From dilek.gider at basistek.com  Fri Aug 11 10:52:44 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Fri, 11 Aug 2017 11:52:44 +0300
Subject: [midPoint] Move ou on ldap when user deleted on midpoint
In-Reply-To: <CAL797GnAO5Nk33xCDyyQD0u+cwd-CpzKtjurtB1KABQsM0Kung@mail.gmail.com>
References: <CAL797GnSFVvpS7AcEaeV4edr2ptJJgbg7NsPXKRwJwvoqPBoQQ@mail.gmail.com>
 <CAE8MtZB+j_DVXDj3msqpFaBYbT6cKdPmW+xRajm+AQ5+ksQ9GQ@mail.gmail.com>
 <CAL797G=+A4DDeKt31bCUV9xEehw3KC9HzLCMmNun4Hn2XKLkJw@mail.gmail.com>
 <CAE8MtZAeMmNArW3nV1O0ebrsk1-WazkeQ1=y6bm8cr3oO9yMvQ@mail.gmail.com>
 <CAL797GnAO5Nk33xCDyyQD0u+cwd-CpzKtjurtB1KABQsM0Kung@mail.gmail.com>
Message-ID: <CAL797GkcZrakcW_DEUYdbwPM9X9AJMGOmjkhLUBeDNnxROKFYw@mail.gmail.com>

Hi Oskar,

I have an error on my resource like below:

SystemException: groovy.lang.MissingPropertyException: No such property:
legal for class: Script155 expression in mapping in inbound mapping for
activation/administrativeStatus in
resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
({.../common/common-3}input=PPV(ActivationStatusType:ENABLED); ) in
expression in mapping in inbound mapping for
activation/administrativeStatus in
resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db

Midpoint version is 3.4.1, I have read link about Disable instead of
Delete, and looked for example, there is no extra import needed for this.
Is it compatible with 3.4.1 version?

On Fri, Jul 28, 2017 at 12:13 PM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Ok Oskar, I will try and reply, thank you very much.
>
> On Fri, Jul 28, 2017 at 12:10 PM, Oskar Butovič - AMI Praha a.s. <
> oskar.butovic at ami.cz> wrote:
>
>> <source>
>>                   <c:path>activation/effectiveStatus</c:path>
>>                </source>
>>
>> This should work.
>>
>> 2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>
>>> Hello Oskar,
>>>
>>> Thank you for your reply fast.
>>> You mean that, I have to add new <source> to DN attribute mapping, then,
>>> in the script generate if-else condition to DN generation, right?
>>> But how can I get "admisitrativestatustype.disable" parameter value to
>>> <source>? is it like this:
>>>
>>> <source>
>>> <path>$user/activation/administrativeStatus</path>
>>> </source>
>>>
>>> My DN generation is below:
>>>
>>>  <attribute>
>>>             <c:ref>ri:dn</c:ref>
>>>             <displayName>Distinguished Name</displayName>
>>>             <matchingRule xmlns:mr="http://prism.evolveu
>>> m.com/xml/ns/public/matching-rule-3">mr:distinguishedName</matchingRule>
>>>             <tolerant>true</tolerant>
>>>             <exclusiveStrong>false</exclusiveStrong>
>>>             <outbound>
>>>                <authoritative>false</authoritative>
>>>                <exclusive>false</exclusive>
>>>                <strength>normal</strength>
>>>                <source>
>>>                   <c:path>$user/fullName</c:path>
>>>                </source>
>>>                <source>
>>>                   <c:path>$user/organizationalUnit</c:path>
>>>                </source>
>>>                <expression>
>>>                   <script>
>>>                      <code>
>>>                          import javax.naming.ldap.Rdn
>>>                     import javax.naming.ldap.LdapName
>>>                     log.info(fullName.toString()+'
>>> '+organizationalUnit.toString())
>>>                          dn = new LdapName('DC=xxxx,DC=xxx')
>>>                          organizationalUnit.toString().tokenize('.').each
>>> { ouname -&gt; dn.add(new Rdn('OU',ouname)) }
>>> dn.add('CN='+fullName.trim());
>>> return dn.toString()
>>> </code>
>>>                   </script>
>>>                </expression>
>>>             </outbound>
>>>          </attribute>
>>>
>>> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
>>> oskar.butovic at ami.cz> wrote:
>>>
>>>> Helo Dilek,
>>>>
>>>> I think that adding this logic by script to outbound mapping for
>>>> ri:dn attribute should do it.
>>>>
>>>> You also need to configure disable on delete according to this guide:
>>>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>>>
>>>> Best Regards
>>>>
>>>> Oskar Butovič
>>>>
>>>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>>
>>>>> Hi All,
>>>>>
>>>>> I have a requirement that when a user deleted or disabled, I have to
>>>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>>>> any idea how can I configure this? I think it is changin DN, but where can
>>>>> I configure this and how?
>>>>>
>>>>> My scenario is as follow:
>>>>> - Sync users with HR db and update users in midpoint
>>>>> - Send users changes to LDAP from midpoint
>>>>>
>>>>> Thank you.
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Oskar Butovič
>>>> solution architect
>>>>
>>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>>> e-mail: oskar.butovic at ami.cz
>>>>
>>>>
>>>> AMI Praha a.s.
>>>> Pláničkova 11
>>>> 162 00 Praha 6
>>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>>> web: www.ami.cz
>>>>
>>>>
>>>> [image: AMI Praha a.s.]
>>>>
>>>> [image: AMI Praha a.s.]
>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>
>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>> společnost AMI Praha a.s.
>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>> výhradně písemnou formu.
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> --
>>
>> Oskar Butovič
>> solution architect
>>
>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>> e-mail: oskar.butovic at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>> web: www.ami.cz
>>
>>
>> [image: AMI Praha a.s.]
>>
>> [image: AMI Praha a.s.]
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/37cda328/attachment.htm>

From oskar.butovic at ami.cz  Fri Aug 11 11:55:04 2017
From: oskar.butovic at ami.cz (=?UTF-8?Q?Oskar_Butovi=C4=8D_=2D_AMI_Praha_a=2Es=2E?=)
Date: Fri, 11 Aug 2017 11:55:04 +0200
Subject: [midPoint] Move ou on ldap when user deleted on midpoint
In-Reply-To: <CAL797GkcZrakcW_DEUYdbwPM9X9AJMGOmjkhLUBeDNnxROKFYw@mail.gmail.com>
References: <CAL797GnSFVvpS7AcEaeV4edr2ptJJgbg7NsPXKRwJwvoqPBoQQ@mail.gmail.com>
 <CAE8MtZB+j_DVXDj3msqpFaBYbT6cKdPmW+xRajm+AQ5+ksQ9GQ@mail.gmail.com>
 <CAL797G=+A4DDeKt31bCUV9xEehw3KC9HzLCMmNun4Hn2XKLkJw@mail.gmail.com>
 <CAE8MtZAeMmNArW3nV1O0ebrsk1-WazkeQ1=y6bm8cr3oO9yMvQ@mail.gmail.com>
 <CAL797GnAO5Nk33xCDyyQD0u+cwd-CpzKtjurtB1KABQsM0Kung@mail.gmail.com>
 <CAL797GkcZrakcW_DEUYdbwPM9X9AJMGOmjkhLUBeDNnxROKFYw@mail.gmail.com>
Message-ID: <CAE8MtZDsHLUSdMpZmiugXq5giFS6EbNwNYaS_Aa8GVCZD=43jA@mail.gmail.com>

Hi Dilek,

according to error log it seems that you are using variable "legal" in *inbound
*mapping. IMHO legal variable is accessible only in outbound mapping. You
can also try this trick
https://stackoverflow.com/questions/216484/how-do-i-enumerate-all-the-defined-variables-in-a-groovy-script
to see all available variables in given groovy scope.

2017-08-11 10:52 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:

> Hi Oskar,
>
> I have an error on my resource like below:
>
> SystemException: groovy.lang.MissingPropertyException: No such property:
> legal for class: Script155 expression in mapping in inbound mapping for
> activation/administrativeStatus in resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
> ({.../common/common-3}input=PPV(ActivationStatusType:ENABLED); ) in
> expression in mapping in inbound mapping for activation/administrativeStatus
> in resource:ef2bc59b-76e0-48e2-86d6-3d4f02d420db
>
> Midpoint version is 3.4.1, I have read link about Disable instead of
> Delete, and looked for example, there is no extra import needed for this.
> Is it compatible with 3.4.1 version?
>
> On Fri, Jul 28, 2017 at 12:13 PM, Dilek Gider <dilek.gider at basistek.com>
> wrote:
>
>> Ok Oskar, I will try and reply, thank you very much.
>>
>> On Fri, Jul 28, 2017 at 12:10 PM, Oskar Butovič - AMI Praha a.s. <
>> oskar.butovic at ami.cz> wrote:
>>
>>> <source>
>>>                   <c:path>activation/effectiveStatus</c:path>
>>>                </source>
>>>
>>> This should work.
>>>
>>> 2017-07-28 11:06 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>
>>>> Hello Oskar,
>>>>
>>>> Thank you for your reply fast.
>>>> You mean that, I have to add new <source> to DN attribute mapping,
>>>> then, in the script generate if-else condition to DN generation, right?
>>>> But how can I get "admisitrativestatustype.disable" parameter value to
>>>> <source>? is it like this:
>>>>
>>>> <source>
>>>> <path>$user/activation/administrativeStatus</path>
>>>> </source>
>>>>
>>>> My DN generation is below:
>>>>
>>>>  <attribute>
>>>>             <c:ref>ri:dn</c:ref>
>>>>             <displayName>Distinguished Name</displayName>
>>>>             <matchingRule xmlns:mr="http://prism.evolveu
>>>> m.com/xml/ns/public/matching-rule-3">mr:distinguishedName</m
>>>> atchingRule>
>>>>             <tolerant>true</tolerant>
>>>>             <exclusiveStrong>false</exclusiveStrong>
>>>>             <outbound>
>>>>                <authoritative>false</authoritative>
>>>>                <exclusive>false</exclusive>
>>>>                <strength>normal</strength>
>>>>                <source>
>>>>                   <c:path>$user/fullName</c:path>
>>>>                </source>
>>>>                <source>
>>>>                   <c:path>$user/organizationalUnit</c:path>
>>>>                </source>
>>>>                <expression>
>>>>                   <script>
>>>>                      <code>
>>>>                          import javax.naming.ldap.Rdn
>>>>                     import javax.naming.ldap.LdapName
>>>>                     log.info(fullName.toString()+'
>>>> '+organizationalUnit.toString())
>>>>                          dn = new LdapName('DC=xxxx,DC=xxx')
>>>>                          organizationalUnit.toString().tokenize('.').each
>>>> { ouname -&gt; dn.add(new Rdn('OU',ouname)) }
>>>> dn.add('CN='+fullName.trim());
>>>> return dn.toString()
>>>> </code>
>>>>                   </script>
>>>>                </expression>
>>>>             </outbound>
>>>>          </attribute>
>>>>
>>>> On Fri, Jul 28, 2017 at 11:31 AM, Oskar Butovič - AMI Praha a.s. <
>>>> oskar.butovic at ami.cz> wrote:
>>>>
>>>>> Helo Dilek,
>>>>>
>>>>> I think that adding this logic by script to outbound mapping for
>>>>> ri:dn attribute should do it.
>>>>>
>>>>> You also need to configure disable on delete according to this guide:
>>>>> https://wiki.evolveum.com/display/midPoint/Disable+instead+of+Delete
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Oskar Butovič
>>>>>
>>>>> 2017-07-28 10:24 GMT+02:00 Dilek Gider <dilek.gider at basistek.com>:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I have a requirement that when a user deleted or disabled, I have to
>>>>>> move this user on ldap to different ou, named as LEFT_USERS. Could you give
>>>>>> any idea how can I configure this? I think it is changin DN, but where can
>>>>>> I configure this and how?
>>>>>>
>>>>>> My scenario is as follow:
>>>>>> - Sync users with HR db and update users in midpoint
>>>>>> - Send users changes to LDAP from midpoint
>>>>>>
>>>>>> Thank you.
>>>>>>
>>>>>> _______________________________________________
>>>>>> midPoint mailing list
>>>>>> midPoint at lists.evolveum.com
>>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Oskar Butovič
>>>>> solution architect
>>>>>
>>>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>>>> e-mail: oskar.butovic at ami.cz
>>>>>
>>>>>
>>>>> AMI Praha a.s.
>>>>> Pláničkova 11
>>>>> 162 00 Praha 6
>>>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>>>> web: www.ami.cz
>>>>>
>>>>>
>>>>> [image: AMI Praha a.s.]
>>>>>
>>>>> [image: AMI Praha a.s.]
>>>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>>>
>>>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>>>> společnost AMI Praha a.s.
>>>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>>>> výhradně písemnou formu.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> midPoint mailing list
>>>>> midPoint at lists.evolveum.com
>>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Oskar Butovič
>>> solution architect
>>>
>>> gsm: [+420] 774 480 101 <+420%20774%20480%20101>
>>> e-mail: oskar.butovic at ami.cz
>>>
>>>
>>> AMI Praha a.s.
>>> Pláničkova 11
>>> 162 00 Praha 6
>>> tel.: [+420] 274 783 239 <+420%20274%20783%20239>
>>> web: www.ami.cz
>>>
>>>
>>> [image: AMI Praha a.s.]
>>>
>>> [image: AMI Praha a.s.]
>>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>>
>>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>>> společnost AMI Praha a.s.
>>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>> výhradně písemnou formu.
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/6b7896c4/attachment.htm>

From gboschmans at cibg.brussels  Fri Aug 11 13:37:40 2017
From: gboschmans at cibg.brussels (BOSCHMANS Glenn)
Date: Fri, 11 Aug 2017 11:37:40 +0000
Subject: [midPoint] Change password policy when using Maven Overlay
Message-ID: <af8ba0d703dd4ac5a57366b52e09ebd9@cibg.brussels>

Hi,

We're currently busy on developing our IDM based on a Maven overlay of midPoint. We're trying to containerize the solution and have a problem with setting the password policy to our own.
So far, we have an initial object for our password policy. I tried having an initial object for the system configuration in which the password policy is set to our own. The initial object xml file of the system configuration has the same name as the one that is provided by midPoint, thus overriding the xml file in the .war.
When I use this new .war to start midPoint, I notice that the new value for the password policy is not set in the system configuration. I have checked in the .war file and it is clear that the system configuration initial object is overridden by our own. The custom password policy is also added in midPoint.

So I have the following questions:

-          Is it possible to set a custom password policy through configuration files? If so, how? If not, any other ideas?

-          Is it possible to overwrite the default system configuration with an initial object or any other type of configuration file?

Thanks!

Kind regards,
Glenn
  [cid:cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png]

Glenn Boschmans
Consultant
Business Integrated Solutions
Kunstlaan 21, 1000 Brussel - cibg.brussels<http://cibg.brussels/> - disclaimer<http://cibg.brussels/disclaimer-1>
T +32 2 282 47 70 |
Be green, leave it on the screen !                                                       [cid:linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png] <https://www.linkedin.com/company/cirb_cibg> <http://www.linkedin.com/company/cirb_cibg>  [cid:twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png] <https://twitter.com/CIRB_CIBG>  [cid:logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg] <http://www.environnement.brussels/thematiques/ville-durable/le-label-entreprise-ecodynamique>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/d503ebfe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png
Type: image/png
Size: 27829 bytes
Desc: cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/d503ebfe/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png
Type: image/png
Size: 537 bytes
Desc: linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/d503ebfe/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png
Type: image/png
Size: 658 bytes
Desc: twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/d503ebfe/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg
Type: image/jpeg
Size: 1336 bytes
Desc: logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170811/d503ebfe/attachment.jpg>

From teppo.sarjonen at gmail.com  Mon Aug 14 12:03:30 2017
From: teppo.sarjonen at gmail.com (Teppo Sarjonen)
Date: Mon, 14 Aug 2017 13:03:30 +0300
Subject: [midPoint] Tomcat crashes when adding Active Directory resource
Message-ID: <CAFzVZ5WXT1mOA52+s0P_ihZ6HcFeop1tDhSb-MB9t6EuubU8Ng@mail.gmail.com>

Hello

Operating system is Windows Server 2012 R2 and same happens with Ubuntu
Server. Any idea whats going wrong? After the crash resource shows "Green"
and state is "UP".

Error

500 Internal Server Error

Unexpected error occurred, if necessary please contact system administrator.

8/14/17 1:01 PM org.apache.wicket.WicketRuntimeException: Method onRequest
of interface org.apache.wicket.behavior.IBehaviorListener targeted at
org.apache.wicket.extensions.ajax.markup.html.AjaxLazyLoadPanel$1 at 35bf1c3b
on component [AjaxLazyLoadPanel [Component id = result]] threw an exception

Any settings you recommend.

-teppo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170814/950dae7c/attachment.htm>

From dilek.gider at basistek.com  Thu Aug 17 11:11:54 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Thu, 17 Aug 2017 12:11:54 +0300
Subject: [midPoint] Sync AD with Midpoint for one time, not create
Message-ID: <CAL797Gk23N2XtH54d3GQsbt1R_imvYr8iJ7Hs4S=yrN4PWfDuQ@mail.gmail.com>

Hi,

I have HR db resource to get users to midpoint, and then create accounts on
the AD,  all of these operations are working fine now.

But I have a requirement that; all of users are also in AD now and they are
correct. Customer always used AD effectively by manual insert/update. Now
with midpoint project, we are doing automation the process from HR to AD.
But when project goes to production, only one time, we have to syncronize
midpoint users with AD users, not create. After one time operation, AD
account will be created automatically by midpoint, but for one time , at
the beginning of production, we  won't create users on AD, only sync them
with midpoint users.

I tried to do this,  but I think LDAP connector searches AD accounts by
"objectGUID". objectGUID on AD accounts didin't generated by midpoint, they
generated by manuel create. How can I map midpoint users (comes from HR)
and old AD accounts? There is unique value in each side that is identity
number but i can't sync them because of searching by objectGUID.

Thank you, I hope it is explanatory.

Dilek.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/2bcd9378/attachment.htm>

From dilek.gider at basistek.com  Thu Aug 17 11:42:42 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Thu, 17 Aug 2017 12:42:42 +0300
Subject: [midPoint] Sync AD with Midpoint for one time, not create
In-Reply-To: <CAL797Gk23N2XtH54d3GQsbt1R_imvYr8iJ7Hs4S=yrN4PWfDuQ@mail.gmail.com>
References: <CAL797Gk23N2XtH54d3GQsbt1R_imvYr8iJ7Hs4S=yrN4PWfDuQ@mail.gmail.com>
Message-ID: <CAL797GnGYPDfnxHS3VSrWzd3ugD8aEof2T6s0sSXXXGTCeZYwA@mail.gmail.com>

To be more descriptive, I have unique identifer as identity number and
correlation works fine, there is a record on AD with that unique number and
also midpoint user has the same unique identifer. But it falls into
unmatched situation, tries to add new account with iterationToken as a new
record.

On Thu, Aug 17, 2017 at 12:11 PM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Hi,
>
> I have HR db resource to get users to midpoint, and then create accounts
> on the AD,  all of these operations are working fine now.
>
> But I have a requirement that; all of users are also in AD now and they
> are correct. Customer always used AD effectively by manual insert/update.
> Now with midpoint project, we are doing automation the process from HR to
> AD. But when project goes to production, only one time, we have to
> syncronize midpoint users with AD users, not create. After one time
> operation, AD account will be created automatically by midpoint, but for
> one time , at the beginning of production, we  won't create users on AD,
> only sync them with midpoint users.
>
> I tried to do this,  but I think LDAP connector searches AD accounts by
> "objectGUID". objectGUID on AD accounts didin't generated by midpoint, they
> generated by manuel create. How can I map midpoint users (comes from HR)
> and old AD accounts? There is unique value in each side that is identity
> number but i can't sync them because of searching by objectGUID.
>
> Thank you, I hope it is explanatory.
>
> Dilek.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/75860f8e/attachment.htm>

From ivan.noris at evolveum.com  Thu Aug 17 12:52:00 2017
From: ivan.noris at evolveum.com (Ivan Noris)
Date: Thu, 17 Aug 2017 12:52:00 +0200
Subject: [midPoint] Sync AD with Midpoint for one time, not create
In-Reply-To: <CAL797GnGYPDfnxHS3VSrWzd3ugD8aEof2T6s0sSXXXGTCeZYwA@mail.gmail.com>
References: <CAL797Gk23N2XtH54d3GQsbt1R_imvYr8iJ7Hs4S=yrN4PWfDuQ@mail.gmail.com>
 <CAL797GnGYPDfnxHS3VSrWzd3ugD8aEof2T6s0sSXXXGTCeZYwA@mail.gmail.com>
Message-ID: <625433a1-7377-82ee-aaf3-cf8c921229c5@evolveum.com>

Hi,

if it fails with UNMATCHED, it means that the correlation filter is
incorrect. Or at least it does not allow matching. Case-sensitivity problem?

In generic cases your scenario is pretty common. For one-time
synchronization (without creating users in midPoint) you can setup
different correlation expression in the resource object synchronization.
The correlation expression can even be OR so two or more different
expressions can be used.

Without knowing more it's hard to tell what's wrong.

Best regards,

Ivan


On 17.08.2017 11:42, Dilek Gider wrote:
> To be more descriptive, I have unique identifer as identity number and
> correlation works fine, there is a record on AD with that unique
> number and also midpoint user has the same unique identifer. But it
> falls into unmatched situation, tries to add new account with
> iterationToken as a new record. 
>
> On Thu, Aug 17, 2017 at 12:11 PM, Dilek Gider
> <dilek.gider at basistek.com <mailto:dilek.gider at basistek.com>> wrote:
>
>     Hi,
>
>     I have HR db resource to get users to midpoint, and then create
>     accounts on the AD,  all of these operations are working fine now. 
>
>     But I have a requirement that; all of users are also in AD now and
>     they are correct. Customer always used AD effectively by manual
>     insert/update. Now with midpoint project, we are doing automation
>     the process from HR to AD. But when project goes to production,
>     only one time, we have to syncronize midpoint users with AD users,
>     not create. After one time operation, AD account will be created
>     automatically by midpoint, but for one time , at the beginning of
>     production, we  won't create users on AD, only sync them with
>     midpoint users.
>
>     I tried to do this,  but I think LDAP connector searches AD
>     accounts by "objectGUID". objectGUID on AD accounts didin't
>     generated by midpoint, they generated by manuel create. How can I
>     map midpoint users (comes from HR) and old AD accounts? There is
>     unique value in each side that is identity number but i can't sync
>     them because of searching by objectGUID.
>
>     Thank you, I hope it is explanatory.
>
>     Dilek.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/22c4cd93/attachment.htm>

From dilek.gider at basistek.com  Thu Aug 17 13:06:51 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Thu, 17 Aug 2017 14:06:51 +0300
Subject: [midPoint] Sync AD with Midpoint for one time, not create
In-Reply-To: <625433a1-7377-82ee-aaf3-cf8c921229c5@evolveum.com>
References: <CAL797Gk23N2XtH54d3GQsbt1R_imvYr8iJ7Hs4S=yrN4PWfDuQ@mail.gmail.com>
 <CAL797GnGYPDfnxHS3VSrWzd3ugD8aEof2T6s0sSXXXGTCeZYwA@mail.gmail.com>
 <625433a1-7377-82ee-aaf3-cf8c921229c5@evolveum.com>
Message-ID: <CAL797GneBNGvPvO5+xcF90byTQy2Zebam6b2QSmLoZ2cXaaLMQ@mail.gmail.com>

Hi Ivan,

Then you say that it is searching in whole AD only with correlation
identifier, right? They are completely the same value, i am comparing with
polystring attribute. I will share log but it is customer's identity
number, so I can't share here.

On Thu, Aug 17, 2017 at 1:52 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:

> Hi,
>
> if it fails with UNMATCHED, it means that the correlation filter is
> incorrect. Or at least it does not allow matching. Case-sensitivity problem?
>
> In generic cases your scenario is pretty common. For one-time
> synchronization (without creating users in midPoint) you can setup
> different correlation expression in the resource object synchronization.
> The correlation expression can even be OR so two or more different
> expressions can be used.
>
> Without knowing more it's hard to tell what's wrong.
>
> Best regards,
>
> Ivan
>
> On 17.08.2017 11:42, Dilek Gider wrote:
>
> To be more descriptive, I have unique identifer as identity number and
> correlation works fine, there is a record on AD with that unique number and
> also midpoint user has the same unique identifer. But it falls into
> unmatched situation, tries to add new account with iterationToken as a new
> record.
>
> On Thu, Aug 17, 2017 at 12:11 PM, Dilek Gider <dilek.gider at basistek.com>
> wrote:
>
>> Hi,
>>
>> I have HR db resource to get users to midpoint, and then create accounts
>> on the AD,  all of these operations are working fine now.
>>
>> But I have a requirement that; all of users are also in AD now and they
>> are correct. Customer always used AD effectively by manual insert/update.
>> Now with midpoint project, we are doing automation the process from HR to
>> AD. But when project goes to production, only one time, we have to
>> syncronize midpoint users with AD users, not create. After one time
>> operation, AD account will be created automatically by midpoint, but for
>> one time , at the beginning of production, we  won't create users on AD,
>> only sync them with midpoint users.
>>
>> I tried to do this,  but I think LDAP connector searches AD accounts by
>> "objectGUID". objectGUID on AD accounts didin't generated by midpoint, they
>> generated by manuel create. How can I map midpoint users (comes from HR)
>> and old AD accounts? There is unique value in each side that is identity
>> number but i can't sync them because of searching by objectGUID.
>>
>> Thank you, I hope it is explanatory.
>>
>> Dilek.
>>
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170817/208a29b6/attachment.htm>

From lbuyse at cibg.brussels  Fri Aug 18 12:55:39 2017
From: lbuyse at cibg.brussels (BUYSE Laurens)
Date: Fri, 18 Aug 2017 10:55:39 +0000
Subject: [midPoint] Orbac - Custom Model Objects
Message-ID: <c67c22d49dd74514b6fc88c8458db30c@cibg.brussels>

Hello ,

We are trying to implement the o-rbac access model into midpoint.
Here is some documentation about orbac : http://orbac.org/
We are almost there , there is just the concept of activities (set of actions on a service or application to which the same security rule apply)
Which we are unable to find a way to implement in midpoint because there is no such thing in the data model.
Since the data model is dynamic (xml based) and there is a way to extend model objects (users , orgs , roles) with attributes ,
I am wondering if there is a way to create custom objects in the model and do relations with existing objects ?

Kind regards ,

Laurens


  [cid:cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png]

Laurens BUYSE
Analyst Programmer
Operations - Development & Architecture
Kunstlaan 21, 1000 Brussel - cibg.brussels<http://cibg.brussels/> - disclaimer<http://cibg.brussels/disclaimer-1>
T +32 2 801 12 47 | G +32 477 65 84 97 | Helpdesk +32 2 801 00 00
Be green, leave it on the screen !                                                       [cid:linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png] <https://www.linkedin.com/company/cirb_cibg> <http://www.linkedin.com/company/cirb_cibg>  [cid:twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png] <https://twitter.com/CIRB_CIBG>  [cid:logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg] <http://www.environnement.brussels/thematiques/ville-durable/le-label-entreprise-ecodynamique>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170818/ae4e7ce3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png
Type: image/png
Size: 27829 bytes
Desc: cibg_f07a61fd-1236-4fe1-b306-9ef912596adf.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170818/ae4e7ce3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png
Type: image/png
Size: 537 bytes
Desc: linkedIn_af781ca2-8618-40cc-9064-0ad6eededb29.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170818/ae4e7ce3/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png
Type: image/png
Size: 658 bytes
Desc: twitter_d568a372-f34e-4805-9959-7b5a18ef99b6.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170818/ae4e7ce3/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg
Type: image/jpeg
Size: 1336 bytes
Desc: logo_eco_mail2_a0aace5a-4de5-479d-86b2-8186e6263c4d.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170818/ae4e7ce3/attachment.jpg>

From wojciech.staszewski at diagnostyka.pl  Sun Aug 20 18:16:54 2017
From: wojciech.staszewski at diagnostyka.pl (Wojciech Staszewski)
Date: Sun, 20 Aug 2017 18:16:54 +0200
Subject: [midPoint]  How to translate Workfolw notifications?
Message-ID: <d44be8c5-4a28-236b-5240-f11353550d9f@diagnostyka.pl>

Hello!

How to translate SimpleWorkflowNotifier notifications? I can't see it on
Transifex.

Best regards,
Wojciech Staszewski



From mederly at evolveum.com  Mon Aug 21 08:07:18 2017
From: mederly at evolveum.com (Pavol Mederly)
Date: Mon, 21 Aug 2017 08:07:18 +0200
Subject: [midPoint] How to translate Workfolw notifications?
In-Reply-To: <d44be8c5-4a28-236b-5240-f11353550d9f@diagnostyka.pl>
References: <d44be8c5-4a28-236b-5240-f11353550d9f@diagnostyka.pl>
Message-ID: <161b67fd-527b-351a-54b9-332473232334@evolveum.com>

Hello Wojciech,

currently the only way is to customize the notifiers (any of them, not 
only workflow) by providing your own body and subject expressions. If 
you really need the transifex support, please contact Igor or Radovan 
directly.

Pavol Mederly
Software developer
evolveum.com

On 20.08.2017 18:16, Wojciech Staszewski wrote:
> Hello!
>
> How to translate SimpleWorkflowNotifier notifications? I can't see it on
> Transifex.
>
> Best regards,
> Wojciech Staszewski
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint



From wojciech.staszewski at diagnostyka.pl  Mon Aug 21 09:54:21 2017
From: wojciech.staszewski at diagnostyka.pl (Wojciech Staszewski)
Date: Mon, 21 Aug 2017 09:54:21 +0200
Subject: [midPoint] How to translate Workfolw notifications?
In-Reply-To: <161b67fd-527b-351a-54b9-332473232334@evolveum.com>
References: <d44be8c5-4a28-236b-5240-f11353550d9f@diagnostyka.pl>
 <161b67fd-527b-351a-54b9-332473232334@evolveum.com>
Message-ID: <6ec14e32-84f5-a888-dcff-deb3471e16fe@diagnostyka.pl>

OK, thanks.

Actually I like the default messages, except the fact that they are in English, so I was wonder if there's some easy way to translate them.
If not, well, it's time for me to learn workflow expressions. Piece of cake (I hope) :) .

Regards,
WS

W dniu 21.08.2017 o 08:07, Pavol Mederly pisze:
> Hello Wojciech,
> 
> currently the only way is to customize the notifiers (any of them, not only workflow) by providing your own body and subject expressions. If you really need the transifex support, please contact Igor or Radovan directly.
> 
> Pavol Mederly
> Software developer
> evolveum.com
> 
> On 20.08.2017 18:16, Wojciech Staszewski wrote:
>> Hello!
>>
>> How to translate SimpleWorkflowNotifier notifications? I can't see it on
>> Transifex.
>>
>> Best regards,
>> Wojciech Staszewski
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


From Daniel.Sommer at itconcepts.net  Mon Aug 21 10:00:52 2017
From: Daniel.Sommer at itconcepts.net (Daniel.Sommer at itconcepts.net)
Date: Mon, 21 Aug 2017 10:00:52 +0200
Subject: [midPoint] configuring an Active Directory Ldap with more than one
	entitlement type
Message-ID: <OF4E7436C3.1D923A41-ONC1258183.002C0681-C1258183.002C0684@itconcepts.net>

An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xing20.gif
Type: image/gif
Size: 1009 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Twitter_Signatur.gif
Type: image/gif
Size: 585 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: COGNITUM.gif
Type: image/gif
Size: 501 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ITConcepts.gif
Type: image/gif
Size: 2977 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin20.gif
Type: image/gif
Size: 1026 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Facebook_Signatur.gif
Type: image/gif
Size: 587 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170821/844d239e/attachment-0005.gif>

From wojciech.staszewski at diagnostyka.pl  Mon Aug 21 13:29:57 2017
From: wojciech.staszewski at diagnostyka.pl (Wojciech Staszewski)
Date: Mon, 21 Aug 2017 13:29:57 +0200
Subject: [midPoint] configuring an Active Directory Ldap with more than
 one entitlement type
In-Reply-To: <OF4E7436C3.1D923A41-ONC1258183.002C0681-C1258183.002C0684@itconcepts.net>
References: <OF4E7436C3.1D923A41-ONC1258183.002C0681-C1258183.002C0684@itconcepts.net>
Message-ID: <4aa00555-f975-8080-6f09-511363af08da@diagnostyka.pl>

Have you tried to use different "intent" for another entitlement?

WS

W dniu 21.08.2017 o 10:00, Daniel.Sommer at itconcepts.net pisze:
> Hello,
> 
>  
> 
> unfortunately i don’t find any help on the internet on it.We want to configure an ad with at least two entitlement types. I don’t knowanything, so i don’t know where to start about it.
> 
> Do i have to configure the ldap itself? Or is it just athing of correct configuring the resource.xml? My first try was just to copy the config for the first entitlement (group)
> 
> and replace intent and class by (ri:)privilege.
> 
> Midpoint then reports: 
> 
> "Object class {http://midpoint.evolveum.com/xml/ns/public/resource/instance-3}privilege as specified in entitlement type privilege was not found in the resource schema of entitlement type definition 'privilege' in defi
> 
> nition of resource:19d34120-36e3-4676-8057-c3080ec56d6d(TEST Active Directory (LDAP))"
> 
> 
> My schema block in this xml what we upload to midpoint is just that and works fine for groups and users. I just added the third <generateObjectClass>:
> 
> <schema>
>     <!-- workaround to MID-2723 -->
> <generationConstraints>
>         <generateObjectClass>ri:user</generateObjectClass>
>         <generateObjectClass>ri:group</generateObjectClass>
> 
>         <generateObjectClass>ri:privilege</generateObjectClass>
> 
> 
>     </generationConstraints>
> </schema>
> 
> 
>  
> 
>  
> 
> Thx in advance,
> 
>  
> 
> Daniel
> 
> Daniel Sommer
> Office: +49 228 908733 0 | Fax: +49 228 908733 1| Mobil: +49 176 162086 79
> 
> ITConcepts Professional GmbH -  In den Dauen 6 - DE 53117 Bonn
> 
> Website www.itconcepts.net <http://www.itconcepts.net>
> 
> <http://www.itconcepts.net/>   <http://www.itconcepts.net/index.php/about-cognitum>
> Besuchen Sie uns auch auf <http://www.xing.com/companies/itconceptsprofessionalgmbh/updates>   <http://www.linkedin.com/company/itconcepts>   <https://www.facebook.com/ITConcepts-Karriere-274907129252667/>   <https://twitter.com/ITConceptsJobs>
> 
> Trainings von ITConcepts
> 25.-29. September: One Identity Manager 7.x - Administration und Konfiguration (Kursinhalt <http://www.itconcepts.de/index.php/iam/one-identity-manager-basisschulung>).
> 23.-27. Oktober: One Identity Manager 7.x - Implementierung (Kursinhalt <http://www.itconcepts.de/index.php/iam/one-identity-manager-implementierer>).
> 
>  ITConcepts Professional GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB 12947 - Ust-Id Nr: DE211482933
> ITConcepts Automotive GmbH Gf.: Sven Moog, Sitz Wolfsburg, AG Braunschweig HRB 204188 - Ust-Id Nr: DE223888748
> ITConcepts Operations GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB 15454 - St.-Nr: 205/5726/0602
> 
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind
> oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.
> 
> This e-mail may contain confidential and/or privileged information. If you are not the intended recipient
> (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.
> Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
> 
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.


From dilek.gider at basistek.com  Tue Aug 22 10:09:45 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Tue, 22 Aug 2017 11:09:45 +0300
Subject: [midPoint] Currently we are unable to process your request. Kindly
	try again later.
Message-ID: <CAL797G=9cJghyFPRsD1yOBAEsgTuRp9Aq9qmAs7DvWhewYniAQ@mail.gmail.com>

Hi All,

I tried to import AD keystore, but keystore files started to give an error
"Invalid keystore format".
Then I uninstalled jdk and jre, and then installed the same version of jdk
and jre, on the same file location.
After this operation, I can't login to midpoint as administrator. Error is:
 Currently we are unable to process your request. Kindly try again later.

But there is no exception, I attached logs.  I have resources in midpoint,
how can I fix this problem? I made en effort long hours, at the end I will
uninstall tomcat and then install it again. What can be the problem? Is
there easy way to solve this?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170822/d968fe4f/attachment.htm>
-------------- next part --------------
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +--------------------------------------------------------------------------------------------+
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |             _    | |  _  \     _     _| |_
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |   ___ ____ (_) __| | |_) |___ (_)___|_   _|
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  |  _ ` _ `| |/ _  |  __/  _ \| |  _` | |
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  | | | | | | | (_| | |  | (_) | | | | | |_
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  |_| |_| |_|_|\____|_|  \____/|_|_| |_|\__|  by Evolveum and partners
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |
2017-08-22 10:38:41,204 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Licensed under the Apache License, Version 2.0 see: http://www.apache.org/licenses/LICENSE-2.0
2017-08-22 10:38:41,220 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Version :  3.4.1
2017-08-22 10:38:41,220 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Sources :  https://github.com/Evolveum/midpoint.git  branch:  support-3.4
2017-08-22 10:38:41,220 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Bug reporting system : http://jira.evolveum.com/
2017-08-22 10:38:41,220 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): |  Product information : http://wiki.evolveum.com/display/midPoint
2017-08-22 10:38:41,220 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): +---------------------------------------------------------------------------------------------+
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): midpoint.home = c:\midpoint\tirsan/
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/ already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/icf-connectors already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/idm-legacy already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/log already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/schema already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/import already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/export already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ApplicationHomeSetup): Directory c:\midpoint\tirsan/tmp already exists. Reusing it.
2017-08-22 10:38:41,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.StartupConfiguration): Loading midPoint configuration from file c:\midpoint\tirsan\config.xml
2017-08-22 10:38:42,235 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.prism.crypto.AESProtector): Using file keystore at c:\midpoint\tirsan//keystore.jceks
2017-08-22 10:38:42,423 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ConfigurablePrismContextFactory): Loading extension schemas from folder 'c:\midpoint\tirsan//schema'.
2017-08-22 10:38:51,915 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.RepositoryFactory): Repository factory class name from configuration 'com.evolveum.midpoint.repo.sql.SqlRepositoryFactory'.
2017-08-22 10:38:51,915 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.RepositoryFactory): Getting factory bean 'com.evolveum.midpoint.repo.sql.SqlRepositoryFactory'
2017-08-22 10:38:51,930 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): Initializing SQL repository factory
2017-08-22 10:38:51,946 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): Database wont be deleted, dropIfExists=false.
2017-08-22 10:38:51,946 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): Starting h2 in server mode.
2017-08-22 10:38:52,312 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): H2 files are in 'c:\midpoint\tirsan'.
2017-08-22 10:38:52,766 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlPerformanceMonitor): SQL Performance Monitor initialized (level = 0).
2017-08-22 10:38:52,766 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): Repository initialization finished.
2017-08-22 10:38:52,922 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.DataSourceFactory): Loading datasource.
2017-08-22 10:38:52,922 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.DataSourceFactory): Constructing default C3P0 datasource with connection pooling.
2017-08-22 10:38:59,765 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.helpers.OrgClosureManager): Checking the closure table structure.
2017-08-22 10:39:00,140 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.RepositoryFactory): Getting factory bean 'com.evolveum.midpoint.repo.cache.RepositoryCacheFactory'
2017-08-22 10:39:00,187 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.AuditFactory): Getting factory 'com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory'
2017-08-22 10:39:00,187 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.AuditFactory): Getting factory 'com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory'
2017-08-22 10:39:00,203 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory): Initializing Sql audit service factory.
2017-08-22 10:39:00,203 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlRepositoryFactory): SQL repository already initialized.
2017-08-22 10:39:00,203 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory): Sql audit service factory initialization complete.
2017-08-22 10:39:00,359 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.Initializer): Task Manager initialization.
2017-08-22 10:39:00,375 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.Initializer): Task Manager: Quartz Job Store: in-memory, NOT clustered. Threads: 10
2017-08-22 10:39:00,390 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.cluster.NodeRegistrar): Registering this node in the repository as DefaultNode at 10.154.2.36:20001
2017-08-22 10:39:01,203 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.execution.TaskSynchronizer): Synchronizing Quartz job store with midPoint repository.
2017-08-22 10:39:01,421 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.execution.TaskSynchronizer): Synchronization of midpoint and Quartz task store finished. 3 task(s) existing in midPoint repository successfully processed, resulting in 3 updated Quartz job(s). 0 task(s) removed from Quartz job store. Processing of 0 task(s) failed.
2017-08-22 10:39:01,421 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.Initializer): Task Manager initialized
2017-08-22 10:39:01,515 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-csvfile version: 1.4.2.0
2017-08-22 10:39:01,625 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-databasetable version: 1.4.2.0
2017-08-22 10:39:01,671 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: com.evolveum.polygon.connector-ldap version: 1.4.2.18
2017-08-22 10:39:02,550 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: net.tirasa.connid.bundles.db.scriptedsql version: 2.2.3
2017-08-22 10:39:02,597 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl): Discovered ICF bundle on CLASSPATH: org.forgerock.openicf.connectors.scriptedsql-conne version: 1.1.2.0.em3
2017-08-22 10:39:03,066 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.wf.impl.WfConfiguration): Activiti database is at jdbc:h2:tcp://127.0.0.1:5437/midpoint-activiti;DB_CLOSE_ON_EXIT=FALSE (a JDBC URL)
2017-08-22 10:39:03,066 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.wf.impl.WfConfiguration): Activiti automatic schema update: true
2017-08-22 10:39:06,191 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.wf.impl.activiti.ActivitiEngine): Activiti engine successfully created.
2017-08-22 10:39:06,207 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.wf.impl.activiti.ActivitiEngine): Auto deployment from classpath*:processes/*.bpmn20.xml yields 1 resource(s)
2017-08-22 10:39:17,678 [] [localhost-startStop-1] WARN (org.apache.cxf.jaxrs.utils.AnnotationUtils): Method suspendAndDeleteTasks in com.evolveum.midpoint.model.impl.ModelRestService has no JAX-RS Path or HTTP Method annotations
2017-08-22 10:39:18,194 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.wf.impl.WfHook): Workflow change hook was registered.
2017-08-22 10:39:18,975 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Starting initial object import (if necessary).
2017-08-22 10:39:21,025 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.InitialDataImport): Initial object import finished (0 objects imported, 0 errors)
2017-08-22 10:39:21,041 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.init.ModelInitialSetup): Model post initialization.
2017-08-22 10:39:21,072 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.common.LoggingConfigurationManager): Applying logging configuration (version 0)
2017-08-22 10:39:21,072 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.common.LoggingConfigurationManager): Resetting current logging configuration
2017-08-22 10:39:21,259 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.common.LoggingConfigurationManager): New logging configuration applied
2017-08-22 10:39:21,259 [] [localhost-startStop-1] INFO (com.evolveum.midpoint.task.quartzimpl.execution.LocalNodeManager): Starting the Quartz scheduler
2017-08-22 10:39:21,259 [] [ClusterManagerThread] INFO (com.evolveum.midpoint.task.quartzimpl.cluster.ClusterManager): ClusterManager thread starting.
2017-08-22 10:39:21,259 [] [localhost-startStop-1] INFO (org.quartz.core.QuartzScheduler): Scheduler midPointScheduler_$_DefaultNode started.
2017-08-22 10:39:21,697 [] [midPointScheduler_Worker-3] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:21,776 [] [midPointScheduler_Worker-2] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:21,862 [] [midPointScheduler_Worker-2] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:21,879 [] [midPointScheduler_Worker-1] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:21,929 [] [midPointScheduler_Worker-1] INFO (org.hibernate.dialect.Dialect): HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
2017-08-22 10:39:21,929 [] [midPointScheduler_Worker-1] INFO (com.evolveum.midpoint.repo.sql.SqlAuditServiceImpl): Starting audit cleanup, deleting up to Mon May 22 10:39:21 EET 2017 (duration '-P3M'), batch size 500.
2017-08-22 10:39:22,085 [] [midPointScheduler_Worker-1] INFO (com.evolveum.midpoint.repo.sql.SqlAuditServiceImpl): Audit cleanup finished; deleted 0 entries in 0 seconds.
2017-08-22 10:39:22,085 [] [midPointScheduler_Worker-1] INFO (com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl): Starting cleanup for closed tasks deleting up to Sat Jul 22 10:39:22 EET 2017 (duration '-P1M').
2017-08-22 10:39:22,117 [] [midPointScheduler_Worker-1] INFO (com.evolveum.midpoint.task.quartzimpl.TaskManagerQuartzImpl): Task cleanup procedure finished. Successfully deleted 0 tasks; there were problems with deleting 0 tasks.
2017-08-22 10:39:22,226 [] [midPointScheduler_Worker-1] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:22,226 [] [midPointScheduler_Worker-2] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:22,456 [] [midPointScheduler_Worker-1] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
2017-08-22 10:39:22,456 [] [midPointScheduler_Worker-2] INFO (org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl): HHH000010: On release of batch it still contained JDBC statements
-------------- next part --------------
2017-08-22 10:38:14 Commons Daemon procrun stderr initialized
22-Aug-2017 10:38:15.370 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.16
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jun 21 2017 17:01:09 UTC
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.16.0
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Windows Server 2012 R2
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            6.3
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             C:\Program Files\Java\jre1.8.0_141
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_141-b15
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=C:\Program Files\Apache Software Foundation\Tomcat 8.5\temp
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.net.ssl.trustStore=C:\midpoint\tirsan\keystore.jceks -Djavax.net.ssl.trustStoreType=jceks
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf\logging.properties
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=C:\Program Files\Apache Software Foundation\Tomcat 8.5
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=C:\Program Files\Apache Software Foundation\Tomcat 8.5\temp
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf\logging.properties
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dmidpoint.home=c:\midpoint\tirsan
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: exit
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms256m
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx1024m
22-Aug-2017 10:38:15.386 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [C:\Program Files\Apache Software Foundation\Tomcat 8.5\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.8.0_141\bin;.]
22-Aug-2017 10:38:15.589 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
22-Aug-2017 10:38:15.777 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
22-Aug-2017 10:38:15.792 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
22-Aug-2017 10:38:15.792 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
22-Aug-2017 10:38:15.792 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 1068 ms
22-Aug-2017 10:38:15.855 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
22-Aug-2017 10:38:15.855 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.16
22-Aug-2017 10:38:15.902 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\midpoint.war]
22-Aug-2017 10:38:34.173 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
22-Aug-2017 10:39:38.349 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\midpoint.war] has finished in [82,447] ms
22-Aug-2017 10:39:38.349 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\docs]
22-Aug-2017 10:39:38.396 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\docs] has finished in [47] ms
22-Aug-2017 10:39:38.396 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\manager]
22-Aug-2017 10:39:38.458 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\manager] has finished in [62] ms
22-Aug-2017 10:39:38.458 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\ROOT]
22-Aug-2017 10:39:38.505 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\ROOT] has finished in [47] ms
22-Aug-2017 10:39:38.521 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
22-Aug-2017 10:39:38.536 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
22-Aug-2017 10:39:38.536 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 82743 ms
-------------- next part --------------
2017-08-22 10:38:14 Commons Daemon procrun stdout initialized
midpoint.home = c:\midpoint\tirsan/
Loading midPoint configuration from file c:\midpoint\tirsan\config.xml
10:39:21,087 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
10:39:21,087 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [IDM_LOG]
10:39:21,087 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - No compression will be used
10:39:21,087 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - Will use the pattern C:/Program Files/Apache Software Foundation/Tomcat 8.5/logs/idm-%d{yyyy-MM-dd}.%i.log for the active file
10:39:21,087 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 249eec45 - The date pattern is 'yyyy-MM-dd' from file name pattern 'C:/Program Files/Apache Software Foundation/Tomcat 8.5/logs/idm-%d{yyyy-MM-dd}.%i.log'.
10:39:21,087 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 249eec45 - Roll-over at midnight.
10:39:21,087 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 249eec45 - Setting initial period to Tue Aug 22 10:39:21 EET 2017
10:39:21,087 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - Cleaning on start up
10:39:21,087 |-INFO in ch.qos.logback.core.rolling.helper.SizeAndTimeBasedArchiveRemover at 355c5c8 - first clean up after appender initialization
10:39:21,087 |-INFO in ch.qos.logback.core.rolling.helper.SizeAndTimeBasedArchiveRemover at 355c5c8 - periodsElapsed = 64
10:39:21,181 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
10:39:21,181 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[IDM_LOG] - Active log file name: C:\Program Files\Apache Software Foundation\Tomcat 8.5/logs/idm.log
10:39:21,181 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[IDM_LOG] - File property is set to [C:\Program Files\Apache Software Foundation\Tomcat 8.5/logs/idm.log]
10:39:21,181 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
10:39:21,181 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [IDM_LOG] to Logger[ROOT]
10:39:21,181 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.rolling.RollingFileAppender]
10:39:21,181 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [IDM-PROFILE_LOG]
10:39:21,197 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - No compression will be used
10:39:21,197 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - Will use the pattern C:/Program Files/Apache Software Foundation/Tomcat 8.5/logs/idm-profile-%d{yyyy-MM-dd}.%i.log for the active file
10:39:21,197 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 5d4500e - The date pattern is 'yyyy-MM-dd' from file name pattern 'C:/Program Files/Apache Software Foundation/Tomcat 8.5/logs/idm-profile-%d{yyyy-MM-dd}.%i.log'.
10:39:21,197 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 5d4500e - Roll-over at midnight.
10:39:21,197 |-INFO in ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP at 5d4500e - Setting initial period to Tue Jul 25 10:59:12 EET 2017
10:39:21,197 |-INFO in c.q.l.core.rolling.TimeBasedRollingPolicy - Cleaning on start up
10:39:21,197 |-INFO in ch.qos.logback.core.rolling.helper.SizeAndTimeBasedArchiveRemover at 1b9af479 - first clean up after appender initialization
10:39:21,197 |-INFO in ch.qos.logback.core.rolling.helper.SizeAndTimeBasedArchiveRemover at 1b9af479 - periodsElapsed = 64
10:39:21,244 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
10:39:21,244 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[IDM-PROFILE_LOG] - Active log file name: C:\Program Files\Apache Software Foundation\Tomcat 8.5/logs/idm-profile.log
10:39:21,244 |-INFO in ch.qos.logback.core.rolling.RollingFileAppender[IDM-PROFILE_LOG] - File property is set to [C:\Program Files\Apache Software Foundation\Tomcat 8.5/logs/idm-profile.log]
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
10:39:21,244 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [IDM_LOG] to Logger[ROOT]
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [ro.isdc.wro.extensions.processor.css.Less4jProcessor] to ERROR
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] to OFF
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [org.hibernate.engine.jdbc.batch.internal.BatchingBatch] to OFF
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [net.sf.jasperreports.engine.fill.JRFillDataset] to OFF
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [org.apache.wicket.resource.PropertiesFactory] to WARN
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.evolveum.midpoint.model.impl.lens.projector.Projector] to INFO
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.evolveum.midpoint.model.impl.lens.Clockwork] to INFO
10:39:21,244 |-INFO in ch.qos.logback.classic.joran.action.LoggerAction - Setting level of logger [com.evolveum.midpoint.audit.log] to OFF
10:39:21,259 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Adding LoggerContextListener of type [ch.qos.logback.classic.jul.LevelChangePropagator] to the object stack
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Setting level of jul logger [org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] to null
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Setting level of jul logger [disabled] to null
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating INFO level on Logger[ROOT] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating OFF level on Logger[com.evolveum.midpoint.audit.log] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating INFO level on Logger[com.evolveum.midpoint.model.impl.lens.Clockwork] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating INFO level on Logger[com.evolveum.midpoint.model.impl.lens.projector.Projector] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating OFF level on Logger[net.sf.jasperreports.engine.fill.JRFillDataset] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating WARN level on Logger[org.apache.wicket.resource.PropertiesFactory] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating OFF level on Logger[org.hibernate.engine.jdbc.batch.internal.BatchingBatch] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating OFF level on Logger[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator at 4c88486e - Propagating ERROR level on Logger[ro.isdc.wro.extensions.processor.css.Less4jProcessor] onto the JUL framework
10:39:21,259 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Starting LoggerContextListener
10:39:21,259 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
10:39:21,259 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator at 3cfa0371 - Registering current configuration as safe fallback point

From wojciech.staszewski at diagnostyka.pl  Tue Aug 22 11:19:07 2017
From: wojciech.staszewski at diagnostyka.pl (Wojciech Staszewski)
Date: Tue, 22 Aug 2017 11:19:07 +0200
Subject: [midPoint] Currently we are unable to process your request.
 Kindly try again later.
In-Reply-To: <CAL797G=9cJghyFPRsD1yOBAEsgTuRp9Aq9qmAs7DvWhewYniAQ@mail.gmail.com>
References: <CAL797G=9cJghyFPRsD1yOBAEsgTuRp9Aq9qmAs7DvWhewYniAQ@mail.gmail.com>
Message-ID: <c6e5c9fa-b81d-f360-30d2-1dfd6dd92340@diagnostyka.pl>

What is the key length? If it is AES-256, then you have to download extra file "jce_policy-8.zip" and extract to $JAVA_HOME/jre/lib/security
And what about keystore password and keypass? Was it changed?

Regards,
WS

W dniu 22.08.2017 o 10:09, Dilek Gider pisze:
> Hi All,
> 
> I tried to import AD keystore, but keystore files started to give an error "Invalid keystore format".
> Then I uninstalled jdk and jre, and then installed the same version of jdk and jre, on the same file location. 
> After this operation, I can't login to midpoint as administrator. Error is:
>  Currently we are unable to process your request. Kindly try again later.
> 
> But there is no exception, I attached logs.  I have resources in midpoint, how can I fix this problem? I made en effort long hours, at the end I will uninstall tomcat and then install it again. What can be the problem? Is there easy way to solve this?
> 
> Thank you.
> 
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.


From dilek.gider at basistek.com  Tue Aug 22 11:46:10 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Tue, 22 Aug 2017 12:46:10 +0300
Subject: [midPoint] Currently we are unable to process your request.
 Kindly try again later.
In-Reply-To: <c6e5c9fa-b81d-f360-30d2-1dfd6dd92340@diagnostyka.pl>
References: <CAL797G=9cJghyFPRsD1yOBAEsgTuRp9Aq9qmAs7DvWhewYniAQ@mail.gmail.com>
 <c6e5c9fa-b81d-f360-30d2-1dfd6dd92340@diagnostyka.pl>
Message-ID: <CAL797GkV-1i2-4HpHB8BkKkL6+Zxw5x+JimiJyLHpj37jdPJJQ@mail.gmail.com>

Hi,

My test enviorement works fine with ssl connection to AD but it connects to
AD test. Now i am configuring production enviorement, should connect to
production AD. I wanted certificate file from customer, I dont know
password and other details. But my question is, I removed all of keystores
and midpoint gives error, i can't login with administrator. Why can't login
, there is no exception nowhere, what can it be?

On Tue, Aug 22, 2017 at 12:19 PM, Wojciech Staszewski <
wojciech.staszewski at diagnostyka.pl> wrote:

> What is the key length? If it is AES-256, then you have to download extra
> file "jce_policy-8.zip" and extract to $JAVA_HOME/jre/lib/security
> And what about keystore password and keypass? Was it changed?
>
> Regards,
> WS
>
> W dniu 22.08.2017 o 10:09, Dilek Gider pisze:
> > Hi All,
> >
> > I tried to import AD keystore, but keystore files started to give an
> error "Invalid keystore format".
> > Then I uninstalled jdk and jre, and then installed the same version of
> jdk and jre, on the same file location.
> > After this operation, I can't login to midpoint as administrator. Error
> is:
> >  Currently we are unable to process your request. Kindly try again later.
> >
> > But there is no exception, I attached logs.  I have resources in
> midpoint, how can I fix this problem? I made en effort long hours, at the
> end I will uninstall tomcat and then install it again. What can be the
> problem? Is there easy way to solve this?
> >
> > Thank you.
> >
> >
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
>
> --
> Wojciech Staszewski
> Administrator Systemów Sieciowych
> tel. kom: 663 680 236
> www.diagnostyka.pl
> Diagnostyka Sp. z o. o.
> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI
> Wydział Gospodarczy KRS)
> NIP: 675-12-65-009; REGON: 356366975
> Kapitał zakładowy: 33 756 500 zł.
>
> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170822/e2636e55/attachment.htm>

From dilek.gider at basistek.com  Tue Aug 22 13:11:48 2017
From: dilek.gider at basistek.com (Dilek Gider)
Date: Tue, 22 Aug 2017 14:11:48 +0300
Subject: [midPoint] Currently we are unable to process your request.
 Kindly try again later.
In-Reply-To: <CAL797GkV-1i2-4HpHB8BkKkL6+Zxw5x+JimiJyLHpj37jdPJJQ@mail.gmail.com>
References: <CAL797G=9cJghyFPRsD1yOBAEsgTuRp9Aq9qmAs7DvWhewYniAQ@mail.gmail.com>
 <c6e5c9fa-b81d-f360-30d2-1dfd6dd92340@diagnostyka.pl>
 <CAL797GkV-1i2-4HpHB8BkKkL6+Zxw5x+JimiJyLHpj37jdPJJQ@mail.gmail.com>
Message-ID: <CAL797Gkk+c3DDiiZoUWLUM+TOm7HPtus0GrE8Rf+rd97Uw0HLw@mail.gmail.com>

I uninstalled Tomcat and then installed it with existing midpoint
repository, once login to dashboard with administrator, it succeeded.
After that, when I added below line to java-opts,

-Djavax.net.ssl.trustStore=<midpoint-home>keystore.jceks
-Djavax.net.ssl.trustStoreType=jceks

administrator couldn't login to dashboard. When I removed that line from
java-opts, it is still can not login to dashboard.

Before these operations, I exctracted "jce_policy-8.zip" to lib/security.

Also, I  generated keystore with key size 256 like below line:

keytool -genseckey -alias default -keystore keystore.jceks -storetype jceks
-keyalg AES -keysize 256



On Tue, Aug 22, 2017 at 12:46 PM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Hi,
>
> My test enviorement works fine with ssl connection to AD but it connects
> to AD test. Now i am configuring production enviorement, should connect to
> production AD. I wanted certificate file from customer, I dont know
> password and other details. But my question is, I removed all of keystores
> and midpoint gives error, i can't login with administrator. Why can't login
> , there is no exception nowhere, what can it be?
>
> On Tue, Aug 22, 2017 at 12:19 PM, Wojciech Staszewski <
> wojciech.staszewski at diagnostyka.pl> wrote:
>
>> What is the key length? If it is AES-256, then you have to download extra
>> file "jce_policy-8.zip" and extract to $JAVA_HOME/jre/lib/security
>> And what about keystore password and keypass? Was it changed?
>>
>> Regards,
>> WS
>>
>> W dniu 22.08.2017 o 10:09, Dilek Gider pisze:
>> > Hi All,
>> >
>> > I tried to import AD keystore, but keystore files started to give an
>> error "Invalid keystore format".
>> > Then I uninstalled jdk and jre, and then installed the same version of
>> jdk and jre, on the same file location.
>> > After this operation, I can't login to midpoint as administrator. Error
>> is:
>> >  Currently we are unable to process your request. Kindly try again
>> later.
>> >
>> > But there is no exception, I attached logs.  I have resources in
>> midpoint, how can I fix this problem? I made en effort long hours, at the
>> end I will uninstall tomcat and then install it again. What can be the
>> problem? Is there easy way to solve this?
>> >
>> > Thank you.
>> >
>> >
>> >
>> > _______________________________________________
>> > midPoint mailing list
>> > midPoint at lists.evolveum.com
>> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >
>>
>> --
>> Wojciech Staszewski
>> Administrator Systemów Sieciowych
>> tel. kom: 663 680 236
>> www.diagnostyka.pl
>> Diagnostyka Sp. z o. o.
>> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
>> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie,
>> XI Wydział Gospodarczy KRS)
>> NIP: 675-12-65-009; REGON: 356366975
>> Kapitał zakładowy: 33 756 500 zł.
>>
>> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170822/ae89b50d/attachment.htm>

From wojciech.staszewski at diagnostyka.pl  Wed Aug 23 10:30:21 2017
From: wojciech.staszewski at diagnostyka.pl (Wojciech Staszewski)
Date: Wed, 23 Aug 2017 10:30:21 +0200
Subject: [midPoint] How to translate Workfolw notifications?
In-Reply-To: <6ec14e32-84f5-a888-dcff-deb3471e16fe@diagnostyka.pl>
References: <d44be8c5-4a28-236b-5240-f11353550d9f@diagnostyka.pl>
 <161b67fd-527b-351a-54b9-332473232334@evolveum.com>
 <6ec14e32-84f5-a888-dcff-deb3471e16fe@diagnostyka.pl>
Message-ID: <13678107-dbbf-ef49-c303-fc8708ff2425@diagnostyka.pl>

Hello!

Because the notifier's expressions are not as easy as I thought,
I translated messages directly in the source (simpleWorkflowNotifier.java) and compiled midPoint from sources.

Now I have this notifier fully localized and it works perfectly. I know this is lame and I have to remember to translate these files again before each update,
but it works and now I can focus on more important tasks. :)

Regards,
WS

W dniu 21.08.2017 o 09:54, Wojciech Staszewski pisze:
> OK, thanks.
> 
> Actually I like the default messages, except the fact that they are in English, so I was wonder if there's some easy way to translate them.
> If not, well, it's time for me to learn workflow expressions. Piece of cake (I hope) :) .
> 
> Regards,
> WS
> 
> W dniu 21.08.2017 o 08:07, Pavol Mederly pisze:
>> Hello Wojciech,
>>
>> currently the only way is to customize the notifiers (any of them, not only workflow) by providing your own body and subject expressions. If you really need the transifex support, please contact Igor or Radovan directly.
>>
>> Pavol Mederly
>> Software developer
>> evolveum.com
>>
>> On 20.08.2017 18:16, Wojciech Staszewski wrote:
>>> Hello!
>>>
>>> How to translate SimpleWorkflowNotifier notifications? I can't see it on
>>> Transifex.
>>>
>>> Best regards,
>>> Wojciech Staszewski
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.


From esteban.jeria at cgi.com  Thu Aug 24 14:30:03 2017
From: esteban.jeria at cgi.com (Jeria, Esteban)
Date: Thu, 24 Aug 2017 12:30:03 +0000
Subject: [midPoint] Repository Objects-export all objects
Message-ID: <678C21BCC7A3FC44B939536BD6C8DEBCCFCA98@corpowt-8>

Hi,



Just to mention you that I get an error when I try to export all objects from the "Repository Objects"

It seems that the permission on midpoint-home/tmp directory are not properly set for tomcat user.



Couldn't init download link

Operation  operation.com.evolveum.midpoint.web.page.admin.configuration.component.PageDebugDownloadBehaviour.createDownloadFile
Message    Couldn't init download link
Error      /opt/midpoint-home/tmp/ExportedData_ObjectType_1503576412207.xml (Permission denied)







Esteban Jeria
Conseiller CGI / CGI Consultant

Sécurité - Gestion des accès / Security - Access Management
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170824/c25ca7c3/attachment.htm>

From esteban.jeria at cgi.com  Thu Aug 24 17:11:04 2017
From: esteban.jeria at cgi.com (Jeria, Esteban)
Date: Thu, 24 Aug 2017 15:11:04 +0000
Subject: [midPoint] CSV connector with single identifier
Message-ID: <678C21BCC7A3FC44B939536BD6C8DEBCCFCAAE@corpowt-8>

Hi,



I started testing your application with version 3.5.1 and my PoC works properly, then now I would like to test the other recents features like escalation or password reset by email so I installed version 3.6, but I'm unable to make work the CSV connector 2.0.
My CSV file has a single unique identifier so I tried to figure out how that it works by using the sample on /sample/ressource/evolveum/resource-hr.xml, but it doesn't work either.
It's complaining about that there is no value for "name" attribute.



001: No name in new object null as produced by template null in iteration 0, we cannot process an object without a name



How can I properly test your sample?



Esteban Jeria
Conseiller CGI / CGI Consultant

Sécurité - Gestion des accès / Security - Access Management
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170824/31a0aa1f/attachment.htm>

From esteban.jeria at cgi.com  Fri Aug 25 15:35:52 2017
From: esteban.jeria at cgi.com (Jeria, Esteban)
Date: Fri, 25 Aug 2017 13:35:52 +0000
Subject: [midPoint] Repository Objects-export all objects
In-Reply-To: <678C21BCC7A3FC44B939536BD6C8DEBCCFCA98@corpowt-8>
References: <678C21BCC7A3FC44B939536BD6C8DEBCCFCA98@corpowt-8>
Message-ID: <678C21BCC7A3FC44B939536BD6C8DEBCCFCADC@corpowt-8>

I forgot to mention that the error happens on your live demo page https://demo.evolveum.com.



Esteban Jeria
Conseiller CGI / CGI Consultant

Sécurité - Gestion des accès / Security - Access Management

________________________________
From: Jeria, Esteban
Sent: August 24, 2017 8:30 AM
To: midpoint at lists.evolveum.com
Subject: Repository Objects-export all objects


Hi,



Just to mention you that I get an error when I try to export all objects from the "Repository Objects"

It seems that the permission on midpoint-home/tmp directory are not properly set for tomcat user.



Couldn't init download link

Operation  operation.com.evolveum.midpoint.web.page.admin.configuration.component.PageDebugDownloadBehaviour.createDownloadFile
Message    Couldn't init download link
Error      /opt/midpoint-home/tmp/ExportedData_ObjectType_1503576412207.xml (Permission denied)







Esteban Jeria
Conseiller CGI / CGI Consultant

Sécurité - Gestion des accès / Security - Access Management
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170825/bc3f8936/attachment.htm>

From ryanis at identicum.com  Tue Aug 29 20:32:57 2017
From: ryanis at identicum.com (Rodrigo Yanis)
Date: Tue, 29 Aug 2017 15:32:57 -0300
Subject: [midPoint] - Inherited role's mapping not removing value from user
Message-ID: <CADu-59EeHD-r3GzuM-KfrvVe81_Qgjz0ryx53vrxBvqb6mjw1Q@mail.gmail.com>

Hello everyone,

I'm currently experiencing an issue in MidPoint 3.5.1 where I have a role
with an inducement including a focusMapping, defined as following:

<inducement id="1">
      <focusMappings>
         <mapping>
            <strength>strong</strength>
            <source>
               <c:path>$focus/extension/someAttribute</c:path>
            </source>
            <expression>
               <script>
                  <code>
                if (someAttribute) { return "someValue" }
                else { return null };
               </code>
               </script>
            </expression>
            <target>
               <c:path>$focus/extension/targetAttribute</c:path>
            </target>
         </mapping>
      </focusMappings>
      <orderConstraint>
         <orderMax>unbounded</orderMax>
      </orderConstraint>
      <focusType>UserType</focusType>
   </inducement>

So when I directly assign this to a user, the role writes the attribute
"targetAttribute", and when i de-assign it, the value is removed. This is
the expected behavior.

This is not the exact case when the role is induced into another role, and
this last one is assigned to the user. In this case, the "2nd order" role
writes the value correctly, but when the "2nd order" role is de-induced
from the "1st order" role and then the user is recomputed, targetAttribute
value is not removed.

I hope the case is well explained. Anecdotically, I've played with the
orders on the inducements but haven't got any results.

Do you have any suggestions? Is this encompassed on 3.6 release?

Thanks a lot.

*Rodrigo Yanis.*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
ryanis at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170829/80b73a45/attachment.htm>

From adoler at deloitte.com  Wed Aug 30 19:14:35 2017
From: adoler at deloitte.com (Doler, Alexander Earl (LATCO - Buenos Aires))
Date: Wed, 30 Aug 2017 17:14:35 +0000
Subject: [midPoint] Approval processes in Segregation of Duties
Message-ID: <DM5PR85MB0205731EA3FA544938DA5881AA9C0@DM5PR85MB0205.NAMPRD85.PROD.OUTLOOK.COM>

Hello,

I am trying to configure Segregation of Duties in MidPoint so that when incompatible roles are requested, an approval process is triggered. I am able to successfully block assignment of incompatible roles by specifying "<enforcement>" in the policy actions. However, when I replace "enforcement" with "approval," MidPoint seems to ignore any approval process specified and assigns the role. I noticed the tag "prune" is also ignored when specified here. I am using MidPoint version 3.6.

Here is my code:

   <assignment id="7">
      <policyRule>
         <name>Exclude Role Assignment</name>
         <policyConstraints>
            <exclusion>
               <targetRef oid="(ROLE OID)"
                          relation="org:default"
                          type="c:RoleType"></targetRef>
            </exclusion>
         </policyConstraints>
         <policyActions>
            <approval>
               <compositionStrategy>
                  <order>10</order>
               </compositionStrategy>
               <approvalSchema>
                  <level>
                     <name>Auditing Approval</name>
                     <approverRef oid="(APPROVER OID)"
                                  relation="org:default"
                                  type="c:OrgType"></approverRef>
                     <evaluationStrategy>firstDecides</evaluationStrategy>
                     <groupExpansion>onWorkItemCreation</groupExpansion>
                  </level>
               </approvalSchema>
            </approval>
         </policyActions>
      </policyRule>
   </assignment>

Any thoughts on how to make this work?

Thank you,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170830/e87d385e/attachment.htm>

From esteban.jeria at cgi.com  Thu Aug 31 20:36:17 2017
From: esteban.jeria at cgi.com (Jeria, Esteban)
Date: Thu, 31 Aug 2017 18:36:17 +0000
Subject: [midPoint] Approval processes in Segregation of Duties
In-Reply-To: <DM5PR85MB0205731EA3FA544938DA5881AA9C0@DM5PR85MB0205.NAMPRD85.PROD.OUTLOOK.COM>
References: <DM5PR85MB0205731EA3FA544938DA5881AA9C0@DM5PR85MB0205.NAMPRD85.PROD.OUTLOOK.COM>
Message-ID: <678C21BCC7A3FC44B939536BD6C8DEBCD06472@corpowt-8>

Hola Alex,



I was working on exactly the same feature on last days, so I tested your code and I found an error on approverRef, the type should be an user



<approverRef oid="(APPROVER OID)"
                                  relation="org:default"
                                  type="c:UserType"></approverRef>



otherwise your request goes to nobody. Actually you can probably found them under "Work items / All requests"

Once fixed, the approval workflow works properly.



Esteban Jeria
Conseiller CGI / CGI Consultant

Sécurité - Gestion d'identité et des accès / Security - Identity and Access Management

________________________________
From: Doler, Alexander Earl (LATCO - Buenos Aires) [adoler at deloitte.com]
Sent: August 30, 2017 1:14 PM
To: midPoint General Discussion
Subject: [midPoint] Approval processes in Segregation of Duties

Hello,

I am trying to configure Segregation of Duties in MidPoint so that when incompatible roles are requested, an approval process is triggered. I am able to successfully block assignment of incompatible roles by specifying “<enforcement>” in the policy actions. However, when I replace “enforcement” with “approval,” MidPoint seems to ignore any approval process specified and assigns the role. I noticed the tag “prune” is also ignored when specified here. I am using MidPoint version 3.6.

Here is my code:

   <assignment id="7">
      <policyRule>
         <name>Exclude Role Assignment</name>
         <policyConstraints>
            <exclusion>
               <targetRef oid="(ROLE OID)"
                          relation="org:default"
                          type="c:RoleType"></targetRef>
            </exclusion>
         </policyConstraints>
         <policyActions>
            <approval>
               <compositionStrategy>
                  <order>10</order>
               </compositionStrategy>
               <approvalSchema>
                  <level>
                     <name>Auditing Approval</name>
                     <approverRef oid="(APPROVER OID)"
                                  relation="org:default"
                                  type="c:OrgType"></approverRef>
                     <evaluationStrategy>firstDecides</evaluationStrategy>
                     <groupExpansion>onWorkItemCreation</groupExpansion>
                  </level>
               </approvalSchema>
            </approval>
         </policyActions>
      </policyRule>
   </assignment>

Any thoughts on how to make this work?

Thank you,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170831/fd3ffa0c/attachment.htm>