[midPoint] Active Directory v2.0 connector and strange problems

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Tue Apr 30 08:46:53 CEST 2019 

Thanks Petr!

According to the info at Evolveum web page, the 2.1 version has a new option for SSL certificate validation only.
There is no changelog/release notes available where we could read what else this version provides: fixed bugs, enhancements, or anything else.
Or I cannot find it.

I had to switch back to v1.6-SNAPSHOT and there's a second day with no issues for now:

[code] select name_orig, count(name_orig) from m_object where name_orig like 'CN=%' group by name_orig having count(name_orig)>1; [/code]

RESULT: 0

At this moment I consider the v2.0 as useless for production usage because of the bugs.
Of course I have to wait for one of the subscribers to confirm this issue.

Best regards!
WS

W dniu 24.04.2019 o 21:02, Petr Gašparík - AMI Praha a.s. pisze:
> Hi Wojciech,
> there's already 2.1 version, maybe it will help?
> https://github.com/Evolveum/connector-ldap/tree/v2.1
> 
> --
> 
> s pozdravem
> 
> *Petr Gašparík*
> solution architect
> 
> gsm: [+420] 603 523 860
> e‑mail: petr.gasparik at ami.cz <mailto:petr.gasparik at ami.cz>
> 
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
> 
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
> 
> AMI Praha a.s.
> 
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.
> 
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
> 
> 
> 
> st 24. 4. 2019 v 17:16 odesílatel Wojciech Staszewski <wojciech.staszewski at diagnostyka.pl <mailto:wojciech.staszewski at diagnostyka.pl>> napsal:
> 
>     Hello Community!
> 
>     I have a strange problem with my Active Directory resource (and v2.0 connector, midPoint 3.9).
> 
>     The Active Directory account shadows for the mP users are duplicated somehow.
>     At the moment I have many users with for example 4 or 5 projections (shadows) on AD resource in the same account intent.
> 
>     I cleaned this up today morning but now I see the duplicated shadows again. I don't know what is going on.
> 
>     In the error log file I see entries like this:
> 
>     2019-04-24 14:40:07,678 [] [midPointScheduler_Worker-31] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.identityconnectors.framework.common.exceptions.ConnectorIOException in connector:7cba6b73-fab6-4305-ae9b-a208afae9a10(ConnId com.evolveum.polygon.connector.ldap.ad <http://connector.ldap.ad>.AdLdapConnector v2.0): ConnectorSpec(resource:b2fdc856-6ec4-4b6a-b44b-96063b66fcba(Active Directory), name=null, oid=7cba6b73-fab6-4305-ae9b-a208afae9a10):
>     Error adding LDAP entry
>     CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)
>     org.identityconnectors.framework.common.exceptions.ConnectorIOException: Error adding LDAP entry CN=AAAAAAAA,OU=BBBBBBB,OU=CCCCCCC,OU=DDDDDDD,DC=EEEEEE,DC=FFFFFFF,DC=GG: operationsError: 000004DC: LdapErr: DSID-0C090FEF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839? (1)
> 
>     The log applies to an user that already has an AD account which is correctly linked in midPoint (adding LDAP entry?)
>     But the connection test is passing OK, new accounts provisioning for new users is OK, If I clean up the mess with multiple shadows and run reconciliation, it finishes with no error.
> 
>     Any ideas?
>     Thanks a lot!
>     WS
> 
>     -- 
>     Wojciech Staszewski
>     Administrator Systemów Sieciowych
>     www.diagnostyka.pl <http://www.diagnostyka.pl>
>     Diagnostyka Sp. z o. o.
>     ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
>     Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
>     NIP: 675-12-65-009; REGON: 356366975
>     Kapitał zakładowy: 33 756 500 zł.
> 
>     Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.

More information about the midPoint mailing list