midPoint 3.4 you should see LDAP connectors version
>>>     1.4.2.17 (including AdLdap).
>>>
>>>     The 1.4.3.0-SNAPSHOT was used during 3.4 development and that
>>>     connector version was tagged as 1.4.2.17, so that should be the
>>>     version you want to use.
>>>
>>>     What sync problems with 1.4.2.x are you referring to?
>>>
>>>     The error message means that there is no connector (JAR)
>>>     referenced by Connector repository object (1.4.3.0-SNAPSHOT).
>>>
>>>     You need to update all resources referencing to the
>>>     1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing
>>>     the oid in connectorRef in the resources, as we were discussing
>>>     during the training.
>>>
>>>     Best regards,
>>>     Ivan
>>>
>>>     On 06/28/2016 03:05 PM, Dick Muller wrote:
>>>
>>>         Hi,
>>>
>>>         I upgraded to the latest 3.4 version and wanted to install
>>>         ADLDAP connectors.
>>>
>>>         I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version
>>>         gives problems during syncing. I think this is already
>>>         described in JIRA.
>>>
>>>         I want to use the latest version 1.4.3.0-snapshot but get an
>>>         error during TEST of the resource.
>>>
>>>          
>>>
>>>         I’ve included the Error message as attachment.
>>>
>>>          
>>>
>>>         Hope somebody can help me with this.
>>>
>>>          
>>>
>>>         Regards,
>>>
>>>          
>>>
>>>         ------------------------------------------------------------------------
>>>
>>>         *Dick Muller*
>>>
>>>         Senior Systems Engineer
>>>
>>>         Delftechpark 37i
>>>         2628 XJ Delft*
>>>         d*: +31 88 2682586 
>>>         *m:* +31 6 46477690
>>>
>>>         <http://www.tahzoo.com/>
>>>
>>>          
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>
>>>         midPoint mailing list
>>>
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>
>>>
>>>     -- 
>>>
>>>       Ing. Ivan Noris
>>>
>>>       Senior Identity Management Engineer & IDM Architect
>>>
>>>       evolveum.com                     evolveum.com/blog/
>>>
>>>       ___________________________________________________
>>>
>>>       "Semper ID(e)M Vix."
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>
>>>     midPoint mailing list
>>>
>>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>
>>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>> -- 
>>>   Ing. Ivan Noris
>>>   Senior Identity Management Engineer & IDM Architect
>>>   evolveum.com                     evolveum.com/blog/
>>>   ___________________________________________________
>>>   "Semper ID(e)M Vix."
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/65766fac/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/65766fac/attachment.png>

From oskar.butovic at ami.cz  Thu Jun 30 15:59:39 2016
From: oskar.butovic at ami.cz (=?UTF-8?Q?Oskar_Butovi=C4=8D_=2D_AMI_Praha_a=2Es=2E?=)
Date: Thu, 30 Jun 2016 15:59:39 +0200
Subject: [midPoint] assignment checking
In-Reply-To: <70827a95-35ba-8176-43c6-7dda752d9992@evolveum.com>
References: <CAE8MtZDc=UESknfLqAbvJ-hAsqXf78tfvspjm4if6kCoMLiiKw@mail.gmail.com>
 <70827a95-35ba-8176-43c6-7dda752d9992@evolveum.com>
Message-ID: <CAE8MtZCCAk-Qky11nQ+ZeYaZ8YxdwiphR4q=DsQWQ4OxW2MKGQ@mail.gmail.com>

Hello Pavol,

Employee role gives th user accounts in AD and GoogleApps. After he leaves
company it is still desired to keep him in AD. So I made mappings which
switches employee role with AD and GA accounts for ExEmployee role with
only AD account.

---

Thanks for advice. I will try it and mail my results.

Best Regards,

Oskar

2016-06-30 15:27 GMT+02:00 Pavol Mederly <mederly at evolveum.com>:

> Hello Oskar,
>
> I don't quite understand your situation.
>
>    1. You create a user of 'employee' type and automatically assign him
>    Employee role. OK.
>    2. Then he leaves the company.
>    3. You say that his account is cancelled by assigning ExpiredEmployee
>    role.
>
> Why don't you simply unassign the Employee role?
>
> ---
>
> But back to your question: you can simply check all directly assigned
> roles by iterating through user.getAssignment() objects (of
> AssignmentType), and selecting those with getTargetRef() != null and
> getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).
>
> Best regards,
>
> Pavol
>
> On 28.06.2016 15:15, Oskar Butovič - AMI Praha a.s. wrote:
>
> Hello All,
>
> I am trying to check in mapping in user template wether the user has
> particular role.
>
> for example following scenario
> i create new user with identityType (extension parameter) employee. I wan
> to assign role Employee to users with this type.
> in some time employee leaves company and his account is cancelled by
> assigning expiredEmployee role
>
> i understand that so far it can be made by setting
> <authoritative>true</authoritative>
>
> but i also want for this role to be kept when user is editted ad his
> identity Type is no longer employee.
>
> this could be done with <authoritative>false</authoritative> but it then
> prevent prevoius scenario. If i would be able to check current roles of the
> user i could accomplish all required behaviour
> with <authoritative>true</authoritative>.
>
> Do you have any advice or code snippet how to resolve this problem?
>
> Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/dff40cbe/attachment.htm>

From ivan.noris at evolveum.com  Thu Jun 30 16:25:05 2016
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 30 Jun 2016 16:25:05 +0200
Subject: [midPoint] assignment checking
In-Reply-To: <CAE8MtZCCAk-Qky11nQ+ZeYaZ8YxdwiphR4q=DsQWQ4OxW2MKGQ@mail.gmail.com>
References: <CAE8MtZDc=UESknfLqAbvJ-hAsqXf78tfvspjm4if6kCoMLiiKw@mail.gmail.com>
 <70827a95-35ba-8176-43c6-7dda752d9992@evolveum.com>
 <CAE8MtZCCAk-Qky11nQ+ZeYaZ8YxdwiphR4q=DsQWQ4OxW2MKGQ@mail.gmail.com>
Message-ID: <57752BC1.8030508@evolveum.com>

Hi Oskar,

if you wish to keep the user account in AD after he leaves, you can
utilize "disable instead of delete" - unassignin the last role (e.g.
Employee) will disable the AD account instead of delete.

Would that help?
https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation#ResourceSchemaHandling:Activation-DisableonUnassign

Regards,
Ivan

On 06/30/2016 03:59 PM, Oskar Butovič - AMI Praha a.s. wrote:
> Hello Pavol,
>
> Employee role gives th user accounts in AD and GoogleApps. After he
> leaves company it is still desired to keep him in AD. So I made
> mappings which switches employee role with AD and GA accounts for
> ExEmployee role with only AD account.
>
> ---
>
> Thanks for advice. I will try it and mail my results.
>
> Best Regards,
>
> Oskar
>
> 2016-06-30 15:27 GMT+02:00 Pavol Mederly <mederly at evolveum.com
> <mailto:mederly at evolveum.com>>:
>
>     Hello Oskar,
>
>     I don't quite understand your situation.
>
>      1. You create a user of 'employee' type and automatically assign
>         him Employee role. OK.
>      2. Then he leaves the company.
>      3. You say that his account is cancelled by assigning
>         ExpiredEmployee role.
>
>     Why don't you simply unassign the Employee role?
>
>     ---
>
>     But back to your question: you can simply check all directly
>     assigned roles by iterating through user.getAssignment() objects
>     (of AssignmentType), and selecting those with getTargetRef() !=
>     null and getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).
>
>     Best regards,
>
>     Pavol
>
>
>     On 28.06.2016 15:15, Oskar Butovič - AMI Praha a.s. wrote:
>>     Hello All,
>>
>>     I am trying to check in mapping in user template wether the user
>>     has particular role.
>>
>>     for example following scenario
>>     i create new user with identityType (extension parameter)
>>     employee. I wan to assign role Employee to users with this type.
>>     in some time employee leaves company and his account is cancelled
>>     by assigning expiredEmployee role
>>
>>     i understand that so far it can be made by setting
>>     <authoritative>true</authoritative>
>>
>>     but i also want for this role to be kept when user is editted ad
>>     his identity Type is no longer employee.
>>
>>     this could be done with <authoritative>false</authoritative> but
>>     it then prevent prevoius scenario. If i would be able to check
>>     current roles of the user i could accomplish all required
>>     behaviour with <authoritative>true</authoritative>.
>>
>>     Do you have any advice or code snippet how to resolve this problem?
>>
>>     Regards
>>
>>     Oskar Butovič
>>
>>     -- 
>>
>>     Oskar Butovič
>>     solution architect
>>
>>     gsm: [+420] 774 480 101 <tel:%5B%2B420%5D%20774%20480%20101>
>>     e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>>
>>     	    	    	
>>
>>     AMI Praha a.s.
>>     Pláničkova 11
>>     162 00 Praha 6
>>     tel.: [+420] 274 783 239 <tel:%5B%2B420%5D%20274%20783%20239>
>>     web: www.ami.cz <http://www.ami.cz/>
>>
>>     	    	    	
>>
>>     AMI Praha a.s.
>>
>>
>>     AMI Praha a.s.
>>     <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>>
>>     Textem tohoto e-mailu podepisující neslibuje uzavřít ani
>>     neuzavírá za společnost AMI Praha a.s.
>>     jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>     výhradně písemnou formu.
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 	    	    	
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 	    	    	
>
> AMI Praha a.s.
>
>
> AMI Praha a.s.
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/57913b80/attachment.htm>

From mederly at evolveum.com  Thu Jun 30 17:44:45 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 17:44:45 +0200
Subject: [midPoint] Condition for inducment in Metarole
In-Reply-To: <0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz>
References: <0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz>
Message-ID: <c190f63d-b180-9145-1cd7-329eb7a58678@evolveum.com>

Hello Saule,

sorry for the late answer.

Yes, it is possible to add a condition for an inducement. This works for me:

    <inducement id="2">
       <construction>
          <resourceRef oid="b94c683d-517c-4c3e-a307-7c2bbe14453e" 
type="c:ResourceType"><!-- LDAP --></resourceRef>
          <kind>account</kind>
          <intent>default</intent>
          <association>
             <c:ref>ri:group</c:ref>
             <outbound>
                <expression>
                   <associationFromLink>
                      <projectionDiscriminator>
<kind>entitlement</kind>
<intent>group</intent>
                      </projectionDiscriminator>
                   </associationFromLink>
                </expression>
             </outbound>
          </association>
       </construction>
       <order>2</order>
       <condition>
          <expression>
             <script>
                <code>
                   focus.assignment.find { it.targetRef?.oid == 
'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null
               </code>
             </script>
          </expression>
       </condition>
    </inducement>

Note that *d13681fb-88df-472a-a7fe-d869a1ea4c37* is an OID of *AD user 
role*.

When having this condition, it seems to work:

 1. if adding a user into an org, the account is not automatically
    created on a resource
 2. after assigning AD user role to the user, an account is created, and
    becomes a member of the AD group
 3. after unassigning AD user role from the user, account is deleted

Hope this helps,

Pavol



On 16.06.2016 12:26, Мамаева Сауле Сериковна wrote:
>
> Hello,
>
> I have meta role for groups, that is assigned to organization when 
> creating organization by org template. This role creates groups with 
> members associated with this created midpoint organization in Active 
> Directory(AD). But I want to create only groups in AD by this role and 
> members of this groups should appear in AD only after assigning 
> another role (AD user role) to users. I have another role  -  AD user 
> role, that is assigned to the user manually and by approval of 
> administrator and this role creates account of user in AD.
>
> How and where can I add  such condition? Is it  possible to add 
> condition for inducement?
>
> This is xml of meta role for groups:
>
> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>
> oid="11111111-2222-3333-4444-200000000055"
>
> version="8">
>
> <name>Metarole for groups</name>
>
> <metadata>
>
> <createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp>
>
> <creatorRef oid="00000000-0000-0000-0000-000000000002" 
> type="c:UserType"><!-- administrator --></creatorRef>
>
> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>
> </metadata>
>
> <inducement id="1">
>
> <construction>
>
> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" 
> type="c:ResourceType"><!-- Ldap_AD_Saule --></resourceRef>
>
> <kind>entitlement</kind>
>
> <intent>group</intent>
>
> </construction>
>
> </inducement>
>
> <inducement id="2">
>
> <construction>
>
> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" 
> type="c:ResourceType"><!-- Ldap_AD_ Saule --></resourceRef>
>
> <kind>account</kind>
>
> <intent>default</intent>
>
> <association>
>
> <c:ref>ri:group</c:ref>
>
> <outbound>
>
> <expression>
>
> <associationFromLink>
>
> <projectionDiscriminator>
>
> <kind>entitlement</kind>
>
> <intent>group</intent>
>
> </projectionDiscriminator>
>
> </associationFromLink>
>
> </expression>
>
> </outbound>
>
> </association>
>
> </construction>
>
> <order>2</order>
>
> </inducement>
>
> </role>
>
> Best regards,
>
> Saule
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/3bd03986/attachment.htm>

From mederly at evolveum.com  Thu Jun 30 20:04:30 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 20:04:30 +0200
Subject: [midPoint] Condition for inducment in Metarole
In-Reply-To: <c190f63d-b180-9145-1cd7-329eb7a58678@evolveum.com>
References: <0c7820a108da42b4811a911bbda21139@exch-02.ktg.kz>
 <c190f63d-b180-9145-1cd7-329eb7a58678@evolveum.com>
Message-ID: <32c02f7b-d853-481c-7c1b-087a2036729d@evolveum.com>

Saule,

one correction:

focus*?*.assignment.find { it.targetRef?.oid == 
'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null

...in order to work also when adding users. In such cases 'focus' 
variable is null for 'original state' evaluation.

Pavol


On 30.06.2016 17:44, Pavol Mederly wrote:
>
> Hello Saule,
>
> sorry for the late answer.
>
> Yes, it is possible to add a condition for an inducement. This works 
> for me:
>
>    <inducement id="2">
>       <construction>
>          <resourceRef oid="b94c683d-517c-4c3e-a307-7c2bbe14453e" 
> type="c:ResourceType"><!-- LDAP --></resourceRef>
>          <kind>account</kind>
>          <intent>default</intent>
>          <association>
>             <c:ref>ri:group</c:ref>
>             <outbound>
>                <expression>
>                   <associationFromLink>
>                      <projectionDiscriminator>
> <kind>entitlement</kind>
> <intent>group</intent>
>                      </projectionDiscriminator>
>                   </associationFromLink>
>                </expression>
>             </outbound>
>          </association>
>       </construction>
>       <order>2</order>
>       <condition>
>          <expression>
>             <script>
>                <code>
>                   focus.assignment.find { it.targetRef?.oid == 
> 'd13681fb-88df-472a-a7fe-d869a1ea4c37' } != null
>               </code>
>             </script>
>          </expression>
>       </condition>
>    </inducement>
>
> Note that *d13681fb-88df-472a-a7fe-d869a1ea4c37* is an OID of *AD user 
> role*.
>
> When having this condition, it seems to work:
>
>  1. if adding a user into an org, the account is not automatically
>     created on a resource
>  2. after assigning AD user role to the user, an account is created,
>     and becomes a member of the AD group
>  3. after unassigning AD user role from the user, account is deleted
>
> Hope this helps,
>
> Pavol
>
>
>
> On 16.06.2016 12:26, Мамаева Сауле Сериковна wrote:
>>
>> Hello,
>>
>> I have meta role for groups, that is assigned to organization when 
>> creating organization by org template. This role creates groups with 
>> members associated with this created midpoint organization in Active 
>> Directory(AD). But I want to create only groups in AD by this role 
>> and members of this groups should appear in AD only after assigning 
>> another role (AD user role) to users. I have another role  -  AD user 
>> role, that is assigned to the user manually and by approval of 
>> administrator and this role creates account of user in AD.
>>
>> How and where can I add  such condition? Is it  possible to add 
>> condition for inducement?
>>
>> This is xml of meta role for groups:
>>
>> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>>
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>>
>> oid="11111111-2222-3333-4444-200000000055"
>>
>> version="8">
>>
>> <name>Metarole for groups</name>
>>
>> <metadata>
>>
>> <createTimestamp>2016-06-06T12:47:04.200+06:00</createTimestamp>
>>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002" 
>> type="c:UserType"><!-- administrator --></creatorRef>
>>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel>
>>
>> </metadata>
>>
>> <inducement id="1">
>>
>> <construction>
>>
>> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" 
>> type="c:ResourceType"><!-- Ldap_AD_Saule --></resourceRef>
>>
>> <kind>entitlement</kind>
>>
>> <intent>group</intent>
>>
>> </construction>
>>
>> </inducement>
>>
>> <inducement id="2">
>>
>> <construction>
>>
>> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-1111111111" 
>> type="c:ResourceType"><!-- Ldap_AD_ Saule --></resourceRef>
>>
>> <kind>account</kind>
>>
>> <intent>default</intent>
>>
>> <association>
>>
>> <c:ref>ri:group</c:ref>
>>
>> <outbound>
>>
>> <expression>
>>
>> <associationFromLink>
>>
>> <projectionDiscriminator>
>>
>> <kind>entitlement</kind>
>>
>> <intent>group</intent>
>>
>> </projectionDiscriminator>
>>
>> </associationFromLink>
>>
>> </expression>
>>
>> </outbound>
>>
>> </association>
>>
>> </construction>
>>
>> <order>2</order>
>>
>> </inducement>
>>
>> </role>
>>
>> Best regards,
>>
>> Saule
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/2943e3f3/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun 30 22:49:42 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 30 Jun 2016 13:49:42 -0700
Subject: [midPoint] Adding Members to Role through Members page
Message-ID: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>

Hello,

Whenever I try to add a member through the "Members" tab in Midpoint,
nothing happens. I tried to add myself to the Role "Approver" through the
"Members" tab and the task never completes.

In fact midPoint starts hanging and the issue doesn't resolve and I get all
these errors: http://pastebin.com/GEgdtXnh

I'm running two instances of midPoint with the following task manager
configuration:

        <taskManager>
                <clustered>true</clustered>

<jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
                <jmxUsername>midpoint</jmxUsername>
                <jmxPassword>password</jmxPassword>
        </taskManager>

I've tried this action with both instances alive as well as with only one.

Also here's my tomcat config pertaining to jmx:

 -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
-Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
-Dcom.sun.management.jmxremote.ssl=false

Even after I restart the tomcat server, midPoint doesn't respond anymore
and the logs don't show anything.

I'm willing to forgo the active active configuration and use an active
passive configuration. Also I believe this is the cause of the earlier
issues with the upgrade process (besides the mismatch in the connector)

Any help would be greatly appreciated.

Thanks,

-F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/eac787c9/attachment.htm>

From mederly at evolveum.com  Thu Jun 30 23:07:46 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 23:07:46 +0200
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
Message-ID: <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>

Hello Florin,

this is really strange. Looks like some low-level DB problem.

I read your log in this way:

Wicket has problems displaying a page, because thread 
*http-bio-8443-exec-2* is blocking (line #2). And why and where is it 
blocked?

It is reading a task (line #51), therefore it asks hibernate for data 
(line #36), so hibernate calls MySQL driver (line #19). And the call 
didn't complete, as it waits for something to come through the network 
socket (line #5).

(What troubles me a lot is that one-node configuration does not work as 
well.)

So I'd recommend to have a look at your database configuration or setup.

I'm not an expert on databases (nor on MySQL in particular), so I have 
no idea e.g. what troubleshooting tools to use at this moment. Maybe you 
could open MySQL admin console to see if there's something suspicious. 
Or look at MySQL server logs. Or you could share your midPoint 
config.xml here, particularly the <repository> section of it.

Best regards,
Pavol


On 30.06.2016 22:49, Florin. Stingaciu wrote:
> Hello,
>
> Whenever I try to add a member through the "Members" tab in Midpoint, 
> nothing happens. I tried to add myself to the Role "Approver" through 
> the "Members" tab and the task never completes.
>
> In fact midPoint starts hanging and the issue doesn't resolve and I 
> get all these errors: http://pastebin.com/GEgdtXnh
>
> I'm running two instances of midPoint with the following task manager 
> configuration:
>
>         <taskManager>
>                 <clustered>true</clustered>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
> <jmxUsername>midpoint</jmxUsername>
> <jmxPassword>password</jmxPassword>
>         </taskManager>
>
> I've tried this action with both instances alive as well as with only 
> one.
>
> Also here's my tomcat config pertaining to jmx:
>
>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password 
> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access 
> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001 
> -Dcom.sun.management.jmxremote.ssl=false
>
> Even after I restart the tomcat server, midPoint doesn't respond 
> anymore and the logs don't show anything.
>
> I'm willing to forgo the active active configuration and use an active 
> passive configuration. Also I believe this is the cause of the earlier 
> issues with the upgrade process (besides the mismatch in the connector)
>
> Any help would be greatly appreciated.
>
> Thanks,
>
> -F
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/59e4c4bf/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun 30 23:17:06 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 30 Jun 2016 14:17:06 -0700
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
Message-ID: <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>

Hey Pavol,

I looked through the logs on my sql server and couldn't find anything
alarming. Also, I've been trying to delete the task for the last half an
hour through the very slow GUI with no success. Here's my config.xml:

<configuration>
    <midpoint>
        <webApplication>
            <importFolder>${midpoint.home}/import</importFolder>
        </webApplication>
        <repository>
                <embedded>false</embedded>
                <driverClassName>com.mysql.jdbc.Driver</driverClassName>
                <hibernateHbm2ddl>validate</hibernateHbm2ddl>

<hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>

<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
                <database>mysql</database>
                <jdbcUsername>midpoint</jdbcUsername>
                <jdbcPassword>password</jdbcPassword>

<jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
        </repository>
        <taskManager>
                <clustered>true</clustered>

<jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
                <jmxUsername>midpoint</jmxUsername>
                <jmxPassword>password</jmxPassword>
        </taskManager>
        <audit>
            <auditService>

<auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
            </auditService>
            <auditService>

<auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
            </auditService>
        </audit>
        <icf>
            <scanClasspath>true</scanClasspath>
            <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
        </icf>
        <keystore>
            <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
            <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
            <encryptionKeyAlias>default</encryptionKeyAlias>
            <!--
            You can use smaller cipher key size for encryption. For:
            AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
            AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
            AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";

            in element <xmlCipher></xmlCipher>
            By default AES_128 is used. If you change key size, than
            you must also create secret key in key store with proper key
size and change encryptionKeyAlias.

            To generate keystore with keytool use command:
            keytool -genseckey -alias default -keystore keystore.jceks
-storetype jceks -keyalg AES -keysize 128

            secret key password is by default 'midpoint'
            -->
        </keystore>
    </midpoint>
</configuration>


On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Hello Florin,
>
> this is really strange. Looks like some low-level DB problem.
>
> I read your log in this way:
>
> Wicket has problems displaying a page, because thread
> *http-bio-8443-exec-2* is blocking (line #2). And why and where is it
> blocked?
>
> It is reading a task (line #51), therefore it asks hibernate for data
> (line #36), so hibernate calls MySQL driver (line #19). And the call didn't
> complete, as it waits for something to come through the network socket
> (line #5).
>
> (What troubles me a lot is that one-node configuration does not work as
> well.)
>
> So I'd recommend to have a look at your database configuration or setup.
>
> I'm not an expert on databases (nor on MySQL in particular), so I have no
> idea e.g. what troubleshooting tools to use at this moment. Maybe you could
> open MySQL admin console to see if there's something suspicious. Or look at
> MySQL server logs. Or you could share your midPoint config.xml here,
> particularly the <repository> section of it.
>
> Best regards,
> Pavol
>
> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>
> Hello,
>
> Whenever I try to add a member through the "Members" tab in Midpoint,
> nothing happens. I tried to add myself to the Role "Approver" through the
> "Members" tab and the task never completes.
>
> In fact midPoint starts hanging and the issue doesn't resolve and I get
> all these errors: http://pastebin.com/GEgdtXnh
>
> I'm running two instances of midPoint with the following task manager
> configuration:
>
>         <taskManager>
>                 <clustered>true</clustered>
>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>                 <jmxUsername>midpoint</jmxUsername>
>                 <jmxPassword>password</jmxPassword>
>         </taskManager>
>
> I've tried this action with both instances alive as well as with only one.
>
> Also here's my tomcat config pertaining to jmx:
>
>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
> -Dcom.sun.management.jmxremote.ssl=false
>
> Even after I restart the tomcat server, midPoint doesn't respond anymore
> and the logs don't show anything.
>
> I'm willing to forgo the active active configuration and use an active
> passive configuration. Also I believe this is the cause of the earlier
> issues with the upgrade process (besides the mismatch in the connector)
>
> Any help would be greatly appreciated.
>
> Thanks,
>
> -F
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/3e88129c/attachment.htm>

From brad.fardig at cogitogroup.com.au  Thu Jun 30 23:17:09 2016
From: brad.fardig at cogitogroup.com.au (Brad Fardig)
Date: Thu, 30 Jun 2016 21:17:09 +0000
Subject: [midPoint] LDAP connector 1.4.3 was not found
In-Reply-To: <5775249E.9010902@evolveum.com>
References: <DA9A8156-AEFB-4068-BF11-FB571EB49018@tahzoo.com>
 <577278FF.2020006@evolveum.com>
 <D1D66B81-9911-42FE-9DB5-81809BEEAD1A@tahzoo.com>
 <A881615B-D63F-4914-B0D3-D3B04122D844@tahzoo.com>
 <5773769B.9010304@evolveum.com>
 <C6F50274-13CB-4EFC-8C60-A0C624554979@tahzoo.com>
 <D53E5299-773A-4DF3-9251-A49F5A6F3F70@tahzoo.com>
 <5773F670.7090502@evolveum.com>
 <BY1PR0601MB1192FF5DDAF10A85B230AC3696240@BY1PR0601MB1192.namprd06.prod.outlook.com>
 <5774CE75.2080206@evolveum.com> <5775249E.9010902@evolveum.com>
Message-ID: <HK2PR0601MB1522C8709C82F0D163254E40CD240@HK2PR0601MB1522.apcprd06.prod.outlook.com>

I think the initial issue with the different CNs may have been caused by the CN in AD only being a single valued attribute.  

 

Kind regards, 

 

Brad Fardig

 

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: Thursday, 30 June 2016 11:55 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

 

So after my tests with the same resource config with removed ri:cn attribute definition, and the same AD, the provisioning works. I have tried Add and Rename.

So I think AD will either ignore the CN attribute completely, or just work unless the CN is different from RDN (cn) in DN.

So either use CN mapping and DN mapping in the consistent way, or it seems the CN mapping may be omitted.

Regards,
Ivan

On 06/30/2016 09:47 AM, Ivan Noris wrote:

Hi Dick,

this makes sense now; in my experiments both were based on the same value. I will try to retest without having attribute configuration for CN at all.

Thank you for reporting back.

Regards,
Ivan

On 06/30/2016 09:44 AM, Dick Muller wrote:

Hi Ivan,

 

Maybe good to know.

 

I solved it. The problem was that the CNvalue was different from the CN part in the DN.

That has to be the same and therefor it resulted in an error.

 

Thanks for your help.

 

Dick

  _____  

Van: midPoint  <mailto:midpoint-bounces at lists.evolveum.com> <midpoint-bounces at lists.evolveum.com> namens Ivan Noris  <mailto:ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
Verzonden: woensdag 29 juni 2016 18:25:20
Aan: midPoint General Discussion
Onderwerp: Re: [midPoint] LDAP connector 1.4.3 was not found 

 

Hi Dick,

FYI I have just tried resource-localhost.xml from testing/conntest/.../ad-ldap and after I set the SSL/tunnel to medusa correctly, I was able to create an account using Add projection without any problems. I have not changed anything in the sample.

Strange enough :-) I have not touched ri:cn at all. But of course my objectCategory DN is valid.

FYI I was trying to send userPrincipalName attribute as user at domain@domain (because of bad mapping) and the error message returned by AD was: "00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0". But tracing showed the value I was trying to send, so it helped me to diagnose it instantly.

Regards,
Ivan

On 06/29/2016 01:57 PM, Dick Muller wrote:

Ivan,

 

I used a sample LDAP resource file and seems that the attribute (that I do not need btw) with the name objectCategory was giving problems.

Now I have anoter error, stating that the object can’t be created because of an invalied attribute.

 

The error log is in the attachments of this mail.

 

I hope you can think of something, because we are talking about pretty standard attributes I think.

 

Thanks,

Dick

 

From: midPoint  <mailto:midpoint-bounces at lists.evolveum.com> <midpoint-bounces at lists.evolveum.com> on behalf of Dick Muller  <mailto:dick.muller at tahzoo.com> <dick.muller at tahzoo.com>
Reply-To: midPoint General Discussion  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 13:25
To: midPoint General Discussion  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

 

HI Ivan,

 

The logfile tells that there is a constraint error because the object already exists.

But that is absolutely not true. I’ve looked in the AD domain and forest for the same account, but it doesn’t exist.

 

I’ve included the log in the mail.

 

Thanks,

Dick

 

From: midPoint  <mailto:midpoint-bounces at lists.evolveum.com> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris  <mailto:ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Date: Wednesday 29 June 2016 at 09:19
To:  <mailto:midpoint at lists.evolveum.com> "midpoint at lists.evolveum.com"  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

 

Hi Dick,

I don't see anything obvious yet.
Please try to get:
1) stack trace from midpoint idm.log when this operation fails
2) the (red) result can be clicked and whole tree of operations will be displayed. Somewhere will be ICF Create or ICF Update operation logged, including the parameters from provisioning. This would help to see what was sent to the connector.

Also tracing org.identityconnectors.framework.api during this operation would help too. (idm.log will contain the information)

The cn=ldap.test,... account is the one you are trying to create, right? Does "ou=Employees DC" exist in OU=Tahzoo?

Ivan

On 06/29/2016 07:36 AM, Dick Muller wrote:

Hi Ivan,

 

I get an error when I add a projection to the user with an LDAPS connection.

(See the attachment)

I’ve checked the synchronization mappings and synchronization tab. I’ve got the reconcile checked and kind and intent correctly configured.

 

Thanks,

 

Dick

 

From: midPoint  <mailto:midpoint-bounces at lists.evolveum.com> <midpoint-bounces at lists.evolveum.com> on behalf of Ivan Noris  <mailto:ivan.noris at evolveum.com> <ivan.noris at evolveum.com>
Organization: Evolveum, s.r.o.
Reply-To: midPoint General Discussion  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Date: Tuesday 28 June 2016 at 15:17
To:  <mailto:midpoint at lists.evolveum.com> "midpoint at lists.evolveum.com"  <mailto:midpoint at lists.evolveum.com> <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] LDAP connector 1.4.3 was not found

 

Hi Dick,

AFAIK with midPoint 3.4 you should see LDAP connectors version 1.4.2.17 (including AdLdap).

The 1.4.3.0-SNAPSHOT was used during 3.4 development and that connector version was tagged as 1.4.2.17, so that should be the version you want to use.

What sync problems with 1.4.2.x are you referring to?

The error message means that there is no connector (JAR) referenced by Connector repository object (1.4.3.0-SNAPSHOT).

You need to update all resources referencing to the 1.4.3.0-SNAPSHOT connectors to refer to 1.4.2.17. (By changing the oid in connectorRef in the resources, as we were discussing during the training.

Best regards,
Ivan

On 06/28/2016 03:05 PM, Dick Muller wrote:

Hi,

I upgraded to the latest 3.4 version and wanted to install ADLDAP connectors.

I can select 1.4.2 or 1.4.3.0-SNAPSHOT. The 1.4.2 version gives problems during syncing. I think this is already described in JIRA.

I want to use the latest version 1.4.3.0-snapshot but get an error during TEST of the resource.

 

I’ve included the Error message as attachment.

 

Hope somebody can help me with this.

 

Regards,

 


  _____  


Dick Muller

Senior Systems Engineer

Delftechpark 37i
2628 XJ Delft
d: +31 88 2682586 
m: +31 6 46477690

 <http://www.tahzoo.com/> 

 










_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com> 
http://lists.evolveum.com/mailman/listinfo/midpoint









-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."








_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com> 
http://lists.evolveum.com/mailman/listinfo/midpoint







-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."






_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com> 
http://lists.evolveum.com/mailman/listinfo/midpoint





-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."






_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com> 
http://lists.evolveum.com/mailman/listinfo/midpoint





-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."






_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com> 
http://lists.evolveum.com/mailman/listinfo/midpoint





-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."



This email, and any attachment, is confidential and also privileged. If you have received it in error, please notify me immediately and delete it from your system along with any attachments. You should not copy or use it for any purpose, nor disclose its contents to any other person. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/912898f8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7593 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/912898f8/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5015 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/912898f8/attachment.bin>

From fstingaciu at mirantis.com  Thu Jun 30 23:28:05 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 30 Jun 2016 14:28:05 -0700
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
 <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
Message-ID: <CAMQHPY3hRaMMGWm9F9J5LGCFWgP+Ew6UhAyTEGyKtpFdDotGHw@mail.gmail.com>

I finally managed to delete the task via the REST API by finding it's OID.
As soon as I deleted the task everything works just fine.

Also, just wanted to add that this is a fresh 3.4 deployment as well, not
an upgrade so there should be no artifacts.

Thanks,
-F

On Thu, Jun 30, 2016 at 2:17 PM, Florin. Stingaciu <fstingaciu at mirantis.com>
wrote:

> Hey Pavol,
>
> I looked through the logs on my sql server and couldn't find anything
> alarming. Also, I've been trying to delete the task for the last half an
> hour through the very slow GUI with no success. Here's my config.xml:
>
> <configuration>
>     <midpoint>
>         <webApplication>
>             <importFolder>${midpoint.home}/import</importFolder>
>         </webApplication>
>         <repository>
>                 <embedded>false</embedded>
>                 <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>                 <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>
> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>
> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>                 <database>mysql</database>
>                 <jdbcUsername>midpoint</jdbcUsername>
>                 <jdbcPassword>password</jdbcPassword>
>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>         </repository>
>         <taskManager>
>                 <clustered>true</clustered>
>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>                 <jmxUsername>midpoint</jmxUsername>
>                 <jmxPassword>password</jmxPassword>
>         </taskManager>
>         <audit>
>             <auditService>
>
> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>             <auditService>
>
> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>         </audit>
>         <icf>
>             <scanClasspath>true</scanClasspath>
>             <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>         </icf>
>         <keystore>
>             <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>             <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>             <encryptionKeyAlias>default</encryptionKeyAlias>
>             <!--
>             You can use smaller cipher key size for encryption. For:
>             AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>             AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>             AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>
>             in element <xmlCipher></xmlCipher>
>             By default AES_128 is used. If you change key size, than
>             you must also create secret key in key store with proper key
> size and change encryptionKeyAlias.
>
>             To generate keystore with keytool use command:
>             keytool -genseckey -alias default -keystore keystore.jceks
> -storetype jceks -keyalg AES -keysize 128
>
>             secret key password is by default 'midpoint'
>             -->
>         </keystore>
>     </midpoint>
> </configuration>
>
>
> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> this is really strange. Looks like some low-level DB problem.
>>
>> I read your log in this way:
>>
>> Wicket has problems displaying a page, because thread
>> *http-bio-8443-exec-2* is blocking (line #2). And why and where is it
>> blocked?
>>
>> It is reading a task (line #51), therefore it asks hibernate for data
>> (line #36), so hibernate calls MySQL driver (line #19). And the call didn't
>> complete, as it waits for something to come through the network socket
>> (line #5).
>>
>> (What troubles me a lot is that one-node configuration does not work as
>> well.)
>>
>> So I'd recommend to have a look at your database configuration or setup.
>>
>> I'm not an expert on databases (nor on MySQL in particular), so I have no
>> idea e.g. what troubleshooting tools to use at this moment. Maybe you could
>> open MySQL admin console to see if there's something suspicious. Or look at
>> MySQL server logs. Or you could share your midPoint config.xml here,
>> particularly the <repository> section of it.
>>
>> Best regards,
>> Pavol
>>
>> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> Whenever I try to add a member through the "Members" tab in Midpoint,
>> nothing happens. I tried to add myself to the Role "Approver" through the
>> "Members" tab and the task never completes.
>>
>> In fact midPoint starts hanging and the issue doesn't resolve and I get
>> all these errors: http://pastebin.com/GEgdtXnh
>>
>> I'm running two instances of midPoint with the following task manager
>> configuration:
>>
>>         <taskManager>
>>                 <clustered>true</clustered>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>                 <jmxUsername>midpoint</jmxUsername>
>>                 <jmxPassword>password</jmxPassword>
>>         </taskManager>
>>
>> I've tried this action with both instances alive as well as with only
>> one.
>>
>> Also here's my tomcat config pertaining to jmx:
>>
>>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>> -Dcom.sun.management.jmxremote.ssl=false
>>
>> Even after I restart the tomcat server, midPoint doesn't respond anymore
>> and the logs don't show anything.
>>
>> I'm willing to forgo the active active configuration and use an active
>> passive configuration. Also I believe this is the cause of the earlier
>> issues with the upgrade process (besides the mismatch in the connector)
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>>
>> -F
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/3f9747b7/attachment.htm>

From mederly at evolveum.com  Thu Jun 30 23:31:22 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 23:31:22 +0200
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
 <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
Message-ID: <5dffb57b-8178-73f0-229b-b49082e9047f@evolveum.com>

Florin,

just a few comments/questions:

1) We use a custom hibernate dialect for MySQL: 
*com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which is 
derived from MySQL5InnoDBDialect). The one you use is marked as 
deprecated in hibernate sources. I'd suggest using midPoint-supplied one.

2) I see that you use a separate database for Quartz. Although this is 
required for H2, it is not required for other databases. You may 
consider using a common one. (Although it shouldn't be a cause of your 
problems. But ... who knows.)

3) You said that the problem is visible even if there is only one node 
in the cluster. If previous suggestions wouldn't help, could you please 
try to comment out <taskManager> configuration in the config file to 
switch to in-memory Quartz scheduling, just to see if it changes the 
situation?

Best regards,
Pavol

On 30.06.2016 23:17, Florin. Stingaciu wrote:
> Hey Pavol,
>
> I looked through the logs on my sql server and couldn't find anything 
> alarming. Also, I've been trying to delete the task for the last half 
> an hour through the very slow GUI with no success. Here's my config.xml:
>
> <configuration>
>     <midpoint>
>         <webApplication>
> <importFolder>${midpoint.home}/import</importFolder>
>         </webApplication>
>         <repository>
>                 <embedded>false</embedded>
> <driverClassName>com.mysql.jdbc.Driver</driverClassName>
> <hibernateHbm2ddl>validate</hibernateHbm2ddl>
> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>                 <database>mysql</database>
> <jdbcUsername>midpoint</jdbcUsername>
> <jdbcPassword>password</jdbcPassword>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>         </repository>
>         <taskManager>
>                 <clustered>true</clustered>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
> <jmxUsername>midpoint</jmxUsername>
> <jmxPassword>password</jmxPassword>
>         </taskManager>
>         <audit>
>             <auditService>
> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>             <auditService>
> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>         </audit>
>         <icf>
> <scanClasspath>true</scanClasspath>
> <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>         </icf>
>         <keystore>
> <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
> <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
> <encryptionKeyAlias>default</encryptionKeyAlias>
>             <!--
>             You can use smaller cipher key size for encryption. For:
>             AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>             AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>             AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>
>             in element <xmlCipher></xmlCipher>
>             By default AES_128 is used. If you change key size, than
>             you must also create secret key in key store with proper 
> key size and change encryptionKeyAlias.
>
>             To generate keystore with keytool use command:
>             keytool -genseckey -alias default -keystore keystore.jceks 
> -storetype jceks -keyalg AES -keysize 128
>
>             secret key password is by default 'midpoint'
>             -->
>         </keystore>
>     </midpoint>
> </configuration>
>
>
> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     this is really strange. Looks like some low-level DB problem.
>
>     I read your log in this way:
>
>     Wicket has problems displaying a page, because thread
>     *http-bio-8443-exec-2* is blocking (line #2). And why and where is
>     it blocked?
>
>     It is reading a task (line #51), therefore it asks hibernate for
>     data (line #36), so hibernate calls MySQL driver (line #19). And
>     the call didn't complete, as it waits for something to come
>     through the network socket (line #5).
>
>     (What troubles me a lot is that one-node configuration does not
>     work as well.)
>
>     So I'd recommend to have a look at your database configuration or
>     setup.
>
>     I'm not an expert on databases (nor on MySQL in particular), so I
>     have no idea e.g. what troubleshooting tools to use at this
>     moment. Maybe you could open MySQL admin console to see if there's
>     something suspicious. Or look at MySQL server logs. Or you could
>     share your midPoint config.xml here, particularly the <repository>
>     section of it.
>
>     Best regards,
>     Pavol
>
>
>     On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>     Hello,
>>
>>     Whenever I try to add a member through the "Members" tab in
>>     Midpoint, nothing happens. I tried to add myself to the Role
>>     "Approver" through the "Members" tab and the task never completes.
>>
>>     In fact midPoint starts hanging and the issue doesn't resolve and
>>     I get all these errors: http://pastebin.com/GEgdtXnh
>>
>>     I'm running two instances of midPoint with the following task
>>     manager configuration:
>>
>>             <taskManager>
>>     <clustered>true</clustered>
>>     <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>     <jmxUsername>midpoint</jmxUsername>
>>     <jmxPassword>password</jmxPassword>
>>             </taskManager>
>>
>>     I've tried this action with both instances alive as well as with
>>     only one.
>>
>>     Also here's my tomcat config pertaining to jmx:
>>
>>      -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>>     -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>>     -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>>     -Dcom.sun.management.jmxremote.ssl=false
>>
>>     Even after I restart the tomcat server, midPoint doesn't respond
>>     anymore and the logs don't show anything.
>>
>>     I'm willing to forgo the active active configuration and use an
>>     active passive configuration. Also I believe this is the cause of
>>     the earlier issues with the upgrade process (besides the mismatch
>>     in the connector)
>>
>>     Any help would be greatly appreciated.
>>
>>     Thanks,
>>
>>     -F
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/fc076583/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun 30 23:38:41 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 30 Jun 2016 14:38:41 -0700
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <5dffb57b-8178-73f0-229b-b49082e9047f@evolveum.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
 <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
 <5dffb57b-8178-73f0-229b-b49082e9047f@evolveum.com>
Message-ID: <CAMQHPY3yokLm7_6mg-LeA2OVcVYeevxC2OxT3DppEQqBa3O4KA@mail.gmail.com>

Hey,

I just performed 1 and 3 and adding users to a role through a task works
just fine. Can I still run in active active configuration with the
in-memory Quartz scheduling?

Also is there anything else you think I should try?

Thanks,
-F

On Thu, Jun 30, 2016 at 2:31 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Florin,
>
> just a few comments/questions:
>
> 1) We use a custom hibernate dialect for MySQL:
> *com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which is
> derived from MySQL5InnoDBDialect). The one you use is marked as deprecated
> in hibernate sources. I'd suggest using midPoint-supplied one.
>
> 2) I see that you use a separate database for Quartz. Although this is
> required for H2, it is not required for other databases. You may consider
> using a common one. (Although it shouldn't be a cause of your problems. But
> ... who knows.)
> 3) You said that the problem is visible even if there is only one node in
> the cluster. If previous suggestions wouldn't help, could you please try to
> comment out <taskManager> configuration in the config file to switch to
> in-memory Quartz scheduling, just to see if it changes the situation?
>
> Best regards,
> Pavol
>
>
> On 30.06.2016 23:17, Florin. Stingaciu wrote:
>
> Hey Pavol,
>
> I looked through the logs on my sql server and couldn't find anything
> alarming. Also, I've been trying to delete the task for the last half an
> hour through the very slow GUI with no success. Here's my config.xml:
>
> <configuration>
>     <midpoint>
>         <webApplication>
>             <importFolder>${midpoint.home}/import</importFolder>
>         </webApplication>
>         <repository>
>                 <embedded>false</embedded>
>                 <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>                 <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>
> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>
> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>                 <database>mysql</database>
>                 <jdbcUsername>midpoint</jdbcUsername>
>                 <jdbcPassword>password</jdbcPassword>
>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>         </repository>
>         <taskManager>
>                 <clustered>true</clustered>
>
> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>                 <jmxUsername>midpoint</jmxUsername>
>                 <jmxPassword>password</jmxPassword>
>         </taskManager>
>         <audit>
>             <auditService>
>
> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>             <auditService>
>
> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>             </auditService>
>         </audit>
>         <icf>
>             <scanClasspath>true</scanClasspath>
>             <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>         </icf>
>         <keystore>
>             <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>             <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>             <encryptionKeyAlias>default</encryptionKeyAlias>
>             <!--
>             You can use smaller cipher key size for encryption. For:
>             AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>             AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>             AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>
>             in element <xmlCipher></xmlCipher>
>             By default AES_128 is used. If you change key size, than
>             you must also create secret key in key store with proper key
> size and change encryptionKeyAlias.
>
>             To generate keystore with keytool use command:
>             keytool -genseckey -alias default -keystore keystore.jceks
> -storetype jceks -keyalg AES -keysize 128
>
>             secret key password is by default 'midpoint'
>             -->
>         </keystore>
>     </midpoint>
> </configuration>
>
>
> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Hello Florin,
>>
>> this is really strange. Looks like some low-level DB problem.
>>
>> I read your log in this way:
>>
>> Wicket has problems displaying a page, because thread
>> *http-bio-8443-exec-2* is blocking (line #2). And why and where is it
>> blocked?
>>
>> It is reading a task (line #51), therefore it asks hibernate for data
>> (line #36), so hibernate calls MySQL driver (line #19). And the call didn't
>> complete, as it waits for something to come through the network socket
>> (line #5).
>>
>> (What troubles me a lot is that one-node configuration does not work as
>> well.)
>>
>> So I'd recommend to have a look at your database configuration or setup.
>>
>> I'm not an expert on databases (nor on MySQL in particular), so I have no
>> idea e.g. what troubleshooting tools to use at this moment. Maybe you could
>> open MySQL admin console to see if there's something suspicious. Or look at
>> MySQL server logs. Or you could share your midPoint config.xml here,
>> particularly the <repository> section of it.
>>
>> Best regards,
>> Pavol
>>
>> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> Whenever I try to add a member through the "Members" tab in Midpoint,
>> nothing happens. I tried to add myself to the Role "Approver" through the
>> "Members" tab and the task never completes.
>>
>> In fact midPoint starts hanging and the issue doesn't resolve and I get
>> all these errors:  <http://pastebin.com/GEgdtXnh>
>> http://pastebin.com/GEgdtXnh
>>
>> I'm running two instances of midPoint with the following task manager
>> configuration:
>>
>>         <taskManager>
>>                 <clustered>true</clustered>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>                 <jmxUsername>midpoint</jmxUsername>
>>                 <jmxPassword>password</jmxPassword>
>>         </taskManager>
>>
>> I've tried this action with both instances alive as well as with only
>> one.
>>
>> Also here's my tomcat config pertaining to jmx:
>>
>>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>> -Dcom.sun.management.jmxremote.ssl=false
>>
>> Even after I restart the tomcat server, midPoint doesn't respond anymore
>> and the logs don't show anything.
>>
>> I'm willing to forgo the active active configuration and use an active
>> passive configuration. Also I believe this is the cause of the earlier
>> issues with the upgrade process (besides the mismatch in the connector)
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>>
>> -F
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/342e282e/attachment.htm>

From mederly at evolveum.com  Thu Jun 30 23:42:07 2016
From: mederly at evolveum.com (Pavol Mederly)
Date: Thu, 30 Jun 2016 23:42:07 +0200
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <CAMQHPY3yokLm7_6mg-LeA2OVcVYeevxC2OxT3DppEQqBa3O4KA@mail.gmail.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
 <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
 <5dffb57b-8178-73f0-229b-b49082e9047f@evolveum.com>
 <CAMQHPY3yokLm7_6mg-LeA2OVcVYeevxC2OxT3DppEQqBa3O4KA@mail.gmail.com>
Message-ID: <069c3bb2-00e2-2993-0f62-893f524ebe81@evolveum.com>

> Can I still run in active active configuration with the in-memory 
> Quartz scheduling?
Unfortunately, no.

Active-active configuration requires common scheduling database, so that 
tasks execution can be distributed and duplicate execution of a single 
task can be avoided.

So maybe you could switch the taskManager configuration back, restart 
midPoint in single-node mode, and try the test.

If it would work, you could perhaps add the second node.

If not, maybe you could try #2.

Best regards,

Pavol


On 30.06.2016 23:38, Florin. Stingaciu wrote:
> Hey,
>
> I just performed 1 and 3 and adding users to a role through a task 
> works just fine. Can I still run in active active configuration with 
> the in-memory Quartz scheduling?
>
> Also is there anything else you think I should try?
>
> Thanks,
> -F
>
> On Thu, Jun 30, 2016 at 2:31 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Florin,
>
>     just a few comments/questions:
>
>     1) We use a custom hibernate dialect for MySQL:
>     *com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which
>     is derived from MySQL5InnoDBDialect). The one you use is marked as
>     deprecated in hibernate sources. I'd suggest using
>     midPoint-supplied one.
>
>     2) I see that you use a separate database for Quartz. Although
>     this is required for H2, it is not required for other databases.
>     You may consider using a common one. (Although it shouldn't be a
>     cause of your problems. But ... who knows.)
>
>     3) You said that the problem is visible even if there is only one
>     node in the cluster. If previous suggestions wouldn't help, could
>     you please try to comment out <taskManager> configuration in the
>     config file to switch to in-memory Quartz scheduling, just to see
>     if it changes the situation?
>
>     Best regards,
>     Pavol
>
>
>     On 30.06.2016 23:17, Florin. Stingaciu wrote:
>>     Hey Pavol,
>>
>>     I looked through the logs on my sql server and couldn't find
>>     anything alarming. Also, I've been trying to delete the task for
>>     the last half an hour through the very slow GUI with no success.
>>     Here's my config.xml:
>>
>>     <configuration>
>>         <midpoint>
>>             <webApplication>
>>     <importFolder>${midpoint.home}/import</importFolder>
>>             </webApplication>
>>             <repository>
>>     <embedded>false</embedded>
>>     <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>>     <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>>     <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>>     <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>>     <database>mysql</database>
>>     <jdbcUsername>midpoint</jdbcUsername>
>>     <jdbcPassword>password</jdbcPassword>
>>     <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>>             </repository>
>>             <taskManager>
>>     <clustered>true</clustered>
>>     <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>     <jmxUsername>midpoint</jmxUsername>
>>     <jmxPassword>password</jmxPassword>
>>             </taskManager>
>>             <audit>
>>                 <auditService>
>>     <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>>                 </auditService>
>>                 <auditService>
>>     <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>>                 </auditService>
>>             </audit>
>>             <icf>
>>     <scanClasspath>true</scanClasspath>
>>     <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>>             </icf>
>>             <keystore>
>>     <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>>     <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>>     <encryptionKeyAlias>default</encryptionKeyAlias>
>>                 <!--
>>                 You can use smaller cipher key size for encryption. For:
>>                 AES_128 "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>>                 AES_256 "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>>                 AES_192 "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>>
>>                 in element <xmlCipher></xmlCipher>
>>                 By default AES_128 is used. If you change key size, than
>>                 you must also create secret key in key store with
>>     proper key size and change encryptionKeyAlias.
>>
>>                 To generate keystore with keytool use command:
>>                 keytool -genseckey -alias default -keystore
>>     keystore.jceks -storetype jceks -keyalg AES -keysize 128
>>
>>                 secret key password is by default 'midpoint'
>>                 -->
>>             </keystore>
>>         </midpoint>
>>     </configuration>
>>
>>
>>     On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         Hello Florin,
>>
>>         this is really strange. Looks like some low-level DB problem.
>>
>>         I read your log in this way:
>>
>>         Wicket has problems displaying a page, because thread
>>         *http-bio-8443-exec-2* is blocking (line #2). And why and
>>         where is it blocked?
>>
>>         It is reading a task (line #51), therefore it asks hibernate
>>         for data (line #36), so hibernate calls MySQL driver (line
>>         #19). And the call didn't complete, as it waits for something
>>         to come through the network socket (line #5).
>>
>>         (What troubles me a lot is that one-node configuration does
>>         not work as well.)
>>
>>         So I'd recommend to have a look at your database
>>         configuration or setup.
>>
>>         I'm not an expert on databases (nor on MySQL in particular),
>>         so I have no idea e.g. what troubleshooting tools to use at
>>         this moment. Maybe you could open MySQL admin console to see
>>         if there's something suspicious. Or look at MySQL server
>>         logs. Or you could share your midPoint config.xml here,
>>         particularly the <repository> section of it.
>>
>>         Best regards,
>>         Pavol
>>
>>
>>         On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>>         Hello,
>>>
>>>         Whenever I try to add a member through the "Members" tab in
>>>         Midpoint, nothing happens. I tried to add myself to the Role
>>>         "Approver" through the "Members" tab and the task never
>>>         completes.
>>>
>>>         In fact midPoint starts hanging and the issue doesn't
>>>         resolve and I get all these errors: http://pastebin.com/GEgdtXnh
>>>
>>>         I'm running two instances of midPoint with the following
>>>         task manager configuration:
>>>
>>>                 <taskManager>
>>>         <clustered>true</clustered>
>>>         <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>>         <jmxUsername>midpoint</jmxUsername>
>>>         <jmxPassword>password</jmxPassword>
>>>                 </taskManager>
>>>
>>>         I've tried this action with both instances alive as well as
>>>         with only one.
>>>
>>>         Also here's my tomcat config pertaining to jmx:
>>>
>>>          -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>>>         -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>>>         -Dmidpoint.nodeId=001
>>>         -Dcom.sun.management.jmxremote.port=20001
>>>         -Dcom.sun.management.jmxremote.ssl=false
>>>
>>>         Even after I restart the tomcat server, midPoint doesn't
>>>         respond anymore and the logs don't show anything.
>>>
>>>         I'm willing to forgo the active active configuration and use
>>>         an active passive configuration. Also I believe this is the
>>>         cause of the earlier issues with the upgrade process
>>>         (besides the mismatch in the connector)
>>>
>>>         Any help would be greatly appreciated.
>>>
>>>         Thanks,
>>>
>>>         -F
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/52d4b19d/attachment.htm>

From fstingaciu at mirantis.com  Thu Jun 30 23:45:20 2016
From: fstingaciu at mirantis.com (Florin. Stingaciu)
Date: Thu, 30 Jun 2016 14:45:20 -0700
Subject: [midPoint] Adding Members to Role through Members page
In-Reply-To: <069c3bb2-00e2-2993-0f62-893f524ebe81@evolveum.com>
References: <CAMQHPY3Y-8_N1XJj2nzQZtqeHK+Ad91xR8z6yw4xXN0EpX97fg@mail.gmail.com>
 <0be96ccd-f505-120c-d9a8-ea59a8155a90@evolveum.com>
 <CAMQHPY3L3=54sEh_CG0vMjHvGRxpsXfi8VSzjqttALBO5fH3VQ@mail.gmail.com>
 <5dffb57b-8178-73f0-229b-b49082e9047f@evolveum.com>
 <CAMQHPY3yokLm7_6mg-LeA2OVcVYeevxC2OxT3DppEQqBa3O4KA@mail.gmail.com>
 <069c3bb2-00e2-2993-0f62-893f524ebe81@evolveum.com>
Message-ID: <CAMQHPY2z2KJYpWLNbAjbRBhkzTgqh8Fqy9B12MXxZjmMNx75yg@mail.gmail.com>

Thanks. I think for now I'll just stick with an active passive
configuration. I'll be setting up a dev environment with two midpoint
instances and test out various configs. I will update this thread with what
I find.

Thanks for all your help Pavol!

On Thu, Jun 30, 2016 at 2:42 PM, Pavol Mederly <mederly at evolveum.com> wrote:

> Can I still run in active active configuration with the in-memory Quartz
> scheduling?
>
> Unfortunately, no.
>
> Active-active configuration requires common scheduling database, so that
> tasks execution can be distributed and duplicate execution of a single task
> can be avoided.
>
> So maybe you could switch the taskManager configuration back, restart
> midPoint in single-node mode, and try the test.
>
> If it would work, you could perhaps add the second node.
>
> If not, maybe you could try #2.
>
> Best regards,
>
> Pavol
>
> On 30.06.2016 23:38, Florin. Stingaciu wrote:
>
> Hey,
>
> I just performed 1 and 3 and adding users to a role through a task works
> just fine. Can I still run in active active configuration with the
> in-memory Quartz scheduling?
>
> Also is there anything else you think I should try?
>
> Thanks,
> -F
>
> On Thu, Jun 30, 2016 at 2:31 PM, Pavol Mederly <mederly at evolveum.com>
> wrote:
>
>> Florin,
>>
>> just a few comments/questions:
>>
>> 1) We use a custom hibernate dialect for MySQL:
>> *com.evolveum.midpoint.repo.sql.util.MidPointMySQLDialect* (which is
>> derived from MySQL5InnoDBDialect). The one you use is marked as deprecated
>> in hibernate sources. I'd suggest using midPoint-supplied one.
>>
>> 2) I see that you use a separate database for Quartz. Although this is
>> required for H2, it is not required for other databases. You may consider
>> using a common one. (Although it shouldn't be a cause of your problems. But
>> ... who knows.)
>> 3) You said that the problem is visible even if there is only one node in
>> the cluster. If previous suggestions wouldn't help, could you please try to
>> comment out <taskManager> configuration in the config file to switch to
>> in-memory Quartz scheduling, just to see if it changes the situation?
>>
>> Best regards,
>> Pavol
>>
>>
>> On 30.06.2016 23:17, Florin. Stingaciu wrote:
>>
>> Hey Pavol,
>>
>> I looked through the logs on my sql server and couldn't find anything
>> alarming. Also, I've been trying to delete the task for the last half an
>> hour through the very slow GUI with no success. Here's my config.xml:
>>
>> <configuration>
>>     <midpoint>
>>         <webApplication>
>>             <importFolder>${midpoint.home}/import</importFolder>
>>         </webApplication>
>>         <repository>
>>                 <embedded>false</embedded>
>>                 <driverClassName>com.mysql.jdbc.Driver</driverClassName>
>>                 <hibernateHbm2ddl>validate</hibernateHbm2ddl>
>>
>> <hibernateDialect>org.hibernate.dialect.MySQLDialect</hibernateDialect>
>>
>> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
>>                 <database>mysql</database>
>>                 <jdbcUsername>midpoint</jdbcUsername>
>>                 <jdbcPassword>password</jdbcPassword>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_live</jdbcUrl>
>>         </repository>
>>         <taskManager>
>>                 <clustered>true</clustered>
>>
>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>                 <jmxUsername>midpoint</jmxUsername>
>>                 <jmxPassword>password</jmxPassword>
>>         </taskManager>
>>         <audit>
>>             <auditService>
>>
>> <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
>>             </auditService>
>>             <auditService>
>>
>> <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
>>             </auditService>
>>         </audit>
>>         <icf>
>>             <scanClasspath>true</scanClasspath>
>>             <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
>>         </icf>
>>         <keystore>
>>             <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
>>             <keyStorePassword>dEpCSVuC6kerpO8aaReMiA==</keyStorePassword>
>>             <encryptionKeyAlias>default</encryptionKeyAlias>
>>             <!--
>>             You can use smaller cipher key size for encryption. For:
>>             AES_128 " <http://www.w3.org/2001/04/xmlenc#aes128-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>>             AES_256 " <http://www.w3.org/2001/04/xmlenc#aes256-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes256-cbc";
>>             AES_192 " <http://www.w3.org/2001/04/xmlenc#aes192-cbc>
>> http://www.w3.org/2001/04/xmlenc#aes192-cbc";
>>
>>             in element <xmlCipher></xmlCipher>
>>             By default AES_128 is used. If you change key size, than
>>             you must also create secret key in key store with proper key
>> size and change encryptionKeyAlias.
>>
>>             To generate keystore with keytool use command:
>>             keytool -genseckey -alias default -keystore keystore.jceks
>> -storetype jceks -keyalg AES -keysize 128
>>
>>             secret key password is by default 'midpoint'
>>             -->
>>         </keystore>
>>     </midpoint>
>> </configuration>
>>
>>
>> On Thu, Jun 30, 2016 at 2:07 PM, Pavol Mederly < <mederly at evolveum.com>
>> mederly at evolveum.com> wrote:
>>
>>> Hello Florin,
>>>
>>> this is really strange. Looks like some low-level DB problem.
>>>
>>> I read your log in this way:
>>>
>>> Wicket has problems displaying a page, because thread
>>> *http-bio-8443-exec-2* is blocking (line #2). And why and where is it
>>> blocked?
>>>
>>> It is reading a task (line #51), therefore it asks hibernate for data
>>> (line #36), so hibernate calls MySQL driver (line #19). And the call didn't
>>> complete, as it waits for something to come through the network socket
>>> (line #5).
>>>
>>> (What troubles me a lot is that one-node configuration does not work as
>>> well.)
>>>
>>> So I'd recommend to have a look at your database configuration or setup.
>>>
>>> I'm not an expert on databases (nor on MySQL in particular), so I have
>>> no idea e.g. what troubleshooting tools to use at this moment. Maybe you
>>> could open MySQL admin console to see if there's something suspicious. Or
>>> look at MySQL server logs. Or you could share your midPoint config.xml
>>> here, particularly the <repository> section of it.
>>>
>>> Best regards,
>>> Pavol
>>>
>>> On 30.06.2016 22:49, Florin. Stingaciu wrote:
>>>
>>> Hello,
>>>
>>> Whenever I try to add a member through the "Members" tab in Midpoint,
>>> nothing happens. I tried to add myself to the Role "Approver" through the
>>> "Members" tab and the task never completes.
>>>
>>> In fact midPoint starts hanging and the issue doesn't resolve and I get
>>> all these errors:  <http://pastebin.com/GEgdtXnh>
>>> http://pastebin.com/GEgdtXnh
>>>
>>> I'm running two instances of midPoint with the following task manager
>>> configuration:
>>>
>>>         <taskManager>
>>>                 <clustered>true</clustered>
>>>
>>> <jdbcUrl>jdbc:mysql://db-server:3306/midpoint_prod_quartz_live</jdbcUrl>
>>>                 <jmxUsername>midpoint</jmxUsername>
>>>                 <jmxPassword>password</jmxPassword>
>>>         </taskManager>
>>>
>>> I've tried this action with both instances alive as well as with only
>>> one.
>>>
>>> Also here's my tomcat config pertaining to jmx:
>>>
>>>  -Dcom.sun.management.jmxremote.password.file=/var/opt/midpoint/jmxremote.password
>>> -Dcom.sun.management.jmxremote.access.file=/var/opt/midpoint/jmxremote.access
>>> -Dmidpoint.nodeId=001 -Dcom.sun.management.jmxremote.port=20001
>>> -Dcom.sun.management.jmxremote.ssl=false
>>>
>>> Even after I restart the tomcat server, midPoint doesn't respond anymore
>>> and the logs don't show anything.
>>>
>>> I'm willing to forgo the active active configuration and use an active
>>> passive configuration. Also I believe this is the cause of the earlier
>>> issues with the upgrade process (besides the mismatch in the connector)
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Thanks,
>>>
>>> -F
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/f6e4e44e/attachment.htm>